Ebook - Foundations of Embedded Security Solutions

Download as pdf or txt
Download as pdf or txt
You are on page 1of 23

The foundations of

Embedded Security

Navigating threats and solutions in


the digital era
Contents

The foundations of embedded


security: Navigating threats and
solutions in the digital era

Introduction 01

1. The ten most critical cyber threats to your products 01

2. The risks of insecure software in business operations 03

3. Navigating security legislation: 13 best practices & 5 key 05


requirements

4. The pivotal role of code quality in embedded system security 09

5. The hidden costs of do-it-yourself (DIY) embedded 11


security solutions

6. Overcoming hurdles, convincing doubters 13

7. IAR’s security framework for embedded systems 15

8. Security solutions for all stages in a product’s lifecycle 19

Conclusion 21
Introduction

In an era where digital innovation is accelerating Whether you are a security expert, a software
at an exceptional pace, the significance of developer, or a business leader, this guide offers
Embedded Security has never been more invaluable insights and practical knowledge to
critical. “The foundations of embedded security: fortify your defenses against ever-changing cyber
navigating threats and solutions in the digital threats.
era” is a comprehensive guide designed to
navigate the intricate landscape of embedded
security. This content is an essential resource
for professionals keen to deepen their
understanding of embedded security risks, best
practices, and solutions.

1. The ten most critical cyber threats to your products

Microcontrollers are everywhere


Facing the cyber threat reality
In today’s digital landscape, microcontrollers are
integral to a wide range of everyday products, While the flexibility of microcontrollers is the
from smart home devices and automobiles to basis for so many products in our daily lives,
medical equipment and industrial machinery. it also introduces potential risks for users,
These compact yet essential components are the developers, and society as a whole. Especially
driving force behind modern technology, infusing due to the increasing connectivity, electronic
it with the intelligence and functionality that devices have become vulnerable and potential
define our interconnected world. Microcontrollers targets for cyberattacks. The threats for
are the reason why your AirTag can locate embedded devices without robust security
your bag, why your car can assist with parking, measures are manifold, but these are the ten
and why automated production lines work most critical cyber threats:
seamlessly. According to statistics, over 28
billion microcontroller units (MCUs) were shipped 1 Unauthorized access
globally in 2021, and this number is expected to
rise to 38 billion by 2027. Enables malicious actors to gain control of the
device or steal sensitive data.
Embedded software: the game changer
2 Data breaches
One key factor driving the popularity of Expose sensitive information of users or
microcontrollers in product development is their organizations to potential theft or misuse.
cost-effectiveness in comparison to dedicated
electronics. Their adaptability, enabled by 3 Malware and ransomware
embedded software, is a significant advantage,
allowing for modifications through software Disrupt the functionality of internet-connected
updates without the need for expensive product devices and make them subject to ransom
overhauls. The flexibility of MCUs extends payment demands.
product lifespans and enables continual
capability enhancements through cost-efficient 4 Denial-of-service (DOS) attacks
embedded software updates. This not only
benefits manufacturers but also ensures that Overwhelm the device with traffic, causing it to
consumers enjoy products that evolve to meet become unresponsive or unavailable.
their changing needs.

01
5 Firmware tampering security features to your devices.

Allows attackers to modify the software to inject Your partner in embedded security: IAR
malicious code or alter the device’s behavior.
IAR has grown into a trusted embedded security
6 Lack of encryption advisor. Our user-friendly development solutions
and methodologies focus on “Security made
Makes it possible to intercept and read data simple.” We offer assistance in secure production
transmitted between embedded devices and capabilities, helping you integrate customizable
other systems, putting data integrity and privacy security into your microcontroller-based
at risk. products.

7 Insecure software updates


Explore IAR’s Embedded
Inadequately secured mechanisms could allow Security Solutions
attackers to compromise the software update
process, potentially distributing malicious code
to all connected devices. Discover how IAR’s solutions can fortify your
products against cyber threats. Learn more
8 Physical attacks today!

Hardware tampering is especially dangerous


for embedded devices in critical systems if their
security measures do not protect against such
threats.

9 Supply chain vulnerabilities

Allow malicious components or firmware to be


inserted which could compromise the security
of embedded systems before they even reach
end-users.

10 Lack of patch management

Failure to update and patch embedded devices


regularly leaves them vulnerable to known
security vulnerabilities.

Each of these threats not only jeopardizes


your product but also poses risks to your entire
business. When MCUs are exploited, the
resulting issues can have far-reaching impacts
on OEMs.

Securing your products: a feasible goal

The good news is that many existing


security techniques are used to protect the
internet, financial transactions, and secure
communication systems that can also be
applied to safeguard products, including
microcontrollers. You do not have to be an expert
in embedded security or encryption to add

02
2. The risks of insecure software in business operations

Smart, but vulnerable devices This can result in reduced sales volumes and
negatively affect the OEM’s market position.
From smart thermostats and fitness trackers to
driver assistance systems and industrial robots, Loss of intellectual property
the landscape of modern electronic applications
is vast and varied. At the heart of these cutting- Unauthorized device interactions and security
edge products are versatile microcontrollers breaches may lead to the loss of valuable
and embedded software that equip them with intellectual property. Competitors or malicious
unique, specialized features. These devices offer entities could gain access to proprietary
unparalleled connectivity, making them not only algorithms, firmware, or software code, thereby
powerful and user-friendly but also vulnerable to reducing the OEM’s ability to differentiate and
cyberattacks. protect its innovations.

Sales and revenue impact


The underestimated threat to OEMs
A compromised product’s reliability and security
The challenges that arise from this connectivity can negatively affect sales volumes and revenue
go far beyond the affected product itself; they generation. Customers may hesitate to invest in
have far-reaching implications that can disrupt products perceived as vulnerable or unreliable,
the entire ecosystem of an OEM. When a product leading to decreased demand and potentially lost
falls victim to a cyberattack, it is not just an sales opportunities.
isolated incident. The consequences impact
multiple areas of the business: Compliance and legal consequences

Unauthorized device interaction Failure to address security risks and


unauthorized device interactions can result in
When embedded systems interact with non-compliance with industry regulations and
unauthorized devices, there is a potential for standards. Additionally, the OEM may face legal
security breaches and unauthorized access consequences and financial liabilities if security
to critical information. These non-authorized incidents lead to data breaches or other legal
devices may attempt to request sensitive data or issues.
trigger actions incorrectly, leading to unexpected
behavior in the embedded system. Customer loyalty and retention

Information security risks Security incidents can impact customer loyalty


and retention. Dissatisfied customers who
If unauthorized devices gain access to critical experience security-related issues may switch to
information through insecure interactions, it competitors’ products, leading to customer churn
can lead to data breaches and compromise the and reduced customer lifetime value.
confidentiality and integrity of sensitive data. This
concern is especially significant when dealing A single compromised product can set off a chain
with intellectual property (IP) or customer data. reaction that has the potential to destabilize an
entire company. Understanding these risks is
Brand reputation and trust critical for OEMs to master the complexities of
integrating secure, reliable embedded systems
Security breaches and unintended interactions into their products.
with unauthorized devices can significantly
impact the brand reputation of the OEM.
Customers rely on brands they trust, and security
incidents can erode that trust, leading to a loss of
confidence in the products and the brand itself.

03
Security made simple

IAR continuously enhances its solutions and


tools in response to new cyber security, as well
as emerging regulations and attack methods.
Through these efforts, IAR aims to uphold its
objective of “security made simple,” enabling
customers to effectively address the cyber
threats posed to their products and companies.

Although IAR is historically renowned for its


IAR Embedded Workbench development tools,
debug, and analysis tools, the IAR security
offering is grounded in the philosophy that any
development toolchain can be utilized. IAR’s
security techniques contribute to ensuring
device security with the IAR security framework:
authenticity, anti-rollback, active IP protection,
and anti-cloning.

Enhance your product


security with IAR

Discover how IAR can help secure


your products and safeguard your business.

04
3. Navigating security legislation:
13 best practices & 5 key requirements

From a legislative perspective, the security enforces three legal stipulations, while the
landscape for embedded devices is currently World Economic Forum has outlined five
undergoing a significant transformation. crucial recommendations. The ETSI EN 303
Across the globe, the push for stronger 645 (European Telecommunications Standards
security measures is picking up steam, with Institute) Standard establishes a comprehensive
various distinct sets of requirements and 13-point framework for security requirements,
recommendations emerging. Are you ready to and the IoT Security Foundation’s Assurance
learn about them all? Better fasten your seat belt! Framework includes over 100 actions, enabling
the classification of a device’s security level
The security legislation mosaic based on criteria such as confidentiality, integrity,
and availability.
The British PSTI Act (product security and
telecommunications infrastructure act)

Image 1: the security legislation


mosaic IAR. Source IAR

… and even more legislation Standards And Technology) federal procurement


directives, with the RED – Radio Equipment
In addition to these, existing legislation Directive also poised to play a role in shaping
incorporates the PSTI Act of 2022, the General the landscape. As the regulatory environment
Data Protection Regulation (GDPR), and the continues to evolve, we encounter frameworks
California And Oregon IoT Cybersecurity Laws. such as the IoT Cybersecurity Improvement
Anticipated regulations include the EU Cyber Act Of 2020 and Cybersecurity Labelling For
Resilience Act and NIST (National Institute Of Consumers.

05
Overall, the ETSI EN 303 645 European forefront of establishing best practices in this
standard for device security and the IoT security dynamic field.
foundation’s assurance framework are at the

Existing legislation
PSTI Act 2022 [2022]
General Data Protection Regulation (GDPR) [2018]
The California IoT Cybersecurity Law [2020]
The Oregon IoT Cybersecurity Law [2020]

New legislation
EU Cyber Resilience Act [2022]
NIST Federal Procurement [2021]

Upcoming legislation

Cybersecurity Labelling for Consumers [2023]


RED – Radio Equipment Directive [2025]

Evolving regulatory frameworks

The IoT Cybersecurity Improvement Act of 2020 [2020]

Best practices

ETSI EN 303 645 European Standard on Connected Device Security [2020]


IoT Security Foundation Assurance Framework [2021]

The EU, UK, and US regulations are mandatory, the WEF, which will lead you the way.
compelling companies to manufacture and
manage products throughout their lifecycle with 13 best practices from IoTSF
a sufficient security level to safeguard devices
against attacks. Non-compliance with these The IoT security foundation (IoTSF) assurance
regulations may result in fines of up to EUR 15 framework, designed to evaluate connected
million or 2.5% of worldwide turnover, as well as device security, utilizes compliance classes
potential imprisonment. to define a device’s security level based on
confidentiality, integrity, and availability. These
Overwhelmed? Don’t be! compliance classes are determined by assessing
a device’s adherence to a wide range of security
We understand that navigating through a sea criteria. Within this framework, the ETSI EN
of legal requirements can feel overwhelming, 303 645 European standard on device security
leaving everyone involved in a state of delineates 13 best practices.
desperation. However, there is a ray of hope in
the form of 13 best practices from IoTSF and
the top 5 key IoT security requirements from

06
Functional and non-functional requirements mitigate vulnerabilities and ensuring secure
communication protocols to protect data during
IAR played a crucial role in developing the 13 transmission.
best practices outlined in the ETSI EN 303 645
European standard and the IoTSF assurance Conversely, some best practices address non-
framework on embedded device security. functional aspects, acknowledging the broader
These 13 best practices encompass a blend security landscape. For instance, the requirement
of functional and non-functional requirements, for a vulnerability disclosure policy falls into this
aiming to establish a comprehensive security category. This policy outlines procedures for
foundation for devices. On the functional reporting and addressing security vulnerabilities,
side, some practices specify explicit security thereby fostering transparency and collaborative
tasks that a device should perform. These security improvement.
include maintaining up-to-date software to
Image 2: the loT security compliance
framework. Source loTSF

Security legislation across various governments Elimination of universal default passwords


has started to incorporate the ETSI EN 303
645 European standard’s 13 best practices Devices must no longer rely on easily predictable
as a subset of their security requirements for and exploitable default passwords, ensuring that
embedded devices. So by considering these security is not compromised right from the start.
practices, you can build a foundational framework
for your device’s safety and security. Regular software updates

Top 5 key IoT security requirements Consistent and timely software updates
are crucial to addressing vulnerabilities and
Additionally, the World Economic Forum bolstering overall security, preventing potential
(WEF) has identified the top 5 key IoT security exploits.
requirements for consumer-facing devices. You
are well advised to follow them:

07
Secure communication

Robust encryption protocols should be


implemented to guarantee the safe and
confidential transmission of data, protecting it
from unauthorized access.

Protection of personal data

Stringent measures are essential to safeguard


personal and sensitive data from falling into the
wrong hands, preserving user privacy.

Implementation of vulnerability disclosure policy

Establishing a framework for reporting and


addressing security flaws fosters transparency
and rapid remediation, enhancing overall security
posture.

These top 5 key IoT security requirements reflect


the increasing emphasis on security and privacy
in the IoT landscape, as governments and
organizations work to establish safeguards for
users and their devices.

IAR: Your security ally

Understanding global security legislation is


crucial for embedded systems. Knowing the best
practices and requirements can reassure you
that the situation is manageable. Remember,
you’re not alone in this challenge; IAR is part of
your security team. We provide the expertise and
tools to help integrate security features into your
software, ensuring compliance and safeguarding
your products.

Align your security legislation


strategy with IAR

Explore how you can ensure compliance


with security legislation and protect your
business.

08
4. The pivotal role of code quality in embedded system
security
The backbone of any secure embedded system, customers’ rising demands for secure devices.
including yours, lies in the quality of its code. At the same time, it has also just become too
Code quality, particularly in error handling and obligatory to comply with the ever-evolving
exception management, forms a critical line of regulations and standards set by legislative
defense against attackers seeking to exploit authorities worldwide. Code quality plays an
vulnerabilities. Building security into a product instrumental role in reducing vulnerabilities in
from inception through its entire lifecycle is not your system that can be exploited by attackers.
just beneficial – it is crucial. But why does code To be effective, you must design the security for
quality matter when it comes to the security of your product from its inception and continue to
your embedded systems? operate the products until they are taken out of
service – to make sure that both you and your
The importance of code quality customers remain protected.

Code quality is a multi-faceted concept: it Error and exception handling


includes all aspects of readability, maintainability,
performance, and (perhaps most importantly) Error and exception handling form the
security. In the context of embedded systems, cornerstone of high-quality, secure code. A
high code quality often translates into a more robust error handling mechanism ensures
reliable, efficient, and secure device. Code quality that the system maintains a known state
sets a baseline for security, dictating the device’s and continues to function safely even in the
resilience against malicious attacks. face of unforeseen conditions. Conversely,
poorly designed error handling can introduce
Code vulnerabilities are an easy target for vulnerabilities into the system, making it a target
hackers. But you can be sure that code quality is for malicious exploitation.
not just an issue for you! In fact, poor code quality
is a widespread problem. And there is quite a bit In secure error handling, you should catch and
of evidence to support the claim that bad coding securely process errors to prevent information
practices lead directly to vulnerabilities. leakage. You should strive to provide informative
error messages to assist with debugging and
“Quality performance metrics establish a maintenance. While doing so, you need to ensure
context for determining very high-quality that these messages do not reveal any sensitive
products and predicting safety and security system information that could be exploited by an
outcomes. Many of the common weakness attacker. Moreover, you must handle exceptions
enumerations (CWEs), such as the improper use with due care. Failing to catch exceptions can
of programming language constructs, buffer lead to system crashes or unpredictable behavior.
overflows, and failures to validate input values, It is crucial to understand the exceptions that
can be associated with poor quality coding could be thrown by your code and to implement
and development practices. Improving quality appropriate catch blocks to handle these
is a necessary condition for addressing some exceptions securely.
software security issues.” (quote from the paper
“Predicting software assurance using quality Designing security into the product lifecycle
and reliability measures by Carol Woody, Robert
Ellison and William Nichols from the software IAR is a leading provider of tools that facilitate
engineering institute at the Carnegie Mellow the development of high-quality, secure code.
University) We offer a wide array of resources and tools to
support developers through the entire product
From a product’s cradle to its grave lifecycle: from the earliest stages of code
development up to facilitating reliable security in
High-quality code is essential to meet the the device in use. Here’s how we can support you:

09
Quality code development bounds issues and heap integrity. With this,
C-RUN ensures that your code performs as
For writing high-quality, secure code, you need expected under various conditions and that all
robust development tools to create a reliable errors and exceptions are handled securely.
basis. For C/C++ development, IAR offers the
IAR Embedded Workbench – which supports Lifecycle support
15.000 devices from over 70 semiconductor
manufacturers, including MCUs based on As we all know, security is not an on-off task but
architectures like Arm, and RISC-V. a continuous process. As mentioned before,
from the product’s cradle to its grave. At IAR,
The IDE (Integrated Development Environment) we provide ongoing support for our products,
comprises a highly optimizing C/C++ compiler ensuring that they offer high-security levels even
and a series of powerful debugging tools. as threats evolve.
These include code analyzers that help you
identify potential vulnerabilities and suggest Security and code quality: An inseparable duo
improvements to enhance code quality.
High-quality code forms the foundation of
Code analysis and review secure embedded systems. Focusing on error
and exception handling greatly bolsters system
To catch potential issues early and to improve security. IAR’s suite of tools supports this journey,
your application’s security, you need to establish offering comprehensive assistance in developing
a smooth code review process. The code analysis secure, high-quality code. Remember, security
tools used in this process come in two basic is intertwined with code quality; overlooking
flavors: 1) static analysis tools which look only at one affects the other. But with the right tools,
the source code of the application and 2) runtime identifying and rectifying issues becomes more
(or dynamic) analysis tools which instrument the manageable, paving the way to robust security.
code looking for weaknesses like null pointers
and data injection methods. From experience, we
encourage rigorous code reviews with automated Discover the power of IAR
tools that facilitate this process and make it more solutions
efficient.

Code analysis tools like C-STAT from IAR include Keen to explore how the IAR Embedded
CWE, MISRA, and CERT C checks. These three Workbench and our security solutions can
rulesets together form a great combination of elevate code quality and your project’s
coding practices that promote security. Some security?
rulesets overlap with others but also provide
some unique features to help ensure your code
has high security. Using these standards in your
development process also helps to ensure that
you have the best possible code quality and
might even find some latent defects in your code.

Testing and verification

High-quality code is well-tested code. For this,


IAR provides you with testing and verification
tools like C-RUN. This runtime analysis tool
is completely integrated with IAR Embedded
Workbench and analyzes the application
execution directly within the development
environment. It checks for arithmetic issues,

10
5. The hidden costs of do-it-yourself (DIY) embedded
security solutions
Embedded Security plays a crucial role in Inability to optimize and utilize microcontroller’s
today’s Internet-of-Things (IoT) world, requiring resources
careful consideration by original equipment
manufacturers (OEMs). Choosing between Limited expertise and resources in optimizing
developing an embedded security solution in- microcontroller resources pose challenges
house or relying on specialized services like IAR when developing an in-house or open-source
Embedded Security solutions involves evaluating Embedded Security solution. Microcontrollers
various factors. have strict limitations in processing power,
memory, and energy consumption. Without
In the quest for robust embedded security specialized guidance, suboptimal resource
solutions, OEMs often find themselves at a utilization may lead to higher costs, decreased
crossroads. There are understandable concerns performance, and compromised security. Deep
about future parts availability, vendor changes, knowledge and experience in embedded security
and the complexity of implementation. So the are crucial for striking the right balance.
decision to adopt off-the-shelf professional
security solutions, embark on a do-it-yourself Risk of incomplete security
(DIY) approach while using freeware tools, or seek
assistance from security consultants becomes In-house development poses a risk of potential
increasingly challenging. security vulnerabilities if the OEM lacks deep
expertise in embedded security. Without the
Here are a few hints on what to consider when guidance of specialized security providers,
deciding between DIY approach/freeware tools there is a higher likelihood of overlooking crucial
versus commercial security solutions: security aspects or implementing suboptimal
security measures.
Costs of in-house embedded security
solutions Maintenance and upgrades

Time and resources Building an in-house security solution also entails


ongoing maintenance and upgrades. OEMs must
Developing an embedded security solution allocate resources for continuous monitoring,
in-house requires significant time, effort, and patching vulnerabilities, and adapting to evolving
resources. OEMs must invest in hiring and security threats. Failure to keep up with security
training skilled professionals, conducting updates can leave the system exposed to risks.
research and development, and performing
thorough testing and validation. These factors Incalculable freeware tools
can lead to increased development timelines and
costs. Free tools often carry hidden costs, which are
manifested in increased system administration
The costly path of security consultants and integration time, lack of formal support
leading to extensive troubleshooting, and
Recognizing the complexities involved, some additional training needs. Moreover, unexpected
OEMs seek assistance from security consultants. expenses can accumulate when these tools fall
Relying on an external security consultant can short in functionality, further intensified by the
result in high consulting fees, extended project lack of clear technical roadmaps and inconsistent
timelines, and potential misalignment between community support.
the organization’s goals and the consultant’s
recommendations.

11
Benefits on using out-of-box embedded enhance the security posture. Overall, leveraging
security solutions IAR Embedded Security solutions offers a
comprehensive and efficient approach to
Expertise and experience embedded security, surpassing the limitations
and challenges of in-house development.
IAR Embedded Security solutions are based on
specialized expertise in embedded security. They Rethinking free tools
bring in-depth knowledge, best practices, and
experience from IAR working with a wide range Free tools may seem attractive but can result in
of OEMs across different industries. This ensures greater long-term costs from inefficiencies and
robust security measures and reduces the risk of the need for compensating resources. Investing
oversight. in premium commercial solutions like IAR’s
offers substantial benefits in productivity and
Time and cost efficiency innovation, outweighing the initial costs.

Outsourcing to specialized providers can


accelerate the development process, saving
time and reducing costs. They have established Customized investment
frameworks, pre-developed components, and analysis
tools that streamline the implementation of
security solutions, allowing OEMs to focus on
their core competencies. Interested in a tailor-made analysis of your
tool investment? Learn how IAR can provide
Continuous support and updates a cost-effective, secure, and efficient
solution for your needs.
Security providers like IAR offer continuous
support and regular updates to address
emerging threats and vulnerabilities. They stay
up to date with the evolving security landscape
and even the emerging security legislation,
providing timely patches and upgrades to keep
the embedded systems secure.

Time to market

Many organizations opt for off-the-shelf solutions


provided by silicon vendors. These solutions
offer convenience and a level of security, but
concerns arise regarding future parts availability
and potential vendor changes. Organizations risk
being locked into a specific vendor’s ecosystem,
potentially limiting flexibility and adaptability.

In conclusion, opting for IAR Embedded Security


solutions provides significant advantages
over in-house embedded security solution
development or using free tools. IAR brings
specialized expertise, best practices, and
experience, ensuring robust security measures
while reducing the risk of oversight. The use
of IAR solutions saves time, reduces costs,
and allows organizations to focus on their core
competencies. Continuous support, updates,
and access to off-the-shelf solutions further

12
6. Overcoming hurdles, convincing doubters

When original equipment manufacturers (OEMs) Comprehensive security frameworks


consider adopting external embedded security
solutions, they often face obstacles that can External solutions offer comprehensive security
hinder the decision-making process. These frameworks that provide a solid foundation for
challenges are not unique to the sales cycle scalability and flexibility. These frameworks
of IAR Embedded Security solutions but are enable customization and integration with
prevalent in the broader context of companies existing systems, ensuring that the security
embracing external solutions. Let’s talk about solution aligns with specific organizational needs
the common obstacles encountered and the while maintaining high-security standards.
potential risks associated with the minimum
viable solution approach in in-house embedded Long-term security focus
security development.
External solutions are designed with a long-
Hidden competitors: engineers and term perspective, considering evolving threats
apprehensions and future requirements. Regular updates,
patches, and enhancements provided by external
One common hurdle in adopting external providers ensure that embedded systems remain
embedded security solutions is the resistance resilient against emerging security risks.
from in-house engineers. Concerns about job
security may lead them to oppose external Optimizing resources
solutions, fearing that their expertise will become
redundant. In fact, this may also apply to key Adopting external solutions allows OEMs to
decision-makers, including the security officers, optimize internal resources by reallocating
security compliance manager and security/law expertise to strategic areas such as system
enforcement professionals. integration, customization, and innovation. This
not only enhances the security solution but also
The risks of minimum viable solutions empowers engineers to contribute to higher-
value initiatives.
OEMs often opt for minimum viable solutions in
their in-house embedded security development Collaboration and support
efforts. While these solutions may provide
short-term benefits, they often lack the flexibility Successful transformation requires collaboration
and scalability required to meet long-term between internal teams and external providers.
security goals. Without specialized expertise By fostering this collaboration, OEMs can
and access to advanced security technologies, leverage the knowledge and ongoing support of
such solutions may result in suboptimal security external providers, ensuring that the transformed
measures and increased vulnerability to cyber solution meets their security goals and remains
threats. adaptable to future needs.

A scalable, flexible, and secure solution Transforming security: empowering teams


and future-proofing solutions
To address the limitations of a minimum viable
solution, OEMs can leverage external embedded By embracing external embedded security
security solutions to transform it into a scalable, solutions, OEMs can turn their minimum viable
flexible, and secure system. By collaborating solution into a scalable, flexible, and secure
with specialized external providers like IAR, system. Leveraging specialized expertise,
organizations can unlock a bunch of benefits: comprehensive frameworks, and collaboration,
organizations can overcome the challenges of
in-house development and achieve a robust and
future-proof approach to embedded security.

13
This transformation empowers companies to
address the concerns of key stakeholders and
enables engineers to contribute their expertise
to strategic development initiatives, ensuring the
long-term success of the embedded security
solution.

Ready to address doubts


and build consensus?

Need more insights and data to convince


skeptics in your organization? Explore how
IAR can provide the solutions and support to
move forward.

14
7. IAR’s security framework for embedded systems

The implementation of cybersecurity is a when opening a bank account, you wouldn’t


task that is best started today, not tomorrow. disclose your employment status to a stranger
However, the introduction of embedded security on the street. As humans, we are constantly
at microcontroller level requires specialist assessing the authenticity of data and requests
knowledge and experience that not every that are presented to us.
development team can provide. The latest ISC2
cybersecurity workforce study 2023 points Regulatory authorities aid us in assessing the
out that staffing shortages and skills gaps are credibility of those seeking information, often
consistent challenges for 67% of the companies through means like identification cards or bank
surveyed. The “global cybersecurity workforce account details. Financial institutions similarly
gap” is 3.4 million missing security professionals implement measures to confirm our identity
– and rising. So, the likelihood of being able to prior to interacting with us. These methods
hire an expert for embedded security in a timely encompass elements like date of birth, security
manner, therefore, seems low. questions, addresses, and phone numbers, all of
which contribute to establishing our authenticity
Security made simple and safeguarding our interactions.

At IAR, we have recognized the necessity for Likewise, an embedded product functions
a simpler approach to embedded security. similarly to a human. It receives information that
We help individuals who are new to the field could potentially be modified or originate from
or have limited technical expertise to tackle an unauthorized source. Just like a person, an
the complexity of security concepts. So even embedded product needs to confirm its validity
if you struggle with terms like PKI (public key and authenticity before interacting with other
infrastructure), CSR (certificate signing request), devices. This is crucial to prevent attackers
side channel attacks, root of trust, secure from seizing control of the device. In essence,
vaults, and PUF (physically unclonable function) the product must be able to validate the data
technology, don’t let yourself get discouraged. it receives and prove to other devices that it is
genuinely authentic.
By “simplifying security”, IAR Embedded Security
solutions is enabling customers to effectively Many of the challenges associated with proving
address the cyberthreats posed to their products. authenticity have been tackled before and are
And IAR is constantly developing its solutions foundational to the operation of the internet. The
and tools in response to new challenges faced key challenge lies in adapting these solutions to
by customers and partners, as well as emerging function on low-cost microcontrollers.
regulations and attack methods.
Active intellectual property (IP) protection
IAR’s security framework
Product developers invest significant resources
We earn our customers’ trust by explaining the in both product development and the embedded
security techniques we employ with the IAR software it encompasses. These investments
4A’s for embedded security”: authenticity, anti- can range from a small team of engineers’ efforts
rollback, active IP protection, and anti-cloning to the collective work of hundreds of engineers
– these 4 security techniques are essential for over several years, often amounting to tens of
ensuring device security. millions of dollars. This investment in intellectual
property (IP) is undertaken with the expectation of
Authenticity recouping costs through product sales. However,
if this valuable IP is extracted and exploited,
In our daily lives, we each follow an individual set the anticipated return on investment may not
of rules when deciding what information to share materialize. This puts the company’s viability at
with whom. While you would share your birthdate risk and acts as a deterrent to future investments.

15
Embedded devices are susceptible to attacks is not designed with security in mind, it can
that essentially involve gaining unauthorized inadvertently introduce further security risks to
access to the software. This could occur the product. This might involve opening avenues
during development, the transfer of software for unauthorized software installation (touching
to devices during manufacturing, or during upon authenticity) or potentially leaking the
device operation. The latter scenario involves intellectual property of the equipment provider.
exploiting vulnerabilities in test/debug interfaces, Additionally, a unique exposure emerges: the
intercepting electrical signals, installing possibility of loading older software with known
unauthorized software to extract the main vulnerabilities into the product. This older
software, or utilizing advanced methods like software can then be exploited to attack the
memory skimming or probing using cutting-edge product through the vulnerabilities or backdoor
technology known as “side-channel analysis” (or mechanisms of the previous software. To counter
“side-channel attacks”). this, an approach called anti-rollback can be
implemented, which essentially prevents the
While techniques to address IP protection are installation of older software into a device.
developed, it is important to acknowledge that
all strategies have their vulnerabilities and can Anti-cloning
potentially be breached by malicious actors.
Ultimately, the efficacy of these techniques is Cloning, at its core, involves creating an exact
determined by the economic factors associated replica of a product by a third party, thereby
with addressing the risks. depriving the original product developer of
rightful revenue. This practice carries a dual
IP protection is closely linked to safeguarding consequence: clones might exhibit slight
user information stored within the product. This differences that result in not good enough
data, if accessed, could be exploited for various performance, losing the reputation of the original
crimes against the users, thereby affecting both equipment supplier and leading to unwarranted
them and the product’s reputation. claims.

Anti-rollback (and software updates)


Consider an example of anti-cloning measures
Automated software updates on computers in action: an embedded device like a smart car
and smartphones introduce new functionalities door lock contains unique cryptographic keys
to products – but also add features to address that are tied to the original manufacturer. These
known bugs and vulnerabilities in the software. keys ensure that only genuine devices can
Vulnerabilities essentially represent flaws within communicate with other trusted components, like
the original software that, if left unattended, could a mobile app or a centralized server. If an attempt
enable malicious actors to extract information is made to clone the device, the cryptographic
from the product, take control of it, or cause keys will not match, rendering the clone unable
damage in various ways. to establish secure connections or access
authorized functionalities.
Embedded software products share a similar
pattern. Many of them are highly complex: the Anti-cloning techniques can be deployed in
car software in a modern vehicle apparently uses various ways. One approach involves guarding
100 million lines of code while the smartphone against overproduction by approved contract
operating system runs on 12 to 15 million lines, manufacturers, who might exceed agreed-upon
inevitably leading to bugs and vulnerabilities. production volumes and distribute clones on
The device becomes susceptible to potential the unauthorized market. Employing techniques
criminal activities if these issues are not resolved. like secure device provisioning and strict supply
Consequently, embedded products necessitate chain controls can mitigate this risk.
a means of updating their software. This need to
maintain up-to-date software is a foundational Another approach focuses on preventing
principle underpinning various legislations. unauthorized copying of microcontroller content
into new or unprogrammed devices. Robust
However, if the software update mechanism authentication mechanisms, secure boot

16
processes, and cryptographic techniques can portion must be individualized for each device.
be implemented to ensure that only authorized Examples of such unique data include the
programming data is loaded onto devices during specific identity of the device and protective
manufacturing, deterring cloning attempts. measures to prevent a security breach in one
device from jeopardizing the security of all others.
In essence, effective anti-cloning strategies
address the threat by safeguarding against Deploying this information to a device before it
overproduction and preventing unauthorized becomes operational is a fundamental tenet of
replication of device content, particularly during security legislation and IAR’s approach. Security
large-scale manufacturing processes. extends beyond merely comprehending and
configuring products during development;
Unique device context it encompasses how information is securely
transferred to the production environment and
For each of the functionalities encompassed how each device’s unique context is generated
by the “IAR’s security framework” to operate on the production line.
effectively, every product requires essential raw In essence, the security of an embedded device
information. This information includes details is not just about its development phase but also
about entities it can trust, its own distinct identity, hinges on the secure transmission of sensitive
and the methods, keys, and passwords used to information during production, ensuring that each
safeguard itself. device’s distinct identity and security parameters
are established before it enters operational use.
While some of this information is common across
all products, such as central server addresses At one glance: IAR security framework
and device unlocking passwords, a significant

Image 3: the IAR security framework.


Source IAR

17
Security tailored to your needs

As trusted advisors in embedded security,


IAR offers end-to-end solutions that cater
to organizations of all expertise levels. From
development to production, our tools enable the
integration of customizable security features
into your products, enhancing security without
the need for in-depth theoretical knowledge.
Our approach is to equip you with the tools and
knowledge to make informed security decisions
that best suit your product requirements.

In summary: the IAR security framework

The IAR’s security framework offers a


comprehensive approach to embedded
security, breaking down complex concepts into
manageable components. This framework not
only addresses the immediate security needs of
your products but also ensures their long-term
resilience against emerging threats.
If the intricacies of embedded security seem
daunting, IAR is here to guide you through.
Whether you’re enhancing an existing product
or starting anew, IAR solutions are designed to
simplify the process and secure your innovations.

Ready to elevate your


embedded security?

Discover how IAR Embedded


Security solutions can empower your
projects, regardless of your prior expertise in
security.

18
8. Security solutions for all stages in a product’s lifecycle

We have now explained at length that security is IAR Embedded Security solutions effortlessly
not a feature for a future-proof embedded system weave security into your development and
– but that security is an absolute necessity: to manufacturing process, whether you are using
ensure the integrity, confidentiality, and resilience other IAR software development products or not.
of your embedded applications. Embedded We focus on threats to embedded devices, from
security is designed to protect the hardware, its small microcontrollers with a few KBs of memory,
operating system, boot and user applications, up to complex, multi-core devices with advanced
and data stored or processed, and it applies to features.
both connected and non-connected products.
IAR’s mission is to make embedded security a IAR Embedded Security solutions are based on
seamless part of your product’s development three key pillars: IAR Embedded Trust (security
process from development to pre-production, from inception), IAR Embedded Secure IP (a late-
volume production, and operational life. So may stage security solution) and IAR Secure Deploy.
we introduce IAR Embedded Software solutions! In addition, we provide a consultative solution
engineering approach where we can adapt our
At any stage, at any expert level existing tools and solutions to meet customer
needs.
IAR offers comprehensive security tools allowing
you to focus on your core competencies and At one glance: IAR Embedded Security
not worry about having to be a security expert. solutions

Image 4: Security in the product’s


lifecycle with IAR. Source IAR.

IAR Embedded Trust: building security configuration and building of the enforcement
from inception software used to protect the device. It is the most
suitable solution for new embedded development
The foundation of security must be laid from the or major system updates. From the initial concept
very beginning of your product’s development to the final deployment, IAR Embedded Trust
lifecycle. IAR Embedded Trust enables easy helps you infuse robust security

19
measures into your embedded systems. enable a level of Embedded Security with minimal
change. IAR Embedded Secure IP is a versatile
IAR Embedded Trust is completely platform- solution designed to fortify the security of your
independent and is compatible with the most embedded systems even when they are already
common development IDEs. By using the secure in the field.
application maker (SAM) tool together with
the stand-alone security context manager, the IAR Secure Deploy: secure transfer and
security and trust provided by IAR Embedded provisioning
Trust can be added to the secure boot manager
and applications built outside of IAR Embedded IAR Secure Deploy operates in tandem with a
Workbench. hardware security module, enabling rigorous
control over the device’s production and
IAR Embedded Secure IP: enhancing security provisioning process. Seamlessly decrypting the
at a late stage production package and working within a trusted
environment, it prevents unauthorized access
Security is an ongoing journey within a product’s during sensitive phases, ensures controlled
lifecycle. In some cases, you may need to overproduction to mitigate counterfeiting
enhance the security of an existing design or risks, generates and signs device certificates
deploy additional layers of protection in later to establish authenticity, securely injects
stages of development or in products already provisioned data for personalized configurations,
poised for production. This is where IAR and accurately programs authorized images onto
Embedded Secure IP comes into play as it can the device.

Image 5: End-to-end Embedded Security


with IAR security solutions. Source IAR.

Comprehensive security components - Device context establishment to prove


its authenticity to the rest of the world, and –
IAR Embedded Security solutions are - Secure boot mechanisms to safeguard
meticulously crafted around the fundamentals against unauthorized access during startup.
of embedded security, encompassing a
comprehensive range of essential elements. The solutions also encompass a tailored
These include: development environment, focusing on security
at the code creation stage, coupled with robust
- A secure configuration to fortify security code quality assessment.
policy settings,

20
Furthermore, secure APIs is designed to allow
application to access the secure memory, while Ready to elevate your security in
secure transfer and production procedures the product’s lifecycle?
guarantee the integrity of software production
package during transit and manufacturing. The
holistic approach extends to secure provisioning,
guaranteeing that only authorized entities gain Discover more about how IAR Embedded
software production package access and devices Security solutions can transform your
are securely provisioned. A dynamic software development process at www.IAR.com/
update mechanism, ensuring ongoing protection products/security.
against emerging threats. In amalgamating
these key components, IAR Embedded Security Connect with us for a no-obligation
solutions establish a robust and multi-layered discussion and unlock the full potential of
defense for embedded systems against a diverse your embedded projects.
array of security risks.

Conclusion Whether you are a seasoned security


professional or new to the field, this book has
The key to navigating the complexities of armed you with knowledge and strategies to
embedded security lies in understanding face the challenges of embedded security.
the multifaceted nature of the challenges, In an era where digital threats are constantly
embracing collaborative approaches, and evolving, staying informed and vigilant is not just
choosing comprehensive, expert-driven solutions a necessity; it’s imperative.
like those offered by IAR. By prioritizing code
quality, recognizing the hidden costs of DIY
(do-it-yourself) solutions, overcoming internal Ready for tomorrow’s
resistance, and adopting a holistic security challenges?
framework that covers all stages of a product’s
lifecycle, organizations can build robust, secure,
and future-proof embedded systems. IAR stands
as a pivotal partner in this journey, offering Embrace the future with confidence. Partner
the expertise, tools, and support necessary to with IAR for a proactive and comprehensive
navigate the evolving landscape of embedded approach to embedded security.
security successfully.

21

You might also like