Timothy Stapko, Lead Software Engineer and Project Manager, Digi International, offers tips on embedded systems security. Dominion Electronics are distributors of Digi International.
There are a large number of security packages available, and an embedded engineer new to security may only know of security as encryption or virus protection. While encryption is a tool used for security and virus scanners technically provide security, neither one likely provides what is needed. These days security is integrated into many applications and the packages that users need are usually dictated by what their applications will interface with. If users’ application is web-based, it probably will use SSL/TLS (Secure Sockets Layer, also known as Transport Layer Security). Other applications use technologies like IPSEC (Internet Protocol Security) or CCMP (WPA2 Wi-Fi encryption). Knowing what the acronyms mean is not as important as knowing which protocols users need to support.
Depending on the application, implementing a security package for an application may be as simple as running an executable with security enabled. For example, if users are running embedded Linux or Windows CE, there are probably applications that provide a lot of the security they need, like an SSH (Secure Shell) client. If binaries are not available, then there may be source code available. Open-source packages like OpenSSL and OpenSSH are considered among the best implementations of those security protocols available that are also free to use. Users should avoid implementing their own security protocol. Unless users are cryptography experts, chances are their implementation will be vulnerable.
Once users have implemented their application and added all their security protocols, it is natural to ask how secure the result is. The purpose of security is to make the cost of breaking the security greater than the value of the gain for the attacker. Modern cryptography relies on mathematics that would take thousands of years to work out using modern computer hardware. Unfortunately, any protocol or algorithm may have an undiscovered vulnerability that makes breaking it much easier, and hardware performance continues to improve at a good pace, bringing that ‘thousands of years’ number down significantly.
Following are some of the issues that will give an insight on how to evaluate and deploy secure embedded applications:
For an embedded system, location is as important as any other factor in determining what security measures are needed. Many embedded applications may be installed in places where an attacker has unfettered access to the hardware. When an attacker has physical access, software-based security mechanisms fail, and hardware mechanisms do not fare much better. If users are implementing world-class security in their application, then they need to make sure that the physical security employed is at least equivalent to the security in the application.
To come up with a list of potential attackers, users need to think who would benefit from compromising their systems. This might include business rivals, terrorists, secret illegal government agencies or teenagers. The people who stand to benefit the most from attacking the system are usually the most likely to attack it, but the attacker may not be interested in what users are most concerned about.
An attacker may not be after the information; it may be sufficient to shut down the application. In other cases, the attacker may just be interested in controlling the hardware. As more and more devices are networked, it is highly likely that someone will see those devices as a huge pool of hardware resources ripe for exploitation.
Wireless networks add a layer of vulnerability beyond that found in a wired network – the physical transmission medium. For a wired network, the transmission medium is a wire. Wire-tapping to eavesdrop on communications requires physical contact with the wire or close physical proximity. Wires can be routed through secure buildings, underground, on top of telephone poles, or through concrete, thus limiting the physical contact possible. With a wireless network, the transmission medium is the air. With a wireless device broadcasting information in all directions, an attacker needs only an antenna to gain access. For this reason, most wireless protocols employ some type of built-in encryption.
Some systems are secure by default, either due to higher quality software or through specific security enhancements. Users can check with others who have deployed the systems they are evaluating and try to find out what applications they have been used in before. Users can look for hardware security features that have proven records.
If users need high security for their applications, then keeping up with security news is vital. Every day, thousands of hackers and researchers are working to break security. Users should know the current state of their security technologies by learning all the known attacks, and keep up with the reports to be sure that no new attacks have been discovered.
It is easy to fall into the philosophy that one needs the best, robust, powerful security available, but one probably does not need that much. Users are concerned that the information is collected properly and delivered without being tampered with. There are less expensive methods to achieve that result without resorting to comprehensive security implementations. When evaluating security for an application, users need to think about how much security is really needed. Users can save a lot of hardware cost and development time by avoiding security they do not need.