Traditional security techniques may not suffice anymore. Embedded systems are getting more complex and hackers are getting smarter.
Embedded systems traditionally have had very limited security options. Indeed, fitting a robust set of security features into such a small mechanical footprint can be challenging. Storage components, processing power, battery life, time-to-market, and overall cost concerns have prevented most security features from being implemented. Overcoming these design challenges has become crucial to embedded systems designers in light of the growing threat of security breaches as more systems are shared or attached to networks and new regulations are adopted that make security mandatory.
The security industry has focused largely on portable storage devices for the consumer electronics industry. The basic premise here is that users want security capabilities to travel with the device, such as with a USB thumb drive. This approach lets users protect their data on any system, whether it's on an office or home PC, an Internet kiosk, or a public computer. Software applications and data are password-protected using industry-defined security protocols, which often are targeted by Internet hackers. Portable data devices are also highly susceptible to theft. Once stolen and the security encryption defeated, the fully intact data can be accessed, loaded onto a PC or the Internet, sold, or worse.
On the other hand, embedded systems applications for the enterprise OEM market face their own unique challenges. These OEMs (original equipment manufacturers) targeting the netcom, military, industrial, interactive kiosk, and medical markets typically provide infrastructure equipment to their customers by supplying everything from network routers and voting machines to medical diagnostic equipment and data recorders. The key requirement is that data must be rendered unreadable should the storage devices be removed from the systems for which they're intended. The host system must maintain ultimate control over security algorithms to protect the data and prevent IP theft. Security requirements can vary for these applications. They can be as simple as ensuring that the correct storage product is in the host, or as intricate as tying the software IP and application data directly to the storage device.
Tying security to the host
Two key functions are required in enterprise OEM applications to protect application data and software IP. The first is a need to ensure that the end customer is using a qualified storage device in the system. Due to warranty or service contracts, the OEM must verify that the storage device originally shipped with the equipment is indeed still in the system. The second is a need to tie specific application data and software IP to the specific drive for which it is intended to prevent theft and ensure software integrity. In this way, even if the portable storage device is stolen, the data can't be accessed and the device won't function properly.
Optimally, the host should have access to at least two unique pieces of data for validation purposes. One identifies the drive and ensures it's the correct product. The second data string identifies the specific drive and its correlating data. The host system can then use that data to create encryption/decryption keys for software IP and application data. Such a method doesn't provide copy protection, but it restricts the use of particular software on any system other than the original host.
Design considerations for enterprise OEM applications are many. First, it's important to ensure the integrity of the stored data. The drive itself must not be susceptible to corruption due to power disturbances. Portability has become of huge importance, so the technology considered must be low power and small and light enough to match the design requirements. In addition, extreme environmental conditions such as shock, vibration, altitude, and a wide temperature range must be considered. Multiple-year product lifecycle and high-endurance ratings are also important. If a drive wears out unexpectedly, critical data can be lost, so a feedback mechanism that prevents field failures and unplanned downtime would be beneficial.
Consumer applications typically only need the storage device to store data. In enterprise OEM applications, designers must consider operating systems requirements for storage. An operating system must be kept open to accommodate needed read/write functions. The traditional use of write protection becomes impossible on a storage device that supports an open operating system.
Another important consideration for enterprise OEMs is the accidental overwriting of critical system files, such as the master boot record. When a power fluctuation occurs, address lines can float to undetermined states. If there's still enough power to write to the storage component, data could be written to an improper location, potentially corrupting critical system files.
Many embedded systems have different security requirements for different data types. Perhaps there's a need to write-protect a file or look-up table or to have a password-protected area for regulatory validation. The traditional approach would be to implement multiple storage devices, such as a secure EPROM for validation codes; a CD-ROM for read-only access; or a flash card for data and user statistics or tracking.
This may not be the best solution for power and space-constrained embedded designs. Not only does using three different devices for one system have a larger-than-desired footprint, but the cost is also increased exponentially by the purchase and programming of three devices.
Storage security solutions
Advanced storage technologies are now available that let designers add the security that's required for their particular design. These new storage solutions definitely provide the desired environmental performance, low power, small footprint, and longer product lifecycles.
For instance, to streamline the embedded design that would need the three different storage devices previously mentioned, this same application could use one advanced storage system divided into task-specific zones. By using advanced zoning techniques, one solid-state drive can be partitioned into zones providing the ability for separate security measures deployed on each zone, as shown in Figure 1. The result is a dramatic savings in space and cost. In the previous example, Zone 1 can store the operating system, Zone 2 can be partitioned for read-only access, and Zone 3 can be used for data tracking or storing classified data. In this way, one drive performs the tasks originally handled by three separate devices. Given that advanced solid-state drives can be divided into up to five partitions, there's potential for even more functionality.
To prevent the theft of application data and software IP, advanced storage technologies enable this information to be tied to a specific storage drive and enable a specific drive to be tied to a specific host system, as in Figure 2. A restricted area, only accessible by one or several vendor-specific commands, can be used as a handshaking area to implement these requirements.
Advanced storage systems can have two or more keys resident in its restricted (non-user) data space. The first key could identify the specific media (such as flash drive and hard drive) and the second could contain a randomized number specific to that individual drive. The designer can send a vendor-specific command to read the information from the media and use it as a key for a host-specified encryption/decryption algorithm.
Should the storage system be removed from the host system for which it was originally intended and placed in a similar system, the new host could identify the transplanted drive as the correct media type. However, the randomized number will be completely different. As a result, the data will be unusable by the new host. Should the data itself be copied to a different type of drive, the host can tell it's not the correct drive and again the data won't be usable.
The security design challenges for embedded systems are different and potentially more demanding than those for the consumer market. While most consumer storage devices contain only data, enterprise OEM applications contain operating systems, need to protect critical system files, and must ensure the data is rendered unusable should the device be removed from the host system for which it was originally intended. This has often led to solutions that incorporate multiple drives, a process which can be both complicated and expensive. One of the best ways to enhance security while minimizing cost in embedded systems is to use advanced zoning technology to set up multiple zones with different security parameters on one drive. In this way, the myriad functions, and security requirements can all be met. Table 1 shows the design tradeoffs associated with various storage solutions.
Also beneficial is the ability to tie application data and software IP to a specific storage device. Allowing the host special access to data in proprietary areas on the drive to create encryption keys further prevents data theft. While adding security to embedded systems can be a daunting task, new storage technologies not only streamline the process but enhance the final product.
Gary Drossel , vice president of product planning for SiliconSystems, manages the company's product marketing and planning, strategic marketing, and application engineering efforts. He received a BS degree in electrical and computer engineering from the University of Wisconsin. Drossel can be reached at .