Industry largely underestimates the critical need for the highest levels of security in every network connected device. Even the most mundane device can become dangerous when compromised over the Internet: a toy can spy or deceive , an appliance can launch a denial of service  or self-destruct, a piece of equipment can maim or destroy . With risks to life, limb, brand, and property so high, singleline-of-defense and second-best solutions are not enough.
Building secure devices is challenging. From observation of existing best-in-class devices, we argue it is more of a science than an art. If one adheres rigorously to well-understood principles and practices, building secure devices is repeatable
According to Microsoft, seven properties must be shared by all highly secure, network-connected devices: a hardware-based root of trust, a small trusted computing base, defense in depth, compartmentalization, certificate-based authentication, security renewal, and failure reporting. Summarized in the table below.
Examples and Questions to Prove the Property
|Hardware-based Root of Trust||Unforgeable cryptographic keys generated and protected by hardware. Physical countermeasures resist side-channel attacks|
|Does the device have a unique, unforgeable identity that is inseparable from the hardware?|
|Small Trusted Computing Base||Private keys stored in a hardware-protected vault, inaccessible to software. Division of software into self-protecting layers.|
|Is most of the device’s software outside the device’s trusted computing base?|
|Defense in Depth||Multiple mitigations applied against each threat. Countermeasures mitigate the consequences of a successful attack on any one vector|
|Is the device still protected if the security of one layer of device software is breached?|
|Compartmentalization||Hardware-enforced barriers between software components prevent a breach in one from propagating to others.|
|Does a failure in one component of the device require a reboot of the entire device to return to operation?|
|Certificate-based Authentication||Signed certificate, proven by unforgeable cryptographic key, proves the device identity and authenticity.|
|Does the device use certificates instead of passwords for authentication?|
|Renewable Security||Renewal brings the device forward to a secure state and revokes compromised assets for known vulnerabilities or security breaches|
|Is the device’s software updated automatically?|
|Failure Reporting||A software failure, such as a buffer overrun induced by an attacker probing security, is reported to cloud-based failure analysis system|
|Does the device report failures to its manufacturer?|
This page is just an abstract, so in case you want to read more, here you can find the whole article on 7 properties of highly secured devices.
 C. Wiking, “If Your Child Has This Doll You Should Get Rid of It Now,” 17 Feb. 2017. [Online].
Available: https://mom.me/news/39826-if-your-child-has-doll-you-might-want-destroy-it/. [Accessed 17 Feb. 2017].
 N. Perlroth, “Hackers Used New Weapons to Disrupt Major Websites Across U.S.,” New York Times, 21 Oct. 2016.
 E. Mills, “Internet-Connected Coffee Maker Has Security Holes,” CNET, 17 Jun. 2008.