You are here

Securing the Internet of Things (IoT)


TECHNOLOGY AREA(S): Information Systems

The technology within this topic is restricted under the International Traffic in Arms Regulation (ITAR), 22 CFR Parts 120-130, which controls the export and import of defense-related material and services, including export of sensitive technical data, or the Export Administration Regulation (EAR), 15 CFR Parts 730-774, which controls dual use items. Offerors must disclose any proposed use of foreign nationals (FNs), their country(ies) of origin, the type of visa or work permit possessed, and the statement of work (SOW) tasks intended for accomplishment by the FN(s) in accordance with section 5.4.c.(8) of the solicitation and within the AF Component-specific instructions. Offerors are advised foreign nationals proposed to perform on this topic may be restricted due to the technical data under US Export Control Laws. Please direct questions to the AF SBIR/STTR Contracting Officer, Ms. Gail Nyikon,

OBJECTIVE: Develop commercially viable, distributed sensing and control systems--leveraging on-chip security mechanisms in state-of-the-art embedded processors--to serve as a technology demonstrators for dual-use in Air Force battlefield applications.

DESCRIPTION: A quiet revolution in embedded system design is occurring within the embedded and mobile processing spaces. A new class of System on Chip (SoC) architectures has emerged which tightly couples field-programmable gate array (FPGA) logic, high-performance processing cores, and hardware-based cryptographic accelerators, all within the physical chip boundary. These SoCs also include on-chip RAM and rich peripheral functionality, including high-performance networking capabilities. Commercially available products, such as the Xilinx Zynq and Altera HPS, are being rapidly adopted into a broad range of embedded systems applications including automobile driver assistance, factory automation, consumer electronics, military radios, medical imaging, broadcast cameras, and both wired and wireless communications (including routers and switches).

The devices represent a game-changing new opportunity to protect against tampering and computer network attacks on the battlefield by leveraging cryptographic acceleration and the tightly coupled FPGA logic to implement adaptive, hardware-level security and resilience mechanisms. Now is the time to explore how these innovations can be utilized in complete end-to-end distributed sensing and control systems. This topic aims to explore this concept within the framework of the Internet of Things (IoT) with the goal of developing exemplars for robust and security conscious technologies for infrastructure protection. The technologies to be developed shall comprise both a secure end-point technology--that leverages these advanced embedded systems designs--and the ability to communicate via the Internet to produce situational awareness associated with a physical process.

The particular process to be observed and controlled is to be determined from a market/business study to be completed within Phase I. However, its salient characteristics must include the need for security--to protect private personal information--and resilience--to provide robust operation in the presence of faults, errors, and computer network attacks. The technology to be developed must therefore couple both novel embedded systems hardware design at the end-point with the use of software prototypes based on open-source and/or Internet standards. Systems should seek to use open-source operating systems and tools where appropriate and where these tools facilitate technology transfer to Air Force/DoD partners.

The Phase II must result in an end-to-end system capable of providing useful information to the consumer, and when set in a military context, to the Air Force. The technology plan should include descriptions of which advanced technology concepts shall be incorporated and at what stage of the project.

PHASE I: Phase I shall focus on developing a commercially viable product, business, technology development, and test plan. Early proof-of-concept prototype development associated with particular road-blocks is encouraged.

PHASE II: Phase II shall develop a full, end-to-end distributed system prototype and deploy the technology on the Internet. It is intended that the technology will demonstrate the use of novel embedded systems concepts and describe how they improve system security and/or resilience. The prototype shall include secure end-point, communication, analytics, and feedback components for a commercial application.

PHASE III DUAL USE APPLICATIONS: The contractor shall work with a DoD customer to develop a specific embedded system. The intent is to take core components on the technology, such as a particular technique or mechanism, and apply it within a military context or application, rather than re-deploy the system as a whole.


    • J. Dahlstrom and S. Taylor, “Migrating an OS Scheduler into Tightly Coupled FPGA Logic to Increase Attacker Workload,” MILCOM 2013, pp 986-991, Nov 2013. .f.


    • R. Dobai and Sekanina, L., “Towards Evolvable Systems based on the Xilinx Zynq platform," 2013 IEEE International Conference on Evolvable Systems (ICES), Apr 2013, Singapore. Http://


    • V. Kizheppatt, ZyCAP: Efficient Partial Reconfiguration Management on the Xilinx Zynq,” IEEE Embedded Systems Letters, Vol 6, No. 3 Sept 2014.


    • Altera, “Cyclone V Device Handbook, Vol 3.”


  • Xilinx, “Zynq-7000 All Programmable SoC, Technical Reference Manual.”

KEYWORDS: Internet of Things, security, resilience, fault-tolerance, embedded systems, IoT

  • TPOC-1: Matthew Shaver
  • Phone: 315-330-3295
  • Email:
US Flag An Official Website of the United States Government