This document summarizes a presentation given by Rohan Nandi on security in embedded systems. The presentation covered what embedded systems are, an introduction to network security, why embedded system security is currently lacking and vulnerabilities. It also discussed countermeasures to avoid attacks, a proposed hardware-software solution, comparisons to existing software-only solutions, challenges, future scope, and references.

1. by:
ROHAN NANDI
University Roll No. 14530 ( 2014-18 Batch, 8th Sem ECE)
On 17th April, 2018
At
Department of Electronics and Communication Engineering
“SECURITY IN EMBEDDED
SYSTEMS”
PANJAB UNIVERSITY SWAMI SARVANAND GIRI
REGIONAL CENTRE BAJWARA HOSHIARPUR
Presentation
on

2.  What is an EmbeddedSystem?
 Introduction toNetwork Security
 Why Embedded System Security
Lacking Behind And Its
Vulnerabilities?
 Counter Measures To Avoid Attacks
 Proposed Solution
 Comparison
 Future Scope
OVERVIEW

3. • An embedded system is acombination of computer hardware and
software, either fixed in capability or programmable, that is specifically
designed foraparticular function.
EMBEDDEDSYSTEM: INTRODUCTION

4. Anembedded systemis acombination of computer
hardware and software, either fixed in capability or
programmable, that is specifically designed for aparticular
function
Embedded systemsare designed to do somespecific task,
ratherthan be ageneral-purpose computer for multiple
tasks
Theprogram instructions written for embedded systemsare
referred to asfirmware, and are stored in read-only
memory or Flash memory chips
Acommon array of n-configuration for very-high-volume
embedded systemsis the systemon achip (SoC)which
contains acomplete systemconsisting of multiple
processors, multipliers, cachesand interfaces on asingle
chip. SoCscanbe implemented as an application-specific
integrated circuit (ASIC)or using a field- programmable
gatearray(FPGA).

5. • Network security is aterm that describes the policies and procedures
implemented by anetwork administrator to avoid and keep track of
unauthorized access,exploitation, modification and denial of the access.
NETWORKSECURITY

6. • Hacking is gaining of unauthorized accessto acomputer and viewing,
copying, or creating data with/without the intention of destroying data or
maliciously harming thecomputer.
HACKING

7. WHY EMBEDED SYSTEM SECURITY IS
LACKING BEHIND AND VULNERABILITIES?
• Cost sensitivity
Embedded systems are often highly cost sensitive—even five cents can
make a big difference when building millions of units per year. For this
reason, most CPUs manufactured worldwide use 4- and 8-bit processors,
which have limited room for security overhead. Many 8-bit
microcontrollers, for example, can't store a big cryptographic key. This
can make best practices from the enterprise world too expensive to be
practical in embedded applications. Cutting corners on security to reduce
hardware costs can give a competitor a market advantage for price-
sensitive products. And if there is no quantitative measure of security
before a product is deployed, who is to say how much to spend on it?

8. Interactive matters
Many embedded systems interact with the real world. A security breach thus can result in
physical side effects, including property damage, personal injury, and even death. Backing
out financial transactions can repair some enterprise security breaches, but reversing a
car crash isn't possible .Unlike transaction-oriented enterprise computing, embedded
systems often perform periodic computations to run control loops with real-time deadlines.
When a delay of only a fraction of a second can cause a loss of control-loop stability,
systems become vulnerable to attacks designed to disrupt system timing .
Development environment
Many embedded systems are created by small development teams or even lone
engineers. Organizations that write only a few kilobytes of code per year usually can’t
afford a security specialist and often don't realize they need one. However, even
seemingly trivial programs may need to provide some level of security assurance. Until
standard development practice includes rigorous security analysis, developers may
overlook even the solutions already available.

9. COUNTER MEASURES TO AVOID
ATTACKS
Data Encryption
Encryption is the process of scrambling/encrypting any amount of data using a (secret) key so
that only the recipient, who is having access to the key, will be able to decrypt the data. The
algorithm used for the encryption can be any publicly available algorithm like DES, 3DES or
AES or any algorithm proprietary to the device manufacturer.
The Data Encryption Standard (DES) is a block cipher (a method for encrypting information) .It
is based on a Symmetric-key algorithm that uses a 56-bit key. An algorithm that takes a fixed-
length string of plain text bits and transforms it through a series of complicated operations into
another cipher text bit string of the same length. In the case of DES, the block size is 64 bits.
DES uses a key to customize the transformation, so that decryption can supposedly only be
performed by those who know the particular key used to encrypt. The key ostensibly consists
of 64 bits; however, only 56 of these are actually used by the algorithm. Eight bits are used
solely for checking parity, and are thereafter discarded. Hence the effective key length is 56
bits.

10. IOT(Internet Of Things) Honeypot
In computer terminology, a honeypot is a computer security mechanism set to detect, deflect,
or, in some manner, counteract attempts at unauthorized use of information systems.
Generally, a honeypot consists of data (for example, in a network site) that appears to be a
legitimate part of the site, but is actually isolated and monitored, and that seems to contain
information or a resource of value to attackers, who are then blocked. This is similar to
police sting operations, colloquially known as "baiting," a suspect.

11.  Hardware approach:
It usesASICs
(Application Specific IntegratedCircuits)
to implement agiven cryptography
algorithm inhardware.
 Hybrid Hardware- software approach:
It usesageneralpurposeembedded processor
and integrates hardware accelerators for the
execution of criticalCryptographicalgorithms.
PROPOSEDSOLUTION

12. COMPARISON
Existing Solution
(Software Solution)
Proposed Solution
(HardwareSolution)
• Protects the system against software
attacks only.
• Protects the system against software
aswell ashardware attacks.
• Hasto be administered by the user. • Self –administered.
• It proves to beexpensive. • Itis cost effective.
• Updating on aregular basisneedsto
be carriedout.
• Eliminates the need for updating.
• High level user interaction required. • User interaction is close to nil.

13.  Designchallenges:
 Battery Gap
 Flexibility
 Tamperresistance
 Interaction between Network Security engineer
andArchitecture engineeris required.
 Presentlyit is difficult to implement in the
existing devices.
DISADVANTAGESOFTHEPROPOSED
SOLUTION

14. • Developmentin the semiconductor industry might aid the manufacturing
of thechip.
• Diversityin the hardwarecomponent used(CryptographicChip).
• Develop methodology to provide the features of Cryptographicchipsin
the existingdevices.
FUTURESCOPE

15. 1. PaulKocher, RubyLee,GaryMcGraw,AnandRaghunathanand Srivaths
Ravi,“Security asaNew Dimensionin Embedded System Design”.
2. SrivathsRavi,AnandRaghunathan,PaulKocher,Sunil Hattangady,
“Security in EmbeddedSystems:DesignChallenges”.
3. JesúsLizarraga,Roberto Uribeetxeberria, Urko Zurutuza,Miguel
Fernández, “Security inembedded systems”.
4. Embedded systems,
http://searchenterpriselinux.techtarget.com/definition/embedded-
system.
5. Network Security,
http://www.techopedia.com/definition/24783/network-security.
REFERENCES

16. THANK YOU