Home > Tracks > Embedded Systems Security >

Securing the IoT from Chip to Cloud:An Application Guide to Applying Platform Security Architecture (PSA) Principles

Presented by Jacob Beningo

With the explosive growth in the Internet of Things (IoT) and the number of devices soaring, security is critical maintain device integrity and protect user privacy.However, designing consistent security across connected devices can be a minefield to navigate and implementation can be costly.Using a smart door lock as an example, in this webinar, attendees will learn how to design security from the ground up using PSA principles and guidelines with a PSoC® 64 secure MCU from Cypress Semiconductor.

Attendees will walk away with the best practices to develop their own security solutions.In addition, the importance of secure device management throughout the IoT products lifecycle will also be reviewed.

Topics Covered in this Webinar Include:

  • Developing a threat model and Defining security counter measures
  • Maintaining asset security through hardware architecture and security IP
  • Implementing trusted boot and Secure application partitioning
  • Using Trusted Firmware-M to isolate security critical functionality from non-secure code
  • Leveraging the Arm Pelion Secure IoT Device Management Platform for full device lifecycle management (design, onboard, provision, secure, update, manage, etc.)

Go to Session

IoT Hacks: Behind the Scenes

Presented by Joe Hopper

News reports of IoT breaches are now commonplace, with manufacturers often blaming end-user misconfigurations or 'sophisticated attacks'. This implies the victim customers and organizations were simply unlucky, but have you ever wondered exactly how these hacks occurred and what could have been done to prevent them?

Joe Hopper, a professional hacker for the Fracture Labs technology security company, will walk you through:

  • How hackers target the victim devices
  • How vulnerabilities are discovered
  • How the weaknesses are exploited
  • What could have been done to prevent the breaches in the first place

Go to Session

The 1-Hour Security Bootcamp

Presented by Shawn Prestridge

Presented by IAR Systems

How do you keep your company from being front page news for the wrong reasons? You can start by implementing a rigorous security solution on your embedded devices. The most common reason developers give for not using security is that they perceive it to be too hard, so they will just sit back until they are forced to imbue their devices with security by either their customers or the government... or until they get hacked and shamed. Good security is hard, but with the right tools, it doesn't have to be that way. In this session, we're going to take a holistic approach to implementing security by examining the Chain of Trust, hardware requirements, and working in a secure workflow to minimize the attack surface a hacker can use to attack your system. We're going to show you how easy it can be to enable a high degree of security in just a few easy steps.

Go to Session

Linux Kernel Security - Inside the Linux Security Modules (LSMs)

Presented by Vandana Salve

The Linux Security Module (LSM) framework provides a mechanism for various security checks to be hooked by new kernel extensions.

The primary users of the LSM interface are Mandatory Access Control (MAC) extensions which provide a comprehensive security policy. Examples include SELinux, Smack, Tomoyo, and AppArmor. In addition to the larger MAC extensions, other extensions can be built using the LSM to provide specific changes to system operation when these tweaks are not available in the core functionality of Linux itself.

The topic deep dives into the

  • Understanding LSMs,
  • Types of LSMs,
  • Architecture of LSM,
  • The various hooks and the functionality provided by these hooks

Go to Session

Hardware Hacking: Hands-On

Presented by Colin O'Flynn

Designers releasing embedded devices need to understand what sort of hardware attacks they will face in the field. We will discuss how two different types of advanced attacks work: side channel power analysis and fault injection. Not limited to theory, we will demonstrate how they are used in practice and work through real products the attacks have been used on. Low-cost tools and open-source material will be highlighted, so the attendee can learn more details & even perform these attacks themselves.

Go to Session

Defending against Hackers: Exploit Mitigations and Attacks on Arm Cortex-A Devices

Presented by Maria "Azeria" Markstedter

With the proliferation of Arm-based mobile and IoT devices, exploit mitigations for Arm-based devices are often the front-line in defending these devices from hackers. For this reason it is important to understand how they work, and their limitations. This talk will look at the most common exploit mitigations available for C/C++ programs running on the Arm Cortex-A architecture and how these mitigations work under-the-hood to block certain categories of memory-corruption-based exploits. The aim of this talk is to educate developers on how hackers can bypass individual mitigations, and the importance of combining them to increase the level of security on these devices.

Go to Session

Common cryptography mistakes for software engineers

Presented by Aljoscha Lautenbach

Most implementations of security mechanisms depend on cryptography, and yet, many vulnerabilities exist because cryptography is used incorrectly. This is partly due to lacking user-friendliness of cryptographic library API designs [1][2], and partly due to a lack of education in the developer community of the underlying mechanisms. As for the API design, we can only lobby for more user-focused design during library development and advocate user-friendly libraries. We can, however, try to improve the communal understanding of how to use cryptography securely. By way of examples, this talk will explore questions such as: What is an IV and why does it matter? Why does entropy matter? Which cipher mode is appropriate for my application? In essence, we highlight points to watch out for when implementing security mechanisms using cryptography.

[1] https://www.cl.cam.ac.uk/~rja14/shb17/fahl.pdf, Comparing the Usability of Cryptographic APIs, IEEE S&P 2017

[2] http://mattsmith.de/pdfs/DevelopersAreNotTheEnemy.pdf, Developers are not the enemy! The need for usable security APIs, IEEE S&P 2016

Go to Session

Isolating MCU hardware and firmware using TrustZone security technology

Presented by Bob Waskeiwicz

Presented by STMicroelectronics

In the IoT and connected device marketplace, device security is paramount to protect customer information and to prevent outside attacks.

The new STM32L5 series MCU based on ARM Cortex M33 core with TrustZone technology is part of the STM32Trust Security Ecosystem, where the TrustZone is a dynamic firewall providing hardware and software isolation to the system. Developers can isolate critical security firmware, authentication and private information from other parts of the device. The STM32L5 provides crypto accelerators for Public Key, AES, Hash and a True Random Number Generator and On-the-Fly Decrypt for external memories. The STM32L5 can provide secure boot with Root Secure Services and TF-M (ARM PSA compliant Trusted Firmware) with a unique boot entry, providing a secure framework to base the system on "Root of Trust". The new series further pushes the low power footprint of our already class leading devices while offering new peripherals (USB Type C & PD) and power management innovation allowing for a class leading 62uA/MHz current consumption.

You will learn:

  • The new features and peripherals in the STM32L5
  • Understand how to create a "Root of Trust" with the STM32L5 Security features
  • How to use STM32 Trusted Package Creator
  • How to interface to other ST products (NFC) for a digital signature verification application

Go to Session

Secure Device Management for the Internet of Things

Presented by Gary Sugita

Presented by Cypress

According to IHS Markit research, the number of connected devices in the market will reach nearly 40 billion by the end of 2020. While these IoT devices can significantly improve everyday life, they come with increasing cybersecurity risks. In this session, attendees will learn how to safeguard their IoT device throughout its lifecycle, from production and provisioning through decommissioning and termination, with PSoC® 64 Secure MCUs.

Go to Session

Developing for the IoT Using Secure-enabled NXP MCUs with TrustZone®-M Technology

Presented by Tomas Voda

Presented by NXP

In this session, you'll learn how Secure Thingz Embedded Trust provides lifecycle management of secrets and integrates with Secure Deploy for production programming of NXP's LPC55Sxx devices.

Go to Session

Five considerations when building secure IoT devices

Presented by Mohit Kedia

Presented by Arm

The ongoing Internet of Things (IoT) revolution is bringing online billions of devices, from fridges to traffic lights, connected and controllable from afar. Industry verticals like Utilities, Telecom, and other service providers encounter increasing security regulations, and a need to automate field equipment reading, billing, and service status updates.

Industry adoption of IoT is going to grow. For example, it is expected that there would be more than 2.5 Billion IoT devices in Power and Energy vertical by 2023. These IoT deployments are a growing target for cybercriminals; exposing individuals, their data and their privacy to risk if security is left unaddressed.  For example, 250,000 peoplein Ukraine were left without power when attackers used “Crash Override” malware to take control of power gridresulting in a shut down of 30 power substations. As a result, industries that deploy IoT will demand security that is integral to the devices and manageable through remote device management.

For device makers, this market trend underscores the need to ‘design in’ security into the devices.For example, an IoT device that has secure root of trust, remote authentication, over-the-air software patching capabilities, and other features that proactively mitigate security vulnerabilities. In order to minimize threats at each stage of a IoT device’s life cycle and to ensure security in every IoT deployment, we need to answer following key questions,

  • How to efficiently store the secrets such as device keys?
  • How to create secure processing environment for tiny IoT sensors?
  • How to ensure the data I communicate between the device and the cloud is private?
  • How to track abnormal behaviour of the device when it is compromised?
  • How to securely update the firmware of a device?

This session will present these considerations to help you identify the best approach to secure your devices for scalable IoT.

Go to Session

Register

and gain access to 35+ hours of amazing content from some of the top luminaries in the Embedded Systems industry

By checking this box, you agree to our privacy policy.
By checking this box, you agree to receive more information from Embedded Online Conference and its sponsors.