You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I work for Crypto Quantique, an IoT security startup working with several IoT companies helping to build end-to-end security by design; we are working with ESP32 Arduino and IDF environments.
We see that cybersecurity sensitive embedded development teams in market segments such as medical device manufacturing, automotive, industry 4.0 or Edge AI are increasingly challenged by stringent security regulations that mandate specialized on-device security features. Implementing secure boot, secure firmware updates, or working with secure elements for key generation and secret storage typically requires developers to write complex low-level C code to interface with on-chip functions.
This process is not only difficult and time-consuming but also fraught with risk. A small coding error or poorly safeguarded key can lead to project delays or, worse, introduce vulnerabilities that attackers can exploit. The diversity of embedded platforms further complicates matters, forcing developers to stretch across different platforms and learn often poorly documented and inadequately supported APIs to implement mission-critical security features.
These embedded development teams currently rely on a mix of open-source cryptography libraries (e.g., OpenSSL), device-specific libraries (e.g., STM32 Crypto library), third-party PKI/CLM infrastructure, and custom-written code to meet regulatory requirements. This approach seems complex, time-consuming, and insufficient to meet today’s stringent security demands.
We want to understand how embedded engineers are tackling these challenges. To do this, we are holding an engaging discussion amongst embedded engineers to share their learnings. This will be in the form of a roundtable, where users of this forum can sign up, for free, to join the conversation.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi,
I work for Crypto Quantique, an IoT security startup working with several IoT companies helping to build end-to-end security by design; we are working with ESP32 Arduino and IDF environments.
We see that cybersecurity sensitive embedded development teams in market segments such as medical device manufacturing, automotive, industry 4.0 or Edge AI are increasingly challenged by stringent security regulations that mandate specialized on-device security features. Implementing secure boot, secure firmware updates, or working with secure elements for key generation and secret storage typically requires developers to write complex low-level C code to interface with on-chip functions.
This process is not only difficult and time-consuming but also fraught with risk. A small coding error or poorly safeguarded key can lead to project delays or, worse, introduce vulnerabilities that attackers can exploit. The diversity of embedded platforms further complicates matters, forcing developers to stretch across different platforms and learn often poorly documented and inadequately supported APIs to implement mission-critical security features.
These embedded development teams currently rely on a mix of open-source cryptography libraries (e.g., OpenSSL), device-specific libraries (e.g., STM32 Crypto library), third-party PKI/CLM infrastructure, and custom-written code to meet regulatory requirements. This approach seems complex, time-consuming, and insufficient to meet today’s stringent security demands.
We want to understand how embedded engineers are tackling these challenges. To do this, we are holding an engaging discussion amongst embedded engineers to share their learnings. This will be in the form of a roundtable, where users of this forum can sign up, for free, to join the conversation.
https://www.eventbrite.com/e/embedded-security-roundtable-sharing-strategies-for-a-secure-iot-future-tickets-990368357417?aff=oddtdtcreator
Beta Was this translation helpful? Give feedback.
All reactions