Lightweight Cryptographic Identity Solutions for the Internet of Things: Engineering Secure Internet of Things Systems

With the increasing emergence of pervasive electronic devices in our lives, the Internet of Things (IoT) has become a reality with its influence on our day to day activities set to further increase with a projected 50 billion connected devices by the year 2020 [8]. These smart devices and sensors will be found in our homes, our cars, our workplaces, etc., and have the potential to revolutionise how we interact with the world today. The slew of data generated by such a volume of devices necessitates the use of smart, autonomous machine-to-machine (M2M) communications; however, this necessarily poses serious security and privacy issues as we will no longer have direct control over with whom and what our devices communicate. This could potentially open up new attack vectors for criminal hackers to exploit through the use of malicious or tampered IoT devices. Compounding the problem is that to enable the ubiquitous nature of the IoT, the embedded devices themselves are often low-cost, low-power, throwaway units which are restricted both in memory and computing power. Generally, low-cost devices targeted at the IoT space, such as the ARM Cortex-M® or the Atmel tinyAVR® families of microcontroller units (MCUs), contain little if any embedded security features. Their lightweight nature is such that even highly optimised cryptographic implementations targeted at specific MCU still require a significant timing, and corresponding energy, overhead [9]. Hence, it is clear we need a new approach to securing the IoT. In this chapter, we outline the proposed use of Physical Unclonable Functions (PUFs) for the provision of IoT device security.