The Internet of Things (IoT) is a popular buzzword right now. The explosive growth of the “connected devices” is changing our world. The rapid drop in price and demand for typical IoT components is allowing the market to innovate new designs and products.
But this also increases the security vulnerabilities. The increase in connected embedded devices brings more interests to hackers/attackers
Need for Embedded System Security
The Internet of Things (IoT) is a popular buzzword right now. The explosive growth of the “connected devices” is changing our world. The rapid drop in price and demand for typical IoT components is allowing the market to innovate new designs and products. But this also increases the security vulnerabilities. The increase in connected embedded devices brings more interests to hackers/attackers.
The below table lists the popular security attacks, over the period
|Sl.NO||Year of Attacks||Popular Attacks||Infected Devices|
|1||2018||Zwave Hack||100 million|
|2||2018||Meltdown Spectre||Nearly Every Computer|
|3||2017||Krack||Nearly Every WiFi|
|4||2017||Infineon ROCA||Chrome Book and windows devices created by Fujitsu, HP and Lenovo|
|5||2017||BlueBorne||8.2 Billion Devices|
|6||2017||WannaCry||300 K devices|
|7||2016||Mirai||2.5 M devices|
|8||2014||HeartBleed||200 K devices|
As per Symantec 2018 internet security threat report, the increase in percentage of internet security attack is 600.
Cost of security breach are not cheap
As per ww.ncxgroup.com,
“A new survey by Altman Vilandrie & Company finds that nearly half of U.S. firms using an IoT network have been hit by a security breach, which can cost up to 13% of smaller companies´ annual revenue”
“48% of organizations have experienced at least one IoT security breach.”
“Nearly half of companies with an annual revenue above $2 billion estimated that the potential cost of one IoT breach is more than $20 million.”
Federal Trade Commission (FTC) on Security
As per FTC,
“for systems with significant risk, companies should implement a defence-in-depth approach”
“companies should build security into their devices at the outset, rather than as an afterthought. As part of the security by design process, companies should consider:
(1) conducting a privacy or security risk assessment;
(2) minimizing the data they collect and retain; and
(3) testing their security measures before launching their products.
Second, with respect to personnel practices, companies should train all employees about good security, and ensure that security issues are addressed at the appropriate level of responsibility within the organization”
- Secure communication layer ‒ TLS
- Secure Application Layer ‒ Secure the data
- Limiting the collection of data needed for the application
- Encrypting all data collected while in communication and protected at storage.
- Sometimes each record needs to be encrypted individually
- To protect the ecosystem with secure firmware data loading (Secure FOTA)
- Authenticated, genuine firmware to be executed by the hardware
- Recurring revenues from licensing, accessories, and disposables/consumables
End user wants,
- To protect their stored identity information (Bank details, medical, and etc.,)
- To protect the stored identity information of their loved ones
- To protect their private life data from the stolen device
Service provider wants,
- To protect access to their services (Mobile data, etc.,)
Though it is everyone responsibility, OEMs brand will be seriously harmed in all these unsecure environments. So, it is the OEM's responsibility to address them all.
Achieving Security - Security Features in Detail
- System design FMEA: Analyse and check system design meets the system safety requirements.
- Hardware FMEA: Evaluation of hardware architectural metrics (SPFM-Single point fault metric, LFM- Latent fault metric).
- Hardware FMEDA: Evaluation of probability of safety goal violation due to random Hardware Failures (PMHF)
- Software design FMEA: Analyse and check the efficiency of safety mechanisms
- Software dependent failure analysis: Analyse and check freedom from interference and interdependencies between the software components
Chain of Trust
Chain of trust is a process which makes sure the genuine firmware, software, and Applications are being executed in the system. Chain of trust is established by validating each component of the software from the end entity up to the root certificate
Secure Key Storage
Complete security is built around the private key. If the private keys are compromised, then the security for the entire system breaks. Storing keys in a nonsecure medium is dangerous.
- Secure Keys, Secrets, and critical information need to be protected in Hardware Security Module (HSM).
- The ecosystem and infrastructure should be well planned.
Complete security is built around the private key. If the private keys are compromised, then the security for the entire system breaks. Storing keys in a nonsecure medium is dangerous.In the connected devices ecosystem firmware can be updated remotely over the air for new feature, or more importantly to correct the compromised/corrupted firmware, however, to avoid the problem of malicious updates, FOTA itself needs to be secure.
The firmware package and firmware update communication channel need to be
- Encrypted ‒ to secure the data
- Digitally Signed ‒ to verify the identity of the data
- Digitally certified ‒ to verify the authenticity of the data
Secure Data Storage
Unauthorized access to critical device data may spoil the brand name of OEM and may lead to significant revenue loss. Secure data storage applies to data that stored in the embedded device.
The firmware package and firmware update communication channel need to be
- Data stored in the device needs to be secure.
- Either the data needs to be stored in a secure hardware medium or the data needs to be encrypted and stored.
Secure Data Communication
The data communication by the device with any other connected device needs to be secure. Secure communication is that two entities are communicating and do not want a third entity to listen in.
- Data communication over the internet needs to be in a secure transport layer (TLS).
- Data communication over the device interface CAN/UART/SPI, etc.., needs to be secure.
Secure CAN Communication
Data communication by the device over the CAN interface needs to be secure. There may be multiple ECUs on the CAN bus with untrusted data. The system should listen only to the configured messages. System responding for unintended messages may avoid the intended use of the system. Data Security over CAN be achieved by
Inter vehicle Communication:
- Secure the CAN data over the air using cryptography Encryption method between vehicle and External network
- Secure the communication protocol between Tracking unit and ECU connected via CAN Bus.
Secure Software Development
Software developed without any standard may lead to software bugs, which intern will lead to a sever security issues. E.g. HeartBleed issue. Developed software needs to take care of all the security vulnerabilities and should be as per the industry coding standards (e.g. CERT) defined for safe and secure code.
Tampering is one of the security issues in automotive electronic devices, the following are the tempering types:
- Device Tamper
- GSM SIM removal
- GPS antenna removal
- Power removal
Devices shall have inbuilt mechanism to detect these tampers and give alerts to vehicle owner.
Accord Services in Automotive Embedded Security
Accord has very good expertise in embedded systems security, we developed both Hardware and Software security features in Automotive body control module, telematic system and vehicle tracking systems. Accord provides services in design and development of automotive systems with all latest security features.
Hardware security protection
- Secure Boot
- Secure key storage (SHE)
- Tamper detection
Software security protection
- Develop software to secure coding standards (CERT)
- Secure communication using Encryption and Decryption
- Secure digital signatures