The Future of IoT Security

By Haydn Povey

Unlimited opportunity. That’s what comes to mind when I think about the future of the Internet of Things (IoT). And, that is both a blessing and a curse.

As the IoT proliferates, billions of cloud-connected devices are expected to be designed, manufactured, and deployed over the next decade. Our increasingly connected world will become hyper-connected, transforming our lives in ways we likely never thought possible. We will see smarter cities where the commuter is automatically guided, smarter farming where livestock health is individually monitored with on-call veterinary services, smarter healthcare to reduce the spiraling costs, integration between smart white goods and utilities to manage grid loading, and the integration of smart retail and personal assistant AI to provide a “curated” shopping experience. That future is limitless and exciting. But it is also frightening. We have already seen the headlines of how attacks have impacted businesses and people with valuable data being stolen or ransomed. It is widely believed the attacks are just starting.

Devices—not often seen as likely hacking targets—now have the potential to be weaponized. No one wants a device or application that is prone to hacking or theft. Hacks, malware, and IP theft have a significant dollar cost and can destroy corporate brands and reputations. And these devices may have extended lifecycles of decades. And a “secure” connected device does not guarantee a secure system. All too often, security has been an after-thought in the development of systems.

Hardware, software, communications, and communications protocol, device commissioning, applications layers, and other systems considerations all could impact security of a device and its data. The future of IoT must see security become an integral part of the design and deployment process, not merely an after-thought or add-on.

Delivering security-orientated embedded systems is a major challenge today. It will take a strong ecosystem and the development of a “supply chain of trust” to deliver truly secure product creation, deployment, and lifecycle management for the rapidly evolving IoT marketplace.

Security needs to be architected into devices from the moment of inception. In addition, it needs to be extended across the supply chain, from security-orientated chips through to manufacturing and management for the lifecycle of the product.

To deliver secure manufacturing and ensure no malware can be injected, cold and hard cryptography principles must be relied upon to ensure solutions are secured. Security principles should be embedded in every aspect of the system from the delivery of secure foundations in the silicon device, through to the secure mastering and encryption of the OEM codebase to ensure it is protected. The programming and manufacturing stages may then freely handle the encrypted code base, but the utilization of secure appliances, which integrate high-integrity and high-availability hardware security modules, enables secure enclaves to be integrated into the process to manage and orchestrate all key material. Furthermore, the ability to encrypt applications within the development process and subsequently decrypt the images in place within the device is a critical to securing the intellectual property.

While simple in theory, there are multiple aspects of a system that must be secured, encompassing the device, the mastering of the application, the handling and sharing of the keys, and the loading of the application on to the device. The only real solution is to develop a “zero trust” approach across the supply chain to minimize vulnerabilities and continually authenticate and individualize deliverables as far as possible.

While this integrated approach cannot resolve all aspects of counterfeiting, it does mark a key rallying point for the industry, and finally enables the industry to start to draw a line under the mass counterfeiting and over-production of devices. And all stakeholders in the process—including device platform providers, OEMs, programming centers, contract manufacturers, end users, security experts, and standards bodies—must do their parts to make cyber-secure programming and manufacturing ubiquitous, easy to use, and easily adoptable.

As I said, the future of IoT holds limitless opportunity, and that will drive new solutions. There will be new business models and new ecosystems. The threats are real, and the cost of failure could be astronomical. So, for the future of IoT to be bright, it must start with security.

This article appears in Circuit Cellar 324.

Haydn Povey [Headshot - Colour]Haydn Povey is the Founder/CEO of Secure Thingz, a company focused on developing and delivering next-generation security technology into the Internet of Things (IoT) and other connected systems. He also currently sits on the Executive Steering Board of the IoT Security Foundation. Haydn has been in senior management at leading global technology companies for more than 20 years, including 10 years in senior marketing and business development roles at ARM.

Security Agents for Embedded Intrusion Detection

Knowingly or unknowingly, we interact with hundreds of networked-embedded devices in our day-to-day lives such as mobile devices, electronic households, medical equipment, automobiles, media players, and many more. This increased dependence of our lives on the networked-embedded devices, nevertheless, has raised serious security concerns. In the past, security of embedded systems was not a major concern as these systems were a stand-alone network that contained only trusted devices with little or no communication to the external world. One could execute an attack only with a direct physical or local access to the internal embedded network or to the device. Today, however, almost every embedded device is connected to other devices or the external world (e.g., the Cloud) for advanced monitoring and management capabilities. On one hand, enabling networking capabilities paves the way for a smarter world that we currently live in, while on the other hand, the same capability raises severe security concerns in embedded devices. Recent attacks on embedded device product portfolios in the Black Hat and Defcon conferences has identified remote exploit vulnerabilities (e.g., an adversary who exploits the remote connectivity of embedded devices to launch attacks such as privacy leakage, malware insertion, and denial of service) as one of the major attack vectors. A handful of research efforts along the lines of traditional security defenses have been proposed to enhance the security posture of these networked devices. These solutions, however, do not entirely solve the problem and we therefore argue the need for a light weight intrusion-defense capability within the embedded device.

In particular, we observe that the networking capability of embedded devices can indeed be leveraged to provide an in-home secure proxy server that monitors all the network traffic to and from the devices. The proxy server will act as a gateway performing policy based operations on all the traffic to and from the interconnected embedded devices inside the household. In order to do so, the proxy server will implement an agent based computing model where each embedded device is required to run a light weight checker agent that periodically reports the device status back to the server; the server verifies the operation integrity and signals back the device to perform its normal functionality. A similar approach is proposed Ang Cui and Salvatore J. Stolfo’s 2011 paper, “Defending Embedded Systems with Software Symbiotes,” where a piece of software called Symbiote is injected into the device’s firmware that uses a secure checksum-based approach to detect any malicious intrusions into the device.

In contrast to Symbiote, we exploit lightweight checker agents at devices that merely forward device status to the server and all the related heavy computations are offloaded to the proxy server, which in turn proves our approach computationally efficient. Alternatively, the proposed model incurs a very small computational overhead in gathering and reporting critical device status messages to the server. Also, the communication overhead can be amortized under most circumstances as the sensor data from the checker agents can be piggybacked to the original data messages being transferred between the device and the server. Our model, as what’s described in the aforementioned Cui and Stolfo paper, can be easily integrated with legacy embedded devices as the only modification required to the legacy devices is a “firmware upgrade that includes checker agents.”

To complete the picture, we propose an additional layer of security for modern embedded devices by designing an AuditBox, as in the article, “Pillarbox,” by K. Bowers, C. Hart, A. Juels, and N. Triandopoulos. It keeps an obfuscated log of malicious events taking place at the device which are reported back to the server at predefined time intervals. This enables our server to act accordingly by either revoking the device from the network or by restoring it to a safe state. AuditBox will enforce integrity by being able to verify whether the logs at the device have been tampered with by an adversary who is in control of the device and covertness by hiding from an attacker with access to the device whether the log reports detection of malicious behavior. To realize these requirements, AuditBox will exploit the concept of forward secure key generation.

Embedded systems security is of crucial importance and the need of the hour. Along with the advancement in embedded systems technology, we need to put an equal emphasis on its security in order for our world to be truly a smarter place.

K. Bowers, C. Hart, A. Juels, & N. Triandopoulos, “Pillarbox: Combating Next-Generation Malware with Fast Forward-Secure Logging,” in Research in Attacks, Intrusions and Defenses, ser. Lecture Notes in Computer Science, A. Stavrou, H. Bos, and G. Portokalidis (Eds.), Springer, 2014,

A. Cui & S. J. Stolfo, “Defending embedded systems with software symbiotes,” in Proceedings of the 14th international conference on Recent Advances in Intrusion Detection (RAID’11), R. Sommer, D. Balzarotti, and G. Maier (Eds.), Springer-Verlag, 2011,

DevuDr. Devu Manikantan Shila is the Principal Investigator for Cyber Security area within the Embedded Systems and Networks Group at the United Technologies Research Center (UTRC).


Marten van DijkMarten van Dijk is an Associate Professor of Electrical and Computing Engineering at the University of Connecticut, with over 10 years research experience in system security both in academia and industry.


Syed Kamran HaiderSyed Kamran Haider is pursuing a PhD in Computer Engineering supervised by Marten van Dijk at the University of Connecticut.


This essay appears in Circuit Cellar 297 (April 2015).

DEFCON for Kids—Giving Kids the r00tz to Learn

This summer may be coming to an end, but it’s never too early to start thinking about next year. If you have children between the ages of 8 and 18, you may be planning another year of summer camp. And, if you’re an engineer whose children are interested in electronics, figuring out how things work, and learning how to break things, r00tz Asylum may be the perfect fit.

r00tz Asylum (formerly known as DEFCON Kids) is a part of the widely attended DEFCON hacker convention, which takes place annually in Las Vegas, NV. Parents who attend DEFCON can bring their children to r00tz Asylum sessions where they can learn about white-hat hacking.

Electrical engineer Joe Grand is a former member of the well-known hacker collective L0pht Heavy Industries and now runs product development firm Grand Idea Studio. Grand instructs hardware hacking classes for computer security researchers and has taken a subset of that work to share with r00tz Asylum kids.

“I enjoy teaching kids because of the direct connection you have with them,” Grand said. “When you talk to them normally and explain things in simple ways, they get it!” he added. “It’s fun to see their eyes light up.”

But is teaching kids hacking a good thing? “Naysayers don’t understand the hacking mindset, which is about free thinking, circumventing limitations, and creating elegant solutions to tricky problems” Grand said. “Teaching kids to hack gives them super powers—with guidance.”

r00tz Asylum agrees. According its website, “Hacking gives you super-human powers. You can travel time and space. It is your responsibility to use these powers for good and only good.”

Teaching kids about white-hat hacking helps them learn to solve problems, be aware of the law, and understand the consequences for breaking it. And that’s where instruction in a positive and supportive environment comes in.

“Technology isn’t going away. We’re only going to become more immersed in it,” Grand said. “Kids need to be exposed to new things. It’s important to give them an environment where it’s okay to break things, that it’s okay if things fail.” But he stressed that, “Kids need boundaries. It’s our responsibility to teach them right from wrong.”

In addition to various classes, r00tz Asylum attendees have access to a hangout space of sorts with a soldering station and other resources. Last year the space featured a MakerBot 3-D printer, this year an Eggbot open-source art robot was available.

I asked Grand if either of his children would be attending r00tz Asylum in the future. He said he recently watched DEFCON: The Documentary with his four year old. When they watched the part about DEFCON Kids, his son’s reaction was: “I want to go!”

For more information about r00tz Asylum visit

Free Raspberry Pi Poster

The Raspberry Pi is a computer with no casing, no keyboard, no hard disk and no screen. Despite all that, it’s taking the world by storm!

Get your free Raspberry Pi poster now, courtesy of Elektor, RS Components, and CC! Go ahead: download, print, and then enjoy!

Free Raspberry Pi Poster


Model A has 256-MB RAM, one USB port, and no Ethernet port (network connection). Model B has 512-MB RAM, two USB ports, and an Ethernet port.

The Raspberry Pi Model B, revision 2 board:

  • Status led labels: top led has label “ACT” and bottom led has label “100”
  • Header P2 is not populated
  • The text underneath the Raspberry Pi logo reads: “(C) 2011,12”
  • The area next to the micro usb port has CE and FCC logos and the text “Made in China or UK” along the board edge.
  • There are two 2.9-mm holes in the PCB, which can be used as mounting holes.
  • P5 is a new GPIO header with four additional GPIO pins and four power pins. Also note that some pin and I2C port numbers of connector P1 have been modified between revisions!
  • Header P6 (left from the HDMI port) was added, short these two pins to reset the computer or wake it up when powered down with the “sudo halt” command.

The Raspberry Pi measures 85.60 mm × 56 mm × 21 mm, with a little overlap for the SD card and connectors which project over the edges. It weighs 45 g.

The SoC is a Broadcom BCM2835. This contains an ARM ARM1176JZFS, with floating point, running at 700 MHz, and a Videocore 4 GPU. The GPU is capable of BluRay quality playback, using H.264 at 40 Mbps. It has a fast 3D core which can be accessed using the supplied OpenGL ES2.0 and OpenVG libraries.

The Raspberry Pi is capable of using hardware acceleration for MPEG-2 and VC-1 playback, but you’ll need to buy license keys at the Raspberry Pi Store to unlock this functionality.

Which programming languages can you use? Python, C/C++, Perl, Java, PHP/MySQL, Scratch, and many more that can run under Linux.


If you’re getting a flashing red PWR LED or random restarts during the booting process, it’s likely that your PSU or USB cable has problems. The Raspberry Pi is pretty picky and requires a solid 5-V/1000-mA power supply. For other issues and more troubleshooting tips check out the extensive overview at the eLinux website is an Elektor International Media website.