Derek Atkins, CTO at SecureRF, was interviewed by Embedded Computing Design Magazine about how to secure IoT-based devices and systems. He shared his insights on the difference between large systems and resource-constrained devices.
“According to Atkins, the key to developing effective IoT security is to first consider a) who might want to compromise your system, b) what they might gain, and c) what you need to secure. By understanding how your system can be used – and consequently misused – you can assess what someone could do if they had full access to your device.”
“A threat model brings together all of the ways your system can be compromised. Spending time upfront creating this model is essential because you cannot develop robust security if you don’t know what you are securing against. Especially important is looking at ways a device can be used that you hadn’t considered.”