One of the first steps in preventing attacks on IoT devices is to consider certain design factors. Here are some examples of design and program execution techniques that need to be considered:

Firmware storage for IoT devices

An obvious malicious attack method is to inject invalid firmware code into the IoT platform. One common measure is to execute a small boot loader (externally visible) when starting up from internal ROM, and then continue with OS booting and application firmware from flash memory.

Since the purpose of using flash memory is to enable product updates and upgrades in the field, this externally visible attack surface needs to be secured. For example, OS and application code can include digital signatures authenticated by a trusted domain evaluation.

Runtime memory security for IoT devices

During runtime, measures can be taken to check the integrity of the application memory storage. These checks can be evaluated periodically or triggered by specific application events.

Note that these runtime checks actually only apply to relatively static data, including: application code, interrupt routines, and interrupt address tables.

Programming of application tasks for IoT devices

Early design decisions involved defining which tasks in the overall application needed security measures and different operating system privileges. Therefore, the application may need to be divided into small subtasks. If task complexity is limited, this will also simplify the design of the security subsystem.

Redundant hardware/software resources for IoT devices

To improve security, a cautious approach may be to execute critical application code twice to test attack methods injecting faults into the IoT system.

Witnessing for IoT devices

Another measure integrated into the design is to prove, via an external interface, that the IoT product is initialized as expected by the security subsystem. If using runtime security checks, the design also needs to convey that operational security is being maintained.

Neoway Technology focuses on providing IoT access communication products and services for IoT operators and smart interconnect product manufacturers. Products include access cloud, pipeline cloud, cellular wireless communication modules and machines such as 2G/3G/4G/5G/NB-IoT/eMTC.

It is with Neoway Technology's globally pioneering access communication solution based on cloud-managed terminal architecture that the company can provide stable, reliable, and secure access communication for IoT, making human society more environmentally friendly, efficient, and convenient. Please contact us for more information. Our range of offerings encompasses neoway N58/N720/G7A/N715/N511/Neo N21/Neo N11/T box automotive. Contact us for more information.