Home > Tracks > Embedded Systems Security >

Securing the IoT from Chip to Cloud: An Application Guide to Applying Platform Security Architecture (PSA) Principles

Presented by Jacob Beningo

With the explosive growth in the Internet of Things (IoT) and the number of devices soaring, security is critical maintain device integrity and protect user privacy.However, designing consistent security across connected devices can be a minefield to navigate and implementation can be costly.Using a smart door lock as an example, in this webinar, attendees will learn how to design security from the ground up using PSA principles and guidelines with a PSoC® 64 secure MCU from Cypress Semiconductor.

Attendees will walk away with the best practices to develop their own security solutions.In addition, the importance of secure device management throughout the IoT products lifecycle will also be reviewed.

Topics Covered in this Webinar Include:

  • Developing a threat model and Defining security counter measures
  • Maintaining asset security through hardware architecture and security IP
  • Implementing trusted boot and Secure application partitioning
  • Using Trusted Firmware-M to isolate security critical functionality from non-secure code
  • Leveraging the Arm Pelion Secure IoT Device Management Platform for full device lifecycle management (design, onboard, provision, secure, update, manage, etc.)

Go to Session

IoT Hacks: Behind the Scenes

Presented by Joe Hopper

News reports of IoT breaches are now commonplace, with manufacturers often blaming end-user misconfigurations or 'sophisticated attacks'. This implies the victim customers and organizations were simply unlucky, but have you ever wondered exactly how these hacks occurred and what could have been done to prevent them?

Joe Hopper, a professional hacker for the Fracture Labs technology security company, will walk you through:

  • How hackers target the victim devices
  • How vulnerabilities are discovered
  • How the weaknesses are exploited
  • What could have been done to prevent the breaches in the first place

Go to Session

The 1-Hour Security Bootcamp

Presented by Shawn Prestridge

How do you keep your company from being front page news for the wrong reasons? You can start by implementing a rigorous security solution on your embedded devices. The most common reason developers give for not using security is that they perceive it to be too hard, so they will just sit back until they are forced to imbue their devices with security by either their customers or the government... or until they get hacked and shamed. Good security is hard, but with the right tools, it doesn't have to be that way. In this session, we're going to take a holistic approach to implementing security by examining the Chain of Trust, hardware requirements, and working in a secure workflow to minimize the attack surface a hacker can use to attack your system. We're going to show you how easy it can be to enable a high degree of security in just a few easy steps.

Go to Session

Linux Kernel Security - Inside the Linux Security Modules (LSMs)

Presented by Vandana Salve

The Linux Security Module (LSM) framework provides a mechanism for various security checks to be hooked by new kernel extensions.

The primary users of the LSM interface are Mandatory Access Control (MAC) extensions which provide a comprehensive security policy. Examples include SELinux, Smack, Tomoyo, and AppArmor. In addition to the larger MAC extensions, other extensions can be built using the LSM to provide specific changes to system operation when these tweaks are not available in the core functionality of Linux itself.

The topic deep dives into the

  • Understanding LSMs,
  • Types of LSMs,
  • Architecture of LSM,
  • The various hooks and the functionality provided by these hooks

Go to Session

Hardware Hacking: Hands-On

Presented by Colin O'Flynn

Designers releasing embedded devices need to understand what sort of hardware attacks they will face in the field. We will discuss how two different types of advanced attacks work: side channel power analysis and fault injection. Not limited to theory, we will demonstrate how they are used in practice and work through real products the attacks have been used on. Low-cost tools and open-source material will be highlighted, so the attendee can learn more details & even perform these attacks themselves.

Go to Session

Defending against Hackers: Exploit Mitigations and Attacks on Arm Cortex-A Devices

Presented by Maria "Azeria" Markstedter

With the proliferation of Arm-based mobile and IoT devices, exploit mitigations for Arm-based devices are often the front-line in defending these devices from hackers. For this reason it is important to understand how they work, and their limitations. This talk will look at the most common exploit mitigations available for C/C++ programs running on the Arm Cortex-A architecture and how these mitigations work under-the-hood to block certain categories of memory-corruption-based exploits. The aim of this talk is to educate developers on how hackers can bypass individual mitigations, and the importance of combining them to increase the level of security on these devices.

Go to Session

Common cryptography mistakes for software engineers

Presented by Aljoscha Lautenbach

Most implementations of security mechanisms depend on cryptography, and yet, many vulnerabilities exist because cryptography is used incorrectly. This is partly due to lacking user-friendliness of cryptographic library API designs [1][2], and partly due to a lack of education in the developer community of the underlying mechanisms. As for the API design, we can only lobby for more user-focused design during library development and advocate user-friendly libraries. We can, however, try to improve the communal understanding of how to use cryptography securely. By way of examples, this talk will explore questions such as: What is an IV and why does it matter? Why does entropy matter? Which cipher mode is appropriate for my application? In essence, we highlight points to watch out for when implementing security mechanisms using cryptography.

[1] https://www.cl.cam.ac.uk/~rja14/shb17/fahl.pdf, Comparing the Usability of Cryptographic APIs, IEEE S&P 2017

[2] http://mattsmith.de/pdfs/DevelopersAreNotTheEnemy.pdf, Developers are not the enemy! The need for usable security APIs, IEEE S&P 2016

Go to Session

Securely Deploying Production Firmware At Your Offshore Factory

Presented by Brian Jones

How Secure Is Your Code At The Factory?

Your unit & functional testing has passed. The marketing materials are printed and shipped. Now it's time to build and ship your first volume batch of widgets to your anxiously awaiting customers. So your offshore factory asks for your production firmware image, along with the other production process docs, and you wonder, "Will our hard work be kept secure?".

Contrary to common belief, there's a lot more to secure production firmware deployment than just flipping the security bits on your micro. This webinar will cover the following key topics to ensure that your next production run doesn't result in lost IP and feeding the "knock-off" beast:

  • Defining the 5 common security "weak links" in most production firmware deployments
  • How to get in front of firmware production security during the dev phase
  • Leveraging proper test jig design to facilitate production security
  • Critical communications and expectations with the factory, or else!

Go to Session

Isolating MCU hardware and firmware using TrustZone security technology

Presented by STMicroelectronics

In the IoT and connected device marketplace, device security is paramount to protect customer information and to prevent outside attacks.

The new STM32L5 series MCU based on ARM Cortex M33 core with TrustZone technology is part of the STM32Trust Security Ecosystem, where the TrustZone is a dynamic firewall providing hardware and software isolation to the system. Developers can isolate critical security firmware, authentication and private information from other parts of the device. The STM32L5 provides crypto accelerators for Public Key, AES, Hash and a True Random Number Generator and On-the-Fly Decrypt for external memories. The STM32L5 can provide secure boot with Root Secure Services and TF-M (ARM PSA compliant Trusted Firmware) with a unique boot entry, providing a secure framework to base the system on "Root of Trust". The new series further pushes the low power footprint of our already class leading devices while offering new peripherals (USB Type C & PD) and power management innovation allowing for a class leading 62uA/MHz current consumption.

You will learn:

  • The new features and peripherals in the STM32L5
  • Understand how to create a "Root of Trust" with the STM32L5 Security features
  • How to use STM32 Trusted Package Creator
  • How to interface to other ST products (NFC) for a digital signature verification application

Go to Session


By checking this box, you agree to our privacy policy.