Want a behind-the-scenes look at the Elektor and Circuit Cellar teams? You can link to a short, free report on my recent visit to our company headquarters in Limbricht, Netherlands, where EIM staffers from around the globe met up for a corporate “bootcamp.” The purpose of the meeting was to assess the company’s current offerings (magazines, books, kits, etc.), discuss the needs of members, and plan for the future.
Embedded security is one of the most important topics in our industry. You could build an amazing microcontroller-based design, but if it is vulnerable to attack, it could become useless or even a liability.
Virginia Tech professor Patrick Schaumont explains, “perfect embedded security cannot exist. Attackers have a wide variety of techniques at their disposal, ranging from analysis to reverse engineering. When attackers get their hands on your embedded system, it is only a matter of time and sufficient eyeballs before someone finds a flaw and exploits it.”
So, what can you do? In CC25, Patrick Schaumont provided some tips:
As design engineers, we should understand what can and what cannot be done. If we understand the risks, we can create designs that give the best possible protection at a given level of complexity. Think about the following four observations before you start designing an embedded security implementation.
First, you have to understand the threats that you are facing. If you don’t have a threat model, it makes no sense to design a protection—there’s no threat! A threat model for an embedded system will specify what can attacker can and cannot do. Can she probe components? Control the power supply? Control the inputs of the design? The more precisely you specify the threats, the more robust your defenses will be. Realize that perfect security does not exist, so it doesn’t make sense to try to achieve it. Instead, focus on the threats you are willing to deal with.
Second, make a distinction between what you trust and what you cannot trust. In terms of building protections, you only need to worry about what you don’t trust. The boundary between what you trust and what you don’t trust is suitably called the trust boundary. While trust boundaries were originally logical boundaries in software systems, they also have a physical meaning in embedded context. For example, let’s say that you define the trust boundary to be at the chip package level of a microcontroller.
This implies that you’re assuming an attacker will get as close to the chip as the package pins, but not closer. With such a trust boundary, your defenses should focus on off-chip communication. If there’s nothing or no one to trust, then you’re in trouble. It’s not possible to build a secure solution without trust.
Third, security has a cost. You cannot get it for free. Security has a cost in resources and energy. In a resource-limited embedded system, this means that security will always be in competition with other system features in terms of resources. And because security is typically designed to prevent bad things from happening rather than to enable good things, it may be a difficult trade-off. In feature-rich consumer devices, security may not be a feature for which a customer is willing to pay extra. The fourth observation, and maybe the most important one, is to realize is that you’re not alone. There are many things to learn from conferences, books, and magazines. Don’t invent your own security. Adapt standards and proven techniques. Learn about the experiences of other designers. The following examples are good starting points for learning about current concerns and issues in embedded security.
Security is a complex field with many different dimensions. I find it very helpful to have several reference works close by to help me navigate the steps of building any type of security service.
Schaumont suggested the following useful resources:
- R. Anderson, Security Engineering, Second Edition, Wiley Publishing, Indianapolis, IN, 2008.
- BBC Newsnight, “Chip and PIN is Broken,” www.youtube.com/watch?v=1pMuV2o4Lrw.
- D. Bernstein and T. Lange, “EBACS: ECRYPT Benchmarking of Cryptographic Systems,” http://bench.cr.yp.to/supercop.html.
- E. Biham, O. Dunkelman, S. Indesteege, N. Keller, and B. Preneel, “How to Steal Cars—A Practical Attack on Keeloq,” COSIC, www.cosic.esat.kuleuven.be/keeloq/.
- S. Checkoway, “Comprehensive Experimental Analyses of Automotive Attack Surfaces,” www.youtube.com/watch?v=bHfOziIwXic.
- E. Diels, “Technicolor Security Newsletter,” www.technicolor.com/en/hi/technology/research-publications/security-newsletters/security-newsletter-20.
- N. Fain and Vadik, “Embedded Analysis,” http://events.ccc.de/congress/2010/wiki/Embedded_Analysis.
- ———, “JTAG/Serial/Flash/PCB Embedded Reverse Engineering Tools and Technique,” www.youtube.comwatch?v=8Unisnu-cNo.
- N. Ferguson, B. Schneier, and T. Kohno, Cryptography Engineering, Wiley Publishing, Indianapolis, IN, 2010.
- Flylogic’s Analytics Blog, www.flylogic.net/blog/.
Maxwell Technologies has announced the addition of a 2.85-V, 3400-F cell to its K2 family of ultracapacitors. It is the most powerful cell available in the industry-standard, 60-mm cylindrical form factor. Incorporating Maxwell’s DuraBlue Advanced Shock and Vibration technology, it is a rugged cell that’s suitable for high-energy storage in demanding environments (e.g., in public transit vehicles).
The electrostatic charge can be cycled over a million times without performance degradation. The cells can also provide extended power and energy for long periods of propulsion in automotive subsystems and give fast response in UPS/Backup Power and grid applications to ensure critical information is not lost during dips, sags, and outages in the main power source. In addition, they can relieve batteries of burst power functions, thereby reducing costs and maximizing space and energy efficiency.
The K2 family of cells work in tandem with batteries for applications that require both a constant power discharge for continual function and a pulse power for peak loads. In these applications, the ultracapacitor relieves batteries of peak power functions resulting in an extension of battery life and a reduction of overall battery size and cost. The cells are available with threaded terminals or with compact, weldable terminals.
Check out this amusing workspace submission from Henk Stegeman who lives and works in The Netherlands (which is widely referred to as the land of Elektor). We especially like his Dutch-orange power strips, which stand out in relation to the muted grey, white, and black colors of his IT equipment and furniture.
Some might call the space busy. Others might say it’s cramped. Stegeman referred to it his “comfort zone.” He must move and shift a lot of objects before he starts to design. But, hey, whatever works, right?
Attached you picture of my workspace.
Where ? (you might ask.)
I just move the keyboard aside.
To where ?
Euuh… (good question)
Visit Circuit Cellar‘s Workspace page for more write-ups and photos of engineering workbenches and tools from around the world!
Want to share your space? Email our editorial team pics and info about your spaces!
Today at EELive! in San Jose, CA, WIZnet announced a special promotion tied to the WIZnet Connect the Magic 2014 Design Challenge, which it is sponsoring. For a limited time, WIZnet is offering discounted WIZ550io Ethernet controller modules and W5500 chips via its webshop.
Disclosure: Elektor International Media and Circuit Cellar comprise the challenge administration team.
At this time, WIZnet’s WIZ550io is on sale for $9.95 (original price, $17.00) and the W550 cost $1.49 (original price, $2.87).
WIZnet’s WIZ550io is a module for rapidly developing ’Net-enabled systems. It is an auto-configurable Ethernet controller module that includes the W5500 (TCP/IP-hard-wired chip and PHY embedded), a transformer, and an RJ-45 connector. The module has a unique, embedded real MAC address and auto network configuration capability.
The W5500 is a hardwired TCP/IP embedded Ethernet controller that enables Internet connection for embedded systems using Serial Peripheral Interface (SPI).
Visit the WIZnet Connect the Magic 2014 Design Challenge webpage for more information about participation and eligibility.