Security – the u-blox trusted domain

Courtesy of u-blox : Security – the u-blox trusted domain

In industrial applications for the IoT, every attack surface must be secured in order to establish a chain of trust. Learn more about u-blox’s five pillars of security.

Sign up here to view the complete security webinar

  • To avoid misuse of applications, secure data, and data transmission, system designs need to follow security principles
  • Exposed interfaces in applications can be used as attack surfaces
  • Any attack will cause harm, including: immediate cost, damages, consequential costs

An attacked system may be subject to:

  • Firmware attacks, in which changed code can modify behaviour or access secrets
  • Data attacks, which attempt to interfere with normal operation
  • Man in the middle attacks, in which interface I/O capture is used to change or replay the control or data to interfere with actual values

Read our blog post on Secure IoT identities

Areas of security

ConfidentialityConfidentiality System assets can be only used by authorized parties (secrecy)

Availability Assets are accessible for authorized parties for a limited time

IntegrityIntegrity Measure of the trust in the information correctness provided by the system

RobustnessRobustness Systems are impervious to intentional or unintentional interference


Five principles of security that create the u‑blox Trusted Domain

Secure Boot The firmware is authentic, has not been modified and cannot be downgraded

secure boot and firmware
Secure Firmware Updates (FOTA) Only authenticated and validated updates can be applied

secure API
Secure Physical Interfaces and APIs

  • Only authorised users can gain debug access to a device and each access grant is unique
  • Blocks “development” back doors and ensures authorised usage of APIs
  • Data is authenticated and integrity protected in both directions – into and out from the module


Secure Transport Layer
Secure Transport Layer

  • The device can authenticate and sign or encrypt the communications with the server
  • No man‑in‑the‑middle attacks in device to server communication


Robustness, Spoofing/Jamming detection and active countermeasures
Robustness Spoofing/Jamming detection and active countermeasures

  • Security is also about software quality
  • Robustness against software attacks and detection of potential attacks on air interfaces
share post: