Home > Tracks > Security

Robust, Bare-Metal Security that works on any IoT Device

Shawn Prestridge - Watch Now!

This talk will be followed by a Live Q&A Discussion on Zoom.

Are you looking to enable security on your IoT device but don’t really know where to start? This is the session for you! We will delve into the elements you need in an embedded design to establish security and explain why the components are necessarily. We will cover the differences between poor, “good enough”, and robust security and explain what you need to do to up your security game in your IoT device in simple, easy-to-follow steps. We will explain how to use a crypto toolbox to establish security fundamentals like: safe-and-secure boot, encrypted and authenticated communication, encrypted data storage, exploit detection/prevention, and more. Start your security journey here!
M↓ MARKDOWN HELP
italicssurround text with
*asterisks*
boldsurround text with
**two asterisks**
hyperlink
[hyperlink](https://example.com)
or just a bare URL
code
surround text with
`backticks`
strikethroughsurround text with
~~two tilde characters~~
quote
prefix with
>

Brian
Score: 0 | 8 months ago | 1 reply

A very interesting walk-through of security concerns and solution considerations, particularly the final recommendation to focus on security from the start. Thanks for putting together this presentation, nice job!

ShawnSpeaker
Score: 0 | 8 months ago | no reply

Thank you, and thanks for attending!

EdIngber
Score: 0 | 8 months ago | 1 reply

Thank you!

ShawnSpeaker
Score: 0 | 8 months ago | no reply

You're very welcome!

Doini
Score: 0 | 8 months ago | 1 reply

Thank you for the explicative presentation!

ShawnSpeaker
Score: 0 | 8 months ago | no reply

Thank you for watching, and for your kind comment!

Sreeraam
Score: 0 | 8 months ago | 1 reply

Are there any instances of IoT ransomware and if so, can the suggested security solution prevent such attacks as well?

ShawnSpeaker
Score: 0 | 8 months ago | no reply

Hello, I'm not aware of any IoT ransomware attacks, but that doesn't mean that they don't exist or that they won't escalate to that point. The attacks that I have seen are typically of the DoS/DDoS nature. The security solution I mentioned in the talk can help guard against this because usually the way these attacks are perpetrated are by either overwriting the firmware or making some jump to an area in RAM that has executable code. In the first case, a POR of the device will check the firmware's signature to see if it's authentic. In both the first and second case, there is an API that can be called from within the application to do the same thing. You could - and just thinking out loud here - tie a call to that function to some sort of non-maskable interrupt that executes once a day (or once an hour, etc.) to also force a check during application execution to try to guard against a buffer overflow attack. Of course, it's a cat-and-mouse game about how a hacker could get around this, but if somehow you can force a call to that secure function (be it by a POR or otherwise), you can recover the device. Great question - please contact me if you need more information on how this might work in a real system!

krish
Score: 0 | 8 months ago | 1 reply

Excellent explanation. thank you very much.

ShawnSpeaker
Score: 0 | 8 months ago | no reply

Absolutely, thank you for attending and your great question on Group-based crypto during the live chat session!

Erik Engstrom
Score: 1 | 8 months ago | 1 reply

Thanks for sharing slide deck! IAR again showing why you are a leader in this space.

ShawnSpeaker
Score: 0 | 8 months ago | no reply

Thanks so much! I'm really glad you liked it!

Carlo
Score: 1 | 8 months ago | 1 reply

Good analogy with root and square. To extended it, quantum computing will break current encryption because it will provide a calculator, which makes root as easy as computing square

ShawnSpeaker
Score: 0 | 8 months ago | no reply

For many current cryptosystems (like RSA), that is certainly true. That's why one of the hot research topics in cryptology today is Post-Quantum Cryptography. It will be interesting to see where it takes us!

OUR SPONSORS