Intro -- Table of Contents -- About the Authors -- Acknowledgments -- Foreword -- Introduction -- Chapter 1: Conceptualizing the Secure Internet of Things -- The BadUSB Thumb Drive -- Air-Gap Security -- Stuxnet -- Designing Safe and Secure Cyber-Physical Systems -- Constrained Computing and Moore's Law -- Trusted IoT Networks and the Network Edge -- Conclusion -- Chapter 2: IoT Frameworks and Complexity -- Introduction -- Historical Background to IoT -- IoT Ecosystem -- Connectivity Technology -- Messaging Technology -- Platform Technology -- Elements of an IoT System -- IoT Device -- IoT Device Architectural Goals -- Interoperability -- Security -- IoT Network -- IoT System Management -- Device Lifecycle -- Manufacturing -- Supply Chain -- Deployment -- Normal Operation and Monitoring -- Manage -- Update -- Decommissioning -- IoT Framework -- IoT Framework Design Goals -- IoT Data Model and System Abstractions -- IoT Node -- IoT Operations Abstraction -- Connectivity Elements -- Manageability Elements -- Security Elements -- Consider the Cost of Cryptography -- Summary IoT Framework Considerations -- IoT Framework Architecture -- Data Object Layer -- Node Interaction Layer -- Platform Abstraction Layer -- Platform Layer -- Security Challenges with IoT Frameworks -- Consumer IoT Framework Standards -- Open Connectivity Foundation (OCF) -- OCF Core Framework Layer -- OCF Profiles Framework Layer -- The OCF Device Abstraction -- OCF Security -- AllSeen Alliance/AllJoyn -- AllJoyn Security -- Universal Plug and Play -- UPnP Security -- Lightweight Machine 2 Machine (LWM2M) -- LWM2M Architecture -- LWM2M Device Management -- LWM2M Security -- One Machine to Machine (OneM2M) -- OneM2M Security -- Industrial IoT Framework Standards -- Industrial Internet of Things Consortium (IIC) and OpenFog Consortium.

Open Platform Communications-Unified Architecture (OPC-UA) -- OPC-UA Framework Architecture -- OPC-UA Security -- Data Distribution Service (DDS) -- DDS Framework Architecture -- DDS Security -- Security Enveloping -- Security Tokens -- Security Plugin Modules -- Framework Gateways -- Framework Gateway Architecture -- Type I Framework Gateway -- Type II Framework Gateway -- Type III Framework Gateway -- Type IV Framework Gateway -- Security Considerations for Framework Gateways -- Security Endpoints Within the Gateway -- Security Endpoints in Type I Gateways -- Security Endpoints in Type II Gateways -- Security Endpoints in Type III Gateways -- Security Endpoints in Type IV Gateways -- Security Framework Gateway Architecture -- Summary -- Chapter 3: Base Platform Security Hardware Building Blocks -- Background and Terminology -- Assets, Threats, and Threat Pyramid -- Inverted Threat Pyramid -- Sample IoT Device Lifecycle -- End-to-End (E2E) Security -- Security Essentials -- Device Identity -- Protected Boot -- Protected Storage -- Trusted Execution Environment (TEE) -- Built-In Security -- Base Platform Security Features Overview -- CPU Hosted Crypto Implementations -- Malware Protection (OS Guard) -- OS Guard (SMEP) -- OS Guard (SMAP) -- Encryption/Decryption Using AES-NI -- Sign/Verify Using Intel� SHA Extensions -- Intel� Data Protection Technology with Secure Key (DRNG) -- Converged Security and Manageability Engine (CSME) -- Secure/Verified, Measured Boot and Boot Guard -- Trusted Execution Technology (TXT) -- Platform Trust Technology (PTT) -- Enhanced Privacy ID (EPID) -- Memory Encryption Technologies -- TME -- MKTME -- Dynamic Application Loader (DAL) -- Software Guard Extensions (SGX) - IA CPU Instructions -- Identity Crisis -- Enhanced Privacy Identifier (EPID) -- Anonymity -- PTT/TPM -- Device Boot Integrity - Trust But Verify.

Secure Boot Mechanisms -- Secure Boot Terminology Overview -- Overview of BIOS/UEFI Secure Boot Using Boot Guard Version 1.0 (BtG) -- Data Protection - Securing Keys, Data at Rest and in Transit -- Intel Platform Trust Technology (PTT) -- Windows PTT Architecture -- Linux PTT Software Stack -- Runtime Protection - Ever Vigilant -- Intel Virtualization Technology (Intel VT) -- Software Guard Extensions (SGX) -- Intel CSE/CSME - DAL -- Isolation from Rich Execution Environment -- Authenticity and Security -- Portability -- Intel Trusted Execution Technology (TXT) -- Threats Mitigated -- Zero-Day Attacks -- Other Attacks -- Conclusion -- References -- Chapter 4: IoT Software Security Building Blocks -- Understanding the Fundamentals of Our Architectural Model -- Operating Systems -- Threats to Operating Systems -- Zephyr: Real-Time Operating System for Devices -- Zephyr Execution Separation -- Zephyr Memory Separation -- Zephyr Privilege Levels and System Authorization -- Zephyr Programming Error Protections -- Zephyr's Other Security Features -- Zephyr Summary -- Linux Operating Systems -- Pulsar: Wind River Linux -- Ubuntu IoT Core -- Intel� Clear Linux -- Linux Summary -- Hypervisors and Virtualization -- Threats to Hypervisors -- Intel� ACRN -- Real-Time and Power Management Guarantees in ACRN -- ACRN Summary -- Software Separation and Containment -- Containment Security Principles -- Threats to Extended Application Containment -- Containers -- Kata Containers -- Kata Containers Summary -- Trusted Execution Environments -- Software Guard Extensions -- SGX Security Summary -- Android Trusty -- Trusty TEE Security Summary -- Containment Summary -- Network Stack and Security Management -- Intel Data Plane Development Kit -- Security Management -- Secure Device Onboarding -- Platform Integrity -- Network Defense -- Platform Monitoring.

McAfee Embedded Control -- Network Stack and Security Summary -- Device Management -- Mesh Central -- Wind River Helix Device Cloud -- Device Management Summary -- System Firmware and Root-of-Trust Update Service -- Threats to Firmware and RoT Update -- Turtle Creek System Update and Manageability Service -- System Firmware and RoT Summary -- Application-Level Language Frameworks -- JavaScript and Node.js or Sails -- Java and Android -- EdgeX Foundry -- Application-Level Framework Summary -- Message Orchestration -- Message Queuing Telemetry Transport -- OPC Unified Architecture -- Constrained Application Protocol -- Message Orchestration Summary -- Applications -- Summary -- Chapter 5: Connectivity Technologies for IoT -- Ethernet Time-Sensitive Networking -- Legacy Ethernet-Based Connectivity in Industrial Applications -- Key Benefits of TSN -- TSN Standards -- TSN Profiles -- 802.1AS/AS-Rev -- 802.1Qbv -- 802.1Qbu -- 802.1CB -- 802.1Qcc -- 802.1Qci -- 802.1Qch -- 802.1Qcr -- TSN and Security -- OPC-UA Over TSN -- Overview of Wireless Connectivity Technologies -- Considerations for Choosing Wireless Technologies for IoT -- Spectrum -- Range and Capacity -- Network Topology -- Quality of Service -- Network Management -- Security -- Wi-Fi -- Bluetooth -- Zigbee -- NFC -- GPS/GNSS -- Cellular -- 5G Cellular -- Key Standards, Regulatory, and Industry Bodies Involved in 5G -- New Use Cases Enabled by 5G -- Key Technology Enablers for 5G -- LPWAN - Low-Power Wide Area Networks -- LoRa -- Sigfox -- Weightless -- Comparison of Low-Power LTE and Other LPWAN Technologies -- A Case Study - Smart Homes -- Summary -- References -- Chapter 6: IoT Vertical Applications and Associated Security Requirements -- Common Domain Requirements and the Security MVP -- Some Common Threats -- Retail Solutions -- Security Objectives and Requirements -- Threats.

Standards - Regulatory and Industry -- Transportation Solutions14 -- Connected Vehicle Infrastructure -- Security Objectives and Requirements -- Threats -- Mitigations -- Standards - Regulatory and Industry -- Industrial Control System (ICS) and Industrial IoT (IIoT) -- Security Objectives and Requirements -- Threats -- Standards - Regulatory and Industry -- Digital Surveillance System -- Security Objectives and Requirements -- Threats -- Standards - Regulatory and Industry -- Summary -- Appendix: Conclusion -- Economics of Constrained Roots-of-Trust -- IoT Frameworks - Necessary Complexity -- Hardware Security - More Than a Toolbox -- IOT Software - Building Blocks with Glue -- Ethernet TSN - Everybody's Common Choice? -- Security MVP - The Champion Within a Fractured IoT Ecosystem -- The Way Forward -- Index.

Description based on publisher supplied metadata and other sources.

Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2023. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.