Threat-based Analysis Method for IoT Devices
By all accounts, Internet of Things (IoT) devices are forecasted to become ubiquitous. These devices, powered by semiconductors, will make every imaginable process smart. From simply turning on a light to more complex processes such as outpatient care or factory control, IoT devices utilising sensing, processing, and cloud connectivity will dramatically improve their efficiency. The applications are diverse, and their promise and impact are unbounded.
However, the growing “smartness” of connected devices introduces security challenges. For example, traditional lighting control is relatively primitive – it’s a power circuit with a physical switch. Operating the switch requires physical proximity. Securing this process against unauthorized use simply requires physical protection of the switch. Now consider lighting control in its smart incarnation as an IoT device. The physical switch is replaced by light and proximity sensors, logic (typically implemented in a microcontroller), and wireless connectivity to a cloud-based application. In becoming smart, a light switch is transformed into an embedded client that works with an application server through a network. Securing the smart light switch has become much more complicated. This added complexity will present challenges to all IoT device designers. The good news is that secure microcontrollers can greatly enhance the security of the IoT device and accelerate the design cycle.
This paper offers a case study to determine the security requirements of a network camera IoT device. This device is, by definition, already connected and is used widely in a number of applications, from cheap home web-cams to complex industry systems. By defining the relevant threats against the network camera and determining the security objectives to defend against those threats, the security requirements for the device will be established. It presents Cypress’ PSoC® 6 MCU, based on Arm® technology, as a solution that meets these requirements. The methodology can be applied to other IoT devices as well.