Mainstream hardware based integrity solutions, up to this point, have been reserved for big dollar development with high resource capabilities. Most product development companies don’t use these features (secure boot and TrustZone), and even fewer implement them both. This session will show that with a minimum footprint, vendors can add specifically targeted TrustZone applications that provide detection, and even response capabilities, that are traditionally considered out of range for embedded devices.
This addresses the challenge of how to enable embedded ICS/IoT devices to protect vital internal components (keys, physical data links, firmware programming apps, etc) with minimal overhead and effect on performance, without enlisting an external agent to monitor the services? Hardware solutions already provided in Trusted Execution Environments (TEE) is the solution, but they are tremendously underutilized in ICS/IoT because of the perception that it’s too difficult to implement, and too costly on limited resources for less capable processor cores.
This session will show that implementing very simple and minimal TEE environments can enable a host of other features that are traditionally available only in desktop / server environments which greatly boost device security, such as unique crypto ID per device (through easier key protection), internal service / device isolation (through restricted sensitive apps), and intrusion protection via active removal of non-matched applications. It’s not a bulletproof solution, but it greatly reduces the attack surface for embedded devices, and reduces business risk for developers and end users.