IoT-HarPSecA: A Framework and Roadmap for Secure Design and Development of Devices and Applications in the IoT Space

The past couple of years have marked continued growth in the applications and services of the Internet of Things (IoT). This has attracted the attention of new operators as well as institutional, corporate, and private investors in every sector of the economy, and as a result, new businesses are springing up rapidly. These include many start-up companies that are producing various kinds of useful IoT devices and Smart Applications (smart apps). While this can be seen as a boost for innovation in the IoT, some of these companies produce IoT devices and smart apps with security vulnerabilities. In this paper, we propose the IoT Hardware Platform Security Advisor (IoT-HarPSecA), a security framework intended to provide support to such IoT producers. IoT-HarPSecA offers three functionality features, namely security requirement elicitation, security best practice guidelines for secure development, and above all, a feature that recommends specific LightWeight Cryptographic Algorithms (LWCAs) for both software and hardware implementations. Accordingly, IoT-HarPSecA is composed of three main components, namely Security Requirements Elicitation (SRE) component, Security Best Practice Guidelines (SBPG) component, and LightWeight Cryptographic Algorithms Recommendation (LWCAR) component, each of them servicing one of the aforementioned features. We implement a command-line tool in C++ to serve as an interface between users and the proposed framework. IoT-HarPSecA can be employed during the early stages of IoT systems design, and it can also be used to facilitate the implementation of security in existing IoT systems. This paper presents a detailed description, design, and implementation of the SRE, SBPG, and LWCAR components of the proposed framework. Using real-world practical scenarios, we show how IoT-HarPSecA can be used to elicit security requirements and recommend appropriate LWCAs based on user inputs. While a full performance evaluation of the SRE and SBPG components is beyond the scope of this paper, we present a detailed performance evaluation of the LWCAR component, which shows that IoT-HarPSecA can serve as a roadmap for secure IoT development.