IoT Security
Security in IoT is paramount. And the most difficult at the same time. Difficult because of the nature of the tiny devices that have very small storage and very low processing power. But any new product or protocol must be designed with at least the fundamental security features as standard: The design must be published, so it can be analyzed and scrutinized publicly. You should not even try to touch a proprietary solution. It must be upgradable. Bugs happen and can be fixed. But what is a fix worth if it cannot be deployed? It must be physically resistant to attempts of extracting security material (keys). External flash memory is a no-go. No keys should ever be hardcoded. Because they will fall eventually. Humans should not be responsible for creating the keys. Because they usually will be weak. Keys should be generated by truly random generators. Nonces have to be truly unique. Not just random. A system should be able to roll the keys periodically to prevent brute force at...