New-Tech Europe Digital Magazine | Feb 2016

Previous Page

Next Page

Page Background

42 l New-Tech Magazine Europe

verybody is talking about

security these days. For the

embedded developer, getting the

system running as the marketing

specification stipulated and on time,

used to be a challenge in itself. Today,

the need to build security into every

aspect of the design, whether it is

a simple IoT sensor communicating

with a server or a more sophisticated

multicore application, requires

thought and a careful appraisal of

potential security attack points. In a

perfect world, a design could be built

from scratch with every functional

block designed and developed within

one team. However, the pressures

of time-to-market and embracing

a higher level of integration using,

for example, pre-certified and type

approved wireless modules, means

that a more holistic approach to

security needs to be considered.

When we look at, for example, an IoT

sensor using a microcontroller and a

wireless module, it is necessary to

establish a chain of trust, from the

sensor to the host, via the wireless

antenna to the end application.

Building a secure solution requires a

holistic viewpoint to take into account

all the technical and operation

aspects of the system components

and is not only limited to the wireless

communication. The application

might also encompass and utilise

GNSS positional data, which has its

own security consideration.

One potential approach to

implementing the chain of trust is

to divide it into a number of trusted

domains. By investigating the

fundamental methods necessary to

protect each domain, the following

define the areas of potential attack;

device firmware, communications

to the server, interface security,

enforcing API control and robustness

that includes handling spoofing/

jamming.

Ensuring that your device is

executing the code it should be

requires a secure boot method to

be implemented. When booting the

system, it is crucial that each stage

is authenticated prior to booting

the next set of processes. When

reviewing firmware security you also

need to be mindful of how it might

be updated. For many physically

E

Establishing a Chain of Trust

Pascal Herczog, u-blox