IoT Security – Hardware perspective
Practices on IoT security is mostly focused on the software layers that make up an IoT application: the firmware, the operating system (if any) and the application software, that run on the edge device (the “thing”), on the boundary devices (router, gateway), on the IoT fog, or in the IoT cloud platform, are all subject to various vulnerabilities and attacks. An aspect that is discussed less is the one of the trustworthiness of the hardware, and in particular, the authenticity of the hardware of the more exposed entities: the hardware that make up the execution environment of the “things” themselves. Just as much as software, hardware tends to present serious trust issues in manufacturing, whether related to counterfeit (providing the intended functionality but with lesser performance in the long run) or via injection of malicious circuitry (Hardware Trojans). Considering the various vulnerabilities currently posed by hardware, how can the software stack, as robust and trustworthy as humanly attainable, be trustworthy when this same software executes on top of a malicious hardware environment?
This presentation focuses on some key security challenges raised throughout the lifetime of an IoT product. Considering the lifecycle, how can the software and hardware of IoT product be designed, manufactured, tested, operated and maintained in the most secured way? Using a Case Study based approach, we selected an IoT automotive example for illustrative purposes. Given the generalization of the way hardware is designed, manufactured, tested, delivered and operated, this discussion holds equally true in other contexts such as industrial IoT (IIoT), aeronautics and defence, or pharma and life science sectors.
We begin with the introduction of the various generic active hardware components in use in a typical connected automobile. We then discuss the surface attack of these various components, in context of the entire lifecycle of product. We conclude with a discussion on technical and policy-based mechanisms that can be used to mitigate these risks, noticeably by ways of securing the design, manufacturing and testing processes, and by providing runtime prognostics measures ensuring health management, inclusive of dynamic security analysis, hardware trojans detection and intrusions detection.
This presentation is based on research at Exostar, a joint venture technology arm of Merck, Boeing, Lockheed, Rolls Royce, BAE Systems and Raytheon, and ongoing collaboration with research scientists from the Hardware Security Group, part of the Integrated Vehicle Health Management centre (IVHM) of the Cranfield University.
Jean-Paul Buu-Sao (Jean-Paul.Buu-Sao@exostar.com)
Dr. Mohammad Samie (M.Samie@cranfield.ac.uk)
Sohaib Aslam (S.Aslam@cranfield.ac.uk)
Maulana Randa (Maulana.Randa@cranfield.ac.uk)
Mehmet Bozdal (Mehmet.Bozdal@cranfield.ac.uk)
Iftikhar Soomro (I.Soomro@cranfield.ac.uk)
Mr. Jean-Paul Buu-Sao, senior Architect at Exostar LLC, investigates innovative technologies and their business applications in support to security, collaboration and supply-chain of the Aerospace & Defence and Pharmaceutical & Life Sciences communities, that Exostar supports. Mr Buu-Sao’s primary domains of research include Distributed Digital Ledgers, IoT Security, and Machine Learning. Prior to Exostar, Mr Buu-Sao served as design authority of the Transglobal Secure Collaboration Participation (TSCP), where he produced standard specifications for secure collaboration in the Aerospace & Defence industry, in compliance with Intellectual Property and Export Control regulations. Mr Buu-Sao also served as an Enterprise Architect with Capgemini, where he delivered consultancy services to Airbus and other major industrial customers in Toulouse, France. He also served as a System Architect at SWIFT in Brussels, Belgium, where he produced the methodology and supporting toolset for the design and simulation of financial business transactions. Prior to SWIFT, Mr Buu-Sao served as Software Engineer within the Language R&D group at Borland Intl, CA, USA, where he contributed to JBuilder (Java IDE), and Paradox (Database), award-winning products. Mr Buu-Sao holds a MS in Electronics from ESIEE, France
Government, Enterprise, Small / Medium Enterprise, OEM
Session Content Tags:
Security, FPGA, ASIC, Hardware Trojan, Intrusion, Supply-chain, Policy, Governance
VP / Director, Midle Management, Technical
Technicality of Session Level:
Speaker Linkedin Profile URL:
Industry Focus of Session: Manufacturing, Telecom, Industrials, Healthcare, Pharmaceutical / Biotech, Automotive
© IoT Community’s IoT Grand Slam 2018 Internet of Things Conference
Join the IoT Community at https://iotslam.com/community