Visible to the public Protection Profile Bricks for Secure IoT Devices

TitleProtection Profile Bricks for Secure IoT Devices
Publication TypeConference Paper
Year of Publication2021
Authorsde la Piedra, Antonio, Collado, Raphaël
Conference Name2020 IEEE International Conference on Internet of Things and Intelligence System (IoTaIS)
KeywordsCommunication system security, composability, design for testability, Internet of Things, lighting, Microprogramming, Monitoring, Object recognition, privacy, pubcrawl, resilience, Resiliency, security, trusted platform modules
AbstractThe Internet of Things (IoT) paradigm has been proposed in the last few years with the goal of addressing technical problems in fields such as home and industrial automation, smart lighting systems and traffic monitoring. However, due to the very nature of the IoT devices (generally low-powered and often lacking strong security functionalities), typical deployments pose a great risk in terms of security and privacy. In this respect, the utilization of both a Trusted Execution Environment (TEE) and a Trusted Platform Module (TPM) can serve as a countermeasure against typical attacks. Furthermore, these functional blocks can serve as safe key storage services and provide a robust secure boot implementation and a firmware update mechanism, thus ensuring run-time authentication and integrity. The Common Criteria for Information Technology Security Evaluation allows to determine the degree of attainment of precise security properties in a product. The main objective of this work is to identify, propose and compose bricks of protection profile (PP), as defined by Common Criteria, that are applicable to secure IoT architectures. Moreover, it aims at giving some guiding rules and facilitate future certifications of components and/or their composition. Finally, it also provides a structure for a future methodology of assessment for IoT devices.
Citation Keyde_la_piedra_protection_2021