Muutke küpsiste eelistusi

E-raamat: Designing Secure IoT Devices with the Arm Platform Security Architecture and Cortex-M33

(Technical Specialist, Hitex (UK) Ltd., Coventry, England, UK)
  • Formaat: PDF+DRM
  • Ilmumisaeg: 28-Apr-2022
  • Kirjastus: Newnes (an imprint of Butterworth-Heinemann Ltd )
  • Keel: eng
  • ISBN-13: 9780128214732
Teised raamatud teemal:
  • Formaat - PDF+DRM
  • Hind: 79,10 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
Designing Secure IoT Devices with the Arm Platform Security Architecture and Cortex-M33Suurem pilt
  • Formaat: PDF+DRM
  • Ilmumisaeg: 28-Apr-2022
  • Kirjastus: Newnes (an imprint of Butterworth-Heinemann Ltd )
  • Keel: eng
  • ISBN-13: 9780128214732
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

Designing Secure IoT devices with the Arm Platform Security Architecture and Cortex-M33 explains how to design and deploy secure IoT devices based on the Cortex-M23/M33 processor. The book is split into three parts. First, it introduces the Cortex-M33 and its architectural design and major processor peripherals. Second, it shows how to design secure software and secure communications to minimize the threat of both hardware and software hacking. And finally, it examines common IoT cloud systems and how to design and deploy a fleet of IoT devices. Example projects are provided for the Keil MDK-ARM and NXP LPCXpresso tool chains.

Since their inception, microcontrollers have been designed as functional devices with a CPU, memory and peripherals that can be programmed to accomplish a huge range of tasks. With the growth of internet connected devices and the Internet of Things (IoT), “plain old microcontrollers are no longer suitable as they lack the features necessary to create both a secure and functional device. The recent development by ARM of the Cortex M23 and M33 architecture is intended for today’s IoT world.

  • Shows how to design secure software and secure communications using the ARM Cortex M23- and M33-based micro controllers
  • Explains how to write secure code to minimize vulnerabilities using the CERT-C coding standard
  • Uses the mbedTLS library to implement modern cryptography
Foreword xv
Chapter 1 Introduction
1(6)
Arm Platform Security Architecture
2(1)
PSA certification
2(1)
How much development effort is required?
2(1)
Assumptions
3(1)
Structure of the book
3(1)
Getting started
4(1)
Part 1 Cryptography and secure communications for IoT devices
4(1)
Part 2 Device security
4(2)
Tutorial exercises
6(1)
Important
6(1)
Chapter 2 Arm platform security architecture
7(12)
Introduction
7(1)
Analyze
7(1)
Communications
8(1)
Software attack
8(1)
Tampering
9(1)
Lifecycle attack
9(1)
Application-specific threat modeling
9(1)
Architect
9(1)
Security model
10(2)
Implement
12(1)
Secure boot and assistive security features
13(1)
Second stage bootloader
13(1)
Partition
13(1)
Trusted firmware
13(1)
MbedTLS and mbedCrypto
14(1)
Software components
14(1)
PSA certification
15(1)
PSACertified level 1
16(1)
PSACertified Level 2
17(1)
PSACertified Level 3
17(1)
Conclusion
17(2)
Chapter 3 Development tools and device platform
19(30)
Introduction
19(1)
Hardware
19(1)
Software
19(1)
Community license
20(1)
Tutorial exercises
20(1)
Exercise: Test project
21(1)
<to do> Install community license
21(1)
Device support
21(2)
Additional utilities
23(10)
CMSIS WiFi driver
33(14)
Conclusion
47(2)
Chapter 4 Cryptography---The basics
49(52)
Introduction
49(1)
MbedTLS
50(1)
Exercise: Install and verify mbedTLS
50(4)
Information assurance
54(1)
Confidentiality
55(1)
Integrity
55(1)
Availability
55(1)
Nonrepudiation and authentication
55(1)
Security services
55(1)
Ciphers
56(1)
Hashes
56(1)
Message authentication code (MAC)
56(1)
Authenticated encryption
56(1)
Random number generator (RNG)
56(1)
Ciphers
56(1)
Symmetrical ciphers
57(1)
Streaming ciphers
58(2)
Exercise: ARC4
60(1)
Block cipher
61(1)
Data Encryption Standard (DES)
61(3)
Double encryption
64(1)
Triple DES
64(1)
DES-X
65(1)
Exercise: DES and triple DES
66(1)
Advanced Encryption Standard (AES)
67(6)
Exercise: Advanced Encryption Standard
73(1)
Streaming block ciphers
74(1)
Chaining modes
75(2)
Exercise: Chaining modes
77(1)
Cipher abstraction layer
77(1)
Exercise: Cipher abstraction layer
78(1)
Hash functions
79(2)
Message digest 5 (MD5)
81(1)
Secure Hashing Algorithm (SHA)
81(3)
Salt
84(1)
Exercise: SHA-2 hash
84(2)
Message authentication code (MAC)
86(1)
Hash-based MAC
86(1)
Hash abstraction layer
87(1)
Exercise: HASH and MAC abstraction layer
87(1)
Authenticated encryption
88(1)
Authenticated Encryption with Associated Data (AEAD)
89(2)
Exercise: AEAD in mbedTLS
91(1)
Random numbers
92(1)
Entropy
93(1)
Random number generation
93(1)
True random number generator (TRNG)
93(1)
Entropy Pool
94(1)
Deterministic random bitstream generator (DRBG)
94(1)
Testing for randomness
94(1)
Exercise: Random generation
95(1)
Managing keys
96(1)
Creating keys
96(1)
Storing keys
97(1)
Using keys
97(1)
Key derivation functions (KDF)
98(1)
Exercise: KDF
98(1)
Conclusion
99(2)
Chapter 5 Cryptography---Secure communications
101(54)
Introduction
101(1)
Asymmetric ciphers
101(1)
RSA
102(2)
Exercise: RSA small numbers
104(1)
Malleability
105(1)
Exercise: RSA malleability
105(1)
RSA padding
106(2)
Exercise: mbedTLS RSA key generation and cipher
108(1)
RSA problems
109(1)
The Diffie Hellman (DH) Key agreement system
110(1)
Exercise: DH small numbers
110(2)
Exercise: Diffie Hellman Key agreement
112(2)
Elliptic curve cryptography
114(1)
Addition
115(1)
Point doubling
116(1)
Group element
116(2)
Exercise: Elliptic Curve Diffie Hellman
118(1)
Message signing
119(1)
RSA signing
119(1)
Exercise: RSA signature
120(2)
Elliptic Curve Digital Signature Algorithm
122(1)
Exercise: ECDSA
123(1)
Using asymmetrical ciphers
124(1)
Man in the Middle
124(1)
Public key infrastructure
125(1)
X.509 certificates
125(1)
Certificate validation
126(1)
Certificate lifetime
127(1)
Certificate revocation list
127(1)
Certificate encoding
127(1)
Certificate authority selection
128(1)
Certificate chain
128(1)
Exercise: Creating X.509 certificates
128(1)
Certificate authority
129(4)
Server certificate
133(2)
Device certificate
135(3)
Certificate and key storage
138(1)
Exercise: Parsing X.509 certificates and keys
139(1)
Putting it all together
140(5)
Establishing a TLS connection
145(4)
Exercise: TLS server authentication
149(2)
Server and client authentication
151(1)
Exercise: TLS server and client authentication
152(1)
Conclusion
153(2)
Chapter 6 IoT networking and data formats
155(32)
Introduction
155(1)
Message queued telemetry transport (MQTT)
155(1)
MQTT architecture
156(1)
Message topics
156(1)
Topic subscription
157(1)
Quality of service
157(1)
Retained topics
158(1)
Heartbeat
159(1)
Last will and testament
159(1)
Methods
159(1)
Exercise: PC broker and client
160(3)
Exercise: Embedded MQTT client
163(4)
Retained messages
167(1)
Connection object
168(1)
Keep alive interval
168(1)
Last will and testament
169(2)
Exercise: TLS encryption
171(4)
Data formats
175(1)
JavaScript Object Notation
175(1)
JSON object
175(1)
Exercise: JSON encoding
176(1)
JSON arrays
177(1)
Nested JSON objects
178(1)
Concise binary object representation
179(1)
Integer encoding
180(1)
Exercise: CBOR encoding
180(3)
Byte and text strings
183(1)
Array of data items
184(1)
Array of maps
184(1)
Indefinite arrays, strings, and maps
184(1)
Semantic tags
185(1)
Conclusion
186(1)
Chapter 7 Using an IoT cloud service
187(36)
Introduction
187(1)
AWS account
188(1)
AWS IoT
188(1)
Connect a device
189(1)
Create a connection policy
190(10)
Adding the Dynamo DB database
200(2)
Action rules
202(4)
Setting the Time Series rule
206(2)
Testing the Time Series database
208(2)
IoT analytics
210(5)
Logs
215(1)
Lambda
216(1)
Device services
216(1)
Device defender
216(4)
Device shadow service
220(1)
Device shadow
221(1)
Conclusion
222(1)
Chapter 8 Software attacks and threat modeling
223(36)
Introduction
223(1)
Security flaw
223(1)
Security vulnerability
224(1)
Security exploit
224(1)
Threats
224(1)
Common security exploits and vulnerabilities
224(1)
Buffer overflow
224(2)
Exercise: Buffer overflow
226(1)
Stack smashing
226(2)
Exercise: Stack smashing
228(2)
Return orientated programming (ROP)
230(3)
Integer vulnerabilities
233(3)
Accessing memory
236(1)
Mitigation
237(1)
Development process
237(1)
Implementation
238(3)
Verification
241(2)
The IEEE top 10 secure coding practices
243(1)
Threat modeling
244(1)
Where to start
245(1)
Threat modeling process
245(2)
Threat modeling techniques
247(6)
Document the threats and bugs
253(1)
Rate the threats and bugs
253(4)
Example threat models
257(1)
Conclusion
257(2)
Chapter 9 Building a defense with the PSA security model
259(22)
Introduction
259(1)
Software architecture
260(1)
Temporal barrier
261(1)
Runtime isolation
262(1)
Secure element
262(1)
Trusted Platform Module (TPM)
262(1)
Dual core microcontroller
262(1)
Trusted Execution Environment
263(1)
PSA Execution environment
263(1)
Immutable Root of Trust (RoT)
264(1)
Execution environment validation
265(1)
Boot seed
266(1)
Updatable Root of Trust (RoT)
266(1)
Runtime partitions
267(1)
Non-Secure Processing Environment
267(1)
Secure Processing Environment
267(4)
Secure Partition Manager (SPM)
271(1)
Secure services
271(1)
PSA RoT services
271(2)
Application RoT services
273(1)
Trusted subsystem
273(1)
Secure Boot
273(1)
PSA parameters
273(2)
Lifecycle
275(2)
Device requirements
277(1)
Isolation architectures
277(2)
Conclusion
279(2)
Chapter 10 Device partitioning with TrustZone
281(60)
Introduction
281(1)
Processor operating modes
281(1)
TrustZone security extension
282(2)
Programmers model
284(1)
TrustZone operation
284(4)
SAU and LDAU
288(2)
SAU registers
290(2)
TrustZone configuration
292(1)
CMSIS startup files
293(2)
Secure veneer functions
295(1)
Exercise: TrustZone configuration
295(13)
TrustZone interrupt handling
308(1)
Exception vector table
308(3)
Locating the nonsecure vector table
311(1)
Secure/nonsecure peripheral interrupt routing
311(1)
Exercise: TrustZone interrupt routing
312(1)
TrustZone system control block
313(2)
SysTick
315(1)
Exercise: TrustZone SysTick support
315(1)
Using an RTOS with TrustZone
316(1)
Multi-threaded access to secure functions
316(1)
CMSIS core TrustZone functions
317(1)
Exercise: Using an RTOS with TrustZone
318(3)
Memory protection unit (MPU)
321(1)
MPU memory types
322(2)
MPU configuration
324(1)
Region number register
325(1)
Base address register
325(1)
Memory attribute indirection registers
326(3)
Exercise: Memory protection unit
329(2)
CMSIS-zone
331(1)
CMSIS-zone utility
331(1)
Exercise: Using the CMSIS-zone utility
331(9)
Conclusion
340(1)
Chapter 11 The NXP LPC55S69 a reference IoT microcontroller
341(34)
Introduction
341(1)
Trusted execution environment (TEE)
342(1)
Secure bus matrix
342(2)
Trusted execution environment configuration
344(1)
Example: Trusted execution environment
345(2)
Security architecture
347(1)
Overview
347(1)
Protected flash
347(3)
Key storage
350(7)
Exercise: Key storage using the PUF
357(1)
Secure boot
357(4)
Monotonic counters
361(1)
Exercise: Secure boot
361(3)
Debug authentication
364(2)
Lifecycle
366(1)
Hardware accelerators
366(1)
Asymmetric encryption
367(1)
Exercise: Casper primitives
368(1)
Symmetric cryptography
369(1)
Exercise: HashCrypt
370(1)
Executable image encryption
370(1)
Exercise: Image encryption
371(1)
Security peripherals
371(2)
Conclusion
373(2)
Chapter 12 Trusted firmware
375(34)
Introduction
375(1)
Installation
376(1)
Important
377(1)
Exercise: TF-M setup and testing
377(5)
TF-M software design
382(2)
Client data
384(1)
SPE structure
385(7)
Secure partition manager
392(2)
Exercise: Secure partition manifest
394(1)
SPE interrupt handling
395(5)
Selecting the communication model
400(1)
Secure partition runtime library
400(1)
TF-M profiles
401(1)
TF-M platform
402(2)
Entropy source
404(1)
Exercise: Entropy
405(1)
Secure partition startup
405(1)
Stack sealing
406(1)
Conclusion
407(2)
Chapter 13 Trusted firmware secure services
409(30)
Introduction
409(1)
Nonsecure client
409(1)
Configuration
409(1)
TF-M client operation
410(2)
Security services
412(1)
Secure storage service
413(3)
Exercise: Internal trusted storage
416(1)
Cryptography service
417(12)
Exercise: Cryptography service
429(1)
Attestation
430(4)
Exercise: Attestation token
434(1)
Auditing
435(1)
Exercise: Audit
436(1)
Lifecycle
436(1)
Provisioning
436(1)
Conclusion
437(2)
Chapter 14 The PSA Secure Bootloader
439(23)
Introduction
439(1)
Updatable bootloader
439(2)
Upgrade strategies
441(1)
Overwrite
441(1)
Swap
442(1)
Execute in place
442(1)
RAM
442(1)
Firmware update service
442(3)
Image encapsulation
445(3)
Image signing
448(1)
Security counter
448(1)
Bootloader signing keys
449(1)
Exercise: BL2 first project
449(4)
BL2 configuration
453(5)
Updating the bootloader keys
458(1)
Exercise: Bootloader keys
458(2)
Bootloading by hardware key
460(1)
Image encryption
460(1)
Measured boot
461(1)
Conclusion 462(1)
Bibliography 463(6)
Index 469
Trevor Martin graduated from Brunel University in 1988 with an Honors degree in electrical and electronics engineering. In the same year, he began work as a junior hardware engineer at Philips Medical Systems. He joined Hitex in 1992 as a technical specialist for 8-bit microcontroller development tools. This included the 8051,68HC11\05\08 microcontrollers. He also gained experience with networking protocols such as CAN, USB, and TCP/IP. Since 2000, he has been supporting ARM-based microcontrollers, initially ARM7 and ARM9 CPU then moving to Cortex-M processor. To promote these devices, he has worked closely with both NXP and ST and also TI and Freescale to a lesser extent. Since 2005, he has written a number of Insiders Guide” books that are introductory tutorials to ARM-based microcontroller families such as LPC2000, STR9, and STM32. He also runs regular training courses, a general Cortex Microcontroller workshop and also device-specific courses.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97801282147322e.html
Märksõnad: