Embedded.com Tech Focus Newsletter (8-29-11): Security-the third leg of embedded design? - Embedded.com

Embedded.com Tech Focus Newsletter (8-29-11): Security–the third leg of embedded design?

Embedded Newsletter for 08-29-11

» Click here to view online I » Forward to a friend I » Sign up for an EE Times Newsletter

Share this Newsletter:

facebook linkedin twitter digg

August 29, 2011

Tech Focus: Security – the third leg of embedded design?

HIGHLIGHTS

Cryptography in software or hardware: It depends on the need

Embedded systems gaining secure footing

Embedded cyber-risks


Editor's Note

Bernard Cole Bernard Cole
Site Editor
Embedded.com

As you probably know, security issues are a growing crisis all aspects of connected computing, including the embedded and mobile segments. The degree of the problem is well illustrated in “2011 Top 25 most dangerous software errors list“, a joint effort by the Department of Homeland Security, Mitre and the Sans Institute to create a security scoring system to help developers avoid putting up big red signs in cyberspace saying: “Attack me, please.”

It, or something like it, is much needed, as was borne out last week in a report last week in CRN Magazine: “13 Android Security Attacks to watch.” It reminded me of a prescient column by David Kleidermacher eight months ago titled “Ángry bird droppings “. In it he revealed that analysis of the Android mobile platform uncovered 350 vulnerabilities, in addition to the thousands in the underlying Linux kernel.

All of this re-enforces R. Colin Johnson's conclusions in “Embedded systems gaining secure footing” to wit: with more and more Internet-enabled devices, security is now the third leg of the embedded design process. If you agree, the place to be is next month's 2011 ESC in Boston. There, in addition to a keynote by Infineon's Joerg Borchert on “Embedded design in a black hat world , ” there will be an entire Safety and Security Track   as well as a number other of relevant classes, including:

Modern network security protocols for embedded systems(ESC-201)
Securing embedded systems, mobile devices, FPGAs (ESC-422)
Strong encryption and correct design are not enough(DCE-305 )
Using MISRA C/C++ for security and reliability (ESC-407)
Secure by design (SS-307)

In the meantime, here's a collection of recent Embedded.com white papers, tutorials and design articles on this issue, starting with “Building in RTOS support for safety and security” and “Cryptography in software or hardware.” My Editor's Top Picks are:

Security considerations for embedded operating systems
Is the SCADA infrastructure secure?
10 things to consider when securing an embedded WiFi device

Then be sure to read Jack Ganssle's most recent column, “Embedded Cyper-risks“.


Design How-Tos

Cryptography in software or hardware: It depends on the need

As the length of software keys increases to accommodate evolving needs for greater security, so embedded system designs demand a wider variety of cryptographic implementations

Building in RTOS support for safety- & security-critical systems

In this Product How-To, LynuxWorks' Will Keegan explain the differences between safety-critical and security-critical applications and how to use the company's two independent RTOSes – LynxOS-178 and LynxSecure – to meet the demanding requirements of each.

Smart management is the key to smart grid meter security

Addressing the security of meters in emerging smart grid applications requires a secret key management strategy that does not store keys on any node, authenticates each node, verifies communications, and uses temporary communication keys that are rotated often.

Strategies for securing the smart grid

Every embedded system on a possible cyber attack path, from the smart appliance to the smart meter to the network concentrators, must be a secure smart grid embedded system.

Cryptography for embedded systems – Part 1: Security level categories & hashing

Part 1 of an excerpt from the book “Wireless Security: Know it All” begins with a review of various application security level categories and a look at hash algorithms as a basic level of security.

Understanding Smart Meters to Design Intelligent, Secure Systems

Keeping data secure is one of the major challenges facing both the utility companies and the e-meter vendors.

Secure access key control through challenge & response

In this Product How-To, Maxim's Bernhard Linke examines keys for physical access control, evaluating them for their strengths and weaknesses and details how the company's MCU-based challenge & response key ICs can be used to overcome the limitations of static data keys.

Keeping embedded software safe & secure in an unsafe world

Robert Day provides some advice on techniques for software migration in embedded software platforms, the impact of security policies, and how to maintain real-time performance and determinism in your app.

10 things to consider when securing an embedded 802.11 Wi-Fi device

Timothy Stapko details some of the factors to evaluate when securing an embedded 802.11 wireless device

Using software flashing to secure embedded device updates

Integration of digital signature algorithms into automotive systems and wireless medical devices requires the addition of a secure software download mechanism of careful design to ensure that only the defined access is given.

Linux and Security: Mission Impossible?

I'm personally a big fan of Linux. But searching the Web about its use in high criticality app indicates that while the open source OS is used widely in many mainstream embedded, mobile and desktop apps, it is not the best choice where a high degree of security is necessary.

Security Considerations for Embedded Operating Systems

A tutorial on the fundamentals of the modern security evaluation methodology, Common Criteria, and shows how secure operating systems can thwart would-be hackers and limit damage when a system in penetrated.

MILS architecture simplifies design of high assurance systems – Part 1

The Multiple independent levels of security (MILS) architecture provides a framework for development and validation of secure operating systems for military and avionics applications.


Embedded Systems Bookshelf

Excerpts

Embedded Books Reading Room
Bernard Cole's favorite links to book excerpts.

Reviews

Engineer's Bookshelf
Airport fiction blows. A look at books other engineers are reading and why you should read them, too. Recommend and write a review yourself. E-mail Brian Fuller.

Jack Ganssle's Bookshelf
A list of book reviews by Jack Ganssle, contributing technical editor of Embedded Systems Design and Embedded.com.

Max's Cool Beans
Clive “Max” Maxfield, the editor on Programmable Logic DesignLine, often writes about interesting books.


Products

TI raises security on embedded processors

Texas Instruments Inc. is looking to provide added protection against unauthorized reading of intellectual property and sensitive data in its OMAP-L138 DSP + ARM processors and TMS320C6748 digital signal processors (DSPs).

Embedded firewall enables packet control

Floodgate-Packet Filter is an embedded firewall from Icon Labs that allows networked devices to control the packets they process. It protects against potentially malicious attacks by filtering packets before they are processed by an embedded device.

EEPROM features AES-CCM Authentication

An extension to Atmel's CryptoAuthentication family, the ATAES132 devices, offer secure data storage using the AES authentication for industrial, consumer, computing and embedded applications with flexible key management features and secure counters.

Security manager IC with 1024 bytes of nonimprinting memory

Maxim's newest security manager combines a patented nonimprinting-memory scheme with an ultra-low battery current for applications requiring the highest level of security.

LynxSecure 5.0 features increased performance and virtualization

LynxSecure 5.0 from Lynux Works, Inc., is a new release of the LynxSecure separation kernel and hypervisor that adds significant performance increases for fully virtualized guest operating systems (OSes) by utilizing new hardware technologies. The new release also offers 64-bit and Symmetric Multi-processing (SMP) guest OS virtualization support.

Secure microcontroller brings smart card security to device authentication

NXP Semiconductors N.V. has introduced the au10tic family of secure ICs designed specifically for device authentication.

Agilent Technologies

New Agilent Oscilloscopes with Breakthrough Technology Deliver More Scope for the Same Budget

InfiniiVision 2000 and 3000 X-Series scopes offer 26 models from 70 to 500 MHz starting at $1,230 USD. Entry models offer industry-exclusive options like 8-channel Mixed Signal Oscilloscope and integrated function generator. Advanced scopes change to 16-channel MSOs and add serial bus debug options.
Click here to learn more.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.