COTS Logo


Net-Connected Systems Wrestle with Cybersecurity

Defending against cyberattacks gets more challenging every day. Fortunately, there are tools, techniques and organizations ready to tackle the problem.

John Koon, Sr. Editor

Cyberattacks pose the greatest threat in today’s connected world. They are unpredictable, inescapable and they can disrupt lives in many ways. A successful attack can overload a network so you cannot access the services you need as in the case of distributed denial of services (DDoS) reported recently or bring down your smart energy grids to cause a blackout. Some time ago, Ukraine power grids were attacked by Russian hackers, not once, but twice. The second one caused a power outage for 230,000 people. Worse, hackers were able to track the military unit in Ukraine and compromise their military intelligence.

Yahoo was hacked and the identity of 1.5 billion accounts were exposed. Heard of ransomware? The attackers took some hospitals hostage and their IT operations ceased to function until the demanded payments were paid. Cyberattacks will get worse as more and more devices get connected. How to solve the problems? Many vendors including exhibitors of the recent Embedded System Conference offer different solutions. The concept of end-to-end security is not new. Many tier one IT firms, including Cisco, propose solutions to guarantee the security of the entire network from the sending end to the receiving end. But it is easier said than done. A network system is as safe as its weakest link. The cloud is made up of multiple connected network devices, gateways and links; hackers will find the weakest link to attack. Figure 1.

Figure 1. A network system is as safe as its weakest link. The cloud is made up of multiple connected network devices, gateways and links; hackers will find the weakest link to attack. (Image courtesy of Infineon).

Security Models

Multiple organizations have recently released security specifications to help fight the battle. The Trusted Computing Group (TCG), a non-profit membership organization including companies from IBM, Intel, Deauville, Microsoft and HP proposed a security model which has many layers; each can be secured with proper security policies implemented. They include Configuration & Management, Monitoring & Analysis, Communication & Connectivity as well as End-point Security. Above all, it includes Data Protection and System Analysis. Figure 2. Additionally, the TCG publishes a design guidelines to support the model and it is free to download.

Figure 2. A security model has many layers; each can be secured with proper security policies implemented. (Image courtesy of Industrial Internet Consortium).

The UK-based IoT Security Foundation, IoTSF, a nonprofit international organization which promotes IOT security provides a guideline on best practices to secure the networks. Its members include ARM, Green Hills, IBM, Huawei, Intel, Phillips, NXP and others. This specification covers a complete security checklist of device hardware /physical, software, operating system and interfaces including wireless. The specification release 1.0 is also free to download.

Finally, the Industrial Internet Consortium (IIC), with founding members from Bosch, EMC, GE, Huawei, Intel, IBM, SAP and Schneider, offers a free publication entitled Industrial Internet of Things Volume G4: Security Framework. It is a comprehensive documentation covering the framework (configuration, monitoring, analysts and communication), functional view (actuation, sense operation and applications) and the system view (edge, cloud and connectivity). Additionally, it also spells out in details on how to do the end-point protection.

Cybersecurity Isn’t Free

Raj Samani, CTO of Intel’s Security Group, formerly known as McAfee, pointed out the key in a secured system is to be able to identify the sender is indeed a trusted source. The level of security required depends on the types of applications. In the case of automotive and medical applications, high level of security is required. Cybersecurity comes with a price tag. The more secure the system, the higher the price. There is a constant struggle for developers to balance security, risk and affordable system costs.

When devices are connected to each other, how do you know that the party at the other end is the one you intend to connect? To solve this problem, more and more silicon manufacturers are starting to provide secured basic building blocks at the silicon level. STMicroelectronics offers a STSAFE-A turnkey solution to achieve true authentication using the public/private key management scheme. In the Thread-local Storage (TLS) session, the STSAFE-A software would verify signatures, offer secure storage and decrement counters for usage monitoring. The focus will be to secure a system by providing a unique device identity, running verified software, ensuring the privacy of data through encryption, and securing the communication to the remote or local host.

Infineon, another chip manufacturer and a member of TCG, stated that a software-only security system is not sufficient. Software bugs such as the Heartbleed would compromise the system to allow anyone to read the memory content due to the vulnerability of the OpenSSL software. To counter that, Infineon offers a TCG compliant security chip solution (Optiga Trust embedded security) to perform authentication, secured communications, boot process protection, secure software/firmware updates and stored data protection.

Micron, one of the largest flash memory manufacturers in the world, pointed out that attacks against persistent code and data can be very dangerous and difficult to detect. After a successful attack, modified malicious codes can reside in storage device such as a flash memory undetected for a long time. This is especially true when applied to bootable media with code and data content typically untouched by standard OS level virus detection. To protect against such an attack, Micron applies various techniques. One of them is replay-protected monotonic counter (RPMC) feature which provides a cryptographic primitive to select serial NOR devices, like Intel’s Serial Flash Hardening Product External Architecture specification for use in the Intel Ultrabook series. With RPMC, flash memory can provide system-level anti-rollback capabilities for virtual time stamping and software version control. Attacker will be prevented from replacing system software with older versions that may contain vulnerabilities.

Developing Safe and Secure Software

In software, safety and security are inseparable. In aerospace, for example, if the airplane control software is hacked, the plane will not be safe. To achieve both safety and security, a development process needs to be in place with security built-in from the ground up. Several software vendors offering development tools to help developers to reach the goal of creating safe, security and reliable software. For example, LDRA offers a tool suite to help developers with mission-critical software and certification services using the LDRA Compliance Management System (LCMS) to ensure that the final products comply with Level A DER with documentation templates, process checklists and packaged certification including DO-178B/C Level A (Aerospace), IEC 61508 SIL 4 (Industrial), ISO 26262 ASIL A – ASIL D (Automotive), EN 50128 SIL 3/4 (Rail Transportation) and IEC 62304 (Medical Devices, Class II and III). Compliance of such standards increases software quality.

Software contents are updated from time to time to fix bugs or add new features, it is important to make sure that the new codes will not impact other areas of the software program without the knowledge of the developers. Another advantage of software development automation can help track changes made, update documentation and ensure all the new changes and related areas are thoroughly tested and documented.

This is essential for military applications. “ARM-based SoCs are increasingly incorporated into military applications just as they have gained popularity across other industries for a variety of reasons including performance-to-power optimization and their vast ecosystem of solutions,” commented Shan Bhattacharya, LDRA’s Director of Business Development. “Interoperability and other open standards, such as Future Avionics Capability Environment (FACE), are further driving DoD programs to standardize to such widely adopted platforms”.

A Never-Ending Challenge

So, can cybersecurity be achieved? In short, it is a never-ending task as it is a constant race between security developers and the innovative hackers. Building security into the development cycle is important. Paying attention to the entire cloud network, applying security models from TCG, to both software and hardware designs is a good starting point to achieve cybersecurity. This will make future connected cars, smart cities and factories, other IoT applications as well as DoD deployments safer.