Having come from a telemetry background we have a natural interest in the Internet of Things (IoT) and embedded systems, so it was great to be awarded a contract from Copper Horse Solutions Ltd to assist them in these areas. Copper Horse specialises in mobile phone and IoT security projects for businesses large and small. They also provide consultancy in a number of different areas of the mobile phone industry, with a particular interest in mobile connected device security. Many of you may have come across them through their blog on mobile phone security, authored by CEO, David Rogers.
The work fell into two main parts. The first part was providing support on interfacing complex sensors to microprocessors using SPI with primitive command support, rather than using pre-existing libraries, most of which had licence restrictions. During this phase we developed low-level drivers for prototypes running on a Raspberry Pi which connected to, configured, and read data from two different sensor systems.
The second part of the work related to a minimalistic implementation of DTLS to be deployed on small IoT devices. We started with the excellent ARM mbed TLS library (formerly based on PolarSSL) which is now available under the Apache 2.0 licence. We took the absolute bare minimum we could from this library to try and give us a minimal footprint DTLS library which would at least implement the mandatory cipher suites required by CoAP (a specialized web transfer protocol for use with smaller devices in IoT) when using pre-shared keys (TLS_PSK_WITH_AES_128_CCM_8) or raw public key certificates (TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8). We also worked together with Copper Horse on analysing the difficulties for developers of implementing security on IoT devices; work which will be taken into the IoT Security Foundation where Copper Horse sits on the Executive Board.
Overall, Copper Horse were able to draw on our embedded and security skills to push development on the PicoSec and other projects forwards.
David Rogers, CEO of Copper Horse said “It was a pleasure to work with Terzo Digital on both ground-breaking and complex problems in the Internet of Things. Utilising their expertise has not only furthered our own developments in IoT, but via the Picosec project outputs, we aim to contribute our work back to the IoT developer community and to the IoT Security Foundation. This will help to raise the bar of IoT security in products across the world”.
Mark Davison of Terzo Digital added “It has been a pleasure working for Copper Horse, a leading organisation in the IoT and security community and we look forward to more interesting work in the same arena”.