Biggest security threats for embedded designers
Embedded system designers face a number of threats to the applications that they develop for the Internet of Things (IoT). One of the biggest threats comes from IoT devices that end-users can access, such as commercial networked HVAC systems, wireless base stations, power stations, network gateway systems, and avionics networking.
Another example is the connected car, including the advanced driver assistance system (ADAS) that encompasses intelligent, interconnected vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) systems. Since vehicles are fielded systems, they are accessible by people with malicious intentions. There can be serious consequences – up to and including loss of life – if, for instance, ADAS systems cannot ensure that V2V and V2I messages originate from a trustworthy source and are not modified between sender and receiver.
With these and other systems, software security, alone, has proven inadequate to protect user-accessible devices against known threats. What is needed is a combination of software and hardware security. For example, today’s FPGA SoCs can be used to implement a hardware security scheme that compliments the software and strengthens the system. Ideally, the hardware and software solution should combat three types of security breaches:
1. Design security: This includes IP protection and ensuring that configuration bit streams are encrypted and protected. In addition, designs need to incorporate a method to ensure there is no overbuilding or cloning of the design possible.
2. Hardware security: Designers also need to certify that user-accessible devices are resistant to physical attacks. For example, differential power analysis (DPA) attacks can extract keys and other vital device information.
3. Data security: This element ensures that communications into and out of the device are authentic and secure.
Embedded system program managers and development teams must design these types of protections into their products while best leveraging the characteristics of the underlying platform. The result should be a robust protection network with no single point of failure. Some key methods for achieving this goal include:
∑ Risk assessment: System penetration testing should be used for a detailed system evaluation, to assess critical system data/functions, discover vulnerabilities, enumerate threats, and outline the likelihood and consequence of system compromise.
∑ Protection planning: Using risk assessments and any other compiled data, developers should seek to understand protection implementation costs and design options for mitigating identified system vulnerabilities and ensuring successful system verification and validation.
∑ Attack scenario testing: This can include a black box approach, pitting experienced reverse engineers with state-of-the-art attack tools against a system in a deployed setting to reveal vulnerabilities that cannot otherwise be found during most other evaluation exercises.
∑ DPA side-channel analysis and mitigation: Side-channel attacks are currently the most practical method for compromising cryptography implementations. It is important to regularly perform measurable, objective, and repeatable testing for resistance to side-channel attacks for applications where adversaries have the ability to observe side channels (i.e., power draw, timing, EM emanations) during on-device cryptographic operations.
In today’s cyber hacking world, it is essential for every public and private organization to proactively address security issues. Embedded system designers can help their customers in this area by creating secure designs that are protected from today’s rapidly evolving threats, including those posed by a rapidly growing ecosystem of interconnected, user-accessible hardware.