In the embedded community, there are multiple meanings and layers to safety and security. The embedded electronics, plus its software, needs to be designed to perform key functions for agencies whose mission is to keep the public (and its information) safe and secure. As the Internet of Things (IoT) arena grows, there are many different safety and security applications where embedded electronics and IoT devices play a role.
At the application level, the security device has to interface with sensors and perform functions that help law enforcement, federal agencies, and military personnel maintain a safe environment. These applications range from body worn cameras to chemical/biological detection equipment to biometric enabled devices. And these devices must be able to safely report results in real-time or near-real-time in order to provide actionable information to the proper agency.
To the embedded designers and device manufacturers, safety and security (especially security) means something completely different. At the software level, embedded designers – like InHand – are concerned with ensuring that the device and its collected data is secure and information kept safe.
Most embedded or Internet of Things devices used for today’s safety and security application are gathering data; linking to servers housing sensitive information, relaying critical data to various recipients, and then processing it to provide autonomous real-time analysis and reporting. And thus, ensuring that the data and communication links between the embedded device and its recipients is kept safe, is as critical as the application itself. If the data is vulnerable to hacks and corrupted (erased or modified to report faulty data), then the system and its data becomes severely compromised or entirely useless.
Therefore, embedded device designers, such as InHand, have to design in protection that helps maximize data integrity and minimize the potential for attacks and breaches.
As such, over the past decade, we have implemented various hardware and software tools to increase the security of our devices. Examples of these layers of safety and security implementations include:
- Security-Enhanced (SE) Linux and SE Android to provide access control security policies, including mandatory access controls (MAC).
- Secure booting starts with a secure bootloader and a secure chain of authentication throughout the booting process all the way to the file-system. This prevents injection of unsigned and/or unauthenticated software anywhere in the boot process.
- Encryption of file-system data provides added protection to files and user data on the file-system.
- Encryption of transmitted data to and between wired and wireless devices. (This secures data sent to servers as well as between devices and modules by encrypting serial, USB, I2C, SPI, and similar communications.)
- Physical tamper switches to protect from physical access to device components. Upon tamper detection, the device will take necessary steps to destroy data and render peripherals, modules, and the device useless.
- Adding destroy mechanisms to destroy data and render peripherals, modules, and device useless when specific action is taken by the user.
- Enabling secure software and firmware updates by connection to secure servers or devices and allowing only authentication encrypted updates before applying them to the device.
- Implementing fail-safe hardware crowbar circuitry outside of software control to guarantee that power to any volatile memory is off within specific time constraints following a detected tamper event.
- Using careful placement of BGAs and other leadless IC component packages along with inner layer PCB routing of sensitive signals to prevent external probing.
- Anonymizing PCB markings, using external epoxy potting of components to limit potential probe access.
- Providing interfaces to standard cryptographic modules and components while allowing them to maintain keyload and fill operations independent of the system software.
Safety and security is important in the IoT – both for applications themselves and the secure software and hardware behind it. Implementing some or all of the aforementioned techniques can maximize an application’s ability to function in a secure and safe environment. If you have any questions about these measures or need InHand to help facilitate your next secure device, contact us.