To address critical security challenges in IoT—including severe resource constraints, expansive attack surfaces, and imminent quantum threats—this paper proposes an end-to-end, full-stack security framework spanning the chip, firmware, communication, and application layers to ensure confidentiality, integrity, and availability across the device lifecycle. Methodologically, it innovatively integrates a hardware-based root of trust, CBOR-encoded lightweight digital certificates, an optimized TLS 1.3 protocol stack, and a seamless post-quantum cryptographic migration mechanism, enabling cross-layer coordinated defense and resource-adaptive security provisioning. Experimental evaluation demonstrates over 30% reduction in communication overhead, millisecond-scale secure boot latency, and certificate sizes compressed to sub-kilobyte levels. This work establishes the first verifiable, scalable, and quantum-resistant lightweight security paradigm for resource-constrained IoT devices.

The rapid expansion of connected devices has amplified the need for robust and scalable security frameworks. This paper proposes a holistic approach to securing network-connected devices, covering essential layers: hardware, firmware, communication, and application. At the hardware level, we focus on secure key management, reliable random number generation, and protecting critical assets. Firmware security is addressed through mechanisms like cryptographic integrity validation and secure boot processes. For secure communication, we emphasize TLS 1.3 and optimized cipher suites tailored for both standard and resource-constrained devices. To overcome the challenges of IoT, compact digital certificates, such as CBOR, are recommended to reduce overhead and enhance performance. Additionally, the paper explores forward-looking solutions, including post-quantum cryptography, to future-proof systems against emerging threats. This framework provides actionable guidelines for manufacturers and system administrators to build secure devices that maintain confidentiality, integrity, and availability throughout their lifecycle.