Guest Editorial Securing IoT Hardware: Threat Models and Reliable, Low-Power Design Solutions

Abstract

It is well understood that for Internet of Things (IoT), security of underlying hardware is the key to safe and reliable operation. IoT service stack relies on security of network, software, and firmware, all of which, in turn, depend on functionality provided by the underlying hardware. The hardware may be compromised or attacked by multiple threat actors. The designer may create a backdoor that leaks vital information such as encryption key used in secure channel; the manufacturer may tamper the design by inserting hardware Trojans or introducing artifacts with known reliability vulnerabilities. Either of these actors may enable writing into protected memory areas that may store secure hash of trusted code base, allowing malware to boot directly on the hardware. Today’s designs integrate IP blocks from multiple vendors; manufactured, tested, and repaired by different companies spanning across the globe. Consequently, there are many entry points for the hardware to be compromised. For a trusted hardware design, protection and security of intellectual property cores are of paramount importance. This special section aims to publish novel solutions for security problems related to hardware used in IoT. • Secured IoT Hardware : Induction of any form of third-party intervention in the hardware design methodology may raise grave security concern for IoT hardware. Securing IoT hardware can be in the form of protecting intellectual property cores against false claim of ownership/piracy/counterfeit. The first form of security measure requires anti-piracy methodologies such as digital watermarking, hardware metering, computational forensic engineering, and obfuscation that can nullify the false claim of ownership or detect unauthorized pirated designs. The second form of threat, which is formally called “hardware Trojan,” is an act of deliberate insertion into a design (such as intellectual property core, hardware) by a rogue designer or vendor, and also requires detection/correction strategies as a security measure. Both hardware threats discussed above may occur in any of the design abstraction levels (behavioral, register transfer, layout, etc.). Handling the threats higher in the abstraction level provides more assurance against possible attacks, however, it requires a more sophisticated approach. Further more, the level at which protective measure is applied often dictates the preprocessing or postprocessing style of the approach. These calls for novel technique that embeds hardware security measure a higher abstraction level for protection of IoT devices. • Reliable IoT Hardware : Due to multiple factors affecting reliability of hardware used in IoT devices, these devices are always at a risk of malfunctioning. For example, a manufacturer may deliberately change the width of a metal line for causing premature electromigration defect, possibly triggering a timed Trojan. Multiple trigger mechanisms may be used to attack hardware such as: 1) reducing device dimensions; 2) scaling supply voltage; and 3) modulating frequency of operation. Methodologies should incorporate techniques that provide resiliency/tolerance against such faults at higher abstraction levels to assure greater reliability from the beginning of design flow. • Low-Cost IoT Hardware: Another design aspect of hardware for IoT devices is performance and power. Consumer demand drives integration of multiple functionalities, often achieved by integrating dedicated IP cores and general purpose processors working in tandem. This creates a unique challenge in maintaining security and integrity of data passing through various IP blocks. Standard solutions involving redundancy, diversity, and check run up against power, performance, and latency constraints.