I am constantly confronted with the challenging task to specify and implement security aspects for different IoT (Internet of Things) projects. Let me take a current project in the Automotive sector to illustrate a deep dive into the security matter.

One thing that needs to be considered is that it is very important to get to know your customer´s value and to understand why these are the values that are so important for him. Let´s start here with a threat analysis as this kind of analysis should always be the first thing when you start a new security concept.

Threat analysis

Our threat analysis usually focuses the following three points:

  • Where (Client/Server/Database/RAM/etc.) is the safety-relevant data located?
  • Which are the possible security threats?
  • How likely is the exploit of an identified vulnerability?

The threat analysis result of the Automotive project used as an example in this post was a list of 18 security relevant points (a variety of them are displayed in the illustration below). Some of them are solved simply by establishing a secure server connection (SSL). Others are more delicate. For example, securing a native software that is connected as a thing in the IoT project. In this case, the connected native software has a huge economic value and securing it has to be done extremly rigorously.

Another point is the data on the static content server (see illustration point 12). This data has to be strongly secured because it contains information that secures the competitive advantage of our customer.

Don´t ask me for discussing these findings in more detail ;-). But I will explain how we mapped these findings to the software architecture in order to simplify the discussion with our customer.

Security map

In order to discuss the potential security threats, we came up with a profound security map. This map is a simple representation of the security threat point, including their localization within the software architecture. Our experience shows that you get almost immediate buy-in from the customer. Using this kind of illustration, the customers feels familiar with his components and you can fully concentrate on the security topic. The following illustration shows a generic IoT software architecture mapped with some typical findings from a threat analysis in this field.

Security map

Threat analysis mapped with software architecture overview: The computer chip and the light bulb on the left illustrate that we are accessing a connected device (thing) over the internet.

Needless to say that the illustration is anonymized for safety reasons :). Also, not all of our findings are shown in the security map to keep it simple. We´ve used the computer chip and the light bulb (both on the left) to illustrate an internet-based connection to a device (thing).

With this short intro, I hope I managed to illustrate how, at Bosch Software Innovations, we basically approach threat analysis. Now I would like to pass the ball to you: Which methods have proven well in your threat analysis practice? Do you identify different or even much more focus areas?

In my next post in this security series here in the Bosch IoT blog, I’m soon going to explain how we managed to resolve potential security threats in IoT software architecture. Stay tuned!

About The Author

Thorsten Bux

Thorsten Bux

As Bachelor of Science in Media and Master of Science in Application Architecture I started at Bosch Software Innovations as software developer in 2009. Currently I'm project leader for various Internet of Things (IoT) projects. I am strongly involved in the possibilities of ubiquitous computing and the IoT.