Ebook - Foundations of Embedded Security Solutions
Ebook - Foundations of Embedded Security Solutions
Ebook - Foundations of Embedded Security Solutions
Embedded Security
Introduction 01
Conclusion 21
Introduction
In an era where digital innovation is accelerating Whether you are a security expert, a software
at an exceptional pace, the significance of developer, or a business leader, this guide offers
Embedded Security has never been more invaluable insights and practical knowledge to
critical. “The foundations of embedded security: fortify your defenses against ever-changing cyber
navigating threats and solutions in the digital threats.
era” is a comprehensive guide designed to
navigate the intricate landscape of embedded
security. This content is an essential resource
for professionals keen to deepen their
understanding of embedded security risks, best
practices, and solutions.
01
5 Firmware tampering security features to your devices.
Allows attackers to modify the software to inject Your partner in embedded security: IAR
malicious code or alter the device’s behavior.
IAR has grown into a trusted embedded security
6 Lack of encryption advisor. Our user-friendly development solutions
and methodologies focus on “Security made
Makes it possible to intercept and read data simple.” We offer assistance in secure production
transmitted between embedded devices and capabilities, helping you integrate customizable
other systems, putting data integrity and privacy security into your microcontroller-based
at risk. products.
02
2. The risks of insecure software in business operations
Smart, but vulnerable devices This can result in reduced sales volumes and
negatively affect the OEM’s market position.
From smart thermostats and fitness trackers to
driver assistance systems and industrial robots, Loss of intellectual property
the landscape of modern electronic applications
is vast and varied. At the heart of these cutting- Unauthorized device interactions and security
edge products are versatile microcontrollers breaches may lead to the loss of valuable
and embedded software that equip them with intellectual property. Competitors or malicious
unique, specialized features. These devices offer entities could gain access to proprietary
unparalleled connectivity, making them not only algorithms, firmware, or software code, thereby
powerful and user-friendly but also vulnerable to reducing the OEM’s ability to differentiate and
cyberattacks. protect its innovations.
03
Security made simple
04
3. Navigating security legislation:
13 best practices & 5 key requirements
From a legislative perspective, the security enforces three legal stipulations, while the
landscape for embedded devices is currently World Economic Forum has outlined five
undergoing a significant transformation. crucial recommendations. The ETSI EN 303
Across the globe, the push for stronger 645 (European Telecommunications Standards
security measures is picking up steam, with Institute) Standard establishes a comprehensive
various distinct sets of requirements and 13-point framework for security requirements,
recommendations emerging. Are you ready to and the IoT Security Foundation’s Assurance
learn about them all? Better fasten your seat belt! Framework includes over 100 actions, enabling
the classification of a device’s security level
The security legislation mosaic based on criteria such as confidentiality, integrity,
and availability.
The British PSTI Act (product security and
telecommunications infrastructure act)
05
Overall, the ETSI EN 303 645 European forefront of establishing best practices in this
standard for device security and the IoT security dynamic field.
foundation’s assurance framework are at the
Existing legislation
PSTI Act 2022 [2022]
General Data Protection Regulation (GDPR) [2018]
The California IoT Cybersecurity Law [2020]
The Oregon IoT Cybersecurity Law [2020]
New legislation
EU Cyber Resilience Act [2022]
NIST Federal Procurement [2021]
Upcoming legislation
Best practices
The EU, UK, and US regulations are mandatory, the WEF, which will lead you the way.
compelling companies to manufacture and
manage products throughout their lifecycle with 13 best practices from IoTSF
a sufficient security level to safeguard devices
against attacks. Non-compliance with these The IoT security foundation (IoTSF) assurance
regulations may result in fines of up to EUR 15 framework, designed to evaluate connected
million or 2.5% of worldwide turnover, as well as device security, utilizes compliance classes
potential imprisonment. to define a device’s security level based on
confidentiality, integrity, and availability. These
Overwhelmed? Don’t be! compliance classes are determined by assessing
a device’s adherence to a wide range of security
We understand that navigating through a sea criteria. Within this framework, the ETSI EN
of legal requirements can feel overwhelming, 303 645 European standard on device security
leaving everyone involved in a state of delineates 13 best practices.
desperation. However, there is a ray of hope in
the form of 13 best practices from IoTSF and
the top 5 key IoT security requirements from
06
Functional and non-functional requirements mitigate vulnerabilities and ensuring secure
communication protocols to protect data during
IAR played a crucial role in developing the 13 transmission.
best practices outlined in the ETSI EN 303 645
European standard and the IoTSF assurance Conversely, some best practices address non-
framework on embedded device security. functional aspects, acknowledging the broader
These 13 best practices encompass a blend security landscape. For instance, the requirement
of functional and non-functional requirements, for a vulnerability disclosure policy falls into this
aiming to establish a comprehensive security category. This policy outlines procedures for
foundation for devices. On the functional reporting and addressing security vulnerabilities,
side, some practices specify explicit security thereby fostering transparency and collaborative
tasks that a device should perform. These security improvement.
include maintaining up-to-date software to
Image 2: the loT security compliance
framework. Source loTSF
Top 5 key IoT security requirements Consistent and timely software updates
are crucial to addressing vulnerabilities and
Additionally, the World Economic Forum bolstering overall security, preventing potential
(WEF) has identified the top 5 key IoT security exploits.
requirements for consumer-facing devices. You
are well advised to follow them:
07
Secure communication
08
4. The pivotal role of code quality in embedded system
security
The backbone of any secure embedded system, customers’ rising demands for secure devices.
including yours, lies in the quality of its code. At the same time, it has also just become too
Code quality, particularly in error handling and obligatory to comply with the ever-evolving
exception management, forms a critical line of regulations and standards set by legislative
defense against attackers seeking to exploit authorities worldwide. Code quality plays an
vulnerabilities. Building security into a product instrumental role in reducing vulnerabilities in
from inception through its entire lifecycle is not your system that can be exploited by attackers.
just beneficial – it is crucial. But why does code To be effective, you must design the security for
quality matter when it comes to the security of your product from its inception and continue to
your embedded systems? operate the products until they are taken out of
service – to make sure that both you and your
The importance of code quality customers remain protected.
09
Quality code development bounds issues and heap integrity. With this,
C-RUN ensures that your code performs as
For writing high-quality, secure code, you need expected under various conditions and that all
robust development tools to create a reliable errors and exceptions are handled securely.
basis. For C/C++ development, IAR offers the
IAR Embedded Workbench – which supports Lifecycle support
15.000 devices from over 70 semiconductor
manufacturers, including MCUs based on As we all know, security is not an on-off task but
architectures like Arm, and RISC-V. a continuous process. As mentioned before,
from the product’s cradle to its grave. At IAR,
The IDE (Integrated Development Environment) we provide ongoing support for our products,
comprises a highly optimizing C/C++ compiler ensuring that they offer high-security levels even
and a series of powerful debugging tools. as threats evolve.
These include code analyzers that help you
identify potential vulnerabilities and suggest Security and code quality: An inseparable duo
improvements to enhance code quality.
High-quality code forms the foundation of
Code analysis and review secure embedded systems. Focusing on error
and exception handling greatly bolsters system
To catch potential issues early and to improve security. IAR’s suite of tools supports this journey,
your application’s security, you need to establish offering comprehensive assistance in developing
a smooth code review process. The code analysis secure, high-quality code. Remember, security
tools used in this process come in two basic is intertwined with code quality; overlooking
flavors: 1) static analysis tools which look only at one affects the other. But with the right tools,
the source code of the application and 2) runtime identifying and rectifying issues becomes more
(or dynamic) analysis tools which instrument the manageable, paving the way to robust security.
code looking for weaknesses like null pointers
and data injection methods. From experience, we
encourage rigorous code reviews with automated Discover the power of IAR
tools that facilitate this process and make it more solutions
efficient.
Code analysis tools like C-STAT from IAR include Keen to explore how the IAR Embedded
CWE, MISRA, and CERT C checks. These three Workbench and our security solutions can
rulesets together form a great combination of elevate code quality and your project’s
coding practices that promote security. Some security?
rulesets overlap with others but also provide
some unique features to help ensure your code
has high security. Using these standards in your
development process also helps to ensure that
you have the best possible code quality and
might even find some latent defects in your code.
10
5. The hidden costs of do-it-yourself (DIY) embedded
security solutions
Embedded Security plays a crucial role in Inability to optimize and utilize microcontroller’s
today’s Internet-of-Things (IoT) world, requiring resources
careful consideration by original equipment
manufacturers (OEMs). Choosing between Limited expertise and resources in optimizing
developing an embedded security solution in- microcontroller resources pose challenges
house or relying on specialized services like IAR when developing an in-house or open-source
Embedded Security solutions involves evaluating Embedded Security solution. Microcontrollers
various factors. have strict limitations in processing power,
memory, and energy consumption. Without
In the quest for robust embedded security specialized guidance, suboptimal resource
solutions, OEMs often find themselves at a utilization may lead to higher costs, decreased
crossroads. There are understandable concerns performance, and compromised security. Deep
about future parts availability, vendor changes, knowledge and experience in embedded security
and the complexity of implementation. So the are crucial for striking the right balance.
decision to adopt off-the-shelf professional
security solutions, embark on a do-it-yourself Risk of incomplete security
(DIY) approach while using freeware tools, or seek
assistance from security consultants becomes In-house development poses a risk of potential
increasingly challenging. security vulnerabilities if the OEM lacks deep
expertise in embedded security. Without the
Here are a few hints on what to consider when guidance of specialized security providers,
deciding between DIY approach/freeware tools there is a higher likelihood of overlooking crucial
versus commercial security solutions: security aspects or implementing suboptimal
security measures.
Costs of in-house embedded security
solutions Maintenance and upgrades
11
Benefits on using out-of-box embedded enhance the security posture. Overall, leveraging
security solutions IAR Embedded Security solutions offers a
comprehensive and efficient approach to
Expertise and experience embedded security, surpassing the limitations
and challenges of in-house development.
IAR Embedded Security solutions are based on
specialized expertise in embedded security. They Rethinking free tools
bring in-depth knowledge, best practices, and
experience from IAR working with a wide range Free tools may seem attractive but can result in
of OEMs across different industries. This ensures greater long-term costs from inefficiencies and
robust security measures and reduces the risk of the need for compensating resources. Investing
oversight. in premium commercial solutions like IAR’s
offers substantial benefits in productivity and
Time and cost efficiency innovation, outweighing the initial costs.
Time to market
12
6. Overcoming hurdles, convincing doubters
13
This transformation empowers companies to
address the concerns of key stakeholders and
enables engineers to contribute their expertise
to strategic development initiatives, ensuring the
long-term success of the embedded security
solution.
14
7. IAR’s security framework for embedded systems
At IAR, we have recognized the necessity for Likewise, an embedded product functions
a simpler approach to embedded security. similarly to a human. It receives information that
We help individuals who are new to the field could potentially be modified or originate from
or have limited technical expertise to tackle an unauthorized source. Just like a person, an
the complexity of security concepts. So even embedded product needs to confirm its validity
if you struggle with terms like PKI (public key and authenticity before interacting with other
infrastructure), CSR (certificate signing request), devices. This is crucial to prevent attackers
side channel attacks, root of trust, secure from seizing control of the device. In essence,
vaults, and PUF (physically unclonable function) the product must be able to validate the data
technology, don’t let yourself get discouraged. it receives and prove to other devices that it is
genuinely authentic.
By “simplifying security”, IAR Embedded Security
solutions is enabling customers to effectively Many of the challenges associated with proving
address the cyberthreats posed to their products. authenticity have been tackled before and are
And IAR is constantly developing its solutions foundational to the operation of the internet. The
and tools in response to new challenges faced key challenge lies in adapting these solutions to
by customers and partners, as well as emerging function on low-cost microcontrollers.
regulations and attack methods.
Active intellectual property (IP) protection
IAR’s security framework
Product developers invest significant resources
We earn our customers’ trust by explaining the in both product development and the embedded
security techniques we employ with the IAR software it encompasses. These investments
4A’s for embedded security”: authenticity, anti- can range from a small team of engineers’ efforts
rollback, active IP protection, and anti-cloning to the collective work of hundreds of engineers
– these 4 security techniques are essential for over several years, often amounting to tens of
ensuring device security. millions of dollars. This investment in intellectual
property (IP) is undertaken with the expectation of
Authenticity recouping costs through product sales. However,
if this valuable IP is extracted and exploited,
In our daily lives, we each follow an individual set the anticipated return on investment may not
of rules when deciding what information to share materialize. This puts the company’s viability at
with whom. While you would share your birthdate risk and acts as a deterrent to future investments.
15
Embedded devices are susceptible to attacks is not designed with security in mind, it can
that essentially involve gaining unauthorized inadvertently introduce further security risks to
access to the software. This could occur the product. This might involve opening avenues
during development, the transfer of software for unauthorized software installation (touching
to devices during manufacturing, or during upon authenticity) or potentially leaking the
device operation. The latter scenario involves intellectual property of the equipment provider.
exploiting vulnerabilities in test/debug interfaces, Additionally, a unique exposure emerges: the
intercepting electrical signals, installing possibility of loading older software with known
unauthorized software to extract the main vulnerabilities into the product. This older
software, or utilizing advanced methods like software can then be exploited to attack the
memory skimming or probing using cutting-edge product through the vulnerabilities or backdoor
technology known as “side-channel analysis” (or mechanisms of the previous software. To counter
“side-channel attacks”). this, an approach called anti-rollback can be
implemented, which essentially prevents the
While techniques to address IP protection are installation of older software into a device.
developed, it is important to acknowledge that
all strategies have their vulnerabilities and can Anti-cloning
potentially be breached by malicious actors.
Ultimately, the efficacy of these techniques is Cloning, at its core, involves creating an exact
determined by the economic factors associated replica of a product by a third party, thereby
with addressing the risks. depriving the original product developer of
rightful revenue. This practice carries a dual
IP protection is closely linked to safeguarding consequence: clones might exhibit slight
user information stored within the product. This differences that result in not good enough
data, if accessed, could be exploited for various performance, losing the reputation of the original
crimes against the users, thereby affecting both equipment supplier and leading to unwarranted
them and the product’s reputation. claims.
16
processes, and cryptographic techniques can portion must be individualized for each device.
be implemented to ensure that only authorized Examples of such unique data include the
programming data is loaded onto devices during specific identity of the device and protective
manufacturing, deterring cloning attempts. measures to prevent a security breach in one
device from jeopardizing the security of all others.
In essence, effective anti-cloning strategies
address the threat by safeguarding against Deploying this information to a device before it
overproduction and preventing unauthorized becomes operational is a fundamental tenet of
replication of device content, particularly during security legislation and IAR’s approach. Security
large-scale manufacturing processes. extends beyond merely comprehending and
configuring products during development;
Unique device context it encompasses how information is securely
transferred to the production environment and
For each of the functionalities encompassed how each device’s unique context is generated
by the “IAR’s security framework” to operate on the production line.
effectively, every product requires essential raw In essence, the security of an embedded device
information. This information includes details is not just about its development phase but also
about entities it can trust, its own distinct identity, hinges on the secure transmission of sensitive
and the methods, keys, and passwords used to information during production, ensuring that each
safeguard itself. device’s distinct identity and security parameters
are established before it enters operational use.
While some of this information is common across
all products, such as central server addresses At one glance: IAR security framework
and device unlocking passwords, a significant
17
Security tailored to your needs
18
8. Security solutions for all stages in a product’s lifecycle
We have now explained at length that security is IAR Embedded Security solutions effortlessly
not a feature for a future-proof embedded system weave security into your development and
– but that security is an absolute necessity: to manufacturing process, whether you are using
ensure the integrity, confidentiality, and resilience other IAR software development products or not.
of your embedded applications. Embedded We focus on threats to embedded devices, from
security is designed to protect the hardware, its small microcontrollers with a few KBs of memory,
operating system, boot and user applications, up to complex, multi-core devices with advanced
and data stored or processed, and it applies to features.
both connected and non-connected products.
IAR’s mission is to make embedded security a IAR Embedded Security solutions are based on
seamless part of your product’s development three key pillars: IAR Embedded Trust (security
process from development to pre-production, from inception), IAR Embedded Secure IP (a late-
volume production, and operational life. So may stage security solution) and IAR Secure Deploy.
we introduce IAR Embedded Software solutions! In addition, we provide a consultative solution
engineering approach where we can adapt our
At any stage, at any expert level existing tools and solutions to meet customer
needs.
IAR offers comprehensive security tools allowing
you to focus on your core competencies and At one glance: IAR Embedded Security
not worry about having to be a security expert. solutions
IAR Embedded Trust: building security configuration and building of the enforcement
from inception software used to protect the device. It is the most
suitable solution for new embedded development
The foundation of security must be laid from the or major system updates. From the initial concept
very beginning of your product’s development to the final deployment, IAR Embedded Trust
lifecycle. IAR Embedded Trust enables easy helps you infuse robust security
19
measures into your embedded systems. enable a level of Embedded Security with minimal
change. IAR Embedded Secure IP is a versatile
IAR Embedded Trust is completely platform- solution designed to fortify the security of your
independent and is compatible with the most embedded systems even when they are already
common development IDEs. By using the secure in the field.
application maker (SAM) tool together with
the stand-alone security context manager, the IAR Secure Deploy: secure transfer and
security and trust provided by IAR Embedded provisioning
Trust can be added to the secure boot manager
and applications built outside of IAR Embedded IAR Secure Deploy operates in tandem with a
Workbench. hardware security module, enabling rigorous
control over the device’s production and
IAR Embedded Secure IP: enhancing security provisioning process. Seamlessly decrypting the
at a late stage production package and working within a trusted
environment, it prevents unauthorized access
Security is an ongoing journey within a product’s during sensitive phases, ensures controlled
lifecycle. In some cases, you may need to overproduction to mitigate counterfeiting
enhance the security of an existing design or risks, generates and signs device certificates
deploy additional layers of protection in later to establish authenticity, securely injects
stages of development or in products already provisioned data for personalized configurations,
poised for production. This is where IAR and accurately programs authorized images onto
Embedded Secure IP comes into play as it can the device.
20
Furthermore, secure APIs is designed to allow
application to access the secure memory, while Ready to elevate your security in
secure transfer and production procedures the product’s lifecycle?
guarantee the integrity of software production
package during transit and manufacturing. The
holistic approach extends to secure provisioning,
guaranteeing that only authorized entities gain Discover more about how IAR Embedded
software production package access and devices Security solutions can transform your
are securely provisioned. A dynamic software development process at www.IAR.com/
update mechanism, ensuring ongoing protection products/security.
against emerging threats. In amalgamating
these key components, IAR Embedded Security Connect with us for a no-obligation
solutions establish a robust and multi-layered discussion and unlock the full potential of
defense for embedded systems against a diverse your embedded projects.
array of security risks.
21