Securing The Future: Hardware Engineering For Resilient IoT Systems

Uh my name is Victor. I'm a design engineer by profession. Um today I'm talking about hard engineering. Um I'll talking about securing the future engineering for resilient IoT systems. Um firstly I would like to introduce what IoT is for those out that don't know what IoT is. So IoT refers to a network of physical devices sensors software connectivity software connectivity that enable them to collect and exchange data. So basically what these devices do is they collect data from maybe from a sensor and they exchange data over the internet. So some of the key characteristics of these um systems is one is connectivity. So they connect via things like Bluetooth, Wi-Fi, um our cellular network 4G, 5G network. Then

another um characteristics is data collection. So for example in the healthcare sector maybe a patient out is being um a patient out can be collected the data of the patient can be collected via um via the sensors maybe like a thermostat. Then another characteristics is automation. So they interact without human intervention. They interact automatically. So this um systems they are applied in different industries like the healthcare which I mentioned earlier transition system smart grid network um different even our homes. We use them in our homes to control the temperature of our homes. And so you can see that's just like a brief illustration of how it works. So it collects data from the sensors view

um it connects via your your Bluetooth your Wi-Fi. Then the data is um transmitted and processed. Then it makes um conclusion based on data analytics and sends it to the user interface. This is a life example that collects data from the thermostat and the temperature data and transmissive via your Wi-Fi and the data is seen on your phone or your computer. So why is IoT security important? Why do we need to protect these devices or the systems? So there's anticipated growth of this systems to to go to about 75 billion users by the end of 2025. Um so the key reasons why we need to protect systems one um they hold sensitive data you know based on the

fact that they transmitted via um things like the Wi-Fi Bluetooth we need to secure them and for example a patient's record or maybe like in the banking sector where there are financial records or um financial records or another example like which the one I just explained I just said just now the healthare sector we need to we need to um protect this this data because if they are not protected it's can actually put lives at risk just imagine you lose about 10 you lose all the money in your account you know you're not going to be mentally okay you understand so another um another reason why we also need to protect them is because uh these systems

they used to control um devices for example with the IoT you can control your car or like Tesla you can control control processes in like a factory where they are robots you can control them from a distance so it's very important to protect them now we've talked about um why we need to secure IoT systems let's briefly talk about the vulnerabilities so these systems they can physically attacked for example like an IoT embod um camera. A microchip can be placed in this camera and it feeds back um sensitive information to the hackers um um house or things. Um so another thing as regards the physical attack is um the site channel attack. Does anybody know about the side

channel attack? So what what this does is um it's so this kind of attack is when someone physically doesn't need to um affect like the software. So what it does is they observe physical signals like power consumption, your electroic um emissions and the timing of how long it takes to process something for example like your ATM card or the transition card. Now another vulnerability is the firmware. So for those of us that don't know what firmware is. So firmware is like the low-level software that runs directly on the hardware like microcontrollers in IoT. So if attackers can modify the firmware, they can change how the device works and they can control the system. So some of the ways which you can do

this is like uploading malicious framework or inserting an extra code to start disable or control a device from a remote location. Now what are the rules of hardware engineering? So the first one I would like to talk about is trusted platform model. So this transport this um trusted platform model what it does is like a small security sheet that is built into a computer motherboard. So what it does is it stores sensitive information like your passwords um encryption keys user certificates it s them and keep them safe. Uh like the Microsoft Surface on Levino Tinker, they come with this um these TPM chips also the bit lockers it uses TPM to lock your hard drive so that if

someone could take your hard drive they won't have access to your personal information. So let me show you. So this is how the TPM models are like. So they are found in your in your system your motherboard to protect the system protect sensitive data. Now the next one I would like to talk about is um the physical unconable functions. So what this does is um it act like your fingerprint. So it cannot be cloned. They are basically um they have natural imperfections during their manufacturing their manufacturing process to generate a unique identity for each of them each of the ships. So no two ships are exactly the same. So this can be found in your ATM

cards and your maybe your transition cards. Now another one is um the secure boot loader. So the secure this is the very first piece of code that runs on your on your device when you put your you put your device. So what it does is it's it checks if the software the software is about to run is safe and has not been changed by. So it verifies the integrity of the operating system if it's Windows or it's iOS and also allows only sign and verified code to run. Uh this one I guess many of us will be familiar with it. That's the hardware root of trust method. So what it does is this is like a secure foundation that is

built into a device. It has like the first part of the hardware. It checks and verifies everything. So it ensures that the firmware and software authenticated and allows only verified verified devices to operate within the network. So this is also it's found in um it's used in the Amazon web services um with special natural security shape. I've shown you this before. So now that we've talked about um now we've talked about the IoT um what we can how hardware can play a role in securing our our IoT devices. Now let's talk about building resilient architectures. So the first um level. So when we talk about building resilient architectures, you know is like a structure. So we need to build it at

different phases from the hardware to the firmware to a cloud network. So let's talk about the hardware. So we know this is the device the physical device itself. It's the first and the lowest layer of the defense. So we need to protect the physical um device itself. So the ways we can do this is maybe like using TPM model which I showed you earlier that's embedded in um that's used in that's placed in computer motherboards to secure sensitive devices. So we could use that or we could also use the temper detection that's by inbuting um sensors into our devices so that if someone tries to temper our teeth we could we could um we could know an alarm we could get an

alarm signal concerning that. Um for the firmware we could use um code signing such that the firmware is digitally signed by the manufacturer uh device only devices and devices will only run when the firmware signature is ver is valid or verified use the update verification when updates are pushed to a device and it checks that the update is authentic and untempered before installing it.

Now what are the major technologies? Um we have um AIdriven nutrition. So one thing that's um growing these days that's trendy these days is AI the use of machine learning is for anomaly detection where whereby so let me give an illustration. So like in the bank sector we have um a bank we have a a data of a person since when you open the account you open the account like 6 months ago since you open the account the transaction he has done has been between £1 to um about £500 and a sudden seen a a transaction of about £10,000. So that's it's like it's an anomaly it's an outlier. It's not something that so that kind of um

transaction can be spotted as a cyber attack. So this this AI um it's AIdriven is actually something that's as mentioned these days. Then the blockchain we have the blockchain. So the blockchain is used for um it's not just for cryptocurrency. It's also used for identity management. um things like um postponum cryptography integration is also um emerging. So what are the future outlooks? So I've talked about the AI thread detection and zero trust architecture. What this does is um it allows it it allows only what it does is that it makes every device within a network to be verified both within the the network and outside the network. So it's kind of like the fact that a device is is inside a

network and it's allowed within the network. It doesn't just trust it. It makes sure that every device that is both within the network and outside the network is trusted has to be verified before it operates within the system. So that's what zero trust architecture is all about. Then securing by design. So this is like the first approach that embedding um security into your design from the beginning up to from your beginning stage of the design up to deployment stage and blockchain. I've talked about the blockchain. The blockchain is all about um identity management. So it's not just for crypto cryptocurrency. It also be used for your hardware

security. So what are the practical takeaways for us as engineers and security professionals? The first one is we need to um prioritize security at the design phase. um not boots that's a design phase of hardware deployment. Also we need to implement the layer security that's protecting device across different layers from the hardware to the firmware to your network. Also we need to use um secure based models like the TPN which I mentioned earlier and um the hardware route of trust method such that only devices that are authenticated can operate within the system. Then we should also try to follow um evol standard like the National Institute for Standards um stands and technology and the Nissa and ISO

recommendations to ensure compliance and um res resilience. Then we should also integrate secure update mechanisms such that our firmware should always be um should be secured while they are regularly updated. Then lastly we should try and always conduct um regular risk assessments identify vulnerabilities and adapt to security measures that our threat involves. Thank you. Nuts.