Security: An ongoing challenge in a connected world
Because of the connected nature of most new embedded system designs, security will remain a constant and unending challenge to developers. But slowly, a repertoire of useful tools and techniques are becoming available, as noted in this week’s Embeddded.com Tech Focus Newsletter. In addition, some other design articles indicative of the sophistication and capabilities of these new techniques include:
Protecting SCADA devices from threats and hackers
Enhance system security with better data-at-rest encryption
Cryptography in software or hardware: It depends on the need
Defending against side-channel attacks
Implementing secure digital data transfer
But large gaps remain in critical areas including: industrial PLCs, Smart Grid, SCADA, wireless home networks, and even firmware in printers. Fortunately, research is on-going and has resulted in some innovative and thought provoking solutions, including:
“Defending embedded systems with software symbiotes,” in which it is proposed that host-based defense mechanisms calledl Symbiotic Embedded Machines (SEM) be designed to inject intrusion detection functionality into the firmware of the device, deployable with no disruption to the operation of the device.
“Intrusion detection for resource-constrained power grid devices,” in which the authors describe a host-based intrusion detection mechanism that operates from within the device software’s kernel and leverages a built-in tracing framework to identify control-flow anomalies, which are most often caused by rootkits that hijack kernel hooks.
“Integrating network cryptography into the operating system,” where the authors describe a sockets interface-based general-purpose network cryptography library that integrates directly with the device’s operating system.
“Cryptographic key management for Smart Power Grids,” in which the authors propose integration of a PUF (Physically Unclonable Function) device with each smart meter in order to implement a hardware-based, low cost and secure authentication mechanism immune to the hacks into flash based firmware that is normally used.
For other information related to embedded systems security, two good resources are 1) the Embedded.com Security Collection of previous articles, webinars and white papers, and 2) the freely downloadable presentations and papers from the Black Hat Conference archives.
To maintain a general sense of how well the battle against malicious hackers is going on a regular basis. sign up to receive regular newsletter and RSS feed updates from Carnegie Mellon’s CERT program, the US CERTS National Cyber Awareness System and its Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). US CERTS also has an interactive map containing links to all of the various similar programs in other countries.
Embedded.com Site Editor Bernard Cole is also editor of the twice-a-week Embedded.com newsletters as well as a partner in the TechRite Associates editorial services consultancy. He welcomes your feedback. Send an email to email@example.com, or call 928-525-9087.