Philip Attfield of Sequitur Labs Inc. wrote an article for IoT Agenda on IoT Security; excerpting a checklist from the article:
* Devices must implement a “root of trust” as a trustworthy measure of integrity and authenticity. A root of trust, once established, is unchangeable and is therefore always reliable and trustworthy.
* Secure interaction between devices on a network is necessary. Implement mechanisms enabling mutual device authentication.
* Isolation and separation are well-accepted principles of security. Isolating sensitive information such as encryption keys, proprietary algorithms or other information raises the difficulty level for an attacker and minimizes the impact of a breach.
* Separate application functions critical to security. Execute such functions in isolated and secured memory regions to prevent compromise.
* Choose hardware platforms that include tamper resistance features. Such features protect against physical device tampering by destroying critical information such as encryption keys before hackers are able to access them.
http://internetofthingsagenda.techtarget.com/blog/IoT-Agenda/IoT-security-is-not-a-check-box
Firmware Security 