Arduino The evolving (IoT) security landscape 

Developing secure and reliable IoT applications can be hard 

3 The IoT Landscape is quite fragmented 

4 IoT vs Web Stack 

5 Why does IoT Security matter? 

6 Security Secure in every layer Hardware Software Data 

7 Core to the future and success of IoT is the “security of things” Device Identity Anti-tampering Key Management Encrypted Transport and Data Confidentiality 

8 SECURE ELEMENT 

9 Hardware Security ATECC508A/ATECC608A Cryptographic Co-Processor from Microchip Technology What we use it for? – Secure Hardware-Based Key Storage up to 16 keys, certificates or data – Hardware Support for Asymmetric Sign, Verify, Key Agreement ECDSA, ECDH, NIST P256 Elliptic Curve Support – Internal high-quality FIPS Random Number Generator (RNG) 

10 Data encryption and secure authentication – All traffic to/from Arduino IoT Cloud is encrypted using Transport Layer Security (TLS) – Device authentication using X.509 certificates – Initial support for JSON Web Tokens (ECDSA P-256 SHA-256) in ArduinoECCX08 library – AES-128 (for LoRaWAN™), AES-CMAC for messages exchange, which includes encryption and integrity. 

THAT’S A WRAP, THANK YOU! Gianluca Varisco @gvarisco