Luke Angel
← back to the journal
Tag

#security

10 entries
tools
Defense in depth for a connected-product fleet
“A single layer of security is hope. Seven layers, each cheap and known to its owner, is a posture.”
Dec 02
tools
Field-grade device identity at fleet scale
“If you can't revoke a single device in under a minute, you don't have device identity. You have hope.”
Nov 18
tools
Securing OTA: what you're flashing, and who signed it
“Own the update path and you own the fleet. An OTA pipeline you can't fully trust isn't a feature — it's a backdoor you built and shipped on purpose.”
Nov 04
tools
Detection and response: the smoke alarm, not the lock
“ML anomaly detection is the smoke alarm, not the lock. It tells you something's off — it doesn't act. Identity and the revoke runbook are what act.”
Oct 21
tools
Protecting device data, at rest and in motion
“Encryption at rest and in motion is the floor, not the ceiling. The real question is which data you keep readable at all — and for anything tied to a person, the answer is as little as you can get away with.”
Sep 30
tools
Authenticated isn't authorized
“A device that proved who it is and can still touch everything isn't secure. It's one stolen cert away from being the whole problem.”
Sep 09
tools
How a device and the cloud trust each other
“The private key proves you're you; the public key lets anyone check; the certificate makes a stranger trust that key without ever having met you — and the key itself never leaves the chip.”
Aug 26
tools
Secure Boot: how a device trusts its own code
“If the check that decides 'is this code mine?' lives in rewritable flash, an attacker just rewrites the check. The root of trust has to be something no software can touch.”
Aug 12
tools
v2 PRD, Part 3 — identity, payment, PII, compliance
“The PRD's job in the compliance section is to draw a small box around payment data and a smaller box around customer identity, and then design every other system component to stay outside both boxes.”
Sep 11
tools
Phone-as-gateway — the auth model for BLE-only devices
“Bonding gives you trust between two specific physical objects. OAuth gives you trust between a human and a cloud. The device touches neither directly — and the only thing standing in the gap is a phone you have no reason to trust.”
Aug 09