Schlagwort: IoT security

Security by Design for IoT Devices

A new Whitepaper shows how to apply a systematic design process to protect your IoT devices.

Unprotected IoT devices are an easy target for cyber-attacks. The ZHAW Institute of Embedded Systems has published a Whitepaper that describes the application of a systematic development process to identify threats, derive security requirements and implement effective protection measures. The example of a simple WiFi-based sensor illustrates the design process and adequate protection measures. Microcontrollers featuring Trusted Execution Environments (TEE) as well as Secure Elements both provide options to store key material securely and perform cryptographic operations in an energy-efficient way. The interaction of these hardware components together with dedicated firmware and a Public Key Infrastructure (PKI) enables a low-power sensor to connect securely to the cloud.

The Whitepaper and an accompanying video are available under https://digitalcollection.zhaw.ch/handle/11475/20718

Securing the IoT: Introducing an evaluation platform for secure elements

Security for resource constrained IoT devices is an important subject. Rising awareness and up-coming regulations will require manufacturers to increase the level of security on their IoT devices. Semiconductor vendors are addressing this demand with dedicated chips, so-called secure elements. Secure elements provide hardware accelerated support for cryptographic operations and tamper proof memory for the secure storage of cryptographically sensitive material. Specifically, they physically isolate sensitive cryptographic material from the application. However, experience from various projects shows, that the selection and the integration of a secure element into a specific application represents a challenge. Accordingly, the paper discusses the development of a multi-vendor evaluation platform. Particularly, the platform, adopting the widespread Arduino shield form factor, features secure elements from five different vendors. Together with the provided integration into Zephyr OS, the board can be easily fitted to various microcontroller development boards. The presented work intends to support developers in the selection process for secure elements and therefore to contribute to their adoption in IoT devices.

For more information, see https://doi.org/10.21256/zhaw-18794