Atul's blogs

In the previous article, we discussed what TPM means and features of TPM. In this short article we'll see applications of TPM in creating and establishing chain of trust. Establishing a tamper proof chain of trust works at two levels. First, a device is booted in a trusted manner. This device interacts with other devices which are also booted in a secure way. The second level deals with establishing "chain of trust" amongst these secure devices. It is important to note that TPM only provides required mechanism to establish root of trust, but it is entirely up to the host machine and software (which includes OS as well as application software) to establish trusted execution environment and should be capable of doing so. Let's see how this mechanism works, with the help of a simple example. Consider a simplistic IoT setup as shown in following figure. The Server At the time of boot, BIOS uses Core Root of Trust i.e. BIOS boot block which is immutable, to

In the previous article, we discussed end device security and various factors affecting it. There was a fleeting mention about TPM - the Trusted Platform Module. In this installment we will discuss mode about the TPM. Generally, for any device, the safest way to ensure it's integrity is to make sure it always boots from a secured, verified and unalterable source. This forms the logical "root" of the entire boot process. Once the device boots from a trusted source, it further uses it to verify each and every software component it utilizes. Every module checks and verifies integrity of the next module to be loaded thus forming a "chain of trust" which if broken can be easily detected. This chain of trust then can be extended to encompass other devices across and upstream the network hierarchy. In this installment, let's have a deeper look at TPM. What is TPM? TPM is (generally) a chip designed to provide security related functions. It provides functiona

A quick recap In the previous article, we looked at the typical architecture of an end-to-end IoT solution and different components playing role in it. We also saw a couple of terms used in discussing IoT security. In this article, we will focus on end devices. We will consider factors which can influence device security making them vulnerable to hacking. We will also discuss different ways to make them safe. End devices End devices are generally small, have minimal hardware and limited intelligence. More commonly they are either sensors or actuators, sometimes a combination of both. There might be some local processing power present, but it cannot be taken for granted generally. Because of these reasons, they generally send data and understand a limited set of commands. Since these devices are small and relatively cheaper, they come with minimal provisions to configure them. This constrained ability and resources might sometime be a disadvantage to a hacker, because i

Scene 1   It’s a pleasant Sunday morning, a perfect weather and you are out on a long drive cruising a stretch of highway in your latest car. The same car which caused some sensation when you showed this latest techno-wonder to your friends. Today you feel lucky because there is almost no traffic at this hour. Your all-time connected car is constantly updating you about weather, road conditions, nearest places of interest and of-course your social feeds. You driving at moderate speed enjoying the drive. Suddenly something seems to be wrong. Without you doing so, your car starts accelerating, you feel engine revving up, steering wheel feels so heavy and the breaks seem so hard to apply. The car seems to be out of your control. Instead of showing the usual data, navigation panel in your car is showing some funny messages. Fortunately, after few minutes things seem to be under control again. But you are damn scared. Scene 2 Your neighbour has returned home after a major heart s

Robotic Process Automation is an emerging technique to automate a process. Process automation is done by writing a software robot (“bot”) and teaching it how to complete given process. Let's take an example of automating function of Resource Management in software services industry. RM personnel has a task of matching job description (JD) with profiles of available software engineers and recommending profiles on "best fit" basis. Typical steps in this process could be: Scanning job description and identifying requirements such as: - domain and technology requirements - minimum experience required - location constraints if any Scanning profiles of available software engineers and identifying "best fit" profiles based on following criteria: - domain and technology experience - total experience - location Send list of selected candidates to project manager for further action In reality, the process may be mo

The book "Indian Culture and India's Future" by Michel Danino is a self-contained masterpiece which every literate Indian should read. I have never seen such a candid, precise and all-round analysis of current Indian affairs and the state of India. The book is arranged into three sections. First section puts forth - with proof - the India before any of the invasions. It presents the contributions and gifts of India in the fields like science and technology, philosophy, industry, arts and crafts, medicine, spirituality and also touches upon other aspects of Indian culture - tolerance, peace and accommodating nature. The second section it presents the picture of India after being invaded by Muslims and then by European nations and missionaries. It explains how traditional Indian systems of education, manufacturing and economy were deliberately and systematically choked and killed, how India was slain and drained economically, and how for centuries it was preached that th