As a leader in the IoT sector, global IoT development platform service provider Tuya Smart (NYSE: TUYA) is also showcasing a number of brand-new security-related products and solutions at CES 2022. These offerings aim not only help developers launch products with high efficiency, but also reduce their worries about product safety.
Two years on from the beginning of the COVID-19 pandemic, CES 2022 is coming back to Las Vegas in person, enabled by heightened safety measures adopted by the event organizers. In the face of the continued pandemic, technology firms, industry experts and journalists are all coming together both online and offline to a different tech landscape, forever changed by COVID-19.
One of the major impacts of the pandemic on IoT and smart devices has been the rise of global network security issues, that have been further amplified by consumer needs and behaviors during the pandemic. According to a 2021 report from IoT Analytics, the number of connected IoT devices are expected to hit 12.3 billion active endpoints globally by the end of 2021 and grow to over 27 billion IoT connections by 2025. Coupled with increased remote work after the onset of the COVID-19 pandemic, consumers are more exposed than ever to online attacks. According to Akamai’s annual state of the internet security report, remote work and increased connectivity contributed to a spike in cyber-attacks, while web application attacks tripled in 2021, from what was already a record year in 2020.
At this year’s CES, network security has become a topic of concern for all major players in the industry. Among the issues, IoT security has risen a key focus for many manufacturers, developers and suppliers to exhibit their forward-looking vision and R&D capabilities, as there are particular challenges for IoT that differ from those of traditional network security. Throughout CES, posters and videos promoting network security solutions can abound and security-related hardware products are in pride of place at many booths.
At Tuya Smart’s CES booth, the company’s new IoT security module WBR3N, exhibited in physical form and available for virtual tour online, has drawn the attention of many journalists and industry professionals. This industry-leading security module is the first IoT module of its kind with a built-in secure element (SE) to hold a Common Criteria (CC) EAL6+ certificate.
Commanding comprehensively robust security guarantee, the module realizes mutual certificate authentication and device activation authentication between the device and the cloud, in addition to the Elliptical Curve Cryptography (ECC) security certificate and device certification information that is built into the Squeeze-and-Excitation (SE) block during the production process. In terms of communication, WBR3N uses TLS1.2 two-way strong verified communication based on security authentication, which represents the highest level of communication security in the industry.
In terms of security protection of device data, WBR3N uses built-in independent SE to execute the data encryption and decryption process, therefore fully safeguarding data security. At the same time, the module provides SE-based independent physical security storage, and has a built-in root of trust (RoT), through which storage is performed. The core codes also enjoy protection by the built-in SE, while OTA ensures process safety through a secure communication process and firmware verification.
Overall, WBR3N comes with multiple logical and physical protection layers such as metal shielding, end-to-end encryption, memory encryption, and tampering detection, able to effectively fend off various advanced attack methods such as power analysis and fault attack.
Aside from enhanced hardware security capabilities, Tuya Smart has also announced the release of Tuya Sage, an IoT security operation platform, at CES 2022. The solution is designed to help developers identify and eliminate potential security risks of the IoT system, and ensure security and compliance during system operations.
Shared security responsibility is the fundamental principle of IoT security. Shared security means that cloud providers are responsible for protecting cloud security, while developers are responsible for the security of the applications, data, and resources that use and access the cloud. In practice, many developers lack a holistic sense of the security and compliance status of global smart terminals, a challenge that industry experts are looking for solutions to address.
With Tuya Sage, developers have an oversight of all protected devices, including their basic security information and risk status. Once a device encounters an attack, the developer can complete the risk interception in just one click. Through real-time threat intelligence, Tuya Sage is able to identify local vulnerabilities in smart terminals in a timely and effective manner, allowing developers to fully understand the security and privacy compliance status of the terminal, as well as whether there is any non-compliant user data flow so that it can be rapidly addressed.
In recent years, Tuya Smart has spared no effort in advancing platform and technology-related security and compliance, and proactively conducting third-party data security certifications to meet the varying security needs of customers around the globe. This unique ability to meet the varying security needs of customers around the world puts Tuya Smart in a unique position as a leading global IoT development platform service provider.
According to the public information, Tuya Smart has obtained a number of third-party data security certifications, including BSI’s ISO27001 standard for information security system, ISO27017 standard for cloud security management system, ISO27701 standard for cloud platform privacy and security, and the CSA STAR cloud security certification. In terms of regional compliance, Tuya Smart has passed Ernst & Young’s SOC 2 Audit as well as TrustArc’s GDPR and CCPA’s regional compliance validation. The company is also a recipient and member of TrustArc’s Enterprise Privacy Certificate (EPC).
When it comes to product safety standards, Tuya Smart has passed TÜV SÜD’s EU ETSI standard for cybersecurity in IoT, as well as the ioXt Alliance’s hardware safety certification in 2021. The company has also been partnering with Rapid7, wizlynx group, ScienceSoft, UnderDefense and Kaspersky to vigorously carrying out tests of platform service security.
In the long list, names like TrustArc and Ernst & Young are regarded as the most credible third-party organizations in validating or auditing security and compliance. With the proactive approach to certification and security cooperation, it is safe to say that Tuya Smart is a firm that attaches the greatest importance to safety and compliance.
At this year’s CES, manufacturers, developers and suppliers are all eager to present fresh electronics. But as consumers look to new electronics to bring into their homes, one of the features they will increasingly look for is trust and security assurance. It cannot be ignored that security is the guardian and foundation for all software and hardware products. This year the new offerings from Tuya Smart are a solid contribution to security for the IoT industry.