Security management on Arduino-based electronic devices


Security management on Arduino-based electronic devices

Recientemente nos han aceptado el artículo «Security management on Arduino-based electronic devices» en la revista IEEE Consumer Electronics Magazine, indexada en JCR Science con un factor de impacto de 4.135.

En este artículo, los profesores Sergio Martín, Gabriel Díaz y Manuel Castro junto con un alumno de Máster, hacemos un exhaustivo análisis de seguridad distintos tipos de placas Arduino, para ello realizamos un estudio desde el punto de vista tanto hardware, firmware como de comunicaciones. Las conclusiones de este estudio

Os dejamos el resumen del mismo por si os resulta de interés:

Arduino has emerged as a very popular electronic board because of its low-cost, open hardware approach and flexibility with a huge potential for prototyping, small product runs, Internet of Things, makers or educational electronic projects, among others. However, there is a literature gap concerning wide analysis on different versions and types of Arduino boards, which include software, hardware and communication vulnerabilities analysis. This work analyzes the software, hardware and communication vulnerabilities that can be found in different versions of Arduino boards (entry level, enhanced features, Internet of Things-oriented, non-official and with Operating System). The results of the analysis show that, in most cases, Arduino boards present hardware and software limitations and security vulnerabilities, probably due to their low-cost requirement design. Some examples are: an easy-to-override firmware, lack of power protection or non-encrypted board communications in the case of Arduino Yun. Also Arduino does not check bad use of memory stack, so bad memory operations may end up easily on memory corruption and unexpected behavior. All these limitations and vulnerabilities may lead to security breaches on the deployed environment. Therefore, any security management policy must take these weaknesses into account.

Y aquí tenéis la referencia para que la incluyáis en vuestros estudios:

J. Sainz-Raso, S. Martin, G. Diaz and M. Castro, «Security management on Arduino-based electronic devices,» in IEEE Consumer Electronics Magazine, 2022, doi: 10.1109/MCE.2022.3184118.

About the author

smartin administrator