Embedded
System Security

Embedded System Security

The Internet of Things (IoT) is a popular buzzword right now. The explosive growth of the “connected devices” is changing our world. The rapid drop in price and demand for typical IoT components is allowing the market to innovate new designs and products.

But this also increases the security vulnerabilities. The increase in connected embedded devices brings more interests to hackers/attackers

embedded_system_security

The below table lists the popular security attacks, over the period.

Sl.NO Year of Attacks Popular Attacks Infected Devices
1 2018 Zwave Hack 100 million
2 2018 Meltdown Spectre Nearly Every Computer
3 2017 Krack Nearly Every Wi-Fi
4 2017 Infineon ROCA Chrome Book and windows devices created by Fujitsu, HP and Lenovo
5 2017 BlueBorne 8.2 Billion Devices
6 2017 WannaCry 300 K devices
7 2016 Mirai 2.5 M devices
8 2014 HeartBleed 200 K devices
9 2010 Stuxnet 2.5M devices

As per Symantec 2018 internet security threat report, the increase in percentage of internet security attack is 600.


Cost of security breach are not cheap

As per www.ncxgroup.com,
A new survey by Altman Vilandrie & Company finds that nearly half of U.S. firms using an IoT network have been hit by a security breach, which can cost up to 13% of smaller companies´ annual revenue48% of organizations have experienced at least one IoT security breach.Nearly half of companies with an annual revenue above $2 billion estimated that the potential cost of one IoT breach is more than $20 million.


Federal Trade Commission (FTC) on Security

As per FTC,
For systems with significant risk, companies should implement a defense-in-depth approachcompanies should build security into their devices at the outset, rather than as an afterthought. As part of the security by design process, companies should consider:(1) conducting a privacy or security risk assessment; (2) minimizing the data they collect and retain; and (3) testing their security measures before launching their products. Second, with respect to personnel practices, companies should train all employees about good security, and ensure that security issues are addressed at the appropriate level of responsibility within the organization


Defense-In-Depth

Defence-in-depth demands,

  • Secure communication layer ‒ TLS
  • Secure Application Layer ‒ Secure the data
  • Limiting the collection of data needed for the application
  • Encrypting all data collected while in communication and protected at storage.
  • Sometimes each record needs to be encrypted individually

Security Needs

OEM Perspective
  • To protect the ecosystem with secure firmware data loading (Secure FOTA)
  • Authenticated, genuine firmware to be executed by the hardware.
  • Recurring revenues from licensing, accessories, and disposables/consumables
End User Perspective
  • To protect the ecosystem with secure firmware data loading (Secure FOTA)
  • Authenticated, genuine firmware to be executed by the hardware.
  • Recurring revenues from licensing, accessories, and disposables/consumables
Service Provider Perspectiv
  • To protect access to their services (Mobile data, etc.,)

Though it is everyone responsibility, OEMs brand will be seriously harmed in all these unsecure environments. So, it is the OEM's responsibility to address them all.

Achieving Security

  • Secure Boot
  • Chain of Trust
  • Secure Key Storage
  • Secure FOTA
  • Secure Data Storage
  • Secure Data Communication
  • Secure CAN Communication
  • Secure Software Development

Chain of Trust

Chain of trust is a process which makes sure the genuine firmware, software, and Applications are being executed in the system. Chain of trust is established by validating each component of the software from the end entity up to the root certificate

chain_of_trust

Secure Key Storage

Complete security is built around the private key. If the private keys are compromised, then the security for the entire system breaks. Storing keys in a nonsecure medium is dangerous.

  • Secure Keys, Secrets, and critical information need to be protected in Hardware Security Module (HSM).
  • The ecosystem and infrastructure should be well planned.

Secure FOTA

Complete security is built around the private key. If the private keys are compromised, then the security for the entire system breaks. Storing keys in a nonsecure medium is dangerous.In the connected devices ecosystem firmware can be updated remotely over the air for new feature, or more importantly to correct the compromised/corrupted firmware, however, to avoid the problem of malicious updates, FOTA itself needs to be secure.

The firmware package and firmware update communication channel need to be

  • Encrypted ‒ to secure the data
  • Digitally Signed ‒ to verify the identity of the data
  • Digitally certified ‒ to verify the authenticity of the data

Secure Data Storage

Unauthorized access to critical device data may spoil the brand name of OEM and may lead to significant revenue loss. Secure data storage applies to data that stored in the embedded device.

The firmware package and firmware update communication channel need to be

  • Data stored in the device needs to be secure.
  • Either the data needs to be stored in a secure hardware medium or the data needs to be encrypted and stored.

Secure Data Communication

The data communication by the device with any other connected device needs to be secure. Secure communication is that two entities are communicating and do not want a third entity to listen in.

  • Data communication over the internet needs to be in a secure transport layer (TLS).
  • Data communication over the device interface CAN/UART/SPI, etc.., needs to be secure.

Secure CAN Communication

Data communication by the device over the CAN interface needs to be secure. There may be multiple ECUs on the CAN bus with untrusted data. The system should listen only to the configured messages. System responding for unintended messages may avoid the intended use of the system.Data Security over CAN be achieved by


Inter vehicle Communication:
  • Secure the CAN data over the air using cryptography Encryption method between vehicle and External network
  • Secure the communication protocol between Tracking unit and ECU connected via CAN Bus.

Secure Software Development

Software developed without any standard may lead to software bugs, which intern will lead to a sever security issues. E.g. HeartBleed issue.Developed software needs to take care of all the security vulnerabilities and should be as per the industry coding standards (e.g. CERT) defined for safe and secure code.

Tamper Detection

Tampering is one of the security issues in automotive electronic devices, the following are the tempering types:

  • Device Tamper
  • GSM SIM removal
  • GPS antenna removal
  • Power removal

Devices shall have inbuilt mechanism to detect these tampers and give alerts to vehicle owner.

ALTEN GT has very good expertise in Embedded Systems Security. ALTEN GT has developed both Hardware and Software Security features in Automotive Body Control Module, Telematic System and Vehicle Tracking Systems. ALTEN GT provides services in Design and Development of Automotive Systems with all latest security features.

Hardware security protection:

Secure Hardware design and validation support for

  • Secure Boot
  • Secure key storage (HSM)
  • Secure Data Storage
  • Tamper detection

Software security protection:

Secure Software design and development support for

  • Secure Boot
  • Develop software to secure coding standards (CERT)
  • Secure communication & Data Trasfer
  • Secure Data Storage