Design rationale for symbiotically secure key management systems in IoT and beyond

The overwhelmingly widespread use of Internet of Things (IoT) in different application domains brought not only benefits, but, alas, security concerns as a result of the increased attack surface and vectors. One of the most critical mechanisms in IoT infrastructure is key management. This paper reflects on the problems and challenges of existing key management systems, starting with the discussion of a recent real-world attack. We identify and elaborate on the drawbacks of security primitives based purely on physical variations and - after highlighting the problems of such systems - continue on to deduce an effective and cost-efficient key management solution for IoT systems extending the symbiotic security approach in a previous work. The symbiotic architecture combines software, firmware, and hardware resources for secure IoT while avoiding the traditional scheme of static key storage and generating entropy for key material on-the-fly via a combination of a Physical Unclonable Function (PUF) and pseudo-random bits pre-populated in firmware.