2024-12-14 –, Track 2
Ever wondered how your smart toothbrush or connected garden rock stays secure in our digital world? As the Internet of Things (IoT) brings connectivity to everyday objects—from cars to clothing—it's more important than ever to keep these devices safe from cyber threats. But here's the challenge: many IoT gadgets run on tiny chips called Systems on Chip (SoCs) that don't have the power of full-sized computers, making them uniquely vulnerable.
In this presentation, I'll guide you through the fascinating world of hardware/software binding—a key technique that ensures only authorized software runs on specific hardware. We'll explore how this practice helps protect IoT devices by linking software tightly to the hardware it runs on, preventing unauthorized code from sneaking in.
We'll look at different SoCs used in IoT devices, discuss SoC architecture, review the security methods provided (or not) by manufacturers, and dive into some cool techniques from research and industry. Don't worry if you're new to this—I'll break down the jargon and share practical insights from my own experiences in software development and security.
Plus, I'll introduce a handy questionnaire you can use when choosing SoCs for new products, helping you evaluate their security features with confidence. Whether you're just starting out in cybersecurity or simply curious about how to keep our connected world safe, this talk will give you the understanding and tools to make a real difference.
As the Internet of Things (IoT) weaves itself into the fabric of our daily lives—from smart toothbrushes and connected cars to wearable tech and home gadgets—the security of these devices becomes more critical than ever. This presentation offers a friendly and accessible introduction to IoT security, focusing on Systems on Chip (SoCs) and the essential practice of hardware/software binding. It is based on my dissertation for the MSc Information Security program at RHUL.
We'll explore:
IoT and SoCs Demystified: Understand what IoT and SoCs are, and how they power the devices we use every day.
Unique Security Challenges: Learn about the vulnerabilities inherent in IoT devices due to their limited computational resources.
Hardware/Software Binding Concepts: Discover how binding software to hardware (and vice versa) prevents unauthorized access and enhances security.
Binding Methods and Solutions: Review current approaches from manufacturers and innovative solutions from academic and industry research, including their risks and limitations.
Physically Unclonable Functions (PUFs) and Hardware Security Modules (HSMs): Get introduced to these advanced security mechanisms and their practical applications in IoT devices.
Selecting Secure SoCs: Gain practical tips on choosing the right SoCs for new products, with examples of affordable development kits (often under £10) that make this field accessible to all.
Security Evaluation Tool: Receive a handy security questionnaire designed to help you assess SoCs for product development and understand governance and lifecycle considerations.
Whether you're a beginner cybersecurity enthusiast, a developer looking to build secure products, a red teamer interested in potential attack surfaces, or simply curious about the gadgets around you, this session will equip you with the knowledge to make informed decisions and contribute to a safer, more secure IoT ecosystem.
Join us to explore how we can collectively enhance security in our increasingly connected world.
Stephen Cravey is a seasoned IT Security Leader with a MScf in Information Security and a CISSP certification. His career in cybersecurity started in 1995 with a unique request to the NSA for educational materials, setting the stage for a diverse and impactful professional journey.
Currently, Stephen plays a key role at a leading consulting firm, where he helps organizations navigate complex cybersecurity, governance, and espionage challenges, including ISO 27001 and NIST 800-53 focused compliance remediation initiatives. His technical expertise covers a broad spectrum, from detailed system architecture to foundational electronic principles, always with an eye on practical application and human factor root cause issues.
His research has explored practical integration techniques for emerging technologies, reinforcing his ability to blend advanced concepts with real-world solutions. Stephen is particularly skilled at identifying risks and leading strategic initiatives that enhance security processes and implement robust technical solutions in dynamic settings.
Known for his ability to connect with both technical teams and executive leaders, Stephen effectively aligns technological strategies with business goals, helping organizations enhance their security posture for today's demanding environments.