Incorporating security into the design of components used in the Internet of Things (IoT) is essential for securing the operations of the IoT and the cyber-physical infrastructure upon which society depends. The pervasiveness of the IoT and its part in critical infrastructure requires incorporating security into the design of components from the start. Given the increasing functionality, interconnectedness, and use of the IoT within critical infrastructure, securing the integrity of command and control (C2) within the IoT is essential.
There are several challenges to incorporating security into the design of IoT components from the start. These challenges include (1) precisely describing confidentiality and integrity policies in ways that are amenable to formal reasoning, (2) maintaining logical consistency among confidentiality and integrity policies and implementation at all levels of abstraction, from high-level behavioral descriptions at the user level, down to implementations at the level of state machines and transition systems, (3) Incorporating confidentiality and integrity policies into current design flows, and (4) providing certifiers with compelling evidence of security that they can quickly and easily reproduce and verify for correctness.
Together, the above are the challenges of design, accountability, consistency, and verifiability across multiple levels of abstraction. Fortunately, this is not the first time the electrical and computer engineering profession has faced these challenges. In fact, the IoT is compelling evidence of successfully meeting the challenges of design, accountability, consistency, and verifiability across multiple levels of abstraction. To learn and draw inspiration from the past, we need only look back to the 1970s and 1980s when the challenges of designing and implementing very large scale integrated (VLSI) circuits were encountered and overcome.