A Holistic Systems Security Approach Featuring Thin Secure Elements for Resilient IoT Deployments

Björck; Boyko; Brandl; Christof; Datko; Dinu; Edward; Emilio Mistretta; Epihaneou; García-Morchón; Geraldine; Gregory Epiphaniou; Gutierrez; Hock Gan; Iqbal; Jones; Lam; Lowy; Michael; Ramalingam; Resnick; Samonas; Shevchenko; Soodamani Ramalingam; Stallings; Vines; Wu; Zhao

A Holistic Systems Security Approach Featuring Thin Secure Elements for Resilient IoT Deployments

Authors: Björck
Boyko
Brandl
Christof
Datko
Dinu
Edward
Emilio Mistretta
Epihaneou
García-Morchón
Geraldine
Gregory Epiphaniou
Gutierrez
Hock Gan
Iqbal
Jones
Lam
Lowy
Michael
Ramalingam
Resnick
Samonas
Shevchenko
Soodamani Ramalingam
Stallings
Vines
Wu
Zhao
Publication date: 14 September 2020
Publisher: 'MDPI AG'
Doi

Abstract

© 2020 by the authors. This is an open access article distributed under the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0/) which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.IoT systems differ from traditional Internet systems in that they are different in scale, footprint, power requirements, cost and security concerns that are often overlooked. IoT systems inherently present different fail-safe capabilities than traditional computing environments while their threat landscapes constantly evolve. Further, IoT devices have limited collective security measures in place. Therefore, there is a need for different approaches in threat assessments to incorporate the interdependencies between different IoT devices. In this paper, we run through the design cycle to provide a security-focused approach to the design of IoT systems using a use case, namely, an intelligent solar-panel project called Daedalus. We utilise STRIDE/DREAD approaches to identify vulnerabilities using a thin secure element that is an embedded, tamper proof microprocessor chip that allows the storage and processing of sensitive data. It benefits from low power demand and small footprint as a crypto processor as well as is compatible with IoT 29 requirements. Subsequently, a key agreement based on an asymmetric cryptographic scheme, namely B-SPEKE was used to validate and authenticate the source. We find that end-to-end and independent stand-alone procedures used for validation and encryption of the source data originating from the solar panel are cost-effective in that the validation is carried out once and not several times in the chain as is often the case. The threat model proved useful not so much as a panacea for all threats but provided the framework for the consideration of known threats, and therefore appropriate mitigation plans to be deployed.Peer reviewe