If you want to make certain that your embedded system is hack proof, don’t take it out of the box.
It may sound harsh, but there is truth to that statement. People hack, or try to hack, systems for a variety of reasons: for the intellectual challenge, monetary rewards, and theft of data are just the tip of the iceberg. Ultimately, the risk associated with loss determines how much effort must be applied to securing the system from malicious hackers.
Sophisticated hacks are often considered the ultimate scam to thwart. But the facts are that hackers will often seek out the lowest technology solution that will allow them to break a system. Often times the low tech hack can be a light designed to fool internal circuitry, an analog of the car door jimmy used to retrieve car keys that have been locked in a car, a barrier to prevent an interlock from closing, and dozens of other ingenious solutions each aimed at causing the system to fail in some manner that benefits the hacker. Anticipating and protecting against physical attacks on an embedded system can be a challenge for developers – and one that’s best left to experienced physical/mechanical designers.
Every system can be hacked. The question is the level of difficulty and the cost associated with the hack. Physical hacks can be made more difficult by many decisions, including encapsulating electronic circuitry, eliminating obvious physical interlock switches, and creating a protocol for technician access to the inner workings of the system. These and other techniques all serve to increase the difficulty in physically hacking an embedded system.
Electronic hacking seeks to gain unauthorized access to the system. Generally these hacks fall into categories:
- Forcing the system to enter into an unanticipated state by entering a non-permissible data sequence.
- Exploiting known standard software deficiencies is the most focused on vulnerability for many hackers. Unexpectedly, Open Source is not more susceptible to this type of exploit because there are often thousands of professional programmers looking at the code and installing it in production systems. But regardless of the source, the ultimate responsibility for system security lies with the developers.
- Theft of test equipment or actual embedded hardware aimed at gaining direct access to the internal software to find vulnerabilities.
- “Social engineering” (theft) of user IDs and pass codes to gain access to the system.
- Addition of snooping hardware to the installed embedded system to gain information.
Broadly speaking, embedded software security falls into groups:
- Underlying Operating System
- Security of System updates
- External communications
- Data security
- Authorized personnel access
- Intrusion detection
- Application security
I’ve previously written in these blogs about specific Operating Systems (OS) and some of the security features that they offer. Security isn’t the only aspect of an OS that’s important. Equally important is the correctness of the OS because one of the major attacks to break into systems relies on exploiting errors caused by programming faults in the OS. Choosing an OS that is certified through one of the accepted standards is one hedge against that class of entry for a hacker. Aerospace is one of the industries that has a series of certifications for OSes and software development tools. Aerospace Certified Real Time Operating Systems (RTOSes) are available from Green Hills Software, Inc (1), QNX(2), and Wind River Systems(3). Green Hills offers a specific high reliability aerospace package called the Integrity RTOS. Wind River also provides an aerospace platform that conforms to many of the world’s standards for critical avionics systems including RTCA DO-178B, EUROCAE ED-12B (“Software Considerations in Airborne Systems and Equipment Certification”), IEC 61508 http://www.iec.ch/functionalsafety/and other related software standards. LinuxWorks®(4) offers several versions of the Linux OS including LynuxSecure™that is described briefly in a previous blog. Validation of the OS ranges from DO-178B to other industry practices.
The Intel® Atom™ processor family has added E6xx members that include Virtualization Technology (VT) in addition to low power operation. These new Atom family members and Intel® Core™ i5 and i7 processors are including advanced features for virtualization and boot load security previously found on processors intended for general purpose computing. These capabilities are quickly becoming requirements for networked embedded systems.
Microsoft ® Corporation (5) has recently added a facility aimed at allowing centralized configuration, management, and updating for embedded devices. Embedded systems that are networked with a computer running System Center Configuration Manager 2007 can be managed by Windows Embedded Device Manager. Embedded Device Manager provides a single management console to manage Windows Embedded devices. Microsoft’s goal is to improve insight and control of embedded devices by presenting information unique to embedded systems.
Device Manager generates collections of embedded device and aggregates similar devices into groups. Groups may include a wide variety of devices such as thin clients, point of service terminals, and digital signage. This function simplifies integration and management of embedded devices within a larger context. Windows Embedded Device Manager provides a single management console to manage Windows Embedded devices.
Solutions to assure data security depend on information encryption technology using a public key – private key scheme. Whether the encryption uses the 35 year old 56-bit key (and generally considered to be vulnerable) or more advanced encryption like the Advanced Encryption Standard (AES) using up to a 256 bit key, the foundation of the technique rests on a four step process:
- You send your public key to a sender of data
- Sender encrypts the data using your public key
- Sender sends the data to you
- You decrypt the data using your private key.
By comparison, the AES standard can consume ten times the processing required to encrypt a message using the 35 year old DES (56 bit) standard. The AES standard is practically crack-proof since it would require more than a hundred trillion years to break one message. Nearly every open source and proprietary operating system has encrypted communications as part of the package. But if your chosen OS lacks suitable data encryption, if can be remedied b y adding an encryption module from an open source project like http://www.truecrypt.org/ which can encrypt many things including an entire disk, or JPPF.
Complexity of Embedded Systems is quickly catching up with general purpose computing systems. This step up in complexity will require more competent operating software management than has been historically required.
How will you guard your future systems from hack attacks?
1. Green Hills Software is an Affiliate member of the Intel Embedded Alliance
2. QNX Software Systems is an Associate member of the Intel Embedded Alliance
3. Wind River Systems is an Associate member of the Intel Embedded Alliance
4. LynuxWorks is an Affiliate member of the Intel Embedded Alliance
5. Microsoft Corporation is an Associate member of the Intel Embedded Alliance
Roving Reporter (Intel Contractor)
Intel® Embedded Alliance
To view other community content focused on security, see “Security – Top Picks.”