Conferences and supporting programme
Secure Boot Essentials: Prevent Edge Node Attacks by Securing Your Firmware
The reality of a world filled with smart and aware devices is that there is a world of attack possibilities versus the technology our society is reliant upon. Just consider the scenario where an IoT edge node is attacked by replacing firmware to allow access to a trusted network. In today’s Internet of Things (IoT) world of connected devices, phishing scams perpetrated by re-purposing edge nodes is a real threat. Therefore, a plan for the development, manufacturing and deployment of IoT edge node devices must be made. The complexities of life cycle management create a demanding environment where the end developers must make use of a range of hardware security features, software components and partnership to achieve their security goals and prevent malicious firmware from being installed onto IoT edge node devices. Essential to sustaining end to end security is a secure and trusted boot, which can be achieved with the right MCU hardware capabilities and ARM® mbed™ TLS. This paper will introduce a life cycle management model and detail the steps for how to achieve a secure boot with a lightweight implementation leveraging NXP® ARM Cortex®-M based microcontrollers with mbed TLS cryptography support. Secure designs begin with a security model consisting of policies, an understanding of the threat landscape and the methods used to enforce physical and logical security. In order to protect firmware execution within today’s threat landscape, there must be a policy to only allow execution of authenticated firmware. The methods used to enforce this policy rely on MCU security technology to create a protected boot flow. The boot firmware can contain public key cryptography to authenticate application code. In addition to these components integrated in the end device, there are tools and steps that must be taken in the manufacturing environment using manufacturing hardware for code signing and host programs for provisioning. This paper will provide an overview of the essential components of implementing a secure boot from the concept and planning phases all the way through deployment.
--- Date: 28.02.2018 Time: 4:00 PM - 4:30 PM Location: Conference Counter NCC Ost