With the large scale adoption of Internet of Things (IoT) applications in people's lives and industrial manufacturing processes, IoT security has become an important problem today. IoT security significantly relies on the security of the underlying hardware chip, which often contains critical information, such as encryption key.To understand existing IoT chip security, this study analyzes the security of an IoT security chip that has obtained an Arm Platform Security Architecture (PSA) Level 2 certification. Our analysis shows that the chip leaks part of the encryption key and presents a considerable security risk. Specifically, we use commodity equipment to collect electromagnetic traces of the chip. Using a statistical T-test, we find that the target chip has physical leakage during the AES encryption process. We further use correlation analysis to locate the detailed encryption interval in the collected electromagnetic trace for the Advanced Encryption Standard (AES) encryption operation. On the basis of the intermediate value correlation analysis, we recover half of the 16-byte AES encryption key. We repeat the process for three different tests; in all the tests, we obtain the same result, and we recover around 8 bytes of the 16-byte AES encryption key. Therefore, experimental results indicate that despite the Arm PSA Level 2 certification, the target security chip still suffers from physical leakage. Upper layer application developers should impose strong security mechanisms in addition to those of the chip itself to ensure IoT application security.
Recent years have seen the rapid development and integration of the Internet of Things (IoT) and cloud computing. The market is providing various consumer-oriented smart IoT devices; the mainstream cloud service providers are building their software stacks to support IoT services. With this emerging trend even growing, the security of such smart IoT cloud systems has drawn much research attention in recent years. To better understand the emerging consumer-oriented smart IoT cloud systems for practical engineers and new researchers, this article presents a review of the most recent research efforts on existing, real, already deployed consumer-oriented IoT cloud applications in the past five years using typical case studies. Specifically, we first present a general model for the IoT cloud ecosystem. Then, using the model, we review and summarize recent, representative research works on emerging smart IoT cloud system security using 10 detailed case studies, with the aim that the case studies together provide insights into the insecurity of current emerging IoT cloud systems. We further present a systematic approach to conduct a security analysis for IoT cloud systems. Based on the proposed security analysis approach, we review and suggest potential security risk mitigation methods to protect IoT cloud systems. We also discuss future research challenges for the IoT cloud security area.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.