IoT Device Security the Hard(ware) way

Markus Schuss, Johannes Iber, Jürgen Dobaj, Christian Kreiner, C. Boano, K. Römer
{"title":"IoT Device Security the Hard(ware) way","authors":"Markus Schuss, Johannes Iber, Jürgen Dobaj, Christian Kreiner, C. Boano, K. Römer","doi":"10.1145/3282308.3282329","DOIUrl":null,"url":null,"abstract":"Numerous attacks on Internet of Things (IoT) devices have shown that security cannot be neglected, even when building devices with just a few kB of memory. While it is common sense to run regular software updates and use state-of-the-art security on embedded or general purpose systems, this is often not possible with IoT devices. While many of those devices have the facilities to perform over-the-air updates, their memory and processing capabilities limit the use of state-of-the-art cryptography. Additionally, these devices often lack the capabilities to secure the cryptographic keys, the foundation on which the device's security is built, which makes them even more vulnerable to attacks. In this work, we present a pattern that allows even constrained devices to utilize state-of-the-art cryptographic functions, providing the foundation for a secure Internet of Things. The identified pattern presents the following characteristics: (i) confidentiality, by offloading the cryptographic functions and key storage; (ii) authenticity, by signing messages with the securely stored key using hash as well as signature functions, often too complex for such constrained devices on their own; (iii) integrity, a key requirement for connected sensors. As an added benefit, a faster detection of corrupted or tampered updates can also increase the availability of the system. This pattern is primarily targeted at IoT device vendors, who wish to keep their devices secure, by implementing security in hardware.","PeriodicalId":136534,"journal":{"name":"Proceedings of the 23rd European Conference on Pattern Languages of Programs","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 23rd European Conference on Pattern Languages of Programs","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3282308.3282329","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4

Abstract

Numerous attacks on Internet of Things (IoT) devices have shown that security cannot be neglected, even when building devices with just a few kB of memory. While it is common sense to run regular software updates and use state-of-the-art security on embedded or general purpose systems, this is often not possible with IoT devices. While many of those devices have the facilities to perform over-the-air updates, their memory and processing capabilities limit the use of state-of-the-art cryptography. Additionally, these devices often lack the capabilities to secure the cryptographic keys, the foundation on which the device's security is built, which makes them even more vulnerable to attacks. In this work, we present a pattern that allows even constrained devices to utilize state-of-the-art cryptographic functions, providing the foundation for a secure Internet of Things. The identified pattern presents the following characteristics: (i) confidentiality, by offloading the cryptographic functions and key storage; (ii) authenticity, by signing messages with the securely stored key using hash as well as signature functions, often too complex for such constrained devices on their own; (iii) integrity, a key requirement for connected sensors. As an added benefit, a faster detection of corrupted or tampered updates can also increase the availability of the system. This pattern is primarily targeted at IoT device vendors, who wish to keep their devices secure, by implementing security in hardware.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
物联网设备安全的硬件(硬件)方式
对物联网(IoT)设备的大量攻击表明,即使构建只有几kB内存的设备,安全性也不容忽视。虽然在嵌入式或通用系统上运行定期软件更新和使用最先进的安全性是常识,但对于物联网设备来说,这通常是不可能的。虽然这些设备中的许多都具有执行无线更新的功能,但它们的内存和处理能力限制了最先进加密技术的使用。此外,这些设备通常缺乏保护加密密钥的能力,而加密密钥是构建设备安全性的基础,这使得它们更容易受到攻击。在这项工作中,我们提出了一种模式,允许甚至受限制的设备利用最先进的加密功能,为安全的物联网提供基础。所识别的模式具有以下特征:(i)机密性,通过卸载加密功能和密钥存储;(ii)真实性,通过使用哈希和签名功能使用安全存储的密钥签名消息,对于这些受约束的设备本身来说,通常过于复杂;(iii)完整性,连接传感器的关键要求。作为一个额外的好处,更快地检测损坏或篡改的更新还可以提高系统的可用性。此模式主要针对希望通过在硬件中实现安全性来保持设备安全的物联网设备供应商。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Message Encapsulation Pattern Business of Open Source: A Case Study of Integrating Existing Patterns Through Narratives How to Root Effectuation Skills in Your Project Team: Improve Project Performance by Balancing Uncertainty Wholeness Egg: Methodology of Designing a 'Living' Workshop by Differentiating a Whole Outside In and Inside Out: New Hybrid Education Patterns
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1