Arm Community
Arm Community
  • Site
  • User
  • Site
  • Search
  • User
  • Groups
    • Research Collaboration and Enablement
    • DesignStart
    • Education Hub
    • Innovation
    • Open Source Software and Platforms
  • Forums
    • AI and ML forum
    • Architectures and Processors forum
    • Arm Development Platforms forum
    • Arm Development Studio forum
    • Arm Virtual Hardware forum
    • Automotive forum
    • Compilers and Libraries forum
    • Graphics, Gaming, and VR forum
    • High Performance Computing (HPC) forum
    • Infrastructure Solutions forum
    • Internet of Things (IoT) forum
    • Keil forum
    • Morello Forum
    • Operating Systems forum
    • SoC Design and Simulation forum
    • 中文社区论区
  • Blogs
    • AI and ML blog
    • Announcements
    • Architectures and Processors blog
    • Automotive blog
    • Graphics, Gaming, and VR blog
    • High Performance Computing (HPC) blog
    • Infrastructure Solutions blog
    • Innovation blog
    • Internet of Things (IoT) blog
    • Operating Systems blog
    • Research Articles
    • SoC Design and Simulation blog
    • Tools, Software and IDEs blog
    • 中文社区博客
  • Support
    • Arm Support Services
    • Documentation
    • Downloads
    • Training
    • Arm Approved program
    • Arm Design Reviews
  • Community Help
  • More
  • Cancel
Arm Community blogs
Arm Community blogs
Internet of Things (IoT) blog The IoT Architect's Practical Guide to Security
  • Blogs
  • Mentions
  • Sub-Groups
  • Tags
  • Jump...
  • Cancel
More blogs in Arm Community blogs
  • AI and ML blog

  • Announcements

  • Architectures and Processors blog

  • Automotive blog

  • Embedded blog

  • Graphics, Gaming, and VR blog

  • High Performance Computing (HPC) blog

  • Infrastructure Solutions blog

  • Internet of Things (IoT) blog

  • Operating Systems blog

  • SoC Design and Simulation blog

  • Tools, Software and IDEs blog

Tags
  • iot security
  • Platform Security Architecture (PSA)
  • Security
  • Smart Homes
Actions
  • RSS
  • More
  • Cancel
Related blog posts
Related forum threads

The IoT Architect's Practical Guide to Security

Brian.
Brian.
December 11, 2019
5 minute read time.

We understand the extraordinary potential of the Internet of Things (IoT), but how do we move from where we are now to a world of a trillion connected devices? To seize the opportunities within this market we must ensure the products that we are developing are future-proof and secure. Also, we need to build trust in emerging technologies and the data they provide. 

The expectation and awareness of IoT security is at an all-time high and with this, new guidelines, regulations, and companies have emerged to guide requirements and best practices. While this all shows great progress in the industry, it can still be a confusing place to navigate. With all IoT products having unique security requirements, it is challenging to identify these requirements, and communicate security best practice across the ecosystem. 

To provide clarity in IoT security, Arm and Cypress Semiconductor® have created an application guide detailed the process of designing security into an IoT device. This blog gives an overview of what you find in the full application guide. 

The guide uses a smart door lock as a working example and details the security design for the Cypress PSoC® 64 line of Secure MCUs, which can be used as the platform for smart door lock implementation. While this focuses on a smart door lock, all the details are applicable to any IoT product, ensuring you protect your brand reputation and speed up security design. 

Why we chose a smart door lock

We lock our doors to protect our most valuable possessions and to keep our loved ones safe. When we turn the key or fasten the latch, it helps us feel secure. So how do we ensure that digital solutions provide that same peace of mind?

Companies developing smart door locks are taking advantage of latest technologies to transform their businesses and people's lives. A smart lock replaces or bolsters a traditional security system. It enables you to open or close a door using a smartphone, key card, a PIN, or even your fingerprint. The smart door lock can keep track of who is entering or leaving a premises and alert you to unusual activity. However, this increased functionality can come at the cost of additional security vulnerabilities, so architecting trust into a smart door lock is critical. 

The Platform Security Architecture: A simple, cost-effective security solution

Knowing what security is required and how to implement countermeasures can be complex and time-consuming. The Platform Security Architecture (PSA) was created to provide the tools that are needed to design and build security into IoT devices at scale. Documentation and specifications enable the right level of protection to be designed into products, saving time and reducing the cost of implementation. 

A systematic framework for IoT security

PSA is a four-stage framework;

Analyze: assess the potential threats to your device and identify what you need to do to protect it.

Architect: create a system architecture capable of meeting your security requirements.

Implement: use a trusted code base, such as Trusted Firmware-M to implement the security requirements from the architect stage. 

Certify: PSA Certified offers an independent testing and evaluation scheme for IoT chips, software, and devices that you can use to build and communicate trust with your customers. 

The Platform Security Architecture (PSA)The Platform Security Architecture (PSA) provides a systematic framework for IoT security. 

The PSA makes security more straightforward, even if you are not a security expert. It is aimed at different entities throughout the supply chain, from chip designers and device developers, to cloud and network infrastructure providers, and software vendors. 

To find out more about the PSA and how you can create trusted IoT solutions, watch our on-demand webinar.

Applying PSA principles to a smart door lock

How do smart door locks work?

A typical smart door lock system is shown in the conceptual diagram below. Within this system, there will be assets, or components of your device, that are of value to you and your customers. They may include:

  • Smart door lock device ID
  • Firmware and its certificates
  • Owner or guest credentials, including biometric data
  • Audit logs
  • Configuration and user data
  • Network connectivity
  • Biometric sensor, Bluetooth® Low Energy (BLE) and other hardware resources

A typical smart door lock system
A typical smart door lock system.

Cyber-attackers target these assets in the same way as a burglar would search your home for an expensive watch, jewelry, or cash. In the case of a smart door lock, your digital assets may provide access to the physical ones. The question is, what are the weaknesses and how do you protect against them?

One attack example is an impersonator of a legitimate administrator, owner, or guest carrying out a malicious act. This attack could be countered through an authentication process - the device would authenticate the administrator before granting access to the lock configuration and logs, and before performing a firmware update, preventing impersonation. 

Example attack flow: the hacker impersonates the owner of the device and gains access to the property

Example attack flow: A hacker impersonates the owner of the device and gains access to the property.

The exact requirements vary depending on the product. However, the cost and effort involved in securing a device and the investment an adversary is likely to make in carrying out an attack needs to be weighed up. 

Follow the practical guide to IoT security design

The smart door lock application guide provides a practical guide walking through the four stages of PSA. Within this you will find:

  • How to develop a threat model and security analysis document and derive security requirements and counter-measures from this
  • A comprehensive explanation of the hardware architectures and security IP necessary to maintain asset security; from trusted boot to security hardware partitioning. Additionally, the use of PSA Firmware Framework to isolate and partition functionalities into Secure and Non-secure processing environments
  • Details of how to access and use Trusted Firmware-M, the open source reference implementation of PSA, and the PSA APIs to isolate security critical functionalities from Non-secure code
  • An overview of PSA Certified and how independent evaluation can provide assurance and a common foundation of security for the whole IoT ecosystem

For a real-life implementation of PSA for security design, download the Smart Door Lock Application Guide today.

Download the smart door lock application guide

Additional Resources

Find more information about the four stages of PSA on our website. 

Start designing-in security by reading our blog on the first stage of PSA - Analyze. 

Learn more about Cypress PSoC 64 Secure MCUs.

 

Anonymous
  • Oliver Thomas
    Offline Oliver Thomas over 1 year ago

    Very informative post. You have shared things in a very decent way. IoT platforms offer advanced analytics & visualization, dynamic alerts, and secure data storage. With this technology, we can communicate with any IoT sensor that has network connectivity.

    Thanks for sharing this useful post with us.

    • Cancel
    • Up 0 Down
    • Reply
    • More
    • Cancel
  • Brian.
    Offline Brian. over 3 years ago in reply to sarahleslie

    Hi Sarah, I agree with you. A smart door lock can be connected to other IoT automation tools and devices, which can increase the attack surface. It's therefore very important to have the right security implemented to sufficiently protect against threats from many sources...

    • Cancel
    • Up 0 Down
    • Reply
    • More
    • Cancel
  • Brian.
    Offline Brian. over 3 years ago in reply to leonardwulf

    Hi Leonard, Thanks for your question. If the battery dies or power supply is cut then locks will have an emergency way to open it e.g. with a physical key or with an external power supply terminal etc.. I hope this helps...

    • Cancel
    • Up 0 Down
    • Reply
    • More
    • Cancel
  • sarahleslie
    Offline sarahleslie over 3 years ago

    This is an important article on security and also includes anything running with a  LTE IoT chipset ?

    These chipsets will make IoT much more accessible and so security then becomes even more important, I think. 

    • Cancel
    • Up 0 Down
    • Reply
    • More
    • Cancel
  • leonardwulf
    Offline leonardwulf over 3 years ago

    Maybe I missed a moment, but what if I cut off the energy supply to the system, how it will behave

    • Cancel
    • Up 0 Down
    • Reply
    • More
    • Cancel
Internet of Things (IoT) blog
  • A bare-metal programming guide

    Sergey Lyubka
    Sergey Lyubka
    Get started with the Arm bare metal programming with only GCC compiler, text editor, and a datasheet. From blinky to an embedded Web device dashboard.
    • March 15, 2023
  • Arm takes Embedded Software Development to the next level with introduction of Keil MDK Version 6

    Reinhard Keil
    Reinhard Keil
    Keil MDK Version 6 delivers new features that are optimized for the entire Cortex-M and Ethos-U processor portfolio.
    • March 9, 2023
  • Cortex-M85: Enabling safety and boosting flexibility and performance even higher

    Dimos Rossidis
    Dimos Rossidis
    This blog outlines new updates to the Arm Cortex-M85 CPU to improve safety, flexibility and performance for IoT and automotive markets.
    • March 8, 2023