Secure IoT Development: A Maker’s Perspective

Efforts to tackle the challenges in securing Internet-of-Things (IoT) across the entire stack have been growing as IoT spreads over many domains. Applications of IoT in various domains are further accelerated by the Maker movement, as anyone with "googling" ability, the right tools and skill sets can develop a product. This creates an even larger attack surface, as security is generally not the main focus of a maker.To reconstruct the development process of a platform, we created a maker-oriented IoT hardware, MkIoT, and implemented an end-to-end (E2E) application prototype by leveraging existing off-the-shelf embedded hardware, open-source code, examples and tutorials provided by maker communities. The development process allowed us to investigate the challenges in securing both device and E2E communication, and in implementing life-cycle management using the public cloud. This paper examines and demonstrates the stumbling blocks and pain points of implementing a secure IoT application from the unique perspective of a maker, and serves as a reference for IoT makers, developers and researchers alike.