By identifying and eliminating the weakest links in new products and systems, engineers can make significant gains in implementing security.

January 18, 2016

4 Min Read
Why Is Embedded Security So Difficult?

As security has become a hot topic in IoT, engineering teams building connected devices are beginning to put it much higher on their list of priorities. While this is clearly good news, it doesn’t mean that concerns over embedded device security will soon be over or that headlines of attacks against embedded devices will suddenly disappear.

Engineers designing devices for the IoT face a significant set of challenges. Security is a complex subject: Hackers continue to develop new exploits; they only need to find one way in. Worst of all, attacks against embedded devices are highly replicable. Embedded devices are mass produced to be virtually identical. A vulnerability, once discovered, can be used to exploit any device of that type.

A security framework, such as Icon Labs’ Floodgate Security Framework, provides an integrated suite of security building blocks.
(Source: Icon Labs)

Challenges in Security Embedded Devices

Why exactly is it so hard to keep bad guys out? We are pretty good at preventing bank robberies, and at limiting what they get when they actually do rob a bank. Why can’t we do this with embedded devices?

This question was put to me recently by a friend who works in the physical security business making sure people don’t break into banks, casinos, chemical processing plants, and other highly secure facilities.

There are a number of reasons that embedded security is hard. A few of the top challenges include:

  • The low cost of attack

  • The weakest link problem

  • A lack of expertise and training

[Learn more embedded security trends at Pacific Design & Manufacturing, Feb. 9-11, at the Anaheim Convention Center.]

The Low Cost of an Attack

It’s very easy, when talking about cybersecurity, to focus on the various technical aspects of building a secure device. What is the role of encryption? Do I need to include secure boot? What security protocols should I use? These are all important considerations, but when looking at the big picture it is important to first understand the adversary.

Compared to the cost of a physical attack against a bank or other secure facility, the cost of a cyber attack is orders of magnitude lower and the risk to the attacker (of injury or of being caught) is also extremely low. A hacker can use easily downloaded tools to launch a non-stop stream of attacks against a wide array of targets with very little risk of getting caught and at very little cost.


The Weakest Link Problem

Security is only as strong as its weakest link. As security is a system issue, not just a device issue, there is a very long chain of possible attack points that must be secured. Consider an e-reader that is network connected via WiFi. Compared to an industrial automation device used to control, say, chemical plant processing or a connected car, this would seem to be a fairly easy device to secure with few real risks.

If we look closer, however, there are a number of potential security concerns. The device most likely stores personal information including an email account, account credentials for ordering new books, and possibly even credit card information. In addition, the device contains copyrighted materials (books, movies) that should be usable on the device but only on the device; it should not be possible to copy this information to another system. Ensuring the protection of confidential data and copyrighted data requires security of the device, its communication, and the server with which it communicates.

To ensure security of both personal and copyrighted data requires implementation of secure communications using a protocol such as IPSec or TLS to protect against eavesdropping attacks. Data at Rest (DAR) protection should be used to encrypt data stored in Flash. This will protect data if the device is stolen or from attacks that inject malicious code onto the device to read data from the file system. In addition, the backend servers must be protected lest a data breach occur as the result of an attack against the IT infrastructure.

Sign up for the Design News Daily newsletter.

You May Also Like