Security of 'Things' to be embedded
The exhibition and conference set a new record for attendance with more than 26,700 international trade visitors and 856 exhibitors from 35 countries with 1,500 participating in the conference.
No matter where technical innovations arise nor what their electronic components may be, embedded systems now have a part to play, whether in medical technology, the automotive and aviation industries, household equipment or mobile devices. And as devices communicate, the information becomes vulnerable to interception.
The conference kicked off with a keynote speech from David Kleidermacher, CTO of Green Hills Software, addressing security in the Internet of Things (IoT). Despite seeing IoT as a natural evolution for embedded systems, Kleidermacher noted that the rapid assimilation of trillions of objects into the internet over the next decades poses an unprecedented privacy and security challenge that must be dealt with in advance.
In his paper, “Security in Cyber Physical Systems (CPS)” by Michael Wagner of the Nuremberg branch of Fraunhofer IIS (Institute of Integrated Circuits), security was described as an integral part of personal computing. There is always a talk about huge libraries containing numerous crypto algorithms, key agreement mechanisms, hash algorithms, etc., which leads to accumulation of software resources needed to establish a secure connection between any two PCs on the planet.
Since embedded systems use the PC's operating system, they end up having the same software packages. Still there remains a reasonable doubt about how it can be proven that a system is secure. The proof for a standard PC system should involve all the modules and components accessible to an attacker. These include not only the network stacks from the hardware to the communication sockets (TCP/IP) but also the OS, its process separation, DMAs, interrupts and other modules.
And security doesn't only mean the threat of hackers and viruses, but includes plagiarism or licence violations from accessing the local debug features, which is foreseeable for an embedded system, but totally unheard of in the PC world. Wagner showed how the necessary security level can be reached by dividing the system into three parts: first, the stacks connected to the outer world (black), second, a security bridge defence and third, the protected world of secrets (red) with its local interfaces. The proof of security now concentrates on the line of defence inside the security bridge and the separation of the red and black sectors. The bridge software can be concentrated to a few hundred lines of code, enabling a clear proof of security in a short duration.
Finally, Wagner concluded by describing an architecture that combines cost efficiency, high security level and M2M features to form a new CPS platform. n
EXTRA: Three branches of security architectures
There are three branches of security architectures. They differ in their application, the risks of a successful attack and in the priorities of the customers. All three use different system designs, algorithms, measures and at times even a different vocabulary to describe common concepts.
The three branches are military security, embedded security (mainly used for mobile phones) and PC security. Cyber physical systems (CPS) are seen as the backbone of the future industry. They act without permanent human control, communicate with other CPS, order material and sell products world-wide and control locally-connected machinery. In the smart grid energy will be traded and generation, distribution, consumption and storage are controlled. The wide field of applications in this scenario includes high volume.