Because of the connected nature of most new embedded system designs, securitywill remain a constant and unending challenge to developers. But slowly,a repertoire of useful tools and techniques are becoming available, as notedin this week’s Embeddded.com Tech Focus Newsletter . In addition, someother design articles indicative of the sophistication and capabilities ofthese new techniques include:
Protecting SCADA devices from threats and hackers
Enhance system security with better data-at-rest encryption
Cryptography in software or hardware: It depends on the need
Defending against side-channel attacks
Implementing secure digital data transfer
But large gaps remain in critical areas including: industrialPLCs, SmartGrid, SCADA,wirelesshome networks, and even firmwarein printers. Fortunately, research is on-going and has resulted in someinnovative and thought provoking solutions, including:
“Defendingembedded systems with software symbiotes,” in which it is proposedthat host-based defense mechanisms calledl Symbiotic Embedded Machines (SEM)be designed to inject intrusion detection functionality into the firmwareof the device, deployable with no disruption to the operation of the device.
“Intrusiondetection for resource-constrained power grid devices,” in whichthe authors describe a host-based intrusion detection mechanism that operatesfrom within the device software’s kernel and leverages a built-in tracingframework to identify control-flow anomalies, which are most often causedby rootkits that hijack kernel hooks.
“Integratingnetwork cryptography into the operating system,” where the authorsdescribe a sockets interface-based general-purpose network cryptographylibrary that integrates directly with the device’s operating system.
“Cryptographickey management for Smart Power Grids ,” in which the authors proposeintegration of a PUF (Physically Unclonable Function) device with each smartmeter in order to implement a hardware-based, low cost and secure authenticationmechanism immune to the hacks into flash based firmware that is normallyused.
For other information related to embedded systems security, two goodresources are 1) the Embedded.com SecurityCollection of previous articles, webinars and white papers, and 2) the freely downloadable presentations and papers from the Black Hat Conferencearchives.
To maintain a general sense of how well the battle against malicious hackersis going on a regular basis. sign up to receive regular newsletter and RSS feed updatesfrom Carnegie Mellon’s CERT program,the US CERTS National Cyber AwarenessSystem and its Industrial Control Systems Cyber Emergency Response Team(ICS-CERT). US CERTS also hasan interactive map containinglinks to all of the various similar programs in other countries.
Embedded.com Site Editor Bernard Cole is also editor of thetwice-a-week Embedded.comnewsletters as well as a partner in the TechRite Associates editorialservices consultancy. He welcomes your feedback. Send an email to , or call928-525-9087.