back to article Your boss yells 'build a secure IoT gadget' and you don't know where to start. Take a look at this

A 101 introduction to designing secure Internet-of-Things devices and similar systems has been published today by the MIPS-cheerleading Prpl Foundation. The illustrated guidebook is not tied to the aforementioned processor architecture: it can be understood by anyone dabbling in ARM, x86 and MIPS-based embedded engineering. …

  1. This post has been deleted by its author

  2. aldolo

    it cost too much

    reading this doc took 2 of my hours. now i've to explain it to less techy people: 8 hours! how much for a real implementation? tomuchhours!!!!!! take an arduino and pack it in a nice box....

    by the way, consolle makers know very well these topics, but all the consolle have got some kind of crack.

  3. Daniel Snowden

    Simple solution

    Take out the communications equipment (i.e. the "Internet" part) and then it might be secure.

    1. TheOtherHobbes

      Re: Simple solution

      I like the idea of an Internet-connected light switch that doesn't connect to the Internet.

      Someone should patent that before Apple does.

  4. walter.bishop Silver badge
    Linux

    Designing secure Internet-of-Things

    "It's aimed at people designing internet-connected gadgets and gizmos who want to make sure malicious code doesn't end up compromising devices"

    How about running the core OS on read-only memory and the apps on a VM running on top? The core OS can't be altered without visiting the device and plugging in a dongle. As has already been demonstrated the trusted execution path can be compromised.

    http://www.blackhat.com/presentations/bh-dc-09/Wojtczuk_Rutkowska/BlackHat-DC-09-Rutkowska-Attacking-Intel-TXT-slides.pdf

    1. diodesign (Written by Reg staff) Silver badge

      Re: Designing secure Internet-of-Things

      "How about running the core OS on read-only memory"

      Then you're completely screwed when you need to patch a security bug in your OS. The whole point of this root-of-trust thing is to be able to install trusted updates. And there will be bugs.

      C.

      1. dotdavid

        Re: Designing secure Internet-of-Things

        "Then you're completely screwed when you need to patch a security bug in your OS"

        Hah! As if building a patching/update mechanism is ever in scope for any of these IoT manufacturers!

        1. DropBear Silver badge
          Trollface

          Re: Designing secure Internet-of-Things

          "Hah! As if building a patching/update mechanism is ever in scope for any of these IoT manufacturers!"

          Of course it is - they want to make damn sure patching anything that would otherwise involve scrapping an entire production run remains possible. That of course in no way implies they intend to ever update anything that isn't actually threatening with a class action.

  5. Displacement Activity
    Thumb Down

    I don't get it...

    (yet?) First off, I can't see that their examples are even "IoT". Jeeps and Boeings aren't part of the IoT. Somebody just (allegedly) screwed up their entertainment systems, and failed to separate them from the control systems. I don't need a paper on that. Somebody managed to gain access to a rifle targeting system because it had a WiFi connection; not even the Internet. And anyone who builds Linux and WiFi into a rifle deserves all they get. And somebody else built a drug infusion system so that it could be controlled over the Internet; I think I see what their problem was. This was the only example where there was a possible use case for external control, but I would like to see their justification for remote *control*, rather than *monitoring*. The place to control drugs is at the bedside.

    Back in the real world, I get asked to monitor taps, for example, over the internet, to see how often they're used (really). They have a tiny micro and a GPRS connection. I might be asked to turn something on occasionally. I thought this was the "IoT", and the paper is pretty much irrelevant to that. It doesn't even mention TLS/SSL, and even that's a big deal on the electronics I've got. My #1 problem is ensuring that a request to turn on a tap comes from a trusted source, which isn't even mentioned. My interest in trusted hypervisors, having cryptographically signed boot software on the micro, chain of trust authentication, and all the rest of it, is exactly zero. Putting in all this overhead is far more liekly to cause a problem than to cure it.

    1. TeeCee Gold badge
      WTF?

      Re: I don't get it...

      Jeeps and Boeings aren't part of the IoT.

      Er, why not?

  6. LosD

    Errr... The last part seems more for securing the device against its own user. That's a BAD thing, not a good thing.

  7. Anonymous Coward
    Anonymous Coward

    Internet of Things?

    Oh dear, still wheeling out that tired old marketing expression? It's SO 2014...

  8. Anonymous Coward
    Anonymous Coward

    Starts well...

    ... rapidly goes downhill from there. I sincerely hope no-one blindly follows the given advice without giving more than a moment's thought to the implications.

    Then again I suppose it is the sort of thing you would expect a SoC maker to say. How did the paper conclude before marketing got their hands on it? Presumably not by suggesting you trust your secret keys to our magical silicon and lock down the debugging interface to make third party auditing that bit more difficult. That's just the sort of thing you would do to if you want to put a bit of space between yourself and those that want to rip off your software.

    Hardware support for virtualisation the 'gold-standard' indeed.. And how exactly would these disparate OS images share their data without opening up the exact same attack surfaces?

  9. TeeCee Gold badge
    Facepalm

    "If you're an engineering sage...."

    You should bloody well read it anyway.

    Many gaping holes are left by people who really should know better. It's the; "I know what I'm doing and I've always done it this way" effect at work.

    Oddly enough, most embedded code is not written by n00bs.......

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019