Security challenges in Embedded Systems

12 11 2011

In these days of technology advancements Embedded Systems have penetrated our lives like never before. We have found comfort in the convenience provided by Internet enabled home appliances like washing machines, dishwaters and thermostats that remotely control the temperature of our households. Transportation systems ranging from flights to automobiles use embedded Systems either to perform their basic functionality or to provide value added service (e.g. GM’s OnStar service). Hospitals use embedded systems extensively in monitoring devices (e.g. MRI Scanner) and in patient-care devices (e.g. Insulin pump). As these systems are increasingly used to perform critical functions it very critical to secure these systems.

Unique challenges to Embedded Systems

Embedded systems face some unique challenges in security that doesn’t apply in the case of general computers. Some of these challenges are:

Cost

Embedded systems are devices designed to perform specific tasks. Cost is a major factor that is taken into consideration while building an embedded system.  Thus spending more to achieve foolproof security – even a dollar more[1] – can make a big impact in the marketability of device.

Processing capabilities

Embedded systems generally have less processing capabilities as they are built to perform dedicated functions. Thus the computational demands of implementing effective security features are overwhelming for embedded systems.

Energy Constraints

Battery powered embedded systems have a significant energy constraints. Thus, it’s difficult to implement sophisticated security features.

Diverse Security Requirements

The security requirements of every embedded system vary from another. An Internet controlled household thermostat might have different vulnerabilities compared to a patient care medical device like Insulin pump. Thus there are no generic sets of controls that can be implemented in all the embedded systems.

Development Environment

Embedded systems are mostly developed by small-scale organizations that can’t afford highly paid security experts. Thus these organizations overlook the security aspect, as there are no such industry security standards that need to be followed.

Architectures for security

The key security goals – Confidentiality, Integrity, and Availability – can be achieved by implementing appropriate security protocols and cryptographic algorithms (Symmetric cipher, Asymmetric cipher and secure hashing algorithms). These are computational intensive and power hungry and can be implemented in the one of the following ways.

Software only solution

Security software is executed on the embedded processor core to perform security processing.

Pros: High flexibility, Fast design turn-around time

Cons: Poor Efficiency in performance and energy consumption

Hardware (only) solution

A significant part of the security processing workload – cryptographic computation – is offloaded to Cryptographic Hardware Accelerators.  This solution uses ASIC [2](Application Specific Integrated Circuit) hardware to implement cryptographic algorithm.

Pros: Good Efficiency in performance and energy consumption

Cons: Poor flexibility, Fast design turn-around time

Hybrid Hardware-Software solution

A significant part of the security protocol processing (cryptographic computation, packet header/trailer parsing, classification etc.) is offloaded to the security protocol processing engine.

Pros: High flexibility, Fast design turn-around time, Good Efficiency in performance and energy consumption

Though there have been significant advancements in optimizing cryptographic processing other challenges like minimizing data buffering and minimizing round trips remain. There is significant research ongoing in this topic. Although securing embedded systems is limited in scope in comparison to the securing the cyberspace, the constrained resources of embedded systems poses significant challenges. However, the goal of providing foolproof security in embedded systems seems possible with the advancements in architectures and design methodologies.

Advertisements

Actions

Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: