Collaborate Disseminate
I am doing a security assessment on the communication security of a legacy IoT device. The objective is to assess and find security gaps in the current design/implementation.
The mode of assessment is manual, primarily with the reference o… Continue reading Security assessment of a legacy SSL/TLS implementation on an IoT device
I have a typical IoT set up where a set of IoT devices running embedded Linux are connected to a cloud IoT server. The underlying carrier connection to the internet is over GSM. All communication to the server is secured with TLS implement… Continue reading When does it make sense to deploy an embedded firewall on my IoT device?
I understand SSL/TLS is the most commonly data transmission protocol for a secured communication. I need to implement the same in one of the IoT device (ARM® Cortex®-M4 Core at 80 MHz). This will be TLS Client implementation.
Since the d… Continue reading Addressing SSL/TLS vulnerabilities in IoT Device client side implementation
I am designing a software that creates software distribution usb disk media. The Information Security Pillars; are achieved as follows:
Confidentiality – By Encrypting the content. Only (SDC)software distribution center and endpoints knew… Continue reading USB Flash Disk with Piracy Protection [closed]
I have multiple IoT devices that will be connected to a cloud based platform in order to control these devices (IoT node running baremetal arm SoC).
These IoT nodes would be deployed and, during configuration, they would create a secure c… Continue reading Self-signed certificates in embedded IoT device
I have multiple IoT devices that will be connected to a cloud based platform in order to control these devices.
In order to have a proper security I´m thinking about using Authentication Certificates so that each IoT device is a trusted e… Continue reading Authentication Certificates in Embedded System (Microcontroller)
Context: Secure boot is one of the important elements of Trusted Computing in computer system. One variety of the Secure boot is authenticated boot. While secure boot prevent the boot of a non trusted software, the authentica… Continue reading Why authenticated boot not Secure boot?
There is an embedded device which should connect to the server over HTTPS and MQTTS. A server certificate is issued by a trusted CA (for example, Let’s Encrypt). But there is a problem with server certificate verification on the client sid… Continue reading Trusted CA SSL certificates and embedded devices
Every bug bounty program or text piece about bug bounty methodologies I’ve encountered is for some type of web service. I’m mostly focused on low-level system and embedded software. Are there bug bounty programs for someone w… Continue reading Any Embedded Bug Bounty? [on hold]
Should we generate a strong password offline, keep it closely guarded secret, and use the same one across all copies of the device? The boot drive is eMMC flash soldered on the PCB, hard to read bypassing the OS. Or should I … Continue reading Best practices to manage password for embedded Linux devices