From consumer electronics and industrial equipment to smart cars, health-tech devices, home appliances and every “thing” in between, embedded systems help power our increasingly connected world.
Combining hardware and software designed for a specific function, embedded systems can be programmable or have fixed functionality to control the operations of the device that it is embedded within. However, because IoT devices produce, receive and process significant amounts of data — and given the highly valuable nature of IoT data — every connected device is a potential target for cyberattacks. Consequently, embedded security is essential to protect a system from all types of malicious behavior.
But what exactly is embedded security for Internet of Things devices? And how can you ensure that your embedded system will remain secure from attackers who want to gain unauthorized access, steal sensitive information or interfere with the system in any other way? This blog post will answer those questions and detail the 10 most important characteristics of a secure embedded system.
What is Embedded Security?
As an increasing number of “things” are connected to the internet, the IoT grows — and so does its attack surface. All of these connected devices can create vulnerabilities within an organization’s network, and a cyberattack can result in financial, physical and reputational risk for organizations across industries.
Providing mechanisms to protect IoT devices from cyberattacks, embedded security prioritizes preventing unauthorized, malicious access to and use of embedded systems. From cybersecurity tools and processes to best practices and security standards, embedded security leverages a number of resources to protect against every possible vulnerability — because it takes only one vulnerability to lead to an exploit.
When it comes to end-to-end security in IoT for embedded systems, there are three types of security:
- Physical device security: Hardware security focuses on protecting sensitive code and data from attacks that bypass network ports and software weaknesses and instead target the physical components of the device itself.
- Software security: From device authentication to firewalling network traffic, embedded software security centers around malicious behavior in the system, both during the initialization process and run time.
- Communications security: IoT devices are constantly connected and communicating with the cloud and with one another, cementing the importance of encrypted communications and securing communication ports.
Designed to protect the embedded components and software within an IoT device, embedded security can be challenging due to the connected device’s various memory and storage limitations. However, overcoming those challenges is critical to ensure attackers don’t take control of your system, steal your sensitive data and create an exploit for others to use, further damaging your network, mission, reputation and bottom line.
Top 10 Properties of a Secure Embedded System
So, what makes an embedded system secure? This section will tackle some software and hardware characteristics of secure embedded systems.
1) Secure Boot
Potentially thousands of vulnerabilities exist in system boot sequences. And if left unprotected, those openings can and will be exploited to gain access to your software and compromise applications and data.
From Grub Secure Boot to Intel TXT to uboot, many secure boot technologies exist, but just be sure your boot sequence performs verified or measured launches of operating system code using encryption and authentication to ensure your hardware starts up only the intended and authentic software rather than an attacker’s malicious code.
2) Data Protected at Rest
Generally speaking, you cannot guarantee that your system will always remain physically inaccessible, preventing attackers from ever gaining access to your data and intellectual property. That’s why it’s critical to make it impossible for bad actors to understand the information at all.
While there are several methods of obfuscating data and applications to make them more difficult to understand, encryption remains the best. When applications and data are encrypted with proven cryptographic algorithms and attackers cannot access the decryption key, they have to turn to more invasive methods to gain access to your system and run any malicious code.
3) Trusted Execution Environment
A trusted execution environment (TEE) can prevent execution vulnerabilities by enabling hardware-level isolation of security-critical operations to guarantee the code and data are protected with respect to confidentiality and integrity.
As an isolated execution environment, a TEE improves the overall resiliency of the embedded system as one component can no longer impact another component — directly or indirectly. That strict partitioning and isolation can provide a higher level of security for trusted applications running on the device than a rich operating system (OS) and more functionality than a secure element.
4) Appropriately Partitioned Hardware Resources
When your software stack is allowed unrestricted access to every hardware component on your system, any vulnerabilities exploited in one application will propagate into other components, thereby disrupting the entire system.
Different hardware components — CPU cores, cache, memory, devices, etc. — should be appropriately segregated to deliver a cleaner, more straightforward system configuration that helps prevent an error in one component from spreading throughout the system.
5) Software is Containerized and Isolated
Much like hardware components, just one insecure piece of code can compromise the entire embedded system. One software vulnerability can allow malicious attackers to run random commands with the same set of privileges as that application and gain unrestricted access to the entire system.
Containerization and isolation of code, however, help to mitigate such attacks. It’s important to containerize, sandbox and isolate different system functions to limit a hacker’s reach and prevent the unintended escalation of access across every component making up your entire system.
6) Secure Communications
Your embedded system shouldn’t just let any other system talk to it — external sources need to prove themselves before the lines of communication are opened. Consequently, the kickoff for secure communication should be to block all inbound communications that have not been expressly permitted by firewall policy.
Consider leveraging proven encryption communications protocols like SSL and TLS to enforce secure communication even after authentication. Implementing mutual authentication and encryption empowers you to be sure your system is only communicating with trusted entities — and not cyberattackers.
7) Validate All Data Inputs
Any and all data your embedded system collects or is sent from external and/or untrusted sources should be properly validated before it’s passed to critical software and/or hardware components.
Data entering your system can become an attack vector that can be exploited to gain unauthorized access or corrupt memory to create a denial of service. At the end of the day, data validation before use helps safeguard your embedded system from compromise resulting from external inputs unintentionally interrupting or maliciously exploiting system functionality.
8) Mandatory Access Control
All embedded systems should be built using mandatory access control (MAC), a security strategy that restricts individual resource owners from granting or denying access to resource objects in a file system.
Systems built leveraging MAC, unlike their discretionary access control (DAC) counterparts, quantify access grants and restriction policies during system design. Consequently, there are no legitimate methods for bypassing or disabling the security controls within the connected device. Even if an attacker is successful in gaining root-level access, modifying or disabling the security settings of the device — or disrupting the system’s services — will remain impossible with MAC.
9) Reduced Attack Surface
While attackers only need to exploit one vulnerability, you need to protect against all vulnerabilities. That’s why every line of code you deploy potentially opens the door for attackers to find an entry point into your embedded system.
That being said, removing unnecessary code and interfaces that are not absolutely required can help you minimize the attack surface and prevent an exploit from even occurring. Cut out the drivers, features and code you don’t actually need because even a known vulnerability can’t be exploited on a disabled service or removed interface.
10) Secure Build Options and System Configuration
It is critical that you employ defensive coding practices, use secure build options and configure your embedded system leveraging standards for maximum security (according to your security requirements). Doing so can warn you about many types of potential security concerns, help you identify whether a buffer overflow attack is possible and provide additional security improvements that prevent attackers from getting around your other cyber defenses.
While these best practices require minimal effort and are slowly becoming bare minimum requirements, they can significantly minimize the number of attacks able to compromise one or more parts of your system.
Unfortunately, there is not a universal property or characteristic that will ensure embedded security immediately or permanently. It’s impossible for any software system to be entirely bug-free and equally unfeasible to secure your device against every imaginable attack. Consequently, embedded security requires a combination of the aforementioned characteristics to prevent attackers from compromising your system.
By focusing on the 10 properties described in this blog post while choosing your hardware, defining your system architecture, designing your system and, of course, writing code, you will set your embedded system up for success in the real world. Considering and securing the various attack vectors and your attack surface helps ensure the effort involved in hacking your IoT device will far outweigh the potential benefit a hacker might receive by overwhelming your network or stealing your data.
If you’re interested in learning how these 10 characteristics can be applied to your embedded software engineering or need help securing any element of your IoT project, let us know how our dedicated and innovative team of problem-solvers can help bring your innovation to life!