In these days of technology advancements Embedded Systems have penetrated our lives like never before. We have found comfort in the convenience provided by Internet enabled home appliances like washing machines, dishwaters and thermostats that remotely control the temperature of our households. Transportation systems ranging from flights to automobiles use embedded Systems either to perform their basic functionality or to provide value added service (e.g. GM’s OnStar service). Hospitals use embedded systems extensively in monitoring devices (e.g. MRI Scanner) and in patient-care devices (e.g. Insulin pump). As these systems are increasingly used to perform critical functions it very critical to secure these systems.
Unique challenges to Embedded Systems
Embedded systems face some unique challenges in security that doesn’t apply in the case of general computers. Some of these challenges are:
Cost
Embedded systems are devices designed to perform specific tasks. Cost is a major factor that is taken into consideration while building an embedded system. Thus spending more to achieve foolproof security – even a dollar more[1] – can make a big impact in the marketability of device.
Processing capabilities
Embedded systems generally have less processing capabilities as they are built to perform dedicated functions. Thus the computational demands of implementing effective security features are overwhelming for embedded systems.
Energy Constraints
Battery powered embedded systems have a significant energy constraints. Thus, it’s difficult to implement sophisticated security features.
Diverse Security Requirements
The security requirements of every embedded system vary from another. An Internet controlled household thermostat might have different vulnerabilities compared to a patient care medical device like Insulin pump. Thus there are no generic sets of controls that can be implemented in all the embedded systems.
Development Environment
Embedded systems are mostly developed by small-scale organizations that can’t afford highly paid security experts. Thus these organizations overlook the security aspect, as there are no such industry security standards that need to be followed.
Architectures for security
The key security goals – Confidentiality, Integrity, and Availability – can be achieved by implementing appropriate security protocols and cryptographic algorithms (Symmetric cipher, Asymmetric cipher and secure hashing algorithms). These are computational intensive and power hungry and can be implemented in the one of the following ways.
Software only solution
Security software is executed on the embedded processor core to perform security processing.
Pros: High flexibility, Fast design turn-around time
Cons: Poor Efficiency in performance and energy consumption
Hardware (only) solution
A significant part of the security processing workload – cryptographic computation – is offloaded to Cryptographic Hardware Accelerators. This solution uses ASIC [2](Application Specific Integrated Circuit) hardware to implement cryptographic algorithm.
Pros: Good Efficiency in performance and energy consumption
Cons: Poor flexibility, Fast design turn-around time
Hybrid Hardware-Software solution
A significant part of the security protocol processing (cryptographic computation, packet header/trailer parsing, classification etc.) is offloaded to the security protocol processing engine.
Pros: High flexibility, Fast design turn-around time, Good Efficiency in performance and energy consumption
Though there have been significant advancements in optimizing cryptographic processing other challenges like minimizing data buffering and minimizing round trips remain. There is significant research ongoing in this topic. Although securing embedded systems is limited in scope in comparison to the securing the cyberspace, the constrained resources of embedded systems poses significant challenges. However, the goal of providing foolproof security in embedded systems seems possible with the advancements in architectures and design methodologies.
cmu95752 
Leave a comment