1Solving Common Security Problems 2================================ 3 4The following are examples of how trusted services can solve common device security problems. 5 6 7Protecting IoT device identity 8------------------------------ 9 10During the provisioning process, an IoT device is assigned a secure identity that consists of a public/private 11key pair and a CA signed certificate that includes the public key. The device is also provisioned with the 12public key corresponding to the cloud service that it will operate with. The provisioned material is used 13whenever a device connects to the cloud during the authentication process. To prevent the possibility 14of device cloning or unauthorized transfer to a different cloud service, all provisioned material must be 15held in secure storage and access to the private key must be prevented. To achieve this, the certificate 16verification and nonce signing performed during the TLS handshake is performed by the Crypto trusted service 17that performs the operations without exposing the private key. 18 19 20Protecting Software Updates 21--------------------------- 22 23To ensure that software updates applied to a device originate from a legitimate source, update packages are 24signed. A signed package will include a signature block that includes a hash of the package contents within 25the signed data. During the update process, a device will verify the signature using a provisioned public key 26that corresponds to the signing key used by the update originator. By holding the public key in secure storage 27and performing the signature verification using the Crypto service, unauthorized modification of the update 28source is prevented. 29 30 31Secure Logging 32-------------- 33 34A managed IoT device will often be configured by an installation engineer who has physical access to the 35device. To allow a cloud operator to audit configuration changes, it is necessary to keep a log of 36configuration steps performed by the installation engineer. To avoid the possibility of fraudulent 37modification of the audit log, a device signs log data using a device unique key-pair. The public key 38corresponding to the signing private key may be retrieved by the cloud operator to allow the log to 39be verified. To protect the signing key, the Crypto service is used for signing log records. 40 41-------------------- 42 43*Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.* 44 45SPDX-License-Identifier: BSD-3-Clause 46