OnBoard Security InSights

Top-Down and Bottom-Up Defenses to Secure IoT

Posted by Lee Wilson on May 24, 2018 12:14:38 PM
Find me on:
Many IoT device manufacturers understand the need for cyber security but aren’t sure where to begin. To add to the confusion, some security vendors will claim their firewall or password system or a “magic bullet” will protect your system from every type of attack. Don’t believe the hype.Best cybersecurity practices require both “bottom-up” and “top-down” security solutions. Bottom-up security boots a system into a secure security state. Top-down security’s role is to keep it there. To make your job more difficult, you typically can’t just lock down a system completely. You have to allow for software/firmware updates and other servicing procedures. So system providers typically provide service and debug access to their devices. Such interfaces typically have administrative or superuser authority making them a favorite attack point for hackers. IoT device makers must include strong bottom-up security procedures for stopping unauthorized access to these debugging doorways.
Bottom Up Top Down

Top-down security hardens the external attack surface of the system, stopping threats from entering the system. It also uses software, where possible, to analyze and protect the current security state of the system. The following is a partial list of top-down security components you may come across:

  • Communications Protocols
  • Secure peripherals
  • Antivirus programs
  • Strong user authentication schemes/passwords
  • Secure software update processes
  • Security hardened applications
  • Closing unauthorized and/or insecure doorways into systems

Top-down security is necessary but not sufficient. Top-down security is largely based on software that is launched late in the boot cycle of a machine. It typically cannot detect or stop deep threats. A good rule for security design is:

Assume attacks will get in.

Design your security to protect system secrets from attackers.

Detect all threats.

Recover from threats without the need for physical service intervention.


Bottom-up security adds the needed additional security features by providing:

  • A bootup method to get to an initial high security state.
  • A separate system device where critical keys and protected information can be used but protected from attackers
  • A method for running reliable remote health checks of a system
  • Strong system identity to stop cyber-impersonators.

Bottom-up security is active during the first instructions of system bootup. It should be extensively utilized by the backend servers that manage it all. The Trusted Platform Module (TPM) is an excellent root of trust that provides all the functions needed for bottom up security. The TPM is an international standard security module (ISO/IEC 11889), specified by the Trusted Computing Group (TCG), a consortium of more than 100 members. The TPM is supported by TCG Software Stack (TSS) which is middleware that applications use to share and manage the security functionality of a TPM. OnBoard Security’s TrustSentinel TSS 2.0 is the only commercially available TSS 2.0. Using the TPM with TrustSentinel TSS 2.0 is an easy and cost-effective way to implement the bottom-up security that IoT devices frequently lack.

Want to learn more about security system? Check out our latest whitepaper; Setting and Achieving Security Design Goals to learn more.


Topics: Cryptography, Internet of Things, Embedded Security, Cyber Security, TPM, TSS

Learn About the Latest in IoT Security from Our Team of Experts


OnBoard Security's security experts share insights on the latest security topics in:

  • Connected Cars
  • Autonomous Vehicles
  • Internet of Things
  • Quantum Computing

Recent Posts