{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,8]],"date-time":"2026-04-08T16:30:04Z","timestamp":1775665804828,"version":"3.50.1"},"reference-count":65,"publisher":"MDPI AG","issue":"18","license":[{"start":{"date-parts":[[2020,9,14]],"date-time":"2020-09-14T00:00:00Z","timestamp":1600041600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"UH Proof of Concept","award":["2018-19\/269"],"award-info":[{"award-number":["2018-19\/269"]}]},{"DOI":"10.13039\/501100000266","name":"Engineering and Physical Sciences Research Council","doi-asserted-by":"publisher","award":["EP\/P030327\/1, 2017-18"],"award-info":[{"award-number":["EP\/P030327\/1, 2017-18"]}],"id":[{"id":"10.13039\/501100000266","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>IoT systems differ from traditional Internet systems in that they are different in scale, footprint, power requirements, cost and security concerns that are often overlooked. IoT systems inherently present different fail-safe capabilities than traditional computing environments while their threat landscapes constantly evolve. Further, IoT devices have limited collective security measures in place. Therefore, there is a need for different approaches in threat assessments to incorporate the interdependencies between different IoT devices. In this paper, we run through the design cycle to provide a security-focused approach to the design of IoT systems using a use case, namely, an intelligent solar-panel project called Daedalus. We utilise STRIDE\/DREAD approaches to identify vulnerabilities using a thin secure element that is an embedded, tamper proof microprocessor chip that allows the storage and processing of sensitive data. It benefits from low power demand and small footprint as a crypto processor as well as is compatible with IoT requirements. Subsequently, a key agreement based on an asymmetric cryptographic scheme, namely B-SPEKE was used to validate and authenticate the source. We find that end-to-end and independent stand-alone procedures used for validation and encryption of the source data originating from the solar panel are cost-effective in that the validation is carried out once and not several times in the chain as is often the case. The threat model proved useful not so much as a panacea for all threats but provided the framework for the consideration of known threats, and therefore appropriate mitigation plans to be deployed.<\/jats:p>","DOI":"10.3390\/s20185252","type":"journal-article","created":{"date-parts":[[2020,9,14]],"date-time":"2020-09-14T20:51:12Z","timestamp":1600116672000},"page":"5252","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":9,"title":["A Holistic Systems Security Approach Featuring Thin Secure Elements for Resilient IoT Deployments"],"prefix":"10.3390","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5005-5809","authenticated-orcid":false,"given":"Soodamani","family":"Ramalingam","sequence":"first","affiliation":[{"name":"Centre for Engineering Research, Communications and Intelligent Systems, School of Physics, Engineering and Computer Science, Department of Engineering and Technology, University of Hertfordshire, Hatfield AL10 9AB, UK"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9907-1893","authenticated-orcid":false,"given":"Hock","family":"Gan","sequence":"additional","affiliation":[{"name":"Centre for Engineering Research, Communications and Intelligent Systems, School of Physics, Engineering and Computer Science, Department of Engineering and Technology, University of Hertfordshire, Hatfield AL10 9AB, UK"}]},{"given":"Gregory","family":"Epiphaniou","sequence":"additional","affiliation":[{"name":"Warwick Manufacturing Group (WMG), University of Warwick, Coventry CV4 7AL, UK"}]},{"given":"Emilio","family":"Mistretta","sequence":"additional","affiliation":[{"name":"Centre for Engineering Research, Communications and Intelligent Systems, School of Physics, Engineering and Computer Science, Department of Engineering and Technology, University of Hertfordshire, Hatfield AL10 9AB, UK"}]}],"member":"1968","published-online":{"date-parts":[[2020,9,14]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Kail, E., Banati, A., L\u00e1szlo, E., and Kozlovszky, M. (2018, January 17\u201319). Security survey of dedicated iot networks in the unlicensed ism bands. Proceedings of the 2018 IEEE 12th International Symposium on Applied Computational Intelligence and Informatics (SACI), Timisoara, Romania.","DOI":"10.1109\/SACI.2018.8440945"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Xu, Y., Liu, T., Liu, P., and Sun, H. (June, January 30). A Search-based Firmware Code Analysis Method for IoT Devices. Proceedings of the 2018 IEEE Conference on Communications and Network Security (CNS), Beijing, China.","DOI":"10.1109\/CNS.2018.8433163"},{"key":"ref_3","unstructured":"Yang, X.-S., Sherratt, S., Dey, N., and Joshi, A. (2018). Security and privacy of things: Regulatory challenges and gaps for the security integration of cyber-physical systems. Third International Congress on Information and Communication Technology, Springer."},{"key":"ref_4","unstructured":"Brandl, H., and Rosteck, T. (2004). Technology, Implementation and Application of the Trusted Computing Group Standard (TCG) Secure platforms provide new levels of security. Infineon White Paper. Datenschutz und Datensicherheit, BI-Wiss.-Verlag."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"2481","DOI":"10.1007\/s11276-014-0761-7","article-title":"Security of the Internet of Things: Perspectives and challenges","volume":"20","author":"Jing","year":"2014","journal-title":"Wirel. Netw."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"102496","DOI":"10.1016\/j.jnca.2019.102496","article-title":"LAM-CIoT: Lightweight authentication mechanism in cloud-based IoT environment","volume":"150","author":"Wazid","year":"2020","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"7081","DOI":"10.1109\/TII.2019.2942389","article-title":"Designing Secure Lightweight Blockchain-Enabled RFID-Based Authentication Protocol for Supply Chains in 5G Mobile Edge Computing Environment","volume":"16","author":"Jangirala","year":"2020","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"3572","DOI":"10.1109\/JIOT.2018.2888821","article-title":"Design and Analysis of Secure Lightweight Remote User Authentication and Key Agreement Scheme in Internet of Drones Deployment","volume":"6","author":"Wazid","year":"2019","journal-title":"IEEE Internet Things J."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Rahman, F., Farmani, M., Tehranipoor, M., and Jin, Y. (2017, January 11\u201312). Hardware-Assisted Cybersecurity for IoT Devices. Proceedings of the 18th International Workshop on Microprocessor and SOC Test and Verification (MTV), Austin, TX, USA.","DOI":"10.1109\/MTV.2017.16"},{"key":"ref_10","unstructured":"Torr, C. (2020, September 11). Using Established, Proven Standards to Build a Secure Smart Meter Infrastructure. Available online: https:\/\/www.multos.com\/uploads\/Using_Established_Proven_Standards_to_Build_a_Secure_Smart_Meter_Infrastructure.pdf."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"83","DOI":"10.1016\/j.comnet.2016.03.011","article-title":"On perspective of security and privacy-preserving solutions in the internet of things","volume":"102","author":"Malina","year":"2016","journal-title":"Comput. Netw."},{"key":"ref_12","unstructured":"Dinu, D.-D. (2017). Efficient and Secure Implementations of Lightweight Symmetric Cryptographic Primitives, University of Luxembourg."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"118","DOI":"10.1016\/j.dcan.2017.04.003","article-title":"A roadmap for security challenges in the Internet of Things","volume":"4","author":"Natalizio","year":"2018","journal-title":"Digit. Commun. Netw."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3001934","article-title":"Fundamental challenges toward making the IoT a reachable reality: A model-centric investigation","volume":"22","author":"Xue","year":"2017","journal-title":"ACM Trans. Des. Autom. Electron. Syst."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Razouk, W., Sgandurra, D., and Sakurai, K. (2017, January 22\u201325). A new security middleware architecture based on fog computing and cloud to support IoT constrained devices. Proceedings of the 1st International Conference on Internet of Things and Machine Learning, Association for Computing Machinery, Liverpool, UK.","DOI":"10.1145\/3109761.3158413"},{"key":"ref_16","first-page":"21","article-title":"The CIA Strikes Back: Redefining Confidentiality, Integrity and Availability in Security","volume":"10","author":"Samonas","year":"2014","journal-title":"J. Inform. Syst. Secur."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Gremaud, P., Durand, A., and Pasquier, J. (2017, January 22\u201325). A secure, privacy-preserving IoT middleware using intel SGX. Proceedings of the Seventh International Conference on the Internet of Things, Linz, Austria.","DOI":"10.1145\/3131542.3140258"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Gremaud, P., Durand, A., and Pasquier, J. (2019, January 22\u201325). Privacy-preserving IoT cloud data processing using SGX. Proceedings of the 9th International Conference on the Internet of Things, Bilbao, Spain.","DOI":"10.1145\/3365871.3365888"},{"key":"ref_19","unstructured":"NXP (2020, September 11). NXP EdgeLock SE050 \u201cPlug & Trust\u201d Secure Element Family Provides Deeper Security for the IoT. Product and Technology News, 12 June 2019. Available online: https:\/\/media.nxp.com\/news-releases\/news-release-details\/nxp-edgelock-se050-plug-trust-secure-element-family-provides."},{"key":"ref_20","unstructured":"Evanczuk, S. (2020, September 11). Add a Secure Element to Build. Edge-to-Cloud Security into an IoT Design. Digi-Key, 21 November 2019. Available online: https:\/\/media.nxp.com\/news-releases\/news-release-details\/nxp-edgelock-se050-plug-trust-secure-element-family-provides."},{"key":"ref_21","unstructured":"Datko, J. (2017). An Initial Thoughts on Micro-Chips New ATECC608A, Cryptotronix."},{"key":"ref_22","unstructured":"Gemalto (2020, September 11). Cinterion Secure Element: Building a Strong Foundation of Trust for IoT. Available online: https:\/\/www.crunchbase.com\/organization\/gemalto."},{"key":"ref_23","unstructured":"Jablon, D. (2020, July 31). The SPEKE Password-Based Key Agreement Methods. 22 October 2003. Available online: https:\/\/tools.ietf.org\/html\/draft-jablon-speke-02#section-4.1."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1145\/242896.242897","article-title":"Strong password-only authenticated key exchange","volume":"26","author":"Jablon","year":"1996","journal-title":"Comput. Commun. Rev."},{"key":"ref_25","unstructured":"Jablon, D.P. (1997, January 18\u201320). Extended password key exchange protocols immune to dictionary attack. Proceedings of the IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, Cambridge, MA, USA."},{"key":"ref_26","unstructured":"Stallings, W. (2016). Cryptography and Network Security, Pearson. [7th ed.]."},{"key":"ref_27","unstructured":"Michael, H., and Lipner, S. (2006). The Security Development Lifecycle, Microsoft Press."},{"key":"ref_28","unstructured":"Shevchenko, N., Chick, T.A., O\u2019Riordan, P., Scanlon, T., and Woody, C. (2019). Threat Modelling: A Summary of Available Methods, Carnegie Mellon University."},{"key":"ref_29","unstructured":"Watts, S. (2020, May 13). IT Security Vulnerability vs. Threat vs. Risk: What Are the Differences? Security and Compliance Blog, 12 May 2017. Available online: https:\/\/www.bmc.com\/blogs\/security-vulnerability-vs-threat-vs-risk-whats-difference\/."},{"key":"ref_30","unstructured":"CERT Insider Threat Center (2017). Security\/OSSA-Metric, C.M.U. Software Engineering Institute."},{"key":"ref_31","unstructured":"Zhang, S., Ou, X., Singhal, A., and Homer, J. (2011, January 18\u201321). An empirical study of a vulnerability metric aggregation method. Proceedings of the 2011 World Congress in Computer Science, Las Vegas, NV, USA."},{"key":"ref_32","unstructured":"Chaychian, S., Mistretta, E., Mallett, C., Lee, M., Pissanidis, G., Ramalingam, S., Gan, H.C., and Wisely, D. (2017, January 11\u201314). Embedded trusted monitoring and management modules for smart solar panels. Proceedings of the IEEE WCST World Congress on Sustainable Technologies (WCST 2017), University of, Cambridge, Cambridge, UK."},{"key":"ref_33","unstructured":"Ramalingam, S. (2018). Daedalus: Reaching the Sun with Solarcoins and Smart Solar Panels, University of Hertfordshire. EPSRC\/Innovate UK Funded Project."},{"key":"ref_34","unstructured":"Edward, Y., and Constantine, L.L. (1979). Structured Design: Fundamentals of a Discipline of Computer Program and Systems Design, Yourdon Press."},{"key":"ref_35","unstructured":"Jones, N., and Tivnan, B. (2018). Cyber Risk Metrics Survey, Assessment, and Implementation Plan, Department of Homeland Security (DHS), Operated by the MITRE Corporation."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"1250","DOI":"10.1109\/JIOT.2017.2694844","article-title":"A survey on security and privacy issues in internet-of-things","volume":"4","author":"Yang","year":"2017","journal-title":"IEEE Intern. Things J."},{"key":"ref_37","unstructured":"(2020, September 09). Microsoft\u00ae SQL Server\u00ae 2014 Service Pack 2 (SP2). Available online: https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=53168."},{"key":"ref_38","unstructured":"Microsoft\u00ae (2020, September 09). Internet Information Services (IIS) 10.0 Express. Available online: https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=48264."},{"key":"ref_39","unstructured":"(2007). SOAP Version 1.2 Part. 0: Primer, World Wide Web Consortium (W3C). [2nd ed.]. Available online: https:\/\/www.w3.org\/TR\/soap12-part0\/."},{"key":"ref_40","unstructured":"Resnick, S., Crane, R., and Bowen, C. (2008). Essential Windows Communication Foundation (WCF): For NET Framework 3.5, Addison-Wesley Professional."},{"key":"ref_41","unstructured":"Lowy, J., and Montgomery, M. (2015). Programming WCF Services, O\u2019Reilly Media Inc.. [4th ed.]."},{"key":"ref_42","unstructured":"Hanselman, S. (2020, September 11). Get Started with Azure Portal. Available online: https:\/\/azure.microsoft.com\/en-gb\/resources\/videos\/get-started-with-azure-portal\/."},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"62","DOI":"10.1109\/52.914748","article-title":"Surviving global software development","volume":"18","author":"Christof","year":"2001","journal-title":"IEEE Softw."},{"key":"ref_44","unstructured":"Epihaneou, G., Ramalingam, S., and Gan, H. (2019). Project Daedalus: Threat Modeling and Data Flow Decomposition for a Secure Smart Solar Panel System, University of Hertfordshire."},{"key":"ref_45","first-page":"527","article-title":"Security considerations in the IP-based internet of things","volume":"61","author":"Kumar","year":"2013","journal-title":"Wirel. Pers. Commun."},{"key":"ref_46","doi-asserted-by":"crossref","first-page":"33","DOI":"10.1145\/306549.306560","article-title":"High-confidence design for security: Don\u2019t trust\u2014Verify","volume":"42","author":"Chin","year":"1999","journal-title":"Commun. ACM"},{"key":"ref_47","first-page":"7","article-title":"A review on internet of things (IoT): Security and privacy requirements and the solution approaches","volume":"16","author":"Iqbal","year":"2017","journal-title":"Glob. J. Comput. Sci. Technol."},{"key":"ref_48","unstructured":"ISO (2020). Identification Cards\u2014Integrated Circuit Cards, in Part 4: Organization, Security and Commands for Interchange, ISO."},{"key":"ref_49","unstructured":"Gutierrez, C.M., and Turner, J.M. (2008). The keyed-hash message authentication code (HMAC). Cryptography Standards, National Institute of Standards and Technology. MD 20899-8900."},{"key":"ref_50","unstructured":"Vines, R.D., and Krutz, R.L. (2010). Cloud Security: A Comprehensive Guide to Secure Cloud Computing, John Wiley & Sons."},{"key":"ref_51","unstructured":"Microsoft (2020). NET Framework 4.8 Documentation, Microsoft."},{"key":"ref_52","doi-asserted-by":"crossref","unstructured":"Adler, J., Berryhill, R., Veneris, A., Poulos, Z., Veira, N., and Kastania, A. (August, January 30). Astraea: A decentralised blockchain oracle. Proceedings of the 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), Halifax, NS, Canada.","DOI":"10.1109\/Cybermatics_2018.2018.00207"},{"key":"ref_53","unstructured":"ISO\/IEC\/IEEE International Standard (2018). Systems and Software Engineering\u2014Life Cycle Processes\u2014Requirements Engineering, ISO\/IEC\/IEEE 29148:2011(E); ISO."},{"key":"ref_54","doi-asserted-by":"crossref","first-page":"311","DOI":"10.1007\/978-3-319-16486-1_31","article-title":"Cyber resilience\u2014Fundamentals for a definition","volume":"353","author":"Henkel","year":"2015","journal-title":"Adv. Intell. Syst. Comput."},{"key":"ref_55","doi-asserted-by":"crossref","unstructured":"Lam, K.-Y., and Gollmann, D. (1992). Freshness assurance of authentication protocols. Computer Security\u2014ESORICS 92, Springer.","DOI":"10.1007\/BFb0013902"},{"key":"ref_56","doi-asserted-by":"crossref","unstructured":"Cao, Y.-Y., and Fu, C. (2008, January 20\u201322). An Efficient Implementation of RSA Digital Signature Algorithm. Proceedings of the 2008 International Conference on Intelligent Computation Technology and Automation (ICICTA), Changsha, China.","DOI":"10.1109\/ICICTA.2008.398"},{"key":"ref_57","doi-asserted-by":"crossref","first-page":"36","DOI":"10.1007\/s102070100002","article-title":"The elliptic curve digital signature algorithm (ECDSA)","volume":"1","author":"Johnson","year":"2001","journal-title":"Int. J. Inform. Secur."},{"key":"ref_58","unstructured":"Wu, T. (1998). The secure remote password protocol. Network and Distributed System Security (NDSS) Symposium, The Internet Society."},{"key":"ref_59","doi-asserted-by":"crossref","unstructured":"Krawczyk, H. (2010, January 15\u201319). Cryptographic extraction and key derivation: The HKDF scheme. Proceedings of the 30th Annual Cryptology Conference, Santa Barbara, CA, USA.","DOI":"10.1007\/978-3-642-14623-7_34"},{"key":"ref_60","doi-asserted-by":"crossref","unstructured":"Savari, M., Montazerolzohour, M., and Thiam, Y.E. (2012, January 26\u201328). Comparison of ECC and RSA algorithm in multipurpose smart card application. Proceedings of the 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), Kuala Lumpur, Malaysia.","DOI":"10.1109\/CyberSec.2012.6246121"},{"key":"ref_61","doi-asserted-by":"crossref","unstructured":"Toradmalle, D., Singh, R., Shastri, H., Naik, N., and Panchidi, V. (2018, January 30\u201331). Prominence of ECDSA over RSA digital signature algorithm. Proceedings of the 2nd International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC)I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC), Palladam, India.","DOI":"10.1109\/I-SMAC.2018.8653689"},{"key":"ref_62","doi-asserted-by":"crossref","unstructured":"Boyko, V., Mackenzie, P., and Patel, S. (2000). Provably secure password-authenticated key exchange using diffie-hellman. International Conference on Theory and Application of Cryptographic Techniques, Springer.","DOI":"10.1007\/3-540-45539-6_12"},{"key":"ref_63","doi-asserted-by":"crossref","first-page":"280","DOI":"10.1016\/j.tcs.2005.11.038","article-title":"Security analysis of a password-based authentication protocol proposed to IEEE 1363","volume":"352","author":"Zhao","year":"2006","journal-title":"Theor. Comput. Sci."},{"key":"ref_64","unstructured":"Green, M. (2020, August 12). A Few Thoughts on Cryptographic Engineering. Available online: https:\/\/blog.cryptographyengineering.com\/."},{"key":"ref_65","unstructured":"CISCO (2020, September 11). The Internet of Things Reference Model. Available online: http:\/\/cdn.iotwf.com\/resources\/71\/IoT_Reference_Model_White_Paper_June_4_2014.pdf."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/20\/18\/5252\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T10:09:57Z","timestamp":1760177397000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/20\/18\/5252"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,9,14]]},"references-count":65,"journal-issue":{"issue":"18","published-online":{"date-parts":[[2020,9]]}},"alternative-id":["s20185252"],"URL":"https:\/\/doi.org\/10.3390\/s20185252","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,9,14]]}}}