EducationPractical Tips for Embedded System Security

Practical Tips for Embedded System Security

Category articles

Although embedded systems typically not have the processing power of servers, or even the latest personal computers the sheer amount of devices makes them a more attractive targets for criminals looking to create botnets illegally as well as cryptocurrency mining operations. A prime example of significant security-related alarms for embedded systems makers is the 2015 Nest thermostat botnet attack. Due to the fact that it is a consumer-facing device the specific Internet of Things (IoT) as well as the growing concern to security and privacy, the Nest botnet sparked a massive amount of debate. These discussions focused on how businesses can incorporate security into their cheap IoT products , and how users are able to safely use the devices at home and in businesses.

With the ever-growing risk of cyberattacks, it is crucial to keep security considerations at the forefront of their process of designing. With these tips and guidelines that developers can be protected from various attacks. Find out more about the types of security techniques developers can employ to protect their embedded designs.

Build Secure

There are a myriad of processor architectures, operating system and communications protocols, the majority of IoT devices are constructed on arm (r)-based architectures and, if they run an OS it’s usually an Linux distribution. This is beneficial in many ways: cost savings and quicker development time, but it has its fair share of negatives. The attack vectors are often “one-size-fit-all”, especially for devices that run a Linux-based OS. To protect against the dangers in the context of many devices sharing the same architecture, designers must implement this “quick win” security design guidelines:

  • Do not hardcode passwords into the firmware. Don’t also create a default password across all devices. It is recommended that users create an account with a unique password and username during the initialization process of the device.
  • Do not enable unsecure protocols like HTTP, FTP, or Telnet by default. Any data that is transferred via wireless or wired protocols should be securely secured. Do not use “homebrewed” encryption solutions.
  • Send the device to an extremely restrictive setting and let the user make a an active decision to decrease security-related settings.
  • Every mechanism used to gain access to the devices should be based on authorization and authentication. The two-factor verification (2FA) is recommended when it is feasible.
  • All inputs from users must be protected from injection-based attacks.
  • Set up a secure management interface for the user that allows users to manage their devices, update them or monitor devices, as well as safely decommission devices that have reached the end of their life (EOL).
  • Over-The-Air (OTA) updates must be tested on-device. Update files should be encrypted before being sent towards the gadget. Finally, be sure to check for anti-rollback options to stop devices from being restored to an older, unsecure firmware.
  • If third-party software libraries are utilized to design your gadget, then they should be monitored continuously to ensure that updates from third parties are integrated into the system and don’t become obsolete. Software projects that are abandoned can create serious security risks that could compromise your devices. Change the default software of third party software passwords prior to adding the project to.
  • Be selective about what sensitive information should be saved within the storage device. Place sensitive data in a secure enclave.
  • Be aware that with the IoT embedded systems are just one aspect of an ecosystem. It is important to ensure that security is integrated into desktop, cloud and mobile applications as well. Security for the ecosystem is only as secure as the weakest link.
  • You might consider the possibility of establishing the bug bounty program to encourage users and security researchers to report vulnerabilities in a secure and accountable manner.

Physical access to devices is usually the most threatening scenario for devices. However, that doesn’t mean there’s not something that can be implemented to make it more difficult to physically exploiting these devices. There are numerous books written about making circuit boards and enclosures safe from tampering, but for just a few “quick wins” consider the guidelines for designing your physical device to protect your device

  • Pins to debug ports like JTAG and UARTs can be extremely useful in the process of creating and testing a device. They also make excellent targets when trying to reverse engineer a device that has bad intentions. In the event of confusion, removing these pins and/or header pins in production devices is advised. Be aware that this comes at the cost of making it harder to diagnose issues once the unit is in use. Designers should consider a balance between reliability and security.
  • The use of adhesives, ultrasonic welding or specialty security screws may make it harder to open devices.
  • A non-conductive epoxy applied to delicate components could obscure their purpose and identification.
  • It’s possible that you’ll be enticed to make use of older components which may be vulnerable. Beware of counterfeit components too. If the offer seems too appealing to be true It probably is. Making sure to balance security with time-to market considerations is not something to be made lightly.
  • Multilayer boards are able to direct trace lines in a way that makes it difficult to understand the function of the board.

The following recommendations could be too excessive for consumer grade IoT devices. However, as we’ll go into more detail in the future industrial control systems as well as defense systems could benefit from these more secure physical security precautions:

  • Include security features in the board including microswitches mercury switches and magnetic switches which detect when a board is accidentally moved or opened. Fiber optics or nichrome wire are also a possibility to use. If the fiber or wire is negatively affected by someone who is trying to interfere by means of a device, there will be an obvious alteration in the circulation of the wire or in the conductivity of light particles that pass through the fiber.
  • Attacks using glitches or side channels are not a common occurrence, but they but they offer a distinct advantage over adversaries because they employ the physical laws against a device, and are extremely difficult to stop but is possible to detect. By securing the timing of a device or limiting an electron flow through the CPU, it’s possible for the device to perform actions in ways that are not intended, which can interfere with security functions. Current and voltage sensors can be installed on circuit boards to determine whether glitches are occurring but there is the potential of false negatives.
  • The most powerful adversaries may employ the x-ray technology to penetrate microchips to see the surface of transistors, allowing them to assess their functions and other functions. Sensors that detect xrays may be used to detect tampering. But they it is impossible to stop the adversary from taking advantage of valuable information.

It is worth noting that there exists an incongruity between the concepts of openness and security. Security is about confusion. Open hardware means understanding. However, remember the old saying that locks are the best way to ensure that honest people are honest, which is the same for security in general. For more information about how to create safe IoT devices, check out the Open Web Application Security Project (OWASP) IoT Project.

Operate Secure

Although a manufacturer may implement the highest security design practices in their products however, it would all be useless if the user isn’t able to operate the device in a secure way.

  • Change the default router’s name, password for router and Network name (SSID) and encryption key for the network. Use the most secure password practices and avoid using the same password on both networks.
  • Separate the home network of yours into two “virtual” networks so that IoT devices are not “seen” by the desktop computers or network Attached Storage (NAS) devices, etc. To do this swiftly and easily, you can use this feature called guest networks on the IoT network.
  • The majority of IoT devices use an app for smartphones to manage the device. Make sure the app is up to date, and make use of 2FA for login , if it is there is.
  • You can disable any features on your IoT devices that you don’t intend to utilize.
  • Update the firmware on both your router as well as IoT devices regularly.
  • If an IoT device is at the end of its life and is no longer receiving updates, think about replacing it with a different model.

Industrial Strength Security

Consumer-facing IoT products are plentiful however their industrial counterparts known as Industrial Control Systems (ICS) control a variety of crucial and potentially hazardous processes. Everything from manufacturing energy to factories utilizes integrated digital technologies (referred as Operations Technology or OT and is in contrast to offices-centric Information Technology (or IT) to manage the machinery and facilities which are responsible for the different procedures. In fact, the ICS environment is so different from an IT environment that specific requirements for securing OT devices as well as ICS networks are required. The most basic principle is that ICS shouldn’t have a connectivity to the Internet. While this might seem as if it should be obvious but it’s surprising how often this principle is not followed. For more details on how to protect ICS network and device there exist two security tools that you ought to look over: MITRE ATT&CK for ICS and MITRE ATT&CK for Enterprise.

The environment in which ICS systems are most often located (e.g. areas which are chemically, environmentally or otherwise dangerous) indicates that ICS is developed to place the accessibility of the system over the security. From a positive angle it is likely that there are redundant systems and that the systems are constructed to fail without risk. But, ICS systems can be kept in operation for several decades , and they may not be current. Furthermore that many protocols are outdated and were designed to be efficient, not with security with security in mind. In the end, security within the ICS or IIoT space is extremely difficult and the best practices might take a while to establish. But embedded designers who design the machinery mentioned above should be aware of the necessity to update their designs as well as incorporate security features into new designs, not treating security as an optional afterthought.

Michal Pukala
Electronics and Telecommunications engineer with Electro-energetics Master degree graduation. Lightning designer experienced engineer. Currently working in IT industry.