Roland Turner

about | contact

The Seven Properties of Highly Secure Devices

I've just noticed an interesting piece of work from Microsoft last year which both (a) identifies a minimum useful set of security properties for Internet-connected devices and (b) develops a working prototype with MediaTek to demonstrate how little change to an existing microcontroller is required to make this work.

The selected set of properties feels about right:

ISOC-OTA's IoT Trust Framework already covers some of this. Should capabilties of this type become generally available in microcontrollers, they might be appropriate inclusions in a future revisions of the framework. Note of course that the mere presence of the capability in a device doesn't mean that the manufacturer will wield it correctly, but this is still streets ahead of the hopeless position of most existing devices where even the physical support for secure operation has been excluded in the interests of cost and power consumption.

Related thoughts: