Abstract image of a woman sitting on books and studying on a laptop

Right-sized security for IoT - ARM

P
Phil Hughes

This document discusses selecting the appropriate level of security for IoT devices. It outlines common hardware, software, and communication attacks against IoT devices and notes that the cost to attack is often lower than the cost to fully secure devices. The document advocates using a threat model to estimate risks for each application and implementing "right-sized" security that addresses the most critical threats. Examples of security measures are provided, such as device management, integrity protection, encryption, and authentication. The goal is to future-proof devices while recognizing that full security is often not feasible for cost-constrained IoT applications.

Technology
1 of 1
Download to read offline
1
Right-sized Security for IoT Mike Eftimakis IoT Product Manager, ARM Case study – Tape-out a secure IoT chip in 3 months! Selecting the “Right Size” for IoT security HW Attacks  Physical access to device – JTAG, Bus, IO Pins  Well resourced and funded  Time, money & equipmentSoftware Attacks  Buffer overflows  Interrupts  Malware Communication Attacks  Man In The Middle  Weak RNG  Code vulnerabilities Cost/Effort To Attack Cost/Effort to Secure Non scalable IoT Subsystem for Cortex-M eFlash Interconnect Flash Cache eFlash Flash Cntl SRAM Controller APB PeripheralsSRAMSRAMSRAMSRAM ProcessorCortex-M CoreSightSoC mbed OS Device Drivers Application Beetle Test chip Power Management TRNG APB Bridge Cordio Radio ARM® mbed™ OS (including mbedTLS, mbed uVisor) TRNG (from ARM TrustZone® CryptoCell) ARM IoT Subsystem for Cortex®-M ARM Cortex-M3 ARM Cordio® Radio  Device management  Support for bootstrapping / provisioning / refurbishing / decommissioning  Behaviour monitoring  Device integrity  Protect from untrusted software  Allow recovery from attack  Asset protection  Prevent access to certain resources  Data Security  Keep data confidential  Prevent data alteration  Physical Security  Anti-tampering protection  Future-proofing  Keep firmware up-to-date Device security Communications security Lifecycle security  Link encryption  Prevent eavesdroppers to listen  Authentication  Guarantee identity of endpoint / server  Anonymity/Confidentiality  Keep identity unknown to eavesdroppers  Prevent traceability Implement OMA LWM2M ImplementTLS Root of Trust + Chain ofTrust HW backed partitioning (MPU) Implement Dual Flash bank + Secure FoTA HW backed partitioning (MPU) Partition SW Resource IoT node Cloud Disrupt device Observe / corrupt data Access protected network Damage cost = value of lost data or side information (presence…) Damage cost = value of lost cloud data or value of the network infrastructure Damage cost = value of disabled node or value of lost node data × Scale of network!!! Estimate threats for your application “Security” has different meanings Device management Support for bootstrapping / provisioning / refurbishing / decommissioning Behaviour monitoring Device integrity Protect from untrusted software Allow recovery from attack Asset protection Prevent access to certain resources Data Security Keep data confidential Prevent data alteration Physical Security Anti-tampering protection Future-proofing Keep firmware up-to-date Device security Communications security Lifecycle security Link encryption Prevent eavesdroppers to listen Authentication Guarantee identity of endpoint / server Anonymity/Confidentiality Keep identity unknown to eavesdroppers Prevent traceability Select the “right-sized” security!  Security is expensive  Need to understand the threats  Use threat model adapted to IoT

More Related Content

PPTX
Hardware Security
Mani Rathnam
 
PPTX
Hardware security
RajKumar4943
 
PPTX
Presentation1 new (1) (1)cf
toamma
 
PDF
Hardware, and Trust Security: Explain it like I’m 5!
Teddy Reed
 
PPT
Introduction Network security
IGZ Software house
 
PDF
Computer Security Lecture 1: Overview
Mohamed Loey
 
PPTX
Network Security
Abdul Qadir Pattal
 
PPTX
Network security
Harsh Kishore Mishra
 
Hardware Security
Mani Rathnam
 
Hardware security
RajKumar4943
 
Presentation1 new (1) (1)cf
toamma
 
Hardware, and Trust Security: Explain it like I’m 5!
Teddy Reed
 
Introduction Network security
IGZ Software house
 
Computer Security Lecture 1: Overview
Mohamed Loey
 
Network Security
Abdul Qadir Pattal
 
Network security
Harsh Kishore Mishra
 

What's hot (20)

PDF
Cyber tooth briefing
Andrew Sispoidis
 
PPTX
Network security
Simranpreet Singh
 
PPTX
Network security and firewalls
Murali Mohan
 
DOCX
Hardwar based Security of Systems
Jamal Jamali
 
PDF
Network Security Fundamentals
Rahmat Suhatman
 
PPTX
Network Security
Techknow Book
 
PPT
Cryptppt1
Anu Chaudhry
 
PPT
Information System Security introduction
Shu Shin
 
DOCX
Network security
Madhumithah Ilango
 
PPTX
Chapter 1: Overview of Network Security
Shafaan Khaliq Bhatti
 
PPTX
Network security
Nkosinathi Lungu
 
PDF
xDEFENSE: An Extended DEFENSE for mitigating Next Generation Intrusions
Vivek Venugopalan
 
PPTX
Modern Network Security Issue and Challenge
Ikhtiar Khan Sohan
 
PDF
Firewall
Sami Bacha
 
PDF
Network Security Certification
Vskills
 
PPTX
Ethical hacking ppt
Nitesh Dubey
 
PPTX
What is network security and Types
Vikram Khanna
 
PPTX
Firewall
Muhammad Sohaib Afzaal
 
PPTX
Network Security ppt
SAIKAT BISWAS
 
PDF
IoT security-arrow-roadshow #iotconfua
Andy Shutka
 
Cyber tooth briefing
Andrew Sispoidis
 
Network security
Simranpreet Singh
 
Network security and firewalls
Murali Mohan
 
Hardwar based Security of Systems
Jamal Jamali
 
Network Security Fundamentals
Rahmat Suhatman
 
Network Security
Techknow Book
 
Cryptppt1
Anu Chaudhry
 
Information System Security introduction
Shu Shin
 
Network security
Madhumithah Ilango
 
Chapter 1: Overview of Network Security
Shafaan Khaliq Bhatti
 
Network security
Nkosinathi Lungu
 
xDEFENSE: An Extended DEFENSE for mitigating Next Generation Intrusions
Vivek Venugopalan
 
Modern Network Security Issue and Challenge
Ikhtiar Khan Sohan
 
Firewall
Sami Bacha
 
Network Security Certification
Vskills
 
Ethical hacking ppt
Nitesh Dubey
 
What is network security and Types
Vikram Khanna
 
Firewall
Muhammad Sohaib Afzaal
 
Network Security ppt
SAIKAT BISWAS
 
IoT security-arrow-roadshow #iotconfua
Andy Shutka
 
Ad

Viewers also liked (11)

PDF
Using the Joomla Framework for Internet of Things (IoT) Case for Lighting Con...
Parth Lawate
 
PPTX
GSMA Final Project by Denson Ngumo
Denson Ngumo
 
PPTX
How telecom industry realte with IoT as a new area of business- TDC a case study
Md. Kamrul Islam
 
PPTX
Jaakko Kankaanpää - IoT Took My Money - Mindtrek 2016
Mindtrek
 
PPTX
Use of IoT in increasing opeartional efficiency in manufacturing plants- a ca...
Manish Saxena
 
PDF
Case Study: IoT industry applied to the production of Peruvian native potatoes
Wilmer Caról Azurza Neyra
 
PDF
Mobile + Cloud + IoT - Case Study
Andri Yadi
 
PDF
Iot, cloud and healthcare - Challenges and Opportunities
Arash Ghadar
 
PPTX
The Internet of Cars - Towards the Future of the Connected Car
Jorgen Thelin
 
PPTX
IoT in Healthcare
Venkat Alagarsamy
 
PDF
An Introduction to IoT: Connectivity & Case Studies
3G4G
 
Using the Joomla Framework for Internet of Things (IoT) Case for Lighting Con...
Parth Lawate
 
GSMA Final Project by Denson Ngumo
Denson Ngumo
 
How telecom industry realte with IoT as a new area of business- TDC a case study
Md. Kamrul Islam
 
Jaakko Kankaanpää - IoT Took My Money - Mindtrek 2016
Mindtrek
 
Use of IoT in increasing opeartional efficiency in manufacturing plants- a ca...
Manish Saxena
 
Case Study: IoT industry applied to the production of Peruvian native potatoes
Wilmer Caról Azurza Neyra
 
Mobile + Cloud + IoT - Case Study
Andri Yadi
 
Iot, cloud and healthcare - Challenges and Opportunities
Arash Ghadar
 
The Internet of Cars - Towards the Future of the Connected Car
Jorgen Thelin
 
IoT in Healthcare
Venkat Alagarsamy
 
An Introduction to IoT: Connectivity & Case Studies
3G4G
 
Ad

Similar to Right-sized security for IoT - ARM (20)

PPTX
Network and Security-2.pptx
Dhanvanthkesavan
 
PDF
IoT summit - Building flexible & secure IoT solutions
Eric Larcheveque
 
PPT
Computersystemssecurity 090529105555-phpapp01
Miigaa Mine
 
PPT
Computer Systems Security
drkelleher
 
PPT
Wireless Device and Network level security
Chetan Kumar S
 
PPTX
Automotive security (cvta)
Alan Tatourian
 
PDF
Building Trust Despite Digital Personal Devices
Javier González
 
PPT
Chapter14 -- networking security
Raja Waseem Akhtar
 
PPT
S T M U T M
Oscar Urcid
 
PPTX
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
David Glover
 
PPTX
Seminar (network security)
Gaurav Dalvi
 
PDF
BKK16-200 Designing Security into low cost IO T Systems
Linaro
 
PPT
謝續平
9577601
 
PPTX
Safe and secure autonomous systems
Alan Tatourian
 
PPTX
Internet of things security "Hardware Security"
Ahmed Mohamed Mahmoud
 
PDF
R U aBLE? BLE Application Hacking
Tal Melamed
 
PPTX
Corporate Security Issues and countering them using Unified Threat Management...
Rishabh Dangwal
 
PPTX
Removing Security Roadblocks to IoT Deployment Success
Microsoft Tech Community
 
DOCX
Wireless Security and Mobile DevicesChapter 12Princi.docx
adolphoyonker
 
PDF
Network Security - Defense Through Layered Information Security
Eryk Budi Pratama
 
Network and Security-2.pptx
Dhanvanthkesavan
 
IoT summit - Building flexible & secure IoT solutions
Eric Larcheveque
 
Computersystemssecurity 090529105555-phpapp01
Miigaa Mine
 
Computer Systems Security
drkelleher
 
Wireless Device and Network level security
Chetan Kumar S
 
Automotive security (cvta)
Alan Tatourian
 
Building Trust Despite Digital Personal Devices
Javier González
 
Chapter14 -- networking security
Raja Waseem Akhtar
 
S T M U T M
Oscar Urcid
 
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
David Glover
 
Seminar (network security)
Gaurav Dalvi
 
BKK16-200 Designing Security into low cost IO T Systems
Linaro
 
謝續平
9577601
 
Safe and secure autonomous systems
Alan Tatourian
 
Internet of things security "Hardware Security"
Ahmed Mohamed Mahmoud
 
R U aBLE? BLE Application Hacking
Tal Melamed
 
Corporate Security Issues and countering them using Unified Threat Management...
Rishabh Dangwal
 
Removing Security Roadblocks to IoT Deployment Success
Microsoft Tech Community
 
Wireless Security and Mobile DevicesChapter 12Princi.docx
adolphoyonker
 
Network Security - Defense Through Layered Information Security
Eryk Budi Pratama
 

Recently uploaded (20)

DOCX
search engine optimization ppt fir known well about this
StandardCodeLearning
 
PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
PPTX
Microsoft Excel 365/2024 Beginner's training
frank yeboah
 
PDF
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PDF
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
PDF
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
PDF
A Late Bloomer's Guide to GenAI: Ethics, Bias, and Effective Prompting - Boha...
Mindy Bohannon
 
PDF
UiPath Agentic Automation session 1: RPA to Agents
suhanisingh58689
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
PDF
Flame analysis and combustion estimation using large language and vision assi...
IAESIJAI
 
PPTX
Modernising the Digital Integration Hub
Daniel Toomey
 
PPTX
The various Industrial Revolutions .pptx
bandileshozi3
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PDF
OpenACC and Open Hackathons Monthly Highlights July 2025
OpenACC
 
PDF
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
PDF
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
PDF
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
PPTX
AI IN MARKETING- PRESENTED BY ANWAR KABIR 1st June 2025.pptx
HiraJay1
 
PPTX
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
search engine optimization ppt fir known well about this
StandardCodeLearning
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
Microsoft Excel 365/2024 Beginner's training
frank yeboah
 
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
A Late Bloomer's Guide to GenAI: Ethics, Bias, and Effective Prompting - Boha...
Mindy Bohannon
 
UiPath Agentic Automation session 1: RPA to Agents
suhanisingh58689
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
Flame analysis and combustion estimation using large language and vision assi...
IAESIJAI
 
Modernising the Digital Integration Hub
Daniel Toomey
 
The various Industrial Revolutions .pptx
bandileshozi3
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
OpenACC and Open Hackathons Monthly Highlights July 2025
OpenACC
 
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
AI IN MARKETING- PRESENTED BY ANWAR KABIR 1st June 2025.pptx
HiraJay1
 
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 

Right-sized security for IoT - ARM

  • 1. Right-sized Security for IoT Mike Eftimakis IoT Product Manager, ARM Case study – Tape-out a secure IoT chip in 3 months! Selecting the “Right Size” for IoT security HW Attacks  Physical access to device – JTAG, Bus, IO Pins  Well resourced and funded  Time, money & equipmentSoftware Attacks  Buffer overflows  Interrupts  Malware Communication Attacks  Man In The Middle  Weak RNG  Code vulnerabilities Cost/Effort To Attack Cost/Effort to Secure Non scalable IoT Subsystem for Cortex-M eFlash Interconnect Flash Cache eFlash Flash Cntl SRAM Controller APB PeripheralsSRAMSRAMSRAMSRAM ProcessorCortex-M CoreSightSoC mbed OS Device Drivers Application Beetle Test chip Power Management TRNG APB Bridge Cordio Radio ARM® mbed™ OS (including mbedTLS, mbed uVisor) TRNG (from ARM TrustZone® CryptoCell) ARM IoT Subsystem for Cortex®-M ARM Cortex-M3 ARM Cordio® Radio  Device management  Support for bootstrapping / provisioning / refurbishing / decommissioning  Behaviour monitoring  Device integrity  Protect from untrusted software  Allow recovery from attack  Asset protection  Prevent access to certain resources  Data Security  Keep data confidential  Prevent data alteration  Physical Security  Anti-tampering protection  Future-proofing  Keep firmware up-to-date Device security Communications security Lifecycle security  Link encryption  Prevent eavesdroppers to listen  Authentication  Guarantee identity of endpoint / server  Anonymity/Confidentiality  Keep identity unknown to eavesdroppers  Prevent traceability Implement OMA LWM2M ImplementTLS Root of Trust + Chain ofTrust HW backed partitioning (MPU) Implement Dual Flash bank + Secure FoTA HW backed partitioning (MPU) Partition SW Resource IoT node Cloud Disrupt device Observe / corrupt data Access protected network Damage cost = value of lost data or side information (presence…) Damage cost = value of lost cloud data or value of the network infrastructure Damage cost = value of disabled node or value of lost node data × Scale of network!!! Estimate threats for your application “Security” has different meanings Device management Support for bootstrapping / provisioning / refurbishing / decommissioning Behaviour monitoring Device integrity Protect from untrusted software Allow recovery from attack Asset protection Prevent access to certain resources Data Security Keep data confidential Prevent data alteration Physical Security Anti-tampering protection Future-proofing Keep firmware up-to-date Device security Communications security Lifecycle security Link encryption Prevent eavesdroppers to listen Authentication Guarantee identity of endpoint / server Anonymity/Confidentiality Keep identity unknown to eavesdroppers Prevent traceability Select the “right-sized” security!  Security is expensive  Need to understand the threats  Use threat model adapted to IoT