Six ways to re-use mobile security practices in your next IoT project
https://community.arm.com/iot/b/blog/posts/six-ways-to-re-use-mobile-security-practices-in-your-next-iot-project

1. No shared secrets (or protect them in hardware)
2. Use hardware based security
3. Keep it agile
4. Protect data in flight (use TLS – aka SSL)
5. Use IoT platforms that build in security functions
6. Pay for a third-party company to expose the security flaws in your design

Conclusion

It is now possible to apply mobile security techniques to IoT at all cost points. The introduction of TrustZone on microcontrollers as well as application processors, together with availability of security subsystems, offers a defense in-depth architecture which can be used to protect critical code and assets (such as cryptographic keys). The next step is to make it easier for IoT developers – who are not security experts – to use this architecture. A pragmatic way for most product developers is to choose an IoT platform that builds in security functions (such as OTA updates, TLS, and crypto libraries), as well as using the security hardware being built in by the chip vendors.

EDA and IP vendor Synopsys Inc. has partnered with Chinese foundry Semiconductor Manufacturing International Corp. (SMIC) and ASIC design services specialist Brite Semiconductor to create a platform for Internet of Things (IoT) designs based on a Synopsys IP subsystem.

The IoT platform lowers design costs by providing customers with a starting point for creating IoT designs and enables the integration of customized functions on demand, the companies said.

The platform includes Synopsys’ DesignWare ARC Data Fusion Subsystem along with an ARC EM9D processor, USB and I3C IP solutions, according to the companies. It was integrated by Brite Semi’s design services using SMIC’s 55-nm ultra-low power process, resulting in the development of a test chip demonstrating up to 45 percent reduction in dynamic power and 70 percent reduction in leakage power compared to SMIC’s 55LL process, they said.

Synopsys’ ARC Data Fusion IP Subsystem is a pre-verified hardware and software IP product optimized for use in devices requiring minimal energy consumption.

The SELIoT (SEcuring Lifecycle of Internet of Things) project proposes to address the currently pervasive lack of IoT security by a comprehensive approach that spans the entire lifecycle of an IoT device. Security of typical IoT devices is glaringly inadequate despite the fact that these devices have an unprecedented access to sensitive data and/or ability to control the environment. While previous results considered specific vulnerabilities or focused on basic security issues (e.g., key management), this project takes into account the unique context of IoT systems: starting with initial deployment (birth), continuing through normal operation (life) and lasting until repurposing, caused by, e.g., ownership change or disposal.

Aalto University is a member of Intel Labs’ CARS research lab that tackles security and privacy challenges of autonomous systems.