What is Embedded system security?
Embedded system security is a strategic approach to protecting software running on embedded systems from attack.
You need to know some important thing to prevent attackers from attacking your system like: How secure is my system, Who are the potential attackers, What is the level of security does your system need, and What information is most valuable to attackers.
Why do embedded devices need Security?
Many new embedded devices can connect to the internet and are accessed using apps. This leaves them vulnerable to attacks. When using these new devices you usually need an account and connection to your phone. If someone is able to access the device then they could gain access to your private information or credit card numbers. For example the Amazon Echo is connected to your Amazon account and you can order items through voice commands. If there were no security and someone was to access this device they could get into your account, but since it’s such a popular device it has strong security measures.
Anyone can interact with your device and make it react, even if they are not physically near. For example, if someone calls your phone it will turn the screen on, if someone video calls you, your camera turns on. If those devices had no security then anyone can do almost anything with your phone and have access to your privacy. Security is why you might feel safe looking up anything you want on your phone.
What challenges does embedded system security face today?
Embedded devices are not built like our computers. They run on minimal hardware and are not updated on a regular basis. When these devices go on the market the companies don’t always plan to update the device or make it easy to update. It could be running on software that is 3 years old, which leaves it vulnerable to attacks.
What does the future of embedded systems security look like?
The future measures that can be developed for embedded systems is almost endless with a few systems taking most of the limelight. Connectivity to the internet that utilizes Bluetooth mesh networks and cloud storage are systems that will continue to be implemented in today’s technology and only improve in the future. However the area that many engineers are looking to is deep learning and machine learning systems. Artificial intelligence systems that can adapt to incoming threats and access the next steps will be a huge engineering task. This will need to be researched and developed a lot more before being implemented in the systems we use today. Once these systems start to role off the line the defense of our embedded systems will be better than ever before, and because of the nature of AI, would only get stronger.
Sources:
Video Games own security solutions
DRM stands for Digital Right’s Management, and it mean the protection of copyright material from unauthorized distribution of any kind, and that includes piracy. While DRM is being implemented by console makers and software publishers to protect their intellectual properties, some game developers have taken these issues to their own hands. Some developers have added code in the game that will detect that it was pirated and will proceed to fool whoever is ever playing the illegal copy that everything is fine. But then later changes everything to either annoy the player, or just break the game completely.
The first ever instance of this was with a game called Earthbound for the Nintendo NES. It had several layers of security that tried to prevent pirates from hacking it. The first layer is just a region check of the game. Consoles in the past had games and consoles locked to several regions around the world for logistical reasons. So this means a game bought from Europe would not play on a console from the United States and vice versa. So the game just checks for this. The second check is to see how big the save file memory is on the cartridge itself. Every game cartridge that this game shipped with has 8 KB. So any value above or below this would indicate that this is not the same type of cartridge that the game shipped with.
Figure 2: Message seen of the second layer courtesy of eathboundcentral.com
The additional layers is where things got really interesting. Apparently, the developers knew it was easy to bypass the second layer and decided to implement a really amusing layer that tortures whoever is playing the game illegally. The game starts flooding the levels with large amounts of enemies making it difficult to progress through the game. They kept checking the game save file size as it did in the second layer to see if the copy is still illegal. But they devised the ultimate assault on game pirates, and that’s during the final stage of the game. The moment the player starts the last boss battle in the game, it would freeze intentionally and then proceeds to delete all the save files in the cartridges. So all the progress made in the game is lost. It’s ultimate sendoff to whoever was pirating the game.
There are some modern titles that took inspiration from Earthbound’s own implementation of DRM. A popular game called Serious Sam 3 which is a first person shooter would implement an enemy that can’t be killed(Walker, 2011). The enemy looks like a red scorpion and it has infinite health. It chases the player throughout the whole game. Then the game will crash eventually. Another ironic and notable example is a game called Game Dev Tycon. This game is a game development simulator where the player progresses by designing a good game, and selling many copies inside the game itself. The player loses if they make a game that isn’t good and if it fails to sell. It’s governed by algorithms that the developers behind Game Dev Tycon made to make it fun, challenging and rewarding. What’s not obvious is that the game detects when it’s being pirated, but instead of stopping, it lets the player proceed playing the game. The player will grow their own studios and everything will be fine. But eventually, the player will lose their studio due to video game piracy. This is an ironic payback by the developers.
The importance of security
An important aspect of security whether guarding physical assets or electronic assets are security guards. Their main goal is to monitor and protect assets and act as a deterrent to violence. … Security guards form the backbone of security in any setting because of the flexibility of a security guard
sources:
http://media.earthboundcentral.com/2011/05/earthbounds-copy-protection/index.html
embedded system security (Article)
What you need to know about embedded systems security (Article)
IS SECURITY JUST A FAST GROWING INDUSTRY? (article)
Maxim Integrated Embedded Security Playlist
Security in Bluetooth Enabled Devices
Bluetooth has become much more prevalent with the advancement of low power electronic devices. Bluetooth provides many useful features for embedded systems by letting different devices connect through short range radio waves and allow more portability. Bluetooth security has always been an issue, especially when the standard was first released.
All wireless technologies are susceptible to attacks such as denial of service and eavesdropping, but the simplistic nature of Bluetooth has left some major security issues that can cause major problems. One of the most widely seen security issue is an improperly secured setup that can easily provide unauthorized connections to attackers.
Bluetooth security is characterized by 3 parts: authentication, confidentiality, authorization. Authentication means that communicating devices must be verified and is separate from user authentication. Confidentiality means prevention of eavesdropping by ensuring only authorized devices are receiving data. Authorization means ensuring a devices is authorized to use a service before that service is available.
The Bluetooth protocol implements 4 different security modes ranging from non-secure to encrypted connections. Mode 1 is non-secure and bypasses authentication and encryption. This mode allows any device to form a connection. Mode 2 requires a centralized security manager to approve connections. This method is the most inconvenient but the most secure as a central device validates the connection. Mode 3 has the Bluetooth devices initializing the connection using authentication and encryption. The devices use a secret key to encrypt connections between devices. Mode 4 allows a link to be formed before security procedures are initiated. This allows simple pairing but secures the connection afterwards.
With the wide expansion of Bluetooth devices and the recognition for a need for security, the Bluetooth standard has improved with every release and manufacturers are building devices with security in mind.
(Source)