Chipping Away at Embedded Security

Developing and securing products that can stand up to today’s ever-developing security threats.

Device manufacturers face a landscape pitted with landmines as they develop and maintain products that can stand up to today’s security threats. They have to try to future-proof their products against unexpected attacks if at all possible. Security solutions have to be developed, implemented, and sustained in the production of the device and thereafter. Facing these threats involves implementation techniques, over-the-air updates, secure provisioning, tamper detection, and access control.

ESC, embedded devices, cybersecurity, STMicroelectronicsJoe Pilozzi, technical marketing manager at STMicroelectronics, will look at the wide range of issues that surround embedded device security at the ESC Conference in San Jose on Wednesday, Dec. 7 in the session, Embedded Security Considerations . Pilozzi will look at the current and emerging threats and explain how companies can meet these threats in both new and existing devices.

In order to meet security threats, it helps to realize what motivates the attackers. Today’s hackers are well-financed because they know their attacks can be very profitable. “We have to understand who might attack and for what reasons. There is a large amount of money to be made from copying a device. That can pay for significant resources to attack it,” Pilozzi told Design News . “An attacker can make money by selling your stock short when you discover and publicize a flaw in your product. If they make it fail, it can potentially lead to your customers getting physically or financially damaged.”

ESC logoSecuring the Internet of Things. Today's IoT devices are under increasing attack. Device manufacturers and embedded software designers must be vigilant if they are to provide a secure system for applications to do their work. Learn more about securing IoT devices and applications in the Connected Devices track at ESC Silicon Valley , Dec. 6-8, 2016 in San Jose, Calif. Register here for the event, hosted by Design News ’ parent company, UBM.

To some extent, security measures have to be assessed by the potential damage they can do to the product manufacturer. “We have to understand the direct and indirect costs of the attacks and then decide which must be blocked, which can be managed, and which can be accepted. The costs to deploy the required countermeasures must be justified in terms of ROI,” said Pilozzi. “Said in an overly dramatized way: how many dollars per unit is it worth to my business to prevent a security compromise from harming or killing a customer?”

Is an Attack Already Underway?

Part of the struggle to avoid threats is the ability to determine if an attack is already occurring. Detecting an existing attack is the new black in cybersecurity. “Tamper detection and prevention can be implemented in a device, a product, or an IC/processor. Many embedded controllers include tamper detection and prevention capabilities that can be used to detect or prevent tampering,” said Pilozzi. “For example, the I/O of products can be configured to trigger interrupts upon detecting changes that can be acted upon to protect or control critical resources and actions.”

To a large extent, cybersecurity comes down to protecting yourself against the latest attack in the news. “The sad


Embedded devices fit into one of two categories, connected and non-connected. The non-connected would mostly be attacked to steal the code, which is a loss to the producer. That calls for code protection, which is a more mature area. Connected devices are more likely to be attacked either to use them as robots to implement overwhelming denial of service attacks, or to snoop the user's personal data. The challenge is that security adds to cost and product complexity, and most products. 500 limit

Add new comment

By submitting this form, you accept the Mollom privacy policy.