Embedded Technology
Incorporating security into an embedded IoT device
By Mark Patrick, Mouser Electronics W
ith wired and wireless connectivity now
ubiquitous, implementing security into the design of any device can no longer be
an afterthought. A coherent and robust approach to security is paramount and should become an intrinsic part of the initial design specification. News reports highlighting compromised systems and applications are becoming a regular occurrence globally. Hackers and adversaries are adept at looking for weak points in a system’s security and collaborating with others to make a successful attack. All embedded systems are vulnerable to attack, connected or not. Attacks need not always involve interrupting a system or industrial process. Initially, it may include attempting to steal the intellectual property of firmware, cryptographic keys, and other confidential user data. Armed with such information enables the next phase of an attack.
An internet of things (IoT)/industrial internet of things (IIoT) deployment is particularly vulnerable to attack. A large scale IIoT implementation may have hundreds of connected devices responsible for managing an industrial process, and many might be in remote locations accessible to an adversary. Compromising just one device might be all that is necessary to place a whole manufacturing process at risk. The consequences of a successful attack on an industrial process or utility service vary, ranging from causing widespread disruption to resulting in human fatalities.
Understanding the threat landscape Figure 1 illustrates the four categories of attack type an adversary has available. The hardware methods require physical access to the embedded system, with the most invasive requiring access to the system’s PCB and components. However, many of the software attack methods do not need the adversary to have the system nearby. Remote software attacks on embedded systems are increasingly an attractive proposition, reducing the likelihood of detection.
Another aspect of some attack vectors is 16 July/August 2022 Components in Electronics
www.cieonline.co.uk Software Malware
Eavesdroping & access to logs
Protocol weakness Buffer overflows
that they are relatively simple to achieve and require minimal costs. Software attacks: Malware denotes any software injected into an embedded system to take over system control and gain access or modify software functions, interfaces and ports, or access memory or microcontroller registers. It is a relatively inexpensive attack vector that relies on shared knowledge and access to a computer. Malware may form part of an iterative process to access a system by first downloading cryptographic keys or opening up previously secured communication ports. Adversaries may inject malware through physical interfaces such as the system’s debug port or create a rogue version of firmware update for the system to apply it automatically. Hardware attacks: Side-channel attacks (SCA) require access to the embedded system hardware but are not invasive. Differential power analysis involves closely monitoring the power consumption of the system as it operates. Over time it is possible to determine what feature in the system is functioning based on changes in
Network & communications Non-invasive hardware Man in the middle Signal jamming Changing DNS Debug port Side channel power analysis Power glitching Fault injection
the power consumption. It is possible to understand the device’s internal behaviour and its software architecture at a granular level. Rapid power glitching is another technique used to force an embedded system into a fault state where ports and debug interfaces are no longer secured. Hardware invasive attacks require significant investments in time and specialist equipment. They also need an in- depth knowledge of semiconductor design and process technologies, typically beyond most adversaries and usually those wishing to steal intellectual property. Network attacks: A man in the middle (MITM) attack involves intercepting and eavesdropping the communications between an embedded device and a host system. This approach would allow the capture of host logins and harvesting cryptographic keys. In most cases, a MITM attack is difficult to detect. However, encryption of data and the use of IPsec protocols provide an effective means of countering such attack vectors.
The importance of cryptography The most popular cryptographic communication method used with embedded systems for authentication purposes uses a public key infrastructure (PKI). Authentication confirms the identity of the message sender. PKI’s most common encryption algorithms include RSA (named after the founders’ Rivest, Shamir, and Adleman) and elliptic curve cryptography (ECC). It works based on a pair of keys, one private and one public, which have an asymmetric relationship. The originator keeps the private key but shares the public key with anyone they wish to share an encrypted message. See Figure 2. Anyone with the public key can decrypt a message encrypted with the private key. In Figure 2, John Doe2 can encrypt a message with the public key and send it to John Doe1, who can decode it using the private key. However, JohnDoe3 would not be able to read the message destined for John Doe1. Another aspect of cryptography is confirming the message itself has not been tampered with during transmission. Hashing algorithms verify
Figure 2 - Exchanging messages using the public key infrastructure - (source STMicro)
Invasive hardware Reverse engineering
Probing the silicon devices
Device modification
Figure 1 - The table shows the potential attack vectors to com- promise an embedded system broadly fall into four categories (source Mouser)
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62 |
Page 63 |
Page 64 |
Page 65 |
Page 66 |
Page 67 |
Page 68 |
Page 69 |
Page 70 |
Page 71 |
Page 72 |
Page 73 |
Page 74 |
Page 75 |
Page 76 |
Page 77 |
Page 78 |
Page 79 |
Page 80 |
Page 81 |
Page 82
