Issue link: https://resources.mouser.com/i/1516458
device," Singh explains. "The engine uses the key to return whatever crypto-operation we have requested without exposing the key. This process can be implemented on the device without a secure element." Applications that require stronger security typically use a secure element, which is a microprocessor component with its own internal memory and storage. Singh describes how this works: "All crypto-operations happen inside that secure element, and middleware on the device communicates with the secure element. Applications that reside on the IoT board and perform operations on the device communicate with the secure element through that middleware." Physical security of the IoT device. Physical security includes closing all open gates and disabling all debugging ports and pins, such as Joint Test Action Group and general-purpose input/output pins, in final production units. It can also include providing tamperproof enclosures so that if opened, the IoT device breaks and will no longer function. Also, designers can improve physical security by placing the secure element in such a way that if the device is opened, the secure element is hidden and inaccessible. Singh notes, "The secure element should be under the protection of other hardware so that nobody can read its data or unmount it for separate hacking or analysis." Secure software. IoT applications must be developed using secure code-development practices and code testing. Strategies for creating secure IoT applications include eliminating memory leakage and leaving no sensitive data in memory. "Sensitive data should be deleted immediately after use," Singh says. "No key should be available in memory. After use, keys should be removed immediately." If applications are performing secure operations on the IoT device, they can do so in a couple of ways. A lower-cost approach is to run secure operations in a trusted execution environment on the IoT device, with the application requiring " The secure element should be under the protection of other hardware so that nobody can read its data or unmount it for separate hacking or analysis." 29