1

Proposed Embedded Security Framework for Internet of Things (IoT)

Sachin Babar1, Antonietta Stango1, Neeli Prasad1, Jaydip Sen2, Ramjee Prasad1
1
Center for TeleInFrastruktur, Aalborg University , Aalborg , Denmark
2
Tata Consultancy Services, Kolkata, India
{sdb,as,np}@es.aau.dk, jaydip.sen@tcs.com, prasad@es.aau.dk

IoT is going to be an established part of life by extending the communication and networking anytime, anywhere. Security
requirements for IoT will certainly underline the importance of properly formulated, implemented, and enforced security policies
throughout their life-cycle. This paper gives a detailed survey and analysis of embedded security, especially in the area of IoT.
Together with the conventional security solutions, the paper highlights the need to provide in-built security in the device itself to
provide a flexible infrastructure for dynamic prevention, detection, diagnosis, isolation, and countermeasures against successful
breaches. Based on this survey and analysis, the paper defines the security needs taking into account computational time, energy
consumption and memory requirements of the devices. Finally, this paper proposes an embedded security framework as a feature of
software/hardware co-design methodology.

Index Terms— Cryptography, Embedded security, Internet of Things, Storage.

security for IoT. Section IX concludes the paper.

I. INTRODUCTION

T he IoT will consist of billions of digital devices, people,

services and other physical objects having the potential to
II. VIRTUAL SHOPPING SCENARIO FOR IOT
Suppose you are working at your office, and one of your
seamlessly connect, interact and exchange information about family member demands for a matching sofa set for your hall.
themselves and their environment. This will make our lives To avoid travelling back home and then going to shop, you
simpler through a digital environment that will be sensitive, can just call your home network through your mobile device
adaptive, and responsive to human needs. It will combine the sitting at your office, through different wireless technologies.
power of universal network connectivity with embedded You can call in your home network and connect to the camera
systems, sensors, and actuators in the physical world. This located at home, to take a picture of the hall from a suitable
new concept involves objects of our daily life, like clothes, angle. On similar lines you can connect to the network of the
cars, smart cards, which will be able to reveal information shopping mall, and select the item that best suits your hall.
about themselves, interacting with each other and with the After finalizing the item, now you can do the payment by
environment. IoT will therefore add an enormous range of connecting to the bank and transfer the amount to the
new industrial opportunities to the software and hardware shopping mall store account.
markets.
Due to manifold aspects that involves, security for IoT will
be a critical concern that must be addressed in order to enable
several current and future applications [1].
Existing solutions are often not integrated into the entire
system, and sometimes they violate the criteria that designers
have taken into consideration from the beginning. These are
subtle points that are not addressed by designers who tend to
focus mainly on functionality and by companies that tend to
focus on short term profits. All these reveal the importance of
fundamental security solutions and the need for applied
security.
In this paper we set out to have a comprehensive view on
the embedded security for IoT systems and propose a Fig. 1. Virtual Shopping Scenario
hardware/software design methodology that can help
designers and developers to deliver more secure devices. By using different networks and devices as shown in figure
This paper is structured as follows: section II talks about the 1 you have just left your homes, mobile and bank information
IoT scenario, highlighting the devices involved in the network. which have sensitive information open to hackers and thieves.
Section III describes the different types of attacks on IoT Apart from the security present in the existing networks, there
systems. Section IV illustrates the security requirement for is a need to focus on the security aspects of all the devices
IoT. Section V raises some issues and challenges for security involved in the communications like Sensor node, RFID,
of IoT systems. Section VI highlights the related work. Laptops, Mobile, etc because of the resource constraints that
Section VII focuses on the embedded security building blocks these devices have.
for IoT. Section VIII proposes a framework for embedded
 2

III. ATTACKS ON IOT SYSTEMS E. Network Attacks

The domain of security Attacks on embedded device is Wireless communications systems are vulnerable to
increasing day by day. Following figure 2 summarizes the network security attacks due to the broadcast nature of the
attacks on IoT Systems [2]. transmission medium. Basically attacks are classified as active
and passive attacks. Examples of Passive attacks include
Monitor and Eavesdropping, Traffic Analysis, Camouflage
Adversaries, etc. Examples of Active attacks include Denial
of Service Attacks, Node Subversion, Node Malfunction,
Node Capture, Node Outage, Message Corruption, False
Node, Routing Attacks, etc.

In this section, we presented few types of attacks in the

security domain. The security in the case of IoT system must
deal with several additional resource constraints and a need of
strongest resistance against attacks.

IV. SECURITY REQUIREMENT FOR IOT

Following figure 3 summarizes the major security concerns
for IoT [2].
Fig. 2. Attacks on IoT Devices.

A. Physical Attacks
These types of attacks tamper with the hardware
components and are relatively harder to perform because it
requires expensive material. Some examples are de-packaging
of chip, layout reconstruction, micro-probing, and particle
beam techniques.
B. Side Channel attacks
These attacks are based on “side channel Information” that
can be retrieved from the encryption device that is neither the Fig. 3. Security concerns for IOT
plaintext to be encrypted nor the ciphertext resulting from the 1. User identification: It refers to the process of validating
encryption process. Encryption devices produce timing users before allowing them to use the system.
information that is easily measurable, radiation of various 2. Tamper resistance: It refers to the desire to maintain these
sorts, power consumption statistics, and more. Side channel security requirements even when the device falls into the
attacks makes use of some or all of this information to recover hands of malicious parties, and can be physically or logically
the key the device is using. It is based on the fact that logic probed.
operations have physical characteristics that depend on the 3. Secure execution environment: It refers to a secure,
input data. Examples of side channel information are timing managed-code, runtime environment designed to protect
attacks, power analysis attacks, fault analysis attacks, against deviant applications.
electromagnetic attacks, environmental attacks[3]. 4. Secure content: Content security or Digital Rights
Management (DRM) protects the rights of the digital content
C. Cryptanalysis attacks
used in the system.
These attacks are focused on the ciphertext and they try to 5. Secure network access: This provides a network
break the encryption, i.e. find the encryption key to obtain the connection or service access only if the device is authorized.
plaintext. Examples of cryptanalysis attacks include 6. Secure data communication: It includes authenticating
Ciphertext-only attack, Known-plaintext attack, Chosen- communicating peers, ensuring confidentiality and integrity of
plaintext attack, Man-in-the-middle attack, etc. communicated data, preventing repudiation of a
D. Software Attacks communication transaction, and protecting the identity of
Software Attacks are the major source of security communicating entities.
vulnerabilities in any system. Software attacks exploit 7. Identity Management: It is broad administrative area that
implementation vulnerabilities in the system through its own deals with identifying individuals / things in a system and
communication interface. This kind of attack includes controlling their access to resources within that system by
exploiting buffer overflows and using trojan horse programs, associating user rights and restrictions with the established
worms or viruses to deliberately inject malicious code into the identity.
system. 8. Secure storage: This involves confidentiality and
integrity of sensitive information stored in the system.
 3

V. ISSUES AND CHALLENGES approaches. It optimizes the overall partitioning of

Following are some of the issues and challenges related to functionality between HW and SW, as well as between the
security for IoT [4,5]: system host processor and security processor, to maximize
1. Security can be resource consuming and if you are using overall processing efficiency while satisfying other design
low power embedded device, this can be a big challenge. The constraints. It is the best trade-off between efficiency and
computation power available in IoT is limited and may be flexibility but it requires a clear vision of the complete system
insufficient for the processing of security algorithms. The and a good communication between the hardware designers,
battery capacity is also limited and their life duration is the software designers and the security experts [8,9].
strongly connected to the quantity of computation executed in
the embedded processor. Storage limitations also are hurdles The research on existing solutions is divided into two main
for embedding security features. topics: optimization of the basic security functions and
2. Cryptography is notoriously expensive and it makes countermeasures against security attacks. The table 1 below
security impossible for resource constrained devices. There is presents the functionality comparison for existing solutions
a need for optimized lightweight cryptographic algorithms for between these two topics for the publications used as
such devices. references for this state of art evaluation. Optimization
3. The complexity and size of some protocols and parameters like energy, computational time, memory
algorithms makes security expensive. requirement, flexibility, cost, reliability, etc are concerns for
4. Biggest problem is that there is no “correct” solution. IoT. For resource constraints systems energy, computational
Security is based upon applications itself and it really varies time, cost will be major parameters.
TABLE I
radically from application to application. FUNCTIONALITY COMPARISON FOR EXISTING SOLUTIONS
5. The environment in which the devices are placed can be
accessed more easily than fix systems by attackers. Indeed Counter Optimization
they must be secure against both logical and physical access measures of the basic
against security
by malicious entities. attack functions
6. As heterogeneity increases, developing applications that

Computational time
Energy Efficiency
run across all platforms will become exceedingly difficult Existing solutions[8-14]/ Comparison

Side-channel
HW-attack
Parameters

SW-attack
which raises the need for standard interoperable security

Flexible

cost
protocols.

VI. RELATED WORK

The solution selected for security in embedded devices is
An FPGA Implementation of a Flexible
always a question of trade-off between security, flexibility, Secure ECC Processor √ √ √
performance, power consumption and cost. Existing Solutions HW-SW Implementation of Public-Key
√ √ √
to these problems are divided into three approaches: Cryptography for Wireless Sensor Networks
Implementing Embedded Security on Dual-
A. Software only Approach Virtual-CPU Systems √ √ √
A security approach for off-chip memory in
This approach makes use of programmability of embedded embedded microprocessor systems √ √
General Purpose Processors (GPP) for performing security A compiler-hardware approach to software
operations. This approach reaches the demand in cost and protection for embedded systems √ √ √
flexibility but not in the power consumption and silicon area Embedded security: New trends in personal
recognition systems
√ √ √
points of view. This approach sometimes leads to overwhelm A data-driven approach for embedded
the processing capacity of the embedded GPP. In the point of security √
view of countermeasures against security attack, this approach
can provide several solutions. In [6], a countermeasure against All solutions discussed basically focus on to speed up the
side-channel attack at software level is described. basic security functions and it does not provide solutions
against the majority of the security attacks. So, there is a need
B. Hardware only Approach
for an embedded security framework and architecture which
This approach makes use of ASICs (Application Specific will move security considerations from a function-centric
Integrated Circuits) to implement a given cryptography perspective to system architecture (HW-SW) design issue.
algorithm in hardware. This policy allow controlling precisely
the parameters energy, computation capacity and time VII. BUILDING BLOCKS
constraints but it is generally not optimum for the flexibility
and cost parameters. In [7] a new logic style for secure IC Embedded security means building security in from the start
against differential power analysis is presented. i.e. security features built into a device. Some of the major
building blocks for embedded security for IoT is listed
C. Hybrid Approach below[2,5]:
This approach is a combination of the two previous 1. Cryptographic Algorithms: These are basically the
 4

essential building block of a robust security solution. The

unusual design constraints placed on embedded devices The basic idea for framing the security architecture for IoT
require a new lightweight, highly efficient, easy to deploy is, utilizing security mechanisms and protocols effectively, to
cryptography scheme that provides high levels of security start off with a design that takes security into consideration
while minimizing memory, execution speed requirements and from the requirements gathering to maintenance as seen in
power requirements. Elliptic-Curve-Cryptography (ECC) is an Figure 4, following the software development life cycle.
essential methodology for meeting these requirements of
embedded designs and that is the reason why it is essential for
embedded security.
2. Secure Storage: Cryptographic algorithms require keys as
their basis for operation. Since the algorithms are published
and known to all, including to potential attackers, protecting
the secrecy of the key is an important issue for security.
Secure Storage essentially deals with protecting access to keys
and other pieces of data. Secure Storage also needs to be
persistent, such that items are not lost during power cycles.
Examples of persistent storage are on-chip ROM memory, on- Fig. 4. Embedded Security Design Steps
chip One-Time-Programmable (OTP) technology, as well as
off-chip flash memory. For building the embedded security framework for IoT, we
3. Secure Boot : The purpose of Secure Boot is to bring the also need to look at all of the tradeoffs between performance,
system to a known and trusted state. The Secure Boot routine cost, and security. Unfortunately, these three concepts are
is a ROM-based routine, so that an attacker cannot intercept almost always directly at odds with one another. More
the procedure. Additional features are required in order to performance means the cost goes up, lowering the cost means
provide a complete Secure Boot solution. These include the lowering security and performance, and implementing higher
ability for software update at any point in time i.e a Software security means performance will decrease.
Version Revocation mechanism for system advancement to a An hardware software based security architecture for IoT is
new version of the software image with prevention of roll- proposed which should be the best trade off cost/efficiency or
back to an older version is a must. security/performance as shown in figure 5.
4. Secure JTAG : The JTAG interface is a debugging
interface for chips. It is used primarily during development
and manufacturing, but also used to help debug errors that are
found in the course of the lifetime of the system. The JTAG
interface is potentially exploitable by attackers, who can try to
read internal registers or memories.
5. Secure Execution Environment (SEE) : It refers to a
processing unit which is capable of executing applications in a
protected manner. The building blocks of an SEE are : a
secure processor (either a dedicated processor or one capable Fig. 5. Hardware Software Security implementation performance
of supporting a secure mode) which is hardware
compartmentalized from the non-secure mode, Secure code A cost effective designs use a mixture of hardware and
and Data memory (most likely dedicated on-chip RAMs) and software to accomplish overall security goals. This provides
a Secure kernel for providing the interface between hardware sufficient motivation for attempting a synthesis-oriented
and software. approach to achieve security system implementations having
both hardware and software components. Such an approach
VIII. PROPOSED EMBEDDED SECURITY would benefit from a systematic analysis of design trade-offs
FRAMEWORK that is common in synthesis while also creating cost effective
The basic embedded security framework should consider systems.
the following things: Following are the key features of the security framework
1. Environment factor: with respect to the environment in and architecture:
which the devices operate determine the assumptions, threats, Lightweight cryptography: Optimized Cryptographic
vulnerabilities, attacks and required policies for secure algorithms and hardware architecture for extreme low power,
functioning. memory and processing requirements.
2. Security Objectives: determine your device's security Physical Security: Trusted Platform module which will take
objectives. Consider the data (assets) or operation it will into account the vulnerabilities of the hardware device at
protect and which threats from step 1 require countermeasures. physical level.
3. Requirements: determine your functional security Standardized security Protocols: Development of
requirements. standardized protocols which are both lightweight with respect
 5

to communication and cryptographic computations. birth to the death of system. After discovering the sources and
Secure operating systems: Rich operating systems with a the reasons of vulnerabilities, safeguards should be embedded
secure kernel which will ensure a secure communication in the design methodology. An embedded security framework
inside the processor by providing secure runtime execution and architecture is dependent on precise definitions of
environment, secure booting, secure content, etc. parameters like resource constraints, network specification
Future application Areas: Understanding the technical, (protocols, throughput, topology, services, etc...) and system
economical, social context of a given application area, in order specification (protocols, device size, service which are
to develop security solutions which are appropriate and managed, multi-rate specification, etc.). This will provide the
acceptable. necessary information to define the boundaries between the
Secure Storage: Protect the sensitive information stored in secure and insecure part of the system (data and hardware
RAM / ROM and secondary storage. levels). Proper system-level study will enable the selection of
the candidate solutions for the hardware and software parts.
Following figure 6 illustrates the embedded security These candidates will be used, together with the
architecture. specifications, as inputs for the hardware/software co-design
methodology which will lead to a security framework and
architecture for IoT system.

REFERENCES
[1]. Rolf H. Weber , "Internet of Things – New security and privacy
challenges", Computer Law & Security Review, Volume 26, Issue 1,
January 2010, Pages 23-30
[2]. Srivaths Ravi, Anand Raghunathan, Paul Kocher, Sunil Hattangady ,
“Security in embedded systems: Design challenges ” ,August 2004 ,
Transactions on Embedded Computing Systems (TECS) , Volume 3
Issue 3 , ACM
[3]. Hagai Bar-El ,”An Introduction to Side Channel Attacks “ , White
paper,Discretix Technologies limited,
[4]. Christof Paar, André Weimerskirch, “Embedded security in a pervasive
world” , Information Security Technical Report, 2007 – Elsevier ,
Volume 12, Issue 3, 2007, Pages 155-161.
[5]. Matthew Eby, Jan Werner, Gabor Karsai, Akos Ledeczi, "Embedded
systems security co-design" , April 2007, SIGBED Review , Volume 4
Issue 2 ,Publisher: ACM
Fig. 6. Embedded Security Framework and architecture [6]. Gebotys, C.H.; Tiu, C.C.; Chen, X., "A countermeasure for EM attack
of a wireless PDA," Information Technology: Coding and Computing,
The architecture can be divided into hardware and software 2005. ITCC 2005. International Conference on , vol.1, no., pp. 544-549
Vol. 1, 4-6 April 2005
level with lightweight standardized protocols supporting at the [7]. Tiri, K. and Verbauwhede, “Design Method for Constant Power
physical and MAC layer. The level of security within the Consumption of Differential Logic Circuits”, In Proceedings of the
device will vary depending on the nature of the protected Conference on Design, Automation and Test in Europe - Volume 1
(March 07 - 11, 2005). Design, Automation, and Test in Europe. IEEE
content and kind of application. The architecture should Computer Society, Washington, DC, 628-633.
provide physical protection to secret keys by keeping the [8]. T. Kerins, W.P. Marnane E.M. Popovici: An FPGA Implementation of
components like secure ROM, which is handling the secret a Flexible Secure Elliptic Curve Cryptography Processor. Distinguished
Paper. International Workshop on Applied Reconfigurable Computing
keys, inside the secure SoC. The Secure Bootloader should ARC 2005, Proceedings, pp.22-30, IADIS press.
ensure that the device boots up with the genuine OS or [9]. Murphy, Gerard; Keeshan, Aidan; Agarwal, Rachit; Popovici,
firmware with right process privileges. Secure ROM, secure Emanuel,“Hardware - Software Implementation of Public-Key
Cryptography for Wireless Sensor Networks ”, Irish Signals and
runtime execution environment, secure memory management Systems Conference, 2006. IET , 28-30 June 2006 Page(s):463 – 468.
unit are the prime focus for inbuilt security. Also rich [10]. Wilson P, Frey A, Mihm T, Kershaw D, Alves T., "Implementing
operating system with necessary security functionality, secure Embedded Security on Dual-Virtual-CPU Systems" , Design & Test of
kernel interface and compatible standardized security Computers, IEEE Volume 24, Issue 6, Nov.-Dec. 2007
[11]. Romain Vaslin, Guy Gogniat, Jean-Philippe Diguet, Eduardo
protocols for IoT system will contribute towards the secure Wanderley, Russell Tessier, Wayne Burleson, "A security approach for
security architecture and framework for IoT. off-chip memory in embedded microprocessor systems",
Microprocessors and Microsystems, Volume 33, Issue 1, February
2009, Pages 37-45
IX. CONCLUSION [12]. Olga Gelbart, Eugen Leontie, Bhagirath Narahari, Rahul Simha, “A
Embedded Security for IoT will be crucial and important compiler-hardware approach to software protection for embedded
systems”, Computers and Electrical Engineering 35 (2009) 315–328,
with strong security mechanisms which will prevent damages 2008 Elsevier Ltd.
and economical losses offering new business opportunities. [13]. Fons, M.; Fons, F.; Canto, E.;"Embedded security: New trends in
However, sound security solutions are not attained easily. personal recognition systems"; Microelectronics and Electronics
Conference, 2007. RME. Ph.D. Research in 2-5 July 2007.
There are many challenges that should be defied. A sound [14]. Saputra, H.; Ozturk, O.; Vijaykrishnan, N.; Kandemir, M.; Brooks,
solution considers the security from the beginning i.e. from R.;"A data-driven approach for embedded security" ; VLSI, 2005.
design to implementation, to detect the vulnerabilities from the Proceedings. IEEE Computer Society Annual Symposium on 11-12
May 2005 Page(s):104 - 109.