Security is paramount for the safe and reliable operation of IoT connected devices. Recent malware such as Stuxnet, Flame and Duqu has raised public awareness of the need to protect critical infrastructure where several connected things are involved. Its importance is reflected in emerging national and European strategies for digital security, and in industry-led initiatives such as European Cyber Security Organization, of which IMT and Fraunhofer AISEC are members. IoT security requirements are diverse, and ensuring security in IoT is a complex challenge. There is little consensus currently about how to implement security in IoT at the device, network, or system levels. Providing a comprehensive IoT security approach is the focus of the proposed project.

Ongoing collaboration between the teams has identified a number of new research topics:

  • Universal Secure Elements based on COSE. A Secure Element (SE) is a tamper-resistant platform used for secure storage of encryption keys, and sensitive application-code hosting and execution. The goal of the study is to define a minimal interface, non-functional requirements, and set of functions to be provided by a Secure Element that offers basic COSE security services and key management in the IoT.

  • Defense and response in depth: Definition of an appropriate architecture for in-depth defense and response for IoT. Detection of possible conflicts in response activation, to launch appropriate and consistent responses to face detected intrusions, and to keep the supervised system on track with its security requirements.

  • Secure and resilient software update: Software vulnerabilities are common targets for attack, and secure and resilient software update is critical for ensuring up-to-date defences. New techniques will be developed for managing secure software update in the presence of the challenges in the IoT and for managing resilient operation of systems in the presence of inadequate update.

  • Moving Target Defense. MTD aims to reduce the attack surface of system by dynamically changing the network configuration. We investigate how MTD could be practically deployed in IoT infrastructures.

  • Post Quantum Crypto (PQC) for resource constraint IoT devices: To ensure long term security for IoT devices used in industrial environments, which are ten and more years in use, we have to prepare against quantum computer attacks. This requires PQC algorithms for signatures and key exchange. Target of this work is the efficient implementation of PQC algorithms in SW on ARM Cortex-M 32 bit platforms and hardware accelerated implementations of FPGA SoCs with ARM Cortex-A CPUs.

  • Side channel and fault attack resistance of cryptographic implementations in IoT devices: In order to protect the secure element against physical attacks, the implementations of cryptographic algorithms have to be tested with newest attacks on modern side channel measurement stations and fault injectors, e.g. a laser station with two beams available at AISEC for the project. The goal is to harden PQC implementations against such attacks.

  • High-performance low-latency protected protocol processing. In order to protect IoT infrastructure from Denial-of-Service-Attacks, high-performance implementations of protocol mechanisms are required. Addressed mechanisms include protection against TCP Syn flooding attacks.