Hack this: secure embedded systems

From: Arthur Keller <arthur_at_kellers_dot_org>
Date: Mon Aug 02 2004 - 15:09:58 CDT

"Hack This"
  EDN Magazine (07/22/04) Vol. 49, No. 15, P. 26; Webb, Warren

  Dealing with malware on desktop systems is often as simple as
rebooting the computer, but this strategy does not apply to embedded
systems, whose operation must continue even when faced with security
threats. The National Institute of Standards and Technology (NIST)
has prepared a list of security-related design principles for
designers to think about throughout the embedded systems' lifespan,
such as defining a security agenda, designing the product,
accommodating upgrades and changing threats, incorporating a new
technology, erecting multiple security layers, and training
programmers to develop protected software. Issues that must be
addressed in order to determine the best security measures include
what data needs to be protected and what kinds of potential attackers
are out there and how sophisticated they are. Because embedded
devices, particularly portable ones, are vulnerable to so many more
threats than desktop systems, designers are advised to include
physical protection, such as hardened enclosures and seals or tapes
that provide visible evidence of tampering, in addition to
traditional software security. Designers can also follow embedded
software security standards, such as the Common Criteria for
Information Technology Security Evaluation and Multiple Independent
Levels of Security. Users must pass a multi-stage authentication
process before they are allowed to interact with secure embedded
systems. When an embedded system must be linked to a network or the
Internet, designers encrypt the data either symmetrically or
asymmetrically, though both methods require a secret key and an
encoding sequence to translate plain text into cipher text and back
again. Embedded-product-development budgets are expected to grow so
these safeguards can be provided.

Arthur M. Keller, Ph.D., 3881 Corina Way, Palo Alto, CA  94303-4507
tel +1(650)424-0202, fax +1(650)424-0424
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
Received on Tue Aug 31 23:17:01 2004

This archive was generated by hypermail 2.1.8 : Tue Aug 31 2004 - 23:17:22 CDT