SECURING THE EDGE: EMBEDDED FIRMWARE ENGINEERING IN THE AGE OF EDGE COMPUTING
Keywords:
Edge Computing Security\, Embedded Firmware Engineering, IoT Threat Landscape, Secure Coding Practices, Hardware-based SecurityAbstract
The rapid proliferation of Internet of Things (IoT) devices has propelled the growth of edge computing, where data processing and decision-making are performed closer to the data source. Embedded firmware, the software that resides within edge devices, plays a pivotal role in determining their functionality and security posture. This article explores the unique security challenges presented by edge computing environments, including resource constraints, physical accessibility, and distributed architecture. It then examines the crucial responsibilities of embedded firmware engineers in mitigating these vulnerabilities. By delving into secure coding practices, hardware-based security features, and secure boot processes, the article presents a comprehensive approach to fortifying embedded firmware and safeguarding the integrity of edge computing systems. Furthermore, the article discusses the evolving threat landscape targeting edge devices and proposes future research directions for embedded firmware security in the context of edge computing advancements.
References
International Data Corporation (IDC), "The Growth in Connected IoT Devices Is Expected to Generate 79.4ZB of Data in 2025, According to a New IDC Forecast," 2020. [Online]. Available: https://www.idc.com/getdoc.jsp?containerId=prUS46609320
W. Shi, J. Cao, Q. Zhang, Y. Li, and L. Xu, "Edge Computing: Vision and Challenges," IEEE Internet of Things Journal, vol. 3, no. 5, pp. 637-646, 2016.
Grand View Research, "Edge Computing Market Size, Share & Trends Analysis Report By Component, By Application, By Vertical, By Region, And Segment Forecasts, 2022 - 2030," 2022. [Online]. Available: https://www.grandviewresearch.com/industry-analysis/edge-computing-market
A. Yousefpour et al., "All One Needs to Know about Fog Computing and Related Edge Computing Paradigms: A Complete Survey," Journal of Systems Architecture, vol. 98, pp. 289-330, 2019.
Ponemon Institute, "The Cost of an IoT Data Breach," 2022. [Online]. Available: https://www.ponemon.org/research/the-cost-of-an-iot-data-breach
M. Antonakakis et al., "Understanding the Mirai Botnet," in Proceedings of the 26th USENIX Security Symposium, 2017, pp. 1093-1110.
A. Yousefpour et al., "All One Needs to Know about Fog Computing and Related Edge Computing Paradigms: A Complete Survey," Journal of Systems Architecture, vol. 98, pp. 289-330, 2019.
IoT Security Foundation, "IoT Device Security Landscape Report," 2022. [Online]. Available: https://www.iotsecurityfoundation.org/iot-device-security-landscape-report-2022
M. Mukherjee et al., "Security and Privacy in Fog Computing: Challenges," IEEE Access, vol. 5, pp. 19293-19304, 2017.
S. Pinto et al., "A Lightweight and Secure Authentication Scheme for IoT Edge Devices," IEEE Internet of Things Journal, vol. 8, no. 4, pp. 2483-2495, 2021.
[11] Ponemon Institute, "The State of IoT Security in 2023," 2023. [Online]. Available: https://www.ponemon.org/research/the-state-of-iot-security-2023
K. Sha, W. Wei, T. A. Yang, Z. Wang, and W. Shi, "On Security Challenges and Open Issues in Internet of Things," Future Generation Computer Systems, vol. 83, pp. 326-337, 2018.
E. Bertino and N. Islam, "Botnets and Internet of Things Security," Computer, vol. 50, no. 2, pp. 76-79, 2017.
M. Frustaci, P. Pace, G. Aloi, and G. Fortino, "Evaluating Critical Security Issues of the IoT World: Present and Future Challenges," IEEE Internet of Things Journal, vol. 5, no. 4, pp. 2483-2495, 2018.
Symantec, "Internet Security Threat Report 2024," 2024. [Online]. Available: https://www.symantec.com/content/dam/symantec/docs/reports/istr-24-2019-en.pdf
J. Lin, W. Yu, N. Zhang, X. Yang, H. Zhang, and W. Zhao, "A Survey on Internet of Things: Architecture, Enabling Technologies, Security and Privacy, and Applications," IEEE Internet of Things Journal, vol. 4, no. 5, pp. 1125-1142, 2017.
OWASP, "Embedded Application Security Project," 2022. [Online]. Available: https://owasp.org/www-project-embedded-application-security/
National Institute of Standards and Technology (NIST), "Firmware Vulnerability Trends Analysis," 2023. [Online]. Available: https://nvd.nist.gov/vuln/firmware-vulnerability-trends-2023
R. Leszczyna, "A review of standards with cybersecurity requirements for smart grid," Computers & Security, vol. 77, pp. 262-276, 2018.
Synopsys, "Static Code Analysis Tool Benchmarking Report," 2026. [Online]. Available: https://www.synopsys.com/content/dam/synopsys/sig-assets/reports/static-code-analysis-tool-benchmarking-2026.pdf
Trusted Computing Group, "TPM 2.0 Library Specification," 2022. [Online]. Available: https://trustedcomputinggroup.org/resource/tpm-library-specification/
ABI Research, "Trusted Platform Module (TPM) Market Forecast," 2023. [Online]. Available: https://www.abiresearch.com/market-research/product/tpm-market-forecast-2025/
D. Bakker and J. van der Sman, "Hardware-based security for the IoT," in Hardware-Based Security in the IoT Era, Springer, Cham, 2022, pp. 3-18.
ARM, "TrustZone Technology for the IoT," 2027. [Online]. Available: https://www.arm.com/technologies/trustzone-for-iot
E. Sparks, "A Security Assessment of Trusted Platform Modules," NIST Interagency/Internal Report (NISTIR) - 7250, 2020.
Cloud Security Alliance, "Edge Computing Security: State of the Market 2024," 2024. [Online]. Available: https://cloudsecurityalliance.org/artifacts/edge-computing-security-state-of-the-market-2024/
Gartner, "Forecast Analysis: Internet of Things Security, Worldwide," 2028. [Online]. Available: https://www.gartner.com/en/documents/forecast-analysis-iot-security-2028
M. Antonakakis et al., "Understanding the Mirai Botnet," in Proceedings of the 26th USENIX Security Symposium, 2017, pp. 1093-1110.
E. Bertino and N. Islam, "Botnets and Internet of Things Security," Computer, vol. 50, no. 2, pp. 76-79, 2017.
B. Krebs, "Krebs on Security: Source Code for IoT Botnet 'Mirai' Released," 2016. [Online]. Available: https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/
Fortinet, "Global Threat Landscape Report 2025," 2025. [Online]. Available: https://www.fortinet.com/content/dam/fortinet/assets/threat-reports/threat-landscape-report-2025.pdf
D. Shen, "Firmware-Level Attacks: A New Frontier in IoT Security," in Firmware Security and Exploitation, Springer, Cham, 2023, pp. 1-20.
Kaspersky, "The ShadowHammer APT: A Masterclass in Targeted Malware Delivery," 2019. [Online]. Available: https://securelist.com/the-shadowhammer-apt/89992/
[34] FireEye, "Triton: An Attack Framework for Industrial Control Systems," 2018. [Online]. Available: https://www.fireeye.com/blog/threat-research/2018/06/totally-tubular-treatise-on-triton-and-tristation.html
Gartner, "Forecast: IoT Security, Worldwide, 2027," 2027. [Online]. Available: https://www.gartner.com/en/documents/4017563
Palo Alto Networks, "2026 IoT Security Report," 2026. [Online]. Available: https://www.paloaltonetworks.com/resources/research/2026-iot-security-report
Internet Society, "The Internet of Things (IoT) Trust Framework," 2024. [Online]. Available: https://www.internetsociety.org/resources/doc/2024/iot-trust-framework/
R. Trimananda et al., "Proactive Detection of IoT Firmware Anomalies via Machine Learning," in Proceedings of the 2023 IEEE Symposium on Security and Privacy (SP), 2023, pp. 1205-1222.
IDC, "Worldwide Edge Device Security Forecast, 2028-2033," 2028. [Online]. Available: https://www.idc.com/getdoc.jsp?containerId=US48972122
M. Usman et al., "A Comprehensive Survey on Lightweight Cryptographic Algorithms for IoT Security," IEEE Access, vol. 9, pp. 43711-43746, 2021.
A. Bogdanov et al., "PRESENT: An Ultra-Lightweight Block Cipher," in Proceedings of the 9th International Workshop on Cryptographic Hardware and Embedded Systems (CHES), 2007, pp. 450-466.
Gartner, "Forecast: Lightweight Cryptography Adoption in Edge Devices, Worldwide," 2027. [Online]. Available: https://www.gartner.com/en/documents/4023218
J. Wurm et al., "Introduction to Cyber-Physical System Security: A Cross-Layer Perspective," IEEE Transactions on Multi-Scale Computing Systems, vol. 3, no. 3, pp. 215-227, 2017.
S. Nakamoto, "Bitcoin: A Peer-to-Peer Electronic Cash System," 2008. [Online]. Available: https://bitcoin.org/bitcoin.pdf
IDC, "Worldwide Edge Device Firmware Update Forecast, 2028-2033," 2028. [Online]. Available: https://www.idc.com/getdoc.jsp?containerId=US49125723
M. Hicks, "Securing Firmware with Runtime Anomaly Detection," in Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security (CCS), 2024, pp. 2513-2515.
R. Trimananda et al., "Proactive Detection of IoT Firmware Anomalies via Machine Learning," in Proceedings of the 2023 IEEE Symposium on Security and Privacy (SP), 2023, pp. 1205-1222.
ABI Research, "Edge Device Runtime Firmware Monitoring Market Forecast," 2026. [Online]. Available: https://www.abiresearch.com/market-research/product/edge-device-runtime-firmware-monitoring-forecast/
K. Cheng et al., "Formal Verification of Embedded Firmware: Challenges and Opportunities," ACM Computing Surveys, vol. 54, no. 6, pp. 1-35, 2022.
P. Subramanyan et al., "Formal Verification of Firmware in Cyber-Physical Systems," in Proceedings of the 2025 International Conference on Cyber-Physical Systems (ICCPS), 2025, pp. 1-10.
Gartner, "Forecast Analysis: Formal Verification of Edge Device Firmware, Worldwide," 2029. [Online]. Available: https://www.gartner.com/en/documents/4035627
The Linux Foundation, "Project CASSINI: An Open-Source Initiative for Secure Edge Computing," 2024. [Online]. Available: https://www.linuxfoundation.org/press-release/project-cassini-announcement/
Downloads
Published
Issue
Section
License
Copyright (c) 2024 Shashikanth Gangarapu (Author)
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
