HOME  |  NEWS  |  BLOGS  |  MESSAGES  |  FEATURES  |  VIDEOS  |  WEBINARS  |  INDUSTRIES  |  FOCUS ON FUNDAMENTALS
  |  REGISTER  |  LOGIN  |  HELP
Comments
You must login to participate in this chat. Please login.

Very interesting subject. Want to learn more...
Thanks Warren, Jennifer, Design News and Digi-Key.

Iron

We do not use a multi-phase boot process. Would like to learn more about it.

Iron

We do not currently support remote update.

Iron

Use microcontrollers, microprocessors and custom ASIC processing elements in our designs.

Iron

I have heard of Stuxnet virus.

Iron

Hi Again from Beaverton, Oregon. Finally getting an opportunity to catch up.

Iron

Heard of Stuxnet from PC Mag, News etc. Keep aware of threats via security company newsletters, windows secreats blogs as well as news.

Yes I have heard of the Stuxnet virus, first from watching 60 minutes

Iron

Good general purpose website to track security: http://www.darkreading.com/ 

Iron

"the engineers doing the work are not experts in security and are concerned mostly with enabling functionality" Yes, so true. It's hard enough to develop the product with the right features and on time and on budget. Then the parasites come in, and try to break it, sometimes just so they can break it.

Iron

Hi Lindsay, do you have a link to the article about attacks on automotive controls?

Iron

@All- any other questions?

Iron

@WarrenM: Thanks for the suggestion. The insulin pump attack was (judging from a quick skim) more of an attack on the wireless control protocol of the device. There was another interesting article recently about possible attacks on automotive controls via the OBD ports. Both of these illustrate (in my opinion) the difficulties in getting protocols and software designed and implemented correctly and robustly, especially when the engineers doing the work are not experts in security and are concerned mostly with enabling functionality.

Iron

Got to go good lecture and discussions today

Iron

@DGrinch- Have not heard of them. Thanx for the pointer.

Iron

@Sklindsay- Check out some of the hacker conferences to see examples of actual attacks. I remember seeing one on a medical device. Forget if it was side channel or invasive...

Iron

FYI... There is an oufit called Wave Systems Corp. which is in the Trusted Platform Module ( TPM) business which is, I believe a hardware security approach.  perhaps you've heard of them and can comment?

 

Iron

@Rich- Good point. It can be difficult to prove your algorithm was stolen if it is encrypted!

Iron

? Have you ever seen a report of a successful side channel attack on a product in the field? I've seen several descriptions of successful attacks, but they have (if I recall correctly) revolved around exploiting implementation errors such as having a poor quality random number generator rather than a direct attack on the cryptography.

 

Iron

Thanks for the info Warren.

Iron

The litigation risk avoidance can work both ways: Someone can uses security and encryption to hide that they are using someone else's algorithms to avoid being sued. 

@Yolk55- Will check it out, thanx!

Iron

@78RPM. Thanx for sharing that hack. Will look into it more later.

Iron

@Cgates- Will cover communications methods tomorrow. Good idea.

Iron

@CPU- There is some good Root of Trust info on the Microsemi site. Check that out as a starting point.

Iron

? Future products will have more features and capabilities, and compromised security could do more harm aw we go forward. Would like to know more about securing remote updates, and secure boot.

Iron

?Tomorrow can you touch on good methods to establish trust relationship across communications?

 

Iron

Very interesting lecture.  Thanks.

? I would like to know more about the Root Of Trust. Please point us to where we can read about what it involves and how to create this in designs and at a company.

Iron

I stumbled upon this interesting hack. A guy shows how to let your drone or ground station take over control of another drone by attacking its wireless network.  It uses MAC id to find drones in the area.

http://www.engadget.com/2013/12/04/skyjack-parrot-drone-raspberry-pi/?ncid=rss_truncated

Platinum

Top Documentary films has a documentary on hacking that covers stuxnet

Iron

I would like to know more about the Root Of Trust. Please point us to where we can read about what it involves and how to create this in designs and at a company.

Iron

Please use a leading ? when you address a question to me...

Iron

Thank you Warren, Jennifer, Design News and Digi-key

Iron

Be sure to follow @designnews and @DigiKeyCEC on Twitter for the latest class information. We encourage you to tweet about today's class using the hashtag #CEC

Thanks Warren and Jennifer.

Iron

Tomorrow can you touch on good methods to establish trust relationship across communications?

 

Iron

INteresting! Thanks.

 

Iron

Thank you Warren, Design News, and Digi-Key

Platinum

Thank alot, see U tomrrow

Iron

Thank you, Warren and Jennifer.

Iron

NOW we're on slide 16. Just trying to keep everyone on their toes.

 

oops - got ahead of myself. Still on 15

sorry everyone

 

Yes OS, no multiphase boot.

Iron

No, do not use multi phase boot.

Iron

Usually try to avoid having an OS if possible.

No multi-phase boot, but we are considering it.  We will be running on a RTOS similiar to FreeRTOS.

Iron

only multiphase boot is in system with SD card boot loader

Iron

yes on multiple devices, so with commercail OSes, others with home grown OS

Iron

I am interested in hearing more about a multi-phase boot and how it might be implemented.  

Iron

I don't use a multi-phase boot as shown on slide 12. I DO want to know more about this concept.

Iron

never thought of multi-phase boot. Interested in more.

Platinum

Warren's question was: Do you have a multi-phase boot in your system? Is there an OS?

Do not use remote update

Iron

Not using remote updates

Iron

We have a system that takes remote updates.

Iron

remote updates pushed as well

Iron

I would like to allow  updated firmware off the web for future customers.

Iron

Yes, we do remote updates.  Sometimes just change settings, sometimes change the entire code.  Golden version is usually part of the design.

Equipment is installed where not easily accessible so remote update is a must.

Iron

One design does do remote updates.  Replacement files are packaged and sent to the clients who verify the contents and then replace their local files (e.g. python scripts) with new versions in the package.

Iron

No remote updates - too risky - the data stream can be 'owned'

Iron

Typically MCUs and DSP chips.  Some FPGA

 

currently no remote updates.  I did design a boot loader for loading through SD card interface, but hasn't been implmented in production.

Iron

Not using remote updates

Iron

planning on implementing FOTA to products in the field soon

 

Iron

Warren's question was: Do you use remote updates for your designs? What is updated?

Yes to the stuxnet question.

 

yes heard about stuxnet around the time the iranian centrifuge attack was reported ...

I am surprised you'd talk about side channel attacks since (in my understanding) they are difficult to exploit. I'd have thought that failure of a security system is much more likely caused by a) poor implementation decisions and b) social engineering. I don't think that you can overstress the importance of a careful implementation and review by experts in the fields.

Iron

Here's a Design News article that talks about the Siemens Stuxnet attack: http://www.designnews.com/document.asp?doc_id=229663

8, 16 bit embedded controllers

Iron

MCU  w/FPU & DSP blocks

Iron

Processing elements - Usually use MCU.  Have used Linux OS with python as the brains.

Iron

Next projects likely to use ARM processor, no FPGA or DSP

Iron

I'm aware of the various malware out there attacking Microsoft stuff; I have M.S virus protection.

Iron

ARM-based microcontrollers and FPGA with custom logic along with IP

Iron

Very familiar with Stuxnet. I get various newsletters, Bruce Schneier's is best.

Iron

I'd like to see something focused on the Cortex-M series...

Iron

all my designs are CPU based embedded product.

Iron

Yes, especially involves industrial controls.

Iron

Stuxnet attacked the Siemens motor controllers in Iran's centifuges as they tried to enrich Uranium. The virus caused the centrifuges to spin too fast and self destruct.

Platinum

New about it once I read the background on it's use to infect the Iranian centrifuges

Iron

Typically use 8-bit or 16-bit MCUs. Some CPLDs.

Iron

Yes, heard about StuxNet virus before.

Iron

Heard of Stuxnet, read some stuff about it.

Occasionally read comp.risks.

Iron

Warren's question was: What processing elements do you have in your designs?

yes to stux... in extreme detail... and monitor for all new threats as publicized.

Including CVE database

 

Iron

I've heard of Stuxnet and read more about it recently in a book called Black Code

Aviation Week article listed Stuxnet as the cause for destruction of Iran's uranium enrichment hi-speed centrifuges.

Stuxnet was widely reported in international relations news.

Iron

I have not kept up with threats to date. Came here  to learn about them  !

Iron

Did a fair amount of reading on the Stuxnet virus on line & IEEE  article.

Iron

Even media, TV shows, etc use it as a hacker reference.

Yes i have heard about Stuxnet virus in the news.

Iron

Very informed - Private sites are best to get the truth.

 

 

Iron

Heard of StuxNet. Discussed on talk radio and other places. Don't usually look for more info on other threats.

Iron

I had heard of the Suxnet virus, and read a couple of articles on it on the internet.

Gold

Have heard of it.  Typically through trade mag's

Iron

Yes, definitely heard of it before. I believe I saw an article in Slate about it.

Iron

heard about it from a friend that is in the cyber security business

Iron

YES, heard of Stuxnet. PLC Linked group on Linked In.

Iron

Had not heard of the stuxnet threat.

Iron

known - was in popular press

Iron

Heard of Stuxnet. Good article in Wired magazine a few months ago.

Platinum

I saw some reports about the virus on the news.

Iron

Warren's question was: Had you heard of the Stuxnet virus previous to this class? Do you keep up to date on threats?

Good evening from Iasi.

Iron

Hello from Toronto, Ontario!!

Iron

 

hello from Mishawaka

Iron

Hi all -Audio is live! If you don't see the audio bar at the top of the screen, please refresh your browser. It may take a couple tries. When you see the audio bar, hit the play button. If you experience audio interruptions and are using IE, try using FF or Chrome as your browser. Many people experience issues with IE. Also, make sure your flash player is updated with the current version. Some companies block live audio streams, so if that is the case for your company, the class will be archived on this page immediately following the class and you can listen then. People don't experience any issues with the audio for the archived version.

Hi we are having a warm spell +25F

Iron

Greetings from Columbus, OH

Iron

Good morning from Valdez

Hello all....We need more global warming in Calgary...It is about -22 F

Iron

Class is set to start in 10 minutes! The streaming audio player will appear on this web page when the show starts at 2 PM Eastern time today. Note however that some companies block live audio streams. If when the show starts you don't hear any audio, try refreshing your browser. If that doesn't work, try using Firefox or Google Chrome as your browser. Some users experience audio interruptions with IE. If that doesn't work, the class will be archived immediately following our live taping.

Good morning from sunny CA

Iron

Good morning from snowy Albuquerque.

Iron

Sunny and a lovely 8 degF in Minneapolis today.

Iron

Good afternoon from warm and moist West Point, PA.

Iron

Unseasonably warm and misty greetings from lovely eastern Pennsylvania

Iron

Let's get this parity started.

Please join our Digi-Key Continuing Education Center LinkedIn Group at http://linkd.in/yoNGeY

Anyone use an ipad for the chat? I might try it today.
Iron

Hello from Montana

Platinum

Class starts in one hour. Be sure to click 'Today's Slide Deck' under Special Educational Materials above right to download the PowerPoint for today's session.

Good morning from chilly Southern California.

Iron

Did you all do the homework?

Iron

Lt.Dan- Turn up the heat...

Iron

You call it reverse engineering. I call it an often necessary part of service for older equipment.

If the manufacturer is no longer available and it is not possible to determine how the product works I am forced to tell the customer to junk it. I also tell them to stick to larger manufacturers that don't tend to mix marketing with design.

BTW: A pox on all printer manufacturers that put chips in the ink cartridge!

 

Hello from the South!

Iron

Good morning and hello from Summerville, SC. How is everyone doing?

Iron

Good morning from Beaverton, Oregon. It was a brisk 16º at my house this morning. Brrr! At least it's not raining.

Iron

Hi from a pleasantly warm DC

Iron

Good morning from Scottsdale, AZ

Iron

Good morning from foggyNew York.

Iron

Morning from Portland Oregon

Iron

Hello from Beaverton, Oregon. Meeting conflicts this week, so I'm getting the slides now.

Iron


Partner Zone
Latest Analysis
The damage to Sony from the cyber attack seems to have been heightened by failure to follow two basic security rules.
Voting in Round 4 of our annual Gadget Freak of the Year contest is now open.
Reshoring is picking up steam, but it's not outpacing the overall continuing growth in outsourcing.
Here's a variety of views into the complex production processes at Santa's factory. Happy Holidays!
The Beam Store from Suitable Technologies is managed by remote workers from places as diverse as New York and Sydney, Australia. Employees attend to store visitors through Beam Smart Presence Systems (SPSs) from the company. The systems combine mobility and video conferencing and allow people to communicate directly from a remote location via a screen as well as move around as if they are actually in the room.
More:Blogs|News
Design News Webinar Series
12/11/2014 8:00 a.m. California / 11:00 a.m. New York
12/10/2014 8:00 a.m. California / 11:00 a.m. New York
11/19/2014 11:00 a.m. California / 2:00 p.m. New York
11/6/2014 11:00 a.m. California / 2:00 p.m. New York
Quick Poll
The Continuing Education Center offers engineers an entirely new way to get the education they need to formulate next-generation solutions.
Jan 12 - 16, Programmable Logic - How do they do that?
SEMESTERS: 1  |  2  |  3  |  4  |  5  |  67


Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.
Learn More   |   Login   |   Archived Classes
Twitter Feed
Design News Twitter Feed
Like Us on Facebook

Sponsored Content

Technology Marketplace

Copyright © 2014 UBM Canon, A UBM company, All rights reserved. Privacy Policy | Terms of Service