Security is an often overlooked component in embedded systems. This component is arguably the most important aspect to be considered as the effects of security attacks are often devastating. This article focuses on security in embedded systems.
Before we begin, let us start with the definition of embedded system security
Table of Contents
- 1 What Is Embedded System Security
- 2 Embedded System Security Challenges
- 3 Security Features
- 4 Data Processing Protection
- 5 Secure Data Transmission
- 6 Conclusion
What Is Embedded System Security
Embedded system security is a strategic approach to protecting software running on embedded system from attack. Since embedded devices are completely different from general purpose computers, they need security solutions that are custom made for them.
Challenges in embedded systems are there mainly due to the assumption that embedded devices are not attractive targets to hackers. Key features of security features that can be used are firewalls, encryption, security protocols and intrusion detection and prevention systems. However, it is not uncommon to come across embedded systems with poor security features.
Firewalls are virtually absent in some embedded systems, and most embedded devices rely on simple password authentication and security protocols. The number of attacks against embedded devices continues to rise, and therefore there is a need for good embedded system security measures to be implemented.
Embedded System Security Challenges
Embedded systems are often first designed, and prototypes are built. When the prototypes are seen to perform to the required standards and produce the relevant results, mass production is carried out. This means that if there is a flaw in the embedded system security of the product, millions of identical devices could be affected by the same flaw.
2. Critical Functionality
Embedded devices are used to control transportation infrastructure. They control utility grids, communication systems, power generating stations, and many other critical industries that the society depends on. Interruptions of these critical services could have consequences that are nothing short of a catastrophe.
3. Security Assumptions
Embedded engineers did not really prioritize embedded system security as they did not believe that embedded devices could be targets for hackers. As a result, the security part was not considered as a critical priority in their embedded designs. This attitude is now slowly changing as modern embedded design projects often include security for the first time. However, this is made difficult since there are not very many pre-existing security projects to build upon.
Most embedded devices are not easy to upgrade. Once they leave the production line, they run the software that was installed in them for years. It is quite often to see these devices having a very long life cycle. They may be in the field for anything from 5 to 20 years. This therefore is a great embedded system security challenge as the update capability function needs to have been designed into the system. If it is not present, then updating the system may prove to be difficult, or impossible.
The embedded systems use specialized protocols that are not recognized and protected by enterprise security tools. Enterprise firewalls and intrusion detection systems are designed to protect against enterprise specific threats. They are not designed to protect against industrial protocols.
6. Typical use in the field
Many embedded devices are designed and developed with enterprise security features present in the environment where they are made to be used in already protecting the system from potential threats. When the embedded system is deployed in the field however, the embedded system security is compromised as the devices may be directly connected to the internet without any protection present.
Below are a list of security features that are considered when we want to see how to keep security in embedded systems as high as possible.
- Secure boot
- Data security
- Secure communication
- Secure code updates
- Embedded security management
- Protection against cyber attacks
- Device tampering detection
Data Processing Protection
Modern microcontrollers play a pivotal role in embedded systems, particularly networked embedded systems. They are available with numerous hardware based security features to boost the embedded system security. These are:
Debug locks to prevent unauthorised access through the debug interface.
- Advance Encryption Standard (AES) with 128 or 256 bit keys.
- Real Time Clocks (RTC) which function to add a time stamp to each tamper event that occurs.
- Cyclic Redundancy Checks (CRC) which ensure the integrity of the data when it is transferred or saved.
- Memory Protection Units (MPU) which split the memory into sections with varying access rights.
- Clock Security Systems (CSS) which enable clock recovery through independent clock sources.
- Anti-Tamper Mechanisms – these protect against physical hardware attacks that occur outside the microcontroller
If the microcontroller present has insufficient security functions then a special Integrated Circuit called the Security IC can be used. It boosts the security in embedded systems.
Secure Data Transmission
A key aspect of security in embedded systems is choosing the correct communication standard. This section deals with wireless standards, and the points of application where they work best.
1. ZigBee and Thread
This features a channel bandwidth of 5 MHz, at each of the 16 channels. These are particularly resistant to smaller signal interferences.
This is even more robust due to the bandwidth of 20 MHz per channel. In order to add even more security, SSL/TLS protocols can be used. A Medium Access Control (MAC) filter can be used to offer even greater embedded system security.
Bluetooth Enhanced Data Rate (EDR) is considered secure due to 128bit AES (Advanced Encryption Standard).
Bluetooth Low Energy (BLE) utilizes further security measures in addition to AFH and FEC, for example device authentication and message encryption.
Bluetooth 5 has the same security features as BLE but additionally offers four times the range or eight times the data transfer rate.
4. Near Field Communication (NFC), and Radio Frequency Identification (RFID)
These are ideal for sensitive areas as they require very limited ranges of just a few centimetres. It is practically impossible to capture data due to this.
This article has clearly shown the various embedded system security challenges. The flaws currently present in the embedded system security were brought out, as well as a few ways to address these issues. We hope you enjoyed the article.