Secure-by-Design IoT: Mitigating Firmware-Level Vulnerabilities in Large-Scale Deployments

Abstract

This research aimed to examine the device selection and firmware collection, static and dynamic vulnerabilities of firmware and their classification, secure-by-design framework development, and the results of large-scale implementation simulations with three objectives. A mixed approach was used. It consisted of static firmware analysis, dynamic testing, and large-scale deployment simulation to evaluate firmware-level vulnerabilities in IoT devices. The research was conducted in three phases: vulnerability identification, implementation, testing and evaluation of secure-by-design framework development, and comparative evaluation. The main findings were: (1) SbDF implementations reduced compromise rates by 90.3-99.5% across all network architectures; (2) Time-to-compromise increased by 40-70x for SbDF devices; (3) Lateral movement attack chains were disrupted in 97.8% of SbDF deployment scenarios; (4) Update distribution success rate exceeded 99.2% for SbDF implementations with A/B partitioning; (5); (6) Econometric analysis of SbDF implementation revealed favourable long-term cost profiles despite higher initial development investment; and (7) SbDF overhead remained within acceptable operational parameters for 94.3% of typical IoT use cases. Some limitations of this research and scope for future work have been given at the end.