IoT Device Security the Hard(ware) way

Markus Schuß, Johannes Iber, Jürgen Dobaj, Christian Josef Kreiner, Carlo Alberto Boano, Kay Uwe Römer

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

Abstract

Numerous attacks on Internet of Things (IoT) devices have shown that security cannot be neglected, even when building devices with just a few kB of memory. While it is common sense to run regular software updates and use state-of-the-art security on embedded or general purpose systems, this is often not possible with IoT devices. While many of those devices have the facilities to perform over-the-air updates, their memory and processing capabilities limit the use of state-of-the-art cryptography. Additionally, these devices often lack the capabilities to secure the cryptographic keys, the foundation on which the device's security is built, which makes them even more vulnerable to attacks. In this work, we present a pattern that allows even constrained devices to utilize state-of-the-art cryptographic functions, providing the foundation for a secure Internet of Things. The identified pattern presents the following characteristics: (i) confidentiality, by offloading the cryptographic functions and key storage; (ii) authenticity, by signing messages with the securely stored key using hash as well as signature functions, often too complex for such constrained devices on their own; (iii) integrity, a key requirement for connected sensors. As an added benefit, a faster detection of corrupted or tampered updates can also increase the availability of the system. This pattern is primarily targeted at IoT device vendors, who wish to keep their devices secure, by implementing security in hardware.
Originalspracheenglisch
TitelEuroPLoP ' 18, Proceedings of the 23nd European Conference on Pattern Languages of Programs
ISBN (elektronisch)978-1-4503-6387-7
DOIs
PublikationsstatusVeröffentlicht - 4 Jul 2018
Veranstaltung23rd European Conference on Pattern Languages of Programs - Irsee, Deutschland
Dauer: 4 Jul 20188 Jul 2018

Konferenz

Konferenz23rd European Conference on Pattern Languages of Programs
KurztitelEuroPLoP ' 18
LandDeutschland
OrtIrsee
Zeitraum4/07/188/07/18

Fingerprint

Data storage equipment
Cryptography
Availability
Hardware
Internet of things
Sensors
Processing
Air

Schlagwörter

    Dies zitieren

    Schuß, M., Iber, J., Dobaj, J., Kreiner, C. J., Boano, C. A., & Römer, K. U. (2018). IoT Device Security the Hard(ware) way. in EuroPLoP ' 18, Proceedings of the 23nd European Conference on Pattern Languages of Programs [20] https://doi.org/10.1145/3282308.3282329

    IoT Device Security the Hard(ware) way. / Schuß, Markus; Iber, Johannes; Dobaj, Jürgen; Kreiner, Christian Josef; Boano, Carlo Alberto; Römer, Kay Uwe.

    EuroPLoP ' 18, Proceedings of the 23nd European Conference on Pattern Languages of Programs. 2018. 20.

    Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

    Schuß, M, Iber, J, Dobaj, J, Kreiner, CJ, Boano, CA & Römer, KU 2018, IoT Device Security the Hard(ware) way. in EuroPLoP ' 18, Proceedings of the 23nd European Conference on Pattern Languages of Programs., 20, Irsee, Deutschland, 4/07/18. https://doi.org/10.1145/3282308.3282329
    Schuß M, Iber J, Dobaj J, Kreiner CJ, Boano CA, Römer KU. IoT Device Security the Hard(ware) way. in EuroPLoP ' 18, Proceedings of the 23nd European Conference on Pattern Languages of Programs. 2018. 20 https://doi.org/10.1145/3282308.3282329
    Schuß, Markus ; Iber, Johannes ; Dobaj, Jürgen ; Kreiner, Christian Josef ; Boano, Carlo Alberto ; Römer, Kay Uwe. / IoT Device Security the Hard(ware) way. EuroPLoP ' 18, Proceedings of the 23nd European Conference on Pattern Languages of Programs. 2018.
    @inproceedings{af98a4d314a04b4ea55373a83b3fd6aa,
    title = "IoT Device Security the Hard(ware) way",
    abstract = "Numerous attacks on Internet of Things (IoT) devices have shown that security cannot be neglected, even when building devices with just a few kB of memory. While it is common sense to run regular software updates and use state-of-the-art security on embedded or general purpose systems, this is often not possible with IoT devices. While many of those devices have the facilities to perform over-the-air updates, their memory and processing capabilities limit the use of state-of-the-art cryptography. Additionally, these devices often lack the capabilities to secure the cryptographic keys, the foundation on which the device's security is built, which makes them even more vulnerable to attacks. In this work, we present a pattern that allows even constrained devices to utilize state-of-the-art cryptographic functions, providing the foundation for a secure Internet of Things. The identified pattern presents the following characteristics: (i) confidentiality, by offloading the cryptographic functions and key storage; (ii) authenticity, by signing messages with the securely stored key using hash as well as signature functions, often too complex for such constrained devices on their own; (iii) integrity, a key requirement for connected sensors. As an added benefit, a faster detection of corrupted or tampered updates can also increase the availability of the system. This pattern is primarily targeted at IoT device vendors, who wish to keep their devices secure, by implementing security in hardware.",
    keywords = "IoT, Security, Hardware, Patterns",
    author = "Markus Schu{\ss} and Johannes Iber and J{\"u}rgen Dobaj and Kreiner, {Christian Josef} and Boano, {Carlo Alberto} and R{\"o}mer, {Kay Uwe}",
    year = "2018",
    month = "7",
    day = "4",
    doi = "10.1145/3282308.3282329",
    language = "English",
    booktitle = "EuroPLoP ' 18, Proceedings of the 23nd European Conference on Pattern Languages of Programs",

    }

    TY - GEN

    T1 - IoT Device Security the Hard(ware) way

    AU - Schuß, Markus

    AU - Iber, Johannes

    AU - Dobaj, Jürgen

    AU - Kreiner, Christian Josef

    AU - Boano, Carlo Alberto

    AU - Römer, Kay Uwe

    PY - 2018/7/4

    Y1 - 2018/7/4

    N2 - Numerous attacks on Internet of Things (IoT) devices have shown that security cannot be neglected, even when building devices with just a few kB of memory. While it is common sense to run regular software updates and use state-of-the-art security on embedded or general purpose systems, this is often not possible with IoT devices. While many of those devices have the facilities to perform over-the-air updates, their memory and processing capabilities limit the use of state-of-the-art cryptography. Additionally, these devices often lack the capabilities to secure the cryptographic keys, the foundation on which the device's security is built, which makes them even more vulnerable to attacks. In this work, we present a pattern that allows even constrained devices to utilize state-of-the-art cryptographic functions, providing the foundation for a secure Internet of Things. The identified pattern presents the following characteristics: (i) confidentiality, by offloading the cryptographic functions and key storage; (ii) authenticity, by signing messages with the securely stored key using hash as well as signature functions, often too complex for such constrained devices on their own; (iii) integrity, a key requirement for connected sensors. As an added benefit, a faster detection of corrupted or tampered updates can also increase the availability of the system. This pattern is primarily targeted at IoT device vendors, who wish to keep their devices secure, by implementing security in hardware.

    AB - Numerous attacks on Internet of Things (IoT) devices have shown that security cannot be neglected, even when building devices with just a few kB of memory. While it is common sense to run regular software updates and use state-of-the-art security on embedded or general purpose systems, this is often not possible with IoT devices. While many of those devices have the facilities to perform over-the-air updates, their memory and processing capabilities limit the use of state-of-the-art cryptography. Additionally, these devices often lack the capabilities to secure the cryptographic keys, the foundation on which the device's security is built, which makes them even more vulnerable to attacks. In this work, we present a pattern that allows even constrained devices to utilize state-of-the-art cryptographic functions, providing the foundation for a secure Internet of Things. The identified pattern presents the following characteristics: (i) confidentiality, by offloading the cryptographic functions and key storage; (ii) authenticity, by signing messages with the securely stored key using hash as well as signature functions, often too complex for such constrained devices on their own; (iii) integrity, a key requirement for connected sensors. As an added benefit, a faster detection of corrupted or tampered updates can also increase the availability of the system. This pattern is primarily targeted at IoT device vendors, who wish to keep their devices secure, by implementing security in hardware.

    KW - IoT

    KW - Security

    KW - Hardware

    KW - Patterns

    U2 - 10.1145/3282308.3282329

    DO - 10.1145/3282308.3282329

    M3 - Conference contribution

    BT - EuroPLoP ' 18, Proceedings of the 23nd European Conference on Pattern Languages of Programs

    ER -