Overview
FrançaisABSTRACT
Embedded systems are ubiquitous in our modern societies. They are complex because they combine advanced software features, highly heterogeneous integrated hardware resources such as systems-on-chip, and more and more often communication capabilities. Their design is tightly constrained to enable optimum integration in the host system (car, plane, household appliances, etc.). This article discusses the security of embedded systems, which are vulnerable to many software, hardware, and mixed threats. The main principles of software and physical attacks are presented to help the reader understand the main protection strategies.
Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.
Read the articleAUTHOR
-
Lilian BOSSUET: University Professor - Laboratoire Hubert Curien, CNRS UMR5516, Jean Monnet University, Saint-Étienne
INTRODUCTION
Embedded systems are the cornerstone of the technological architecture of modern society. They are present in every aspect of modern life. From the moment we wake up to the moment we go to bed (and even during the night), they accompany us on our journeys in vehicles or on public transport, in our leisure activities associated with connected objects, in our homes where home automation is becoming widespread to increase our comfort and limit our energy needs, in our consumer actions via our means of payment and, of course, in every facet of our professional activities. Beyond the individual, embedded systems are ultra-present in industry and its evolution (Industry 4.0), in the Internet of Things, in energy distribution, and in the defense and protection of nations. Given the importance of embedded systems in our society, it's easy to understand how critical their security is. But are they protected from all threats? On the contrary, except to a certain extent (systems for which security is a constraint by definition – for example, military and banking applications –), embedded systems are very much under threat, not only from software and network attacks (like all IT systems), but also from physical attacks targeting their electronic and microelectronic parts.
This article presents the main attack strategies targeting embedded systems and their software and hardware components. It also presents the main defense and protection strategies. Embedded systems are complex, combining advanced software functionalities, highly heterogeneous integrated hardware resources such as systems-on-a-chip and, increasingly often, communication capabilities. Protecting them is a delicate exercise, which cannot result in total security. Designers need to address all levels of design, and pay particular attention to safety at every stage. To achieve this, they need to be aware of the potential threats to the embedded systems they are developing, and to have an idea of the possibilities for protection, which is what this article proposes to address.
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference
KEYWORDS
embedded system | hardware security | software security | attack | countermeasure
EDITIONS
Other editions of this article are available:
CAN BE ALSO FOUND IN:
This article is included in
Security of information systems
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
Safety of embedded systems
Bibliography
Websites
Collection of examples of reverse engineering of integrated circuits:
French security solutions, France Cybersecurity label:
Events
Conference on Cryptographic Hardware and Embedded Systems (CHES) : https://ches.iacr.org/
IEEE International Symposium on hardware Oriented Security and Trust (HOST) : http://www.hostsymposium.org/
International Workshop on cryptographic...
Standards and norms
- Advanced Encryption Standard (AES), Federal Information Processing Standards Publication (FIPS) 197, nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf - FIPS197 - 2001
- ARM Security Technology. Building a secure system using trustzone technology. ARM Limited. - PRD29-GENC-009492C - 2005-2009
- Standard Test Access Port and Boundary – Scan Architecture. - IEEE 1149.1 - 2013
Directory
Manufacturers – Suppliers – Distributors (non-exhaustive list)
Rambus holds numerous patents on auxiliary channel attacks (formerly Cryptography Research): https://www.rambus.com/security/
French ITSEFs approved for the evaluation of embedded electronic systems:
Serma Safety...
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference