Security For Embedded Electronics

The embedded systems market is expected to enjoy steady growth in the near future—provided those systems can be adequately secured.

One of the biggest challenges for embedded devices and systems, especially those employed in the , is adequately protecting them from increasingly sophisticated hacking. This is a new tool for criminal enterprises, and a very lucrative one because it can be done remotely with little fear of being caught. Even when hackers are caught, they rarely are prosecuted, which has not gone unnoticed by criminal enterprises. A lack of reprisal has allowed them to recruit some of the best and brightest programmers.

The disruption that can be caused by unsecured IoT devices was dramatically demonstrated a year ago, when cyberattacks on Dyn DNS (now Oracle Dyn Global Business Unit) shut down some highly popular websites for much of one day. While no attacks of similar scale have occurred since then, cybersecurity experts expect there are more to come because the motivation will be financial rather than social disruption just for the heck of it.

Transparency Market Research forecasts the worldwide embedded systems market will rise to $233.19 billion in four years, marking a compound annual growth rate of 6.4% from 2015 to 2021. The automotive industry will take a higher profile in embedded systems, TMR predicts, representing 18.3% of the embedded systems market by 2021.

Zion Market Research sees the embedded systems market growing 6% per year, increasing from $159 billion in 2015 to $225.34 billion by the end of 2021. “However, security concerns related to these systems may curb the demand for embedded systems within the forecast period,” the market research firm warns.

Fig. 1: Embedded systems market growth. Source: Zion Research

Public key infrastructure
Thales issued its 2017 PKI Global Trends Report, featuring research by The Ponemon Institute. In a survey of more than 1,500 IT security practitioners around the world, the study forecast that 43% of IoT devices to be deployed in the next two years will use digital certificates for authentication.

New applications, such as the IoT, are the fastest growing of PKI evolution, according to 36% of the survey respondents.

“Last year, we underscored that it is hugely important PKIs be future-proofed — and we still stand by that recommendation,” Larry Ponemon, chairman of The Ponemon Institute, said in a statement. “Not only are PKIs a core enterprise asset, but they are playing an increasingly important role supporting certificate issuance needs for cloud applications and the IoT. Smart organizations have determined that successful IoT deployment rests on trust being established from the beginning, and they’re leaning on their PKI as one component for building that trust.”

PKI has been around for some time. It was first developed in the 1970s by British intelligence and relies on asymmetric keys—one public, one private—to encrypt and decrypt content. In effect, those keys provide a way of certifying who is on the other end of a data exchange and a handshake during that exchange. To enable that requires a combination of hardware and software, which are needed to time-stamp, cross-certify and update keys, as well as to provide enough history to ensure nothing has been compromised. The goal is to create a “web of trust,” basically the complement of a root of trust that companies such as Arm have been promoting.

Arm expanded its vision last month when it unveiled its Platform Security Architecture. The goal is to create a common framework for scaling connected device security, and it has the backing of all of the major MCU vendors, as well as embedded software companies such as Green Hills and Mentor, a Siemens business, systems companies such as Cisco, Vodafone, and Flex, and cloud providers such as Google and Microsoft.

“The complexity of the issue is one dimension of the challenge,” said Marc Canel, vice president of security systems and technologies at Arm. “There is a layer of technologies from the physical IP, in which the key for the root of trust is embedded, all the way up to the applications and everything else in between. At the same time, there is complexity in the processes to build those things, to create the products, to provision them, to load the code and to load the keys. One of the big challenges is there is no normalization—no standardization—across the IoT world. You’re going to find vertical ecosystems, whether this is in the embedded systems world or automotive. And even in automotive, when you go from General Motors to Ford you will find different ecosystems, different players, different rules and different requirements. That lack of standardization or normalization is making things more complicated because processes need to be replicated from vertical market to vertical market.”

Developers can keep IoT devices agile and secure through over-the-air software and firmware updates. Data in flight can be shielded through the cryptographic Transport Layer Security (TLS) protocol or Arm’s mbed TLS. They also can engage a third party to conduct penetration testing on a new product, which will expose flaws before they reach the market.

Security has been a risk ever since devices were connected to each other, and it has multiplied with an increase in the number of devices and the deregulation of the medium used to connect them together. Before the 2016 cyberattacks on Dyn, there was the 2015 hacking of a Jeep Cherokee, demonstrating how remote actors could take control of the vehicle. Vendors still develop unsecured technology. And even well-secured technology knowingly or unknowingly is connected to devices with little or no security, over public networks where warnings are standard and often ignored, on devices where passwords are often weak and rarely changed.

“Predictably, they’re not doing enough,” said Mike Borza, principal security technologist at Synopsys.

Borza harkened back to the early days of the Internet and the World Wide Web, before the commercial Internet exposed some black-hat users. “We’ve gradually grown up,” he noted. “IoT, in the area where there isn’t a lot of legislation and regulation about it, is going to grow up in pretty much the same way. My hope is that people would have taken the lessons that were learned in the Web 2.0 era a little bit more to heart in developing IoT, but most of them don’t. So, we’re just going to go through this stage of experimentation with people putting stuff out there on a hope and a whim, or a hope and a prayer that the security is going to be good enough. Then people will face some big attacks and they’ll come to the realization that’s not going to be enough. That’s the stage we’re at now, but it’s still very early. I’d say there are still a lot of devices being developed right now that are not being protected adequately. For me, as a security guy, I always think about first—can the device trust itself? Or does it have some way to prove to itself that it’s running code that it should be running? Once it’s bootstrapped itself, and it’s started to connect to the network, the rest of the elements of the network have to trust that the things they’re communicating with are really the things they believe they are. And so there’s kind of a process of building trust, up one layer at a time, that needs to take place.”

There are three critical elements to device cybersecurity, according to Borza. They must create a root of trust that is truly trustworthy, he said. There’s also hardware-backed identity and a root-of-trust firmware component, like a secure bootstrap operation that tests the integrity of code before it runs.

“Once it’s got those things, if it has some hardware-backed keys and some cryptographic primitives allowed to use those keys in a secure way, then it can start to create identities for itself or on behalf of its users with cloud services and with other entities around it. Those entities can actually be bound to the device and you can prevent them from being exported. And that gives you the chance to ensure that the network is being built up out of trustful elements,” Borza said.

It’s a good goal, but it’s also one that will take time to realize.

Complexity and numbers
At least part of the issue stems from growing complexity. That makes it harder to build, debug and test devices, but it also makes it more difficult to secure them.

“Complexity is a massive issue for everyone in the IoT,” said Haydn Povey, CTO of Secure Thingz. “Whether you’re building a power station or a car, it’s made up of layers upon layers of components and systems. Ownership needs to be embedded in all of those, from the ground up. There is a need for identity to be injected early. There needs to be management of identities. We need to own each of the components in a system over the lifecycle. And we need to be able to manage these subsystems, integrate them, integrate the security. There are so many pieces, so many aspects of ownership, such complex code in the system, that it’s a real challenge.”

Views on this subject range from slow but steady progress to alarm bells being sounded, because the number of increasingly complex, connected devices is growing exponentially.

“The IoT is scary wherever you look at it,” said Asaf Ashkenazi, senior director of product management in Rambus’ Security Division. “Everything in the IoT is not about one device. It’s about lots of devices. It’s an army of clones. You build one device, and all the others are exactly the same. This is true for the IIoT, too. If you look at what happened after the Stuxnet attack on a nuclear facility in Iran, that same approach was used to attack energy facilities in Saudi Arabia.”

The security issues get worse the longer devices are around, too, because knowledge of how to hack into them increases. So while a smart phone may be updated regularly, a commercial refrigerator may never be updated and it might be around for a half-dozen or more years. “You need to manage security across the lifecycle of devices,” Ashkenazi said.

Some of these devices simply aren’t worth the price of good security, either, because the selling prices is too low.

“If you think about it in terms of the grand vision of the IoT with 50 billion or more devices that are all connected together and chattering to each other, probably 45 billion of those devices are going to be the smallest, cheapest things that people can make,” said Synopsys’ Borza. “So, that argues against having a lot of security hardware for its own purposes. That’s one aspect of the challenge. But the other thing is the lower selling price of things that people are going to hook up by the billions. It also means that adversaries can buy a lot of copies of them and reverse-engineer them. The people who are building those devices are not going to be experts in the physical security of things. They need some help from chip manufacturers in order to make that work.”

There is also secure separation of application spaces and resources from each other, a useful tool, Borza noted. There can be device-embedded keys in very secure, tightly controlled software containers, and open up the rest of the device for applications to try to run and share computing resources. “That’s one of the things that I see as a bit of a ray of hope for device developers to be able to rely on. You’re starting to see some interesting approaches to device virtualization. They don’t have all the hallmarks of say, server virtualization. But they do provide this ability to separate processing contexts from each other,” he said.

Security connectivity
Another piece of the puzzle is the connectivity itself. Wired is more secure than wireless, which is part of the reason Ethernet has made a remarkable resurgence after years of predictions about its demise, notably within data centers where new and much faster versions are being deployed, and more recently in high-end cars.

“What makes this particularly attractive is that the debug and diagnostics are standard Ethernet,” said Andrew Klaus, Marvell Semiconductor’s director of automotive business development and architecture. “At the chip level, you want to make sure all of the data gets through. That means you want to determine which packets don’t get into the system and that nothing messes up the packets. One way to do that is with a secure switch, which is a gateway device. It boots up in a secure way. If something is wrong, it says ‘stop.'”

The approach is similar to one being used inside of corporate networks today, where ports can be configured to restrict or allow access to the outside world, using a secure boot and deep packet inspection. “The advantage here is you are not just reaching layers one and two of the OSI stack,” said Klaus. “You can do it for all seven layers of the OSI model.”

Fig. 2: OSI model. Source: IBM

Conclusion
More vendors are at least thinking about security, and a good number are developing products that are secure for today’s threat level. But how they fare over time, and whether standardized security levels ever emerge to help consumers determine whether one product is more secure than another, remains to be seen.

What is clear, though, is that the threat level is growing with the number of connected devices, and security has risen to a level where more people see it as a problem. What they do about that remains to be seen.

—Ed Sperling contributed to this story.

Related Stories
How To Build An IoT Chip
Experts at the Table, part 2: Where data gets processed, how to secure devices, and questions about whether there can be economies of scale in this sector.
Making Secure Chips For IoT Devices
Technology is improving, but so is awareness about the need for security.
Designing For The IoT
Each day of DAC started with an IoT-related keynote. Sometimes they agreed, sometimes not, but the implications are enormous.