The importance of security in the world of embedded electronics doesn’t really need another introduction. It’s safe to say that the world where security is not taken seriously risks turning into a world of 90s Hollywood movies where one smart kid can get full access to your phone, your traffic lights, and even your Pentagon.
To protect all of those thoughts of security must be embedded into the device design from the very beginning and until the firmware support plans.
Three pillars can be found in organizing security of any given embedded device:
- firmware configuration. This includes access policies, firewalls, traffic filtering, and other classic software measures.
- software updates and CVE (common vulnerabilities and exposures) tracking. Even when the firmware is configured with all possible precautions a single unmitigated CVE can compromise the device. Support and constant firmware updates are the only way to fix these issues as they arise.
- secure foundation. While both firmware configuration and CVE tracking can be done remotely, some steps can only be taken on the design phase, and thus they lay the foundation of proper secure device architecture.
Two main functions of a secure foundation are being a safety net for when CVE is already public but not yet mitigated and additional protection not only from remote access attacks but also from the physical tampering. It may be so that the device is not expected to be easily reachable and thus physical tampering is not in the threat model. But even in this case, a single physically accessed device can give a lot of undesired insight into possible remote attack vectors.
Secure foundation can be achieved by taking the following techniques:
- use of tamper detection to physically detect the fact of opening the case. Needless to say that this requires a custom-designed case to ensure the integrity and proper use of this capability. This is the only optional measure, as it is often too expensive or simply not possible for the majority of embedded systems.
- secure boot procedure is intended to verify that only the properly signed firmware or software is booted and used by the device. This process is based on the SoC processor capabilities and requires an intimate knowledge of it’s working. On the other side, secure boot may also create a mass volume production challenge. As it requires not only software provision but also a hardware manipulation to deploy and blow unique fuses on every device.
- encrypted storage allows protecting secrets stored on the device to be accessible only by this device. To achieve it should also rely on SoC capabilities.
- once the verified firmware is booted and all the security policies are implemented it is important to take yet another step. Ensure that even if the device accessed by the third party your data stays hidden no matter what. Technologies like TrustZone and SGX allow to achieve just that. Protected algorithms and data are organized in the form of enclaves.
Listed measures provide a solid foundation not only for a secure firmware but also for a secure device overall. And all of them are only possible if taken into account at the device design phase, no firmware update can enable it. And as we live in a world where cybersecurity is critically important, if it is possible to incorporate it in the early stages, it is important to do so.
Edality is a proven supplier of embedded software development services operating on the markets of the EU and the USA.