I recently read an article on the “5 embedded system terms IoT admins must know”. The crux of the article was to familiarize IoT device engineers with the various software, hardware, and signal process components that may be involved during the design phase. In addition to defining the embedded system itself and the various types, such as mobile embedded systems, networked embedded systems, standalone embedded systems, and real-time embedded systems, the article went on to elaborate on four other elements of embedded systems: System-on-a-Chip (SoC), Application-specific integrated circuit, Real-time OS (RTOS), and digital signal processing.
All well and good, and I think IoT admins beginning their journey into IoT design, perhaps for the first time, would do well to heed the authors recommendations. However, I find one key omission to the list, and that is embedded security, or Integrity Protection of the embedded system to be more specific.
Why is it important to consider integrity protection during the design process? Let me explain.
As IoT expands into the industrial field with the rapid emergence of Industry 4.0, embedded systems are increasingly interconnected and communicating over public networks. This greatly expands the attack surface for cybercriminals trying to take advantage of the many vulnerabilities that can be exploited, as proven by the many attacks on critical infrastructure that have recently been reported around the world. At the core of these new IoT and IIoT devices and systems is embedded software that must be protected, to not only prevent the loss of intellectual property, but also the introduction of malware through malicious code tampering – in other words: Ensure the integrity of the system.
Integrity protection encompasses security measures that safeguard system resources, programs, and data against unauthorized manipulation. In general, there are two main challenge points. First, the embedded system can be attacked directly from the Internet. Execution codes can be replaced or modified by malicious code during code updates. Weaknesses in the code itself can also be exploited. Secondly, hackers have access to the same open source information as the developers. With knowledge of the execution code binary structure, hackers can use powerful development/analytical tools to directly modify the code in a static attack. Furthermore, with knowledge of the memory and process architecture, the hacker can initiate a dynamic attack by inserting malicious code into the boot process.
One key security challenge is to guarantee data integrity, bring the system into a safe mode, and stop the execution of all functions as soon as an attack has been detected. There are several methods that can be employed to blunt potential attacks. The integrity of embedded systems can be ensured by encrypting the running code itself and relying on a secure hardware device for key management and state storage. In this manner, the encryption key is securely stored in either a dongle or in software, which then activates and ties the key to a specific device or control system.
Another effective approach is to prevent the loader of the operating system to start any unauthorized code. This also includes protecting the open system platform itself to prevent hackers from installing their own loader. And finally, the BIOS of the embedded system should prevent any loading of an unauthorized operating system.
All of these embedded system protection mechanisms and more are discussed in detail in our white paper, Integrity Protection for Embedded Systems. The white paper further explains how the use of digital certificates securely protects elements such as the boot loader, operating systems, real-time processes and configuration data via chains of trust, thereby enabling integrity protection for embedded software.
To discuss these aspects in greater detail and learn which solutions are available in the market, we also recommend joining our team at the upcoming edition of Embedded World in Nuremberg, Germany. There, we’ll hold a lecture on how we empower embedded and IoT businesses with IP protection and licensing and you can have private discussions about your projects with our security professionals.
Product R&D Manager Embedded at WIBU-SYSTEMS AG
Since 2013, Marco Blume has been with WIBU-SYSTEMS AG as Product Manager/R&D Manager Embedded. His work covers the range of protection concerns for embedded systems and includes the development of custom concepts for manufacturers and contributions to active research ventures. He has spent his entire career with different embedded systems, including 11 years as product manager for the security of ATMs and checkout systems and previous responsibilities as embedded specialist for video systems and industrial automation.