Security has become an even more major concern for the makers of processors and software for embedded systems in the rush to connect them to wireless network – and even the wider Internet. It is driving a rethink in the way devices are designed to prevent network-based attacks and attempts to reverse-engineer the firmware inside.
In his keynote speech at Embedded World 2014 in Nürnberg, Green Hills Software CTO David Kleidermacher pointed to the recent capture of customers’ credit-card data from point-of-sale terminals owned by US retailer Target by hackers as an example of how vulnerable embedded devices are.
Kleidermacher argued that the tendency to secure servers rather than embedded devices – “the centralisation myth” – is misplaced. “People think if only we lock down the server really well that will solve the problem. If we fail to protect the things, attackers will go after the things. The second part of the myth is that there isn’t valuable information on the edge. That isn’t true.”
He added: “If you think we have a big security problem with a billion smartphones, think what will happen when we have a trillion autonomous objects… It's going to be a very big challenge for security. ”
Geoff Lees, general manager of the microcontrollers business unit at Freescale Semiconductor, agreed: “It’s unrealistic to expect network operators to have devices on the network that are not fully secure. It’s already started for smart meters and point-of-sale technology, but over the next few years we will see it in a growing number of our Kinetis devices – and it has to keep evolving. The game is always changing, so security [remains] a moving target.”
Kleidermacher recommended a number of techniques to lock down embedded devices on which Green Hills has worked for a number of years, including the use of virtualisation to isolate vulnerable pieces of software from the kernel. Processor makers are building hardware support for virtualisation into even comparatively low-end devices.
At Embedded World 2014, the MIPS Technologies subsidiary of UK-based Imagination Technologies launched a microcontroller core with virtualisation support as well as a way of scrambling data in memory and randomly stalling the processor’s pipeline to throw off hackers who attempt to reverse engineer the software running inside it.
Originally developed to protect SIM data on mobile phones, ARM’s Trustzone is beginning to move into a wider range of embedded devices although it is not yet available for the Cortex-M series of industrial microcontrollers.
“A lot of ARM silicon providers are now putting Trustzone in their devices,” said Kamran Shah, director of marketing at Mentor Graphics. “You can use that to achieve secure boot with a hypervisor, to authenticate the software flashed onto the device. It’s critical to know that it hasn’t been tampered with.”
John Blevins, director of software tool development at LynuxWorks, told audiences there is no single magic solution for embedded system defence. Defence is needed “in breadth”, he argued: “None of the concepts used to secure devices are all that new but people aren't using them for the most part and not using them in combination. People are going to have to start using them now.”