Biblio

The Internet of Things (IoT) paradigm has been proposed in the last few years with the goal of addressing technical problems in fields such as home and industrial automation, smart lighting systems and traffic monitoring. However, due to the very nature of the IoT devices (generally low-powered and often lacking strong security functionalities), typical deployments pose a great risk in terms of security and privacy. In this respect, the utilization of both a Trusted Execution Environment (TEE) and a Trusted Platform Module (TPM) can serve as a countermeasure against typical attacks. Furthermore, these functional blocks can serve as safe key storage services and provide a robust secure boot implementation and a firmware update mechanism, thus ensuring run-time authentication and integrity. The Common Criteria for Information Technology Security Evaluation allows to determine the degree of attainment of precise security properties in a product. The main objective of this work is to identify, propose and compose bricks of protection profile (PP), as defined by Common Criteria, that are applicable to secure IoT architectures. Moreover, it aims at giving some guiding rules and facilitate future certifications of components and/or their composition. Finally, it also provides a structure for a future methodology of assessment for IoT devices.