Embedded.com Tech Focus Newsletter (4-2-12): Embedded security in a connected world - Embedded.com

Embedded.com Tech Focus Newsletter (4-2-12): Embedded security in a connected world

Embedded Newsletter for 04-02-2012

» Click here to view online I » Forward to a friend I » Sign up for an EE Times Newsletter

Share this Newsletter:

facebook linkedin twitter digg

April 2, 2012

Tech Focus: Embedded security in a connected world

HIGHLIGHTS

Not in Kansas anymore: Securing SCADA

Security fundamentals for embedded software

Enhance system security with better data-at-rest encryption

Strategies for securing the smart grid


Editor's Note

Bernard Cole Bernard Cole
Site Editor
Embedded.com

The Stuxnet Worm attack in 2010 should have brought home to embedded systems developers that even the smallest MCU based control system is vulnerable to hackers and security intrusions, according to Amir Raz and Ido Sarig of Wind River, who presented a class (ESC-230) on embedded security at last week's Black Hat Summit at ESC DESIGN West.

In their class titled “Could the Stuxnet Worm have been prevented? “, Sariq points out that this attack went after supervisory control and data acquisition (SCADA) systems similar to those in common use today in industrial applications as well as in diverse power, gas, electricity, oil and other utility systems. Embedded devices, which used to be standalone and defined by their degree of isolation from the network, are increasingly connected. According to Raz and Sarig, their number could reach 50 billion or more by 2020. This means embedded systems are increasingly open to network-based attacks, especially if developers ignore this crucial security aspect of their designs.

In his class at ESC DESIGN West on “White Hat hacking the smart grid (ESC-224) ,” Joe Loomis of Southwest Research Institute was particularly critical of SCADA systems as they are presently implemented on the Smart Grid. “The additional functionality and features of the smart grid increase the attack surface that can be exploited by a hacker,” he says. “New devices bring additional communication and control channels that need to be protected.”

If you attended ESC DESIGN West but did not attend the Black Hat Summit, you should download not only the papers by Raz/Sarig and Loomis, but those of the 14 other presenters on security topics. For those who did not attend ESC DESIGN West, I recommend that you read the commentaries by several of our columnists, including: “Strategies for securing the smart grid” by David Kleidermacher, “Building reliable and secure embedded systems” by Michael Barr, “Is the SCADA infrastructure secure?” by Jack Ganssle, and “Not in Kansas anymore: securing SCADA” by Erik Marks. Of a number of recent Embedded.com design articles columns, white papers, webinars and online classes on this topic, my Editor's Top Picks include:

A framework for considering security in embedded systems
Bad assumptions lead to bad security
What you need to know about embedded systems security
Overcoming security issues in embedded systems


Design How-Tos

Strategies for securing the smart grid

Every embedded system on a possible cyber attack path, from the smart appliance to the smart meter to the network concentrators, must be a secure smart grid embedded system.

Smart management is the key to smart grid meter security

Addressing the security of meters in emerging smart grid applications requires a secret key management strategy that does not store keys on any node, authenticates each node, verifies communications, and uses temporary communication keys that are rotated often.

Addressing the challenges of smart utility meter design

This article highlights some of the major issues of metering and proposes the means to achieve the intended goals by making the designer aware of the challenges beforehand.

Security fundamentals for embedded software

Even if your device is not connected to the Internet, you need to protect it from malicious attacks. Here are some simple protections you can institute to make your system more impenetrable.

Enhance system security with better data-at-rest encryption

Embedded systems designers can protect sensitive data that's on a device's hard drive (data-at-rest) by using encryption techniques.

Best practices: Improving embedded operating system security

Bill Graham reviews some of the security best practices that embedded systems need to pay attention to in their designs, particularly those requiring the use of real time embedded operating systems (RTOS)in mission and safety critical systems used in industrial and medical devices.

Securing Mobile and Embedded Devices: Encryption is not Security

Steven Yee of BSQUARE describes a comprehensive security strategy for mobile and embedded devices that addresses all of the factors important in guaranteeing success, including technical limits, hackers, and the behavior of your users.

Cryptography in software or hardware: It depends on the need

As the length of software keys increases to accommodate evolving needs for greater security, so embedded system designs demand a wider variety of cryptographic implementations

A Framework for Considering Security in Embedded Systems

The need for security in many embedded systems is not always readily apparent, and too many embedded systems designers are paying too little attention to the subject, despite the increased wired and wireless connectivity of such designs.

Bad assumptions lead to bad security

Embedded security expert Eric Uner outlines some assumptions he believes develpers make which he beleves lead to the design of wired and wirelessly connected embedded systems with inadequate security.

What you need to know about embedded systems security

Timothy Stapko poses ten questions you need to ask about embedded systems security, why you need to ask them and then presents his answers.

Planning Your Embedded Secure Shell (SSH) Implementation

A step-by-step guide to why and how to integrate Secure Shell (SSH) into your design, and use it for tunneling and port forwarding over secure channels, as well as for Secure FTP file operations.

Overcome security issues in embedded systems

Traditional security techniques may not suffice anymore. Embedded systems are getting more complex and hackers are getting smarter.


Embedded Systems Bookshelf

Excerpts

Embedded Books Reading Room
Bernard Cole's favorite links to book excerpts.

Reviews

Engineer's Bookshelf
Airport fiction blows. A look at books other engineers are reading and why you should read them, too. Recommend and write a review yourself. E-mail Brian Fuller.

Jack Ganssle's Bookshelf
A list of book reviews by Jack Ganssle, contributing technical editor of Embedded Systems Design and Embedded.com.

Max's Cool Beans
Clive “Max” Maxfield, the editor on Programmable Logic DesignLine, often writes about interesting books.


Products

TI says ADC driver provides highest performance-to-power ratio by 8x

TI's fully differential amplifier uses only 250 uA of quiescent current while providing 36 MHz of bandwidth to support the low power needs of portable and high-density systems

Design software gets even easier to use

Maple 16 enhancements provide more tools for intuitive point-and-click interfaces for solving, visualizing, and exploring mathematical problems.

Green VoIP IC family addresses high end phones

Dialog Semiconductor's SC14453 Green VoIP processor includes class-leading integrated audio, security and graphics functions.

Linear specifies µModule transceivers for military, automotive applications

Linear has introduced automotive (H-grade) and high reliability military (MP-grade) versions of its isolated µModule transceivers, which guard against large ground-to-ground differentials and common-mode transients in RS485 and RS232 networks.

NXP rolls MCUs for power management applications

NXP Semiconductors announced a new series of microcontrollers featuring an interconnected and flexible analog subsystem, based on the ARM Cortex-M0 processor at the DESIGN West event.

DESIGN West: TI's new multicore DSPs pack performance and low power in small form factor

Texas Instruments Incorporated (TI) unveiled three new devices based on its KeyStone multicore architecture utilizing the TMS320C66x digital signal processors (DSP) generation.

Analog Devices' Blackfin processors feature 1GHz core performance, accelerated vision analytic, and low power consumption

Analog Devices, Inc. has launched a series of 1-GHz, dual-core, Blackfin processors optimized for embedded vision applications.


Commentary

Building reliable and secure embedded systems

Neither reliability nor security can be tested, debugged, or patched into a product. They must be designed into embedded systems from day one.

Not in Kansas anymore: Securing SCADA

Here's why SCADA is not secure and what some companies are doing about it.

Is the SCADA Infrastructure Secure?

Infrastructure includes the digital systems that control factories. Is it crumbling?

Open communications for the smart grid

Here, Tony Paine, CEO of Kepware Technologies, explains that open connectivity is a critical element for a reliable smart grid and automated meter applications for the natural gas, water, and electric utilities.

ESC keynoter sees 'arms race' with cyber attackers

Joerg Borchert, vice president of chip card and security ICs at Infineon Technologies North America, will take the stage at ESC Boston later this month to deliver a message to embedded systems designers: you are in an arms race with potential attackers.

Embedded cyber-risks

Embedded security? Few care, though the Feds are waving warning flags.

More about Embedded Security

Check here first for the latest How-To articles on implementing secure embedded designs.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.