At the ARM TechCon 2013 later this month, attendees will be presented with an impressive array of papers and classes on all aspects of security, which is not suprising given the broad array of markets and applications that are connected and prone to hacking and security links: mobile devices, the internet of things, wireless sensors, industrial control. The classes and presentations that caught my eye and for me are must-attends include:
“Analyzing Mobile Security Implications of BYOD (ATC-211),” in which IBM’s David Drucker advises developers of Bring Your Own Device ARM-based mobiles on security requirements as smartphones and tablets come into the corporate environment. Topics include mobile threats, constraints of the BYOD ecosystem and techniques for improving BYOD security.
“Addressing Security and Privacy Issues for the Internet of Things (ATC-304) ,” where Freescale’s Kaivan Karimi and Oracle’s Henrik Stahl warn that With all the excitement around the Internet of Things (IoT), some forget that the state of today’s Internet privacy and security is a disaster in making. Using real world examples, they recommend system-level approaches to some of these issues and also highlight some of the innovations needed for IoT security.
“Considerations in Securing Connected Devices (ATC- 328), ” taught by Chris Conlon of wolfSSL, a hands-on presentation in which he focuses on preventing man in the middle (MITM) attacks using SSL/TLS, optimizing SSL for resource-limited devices, current industry standards for device security, code signing and secure firmware updates, using hardware cryptography on devices, random number generation, key generation and storage, and differential power analysis.
“The Future of Android Security (SS-800) ,” where Jon Korecki of ViaSat and David Kleidermacher of Green Hills Software, discuss emerging technologies to address secure boot, data-at-rest and in-transit encryption, user authentication, and dual persona (BYOD/EOD) in an Android environment that has proven fertile to hackers. (Many of David’s articles and columns on this topic are included in this week’s Tech Focus Newsletter.)
Other security related papers and classes at the ARM Techcon that you might want to register to attend include “Any Content, Any Screen (ATC-227),” “Secure Boot and Authentication Strategies for Embedded Systems (ATC-319),” “Effective ARM Honeypots/Honeynets for Industrial Security (ATC-323), and TrustZone: Ready the Foundations for Trusted Services (ATC-314).
As noted in the articles and blogs collected for this week’s Tech Focus newsletter on “Securing ARMs in an age of connected everything, ” the rigorous education that developers who register to attend these TechCon classes will undergo is much needed, with multiple threats from a variety of directions including:
I hope this laser-focus continues, because today’s solution to a security problem is only effective until hackers find a new way to break into the hardware and subvert the software. Now that connected embedded devices are no longer islands unto themselves in closed networks with proprietary software , every design is open to malicious modification, made easier for hackers with the adoption of common communications protocols and software building blocks.
In addition to the resources included in the newsletter, here are a number of articles and papers I recommend as my Editor’s Top Picks:
Given the pervasiveness of the ARM architecture, developers will be faced with ongoing challenges securing their designs, especially as connectivity increases. Our job on Embedded.com is to bring to you the resources to attack this never-ending challenge.
Let me know about solutions you’ve come across and want to know more about and I will do the best I can to bring the design resources to address the problems you have identified. And I am always interested in hearing from you about problems you have run into and how you solved them. I will be at ARM TechCon. Maybe I will see you there.
Embedded.com Site Editor Bernard Cole is also editor of the twice-a-week Embedded.com newsletters as well as a partner in the TechRite Associates editorial services consultancy. He welcomes your feedback. Send an email to , or call 928-525-9087.