RTC Magazine

While the world has focused on providing better security for servers and desktop computers, embedded systems have often been overlooked. As embedded devices are used to handle sensitive data and find themselves attached in some way to a broader infrastructure, the need for advanced security in this area is imperative. Several high profile incidents have increased awareness and sensitized developers to this need. 

In most embedded applications, security should be a core consideration. Proper implementation can improve system robustness, reliability and even open up new avenues of product application.  Implementing security measures in an embedded system has a number of challenges. System resources such as memory, processing power and battery life are often limited. Time-to-market and overall cost concerns may limit how much can be implemented.

By virtue of their application, embedded devices are expected to have a much higher reliability and require lower maintenance than most other computing systems. As embedded computers move from the realm of autonomy to members of a much larger, interconnected community, security concerns have escalated.

One major security issue stems from the fact that some common communication protocols were not designed with security in mind. In fact, the TCP/IP protocol suite, which is very widely used, has some major security flaws inherent in the protocol. Some of these flaws exist because hosts rely on IP source addresses for authentication. 

Wireless communications is another area of great security concern due to the openness of the communication vehicle. For example, technologies like 802.11 and Bluetooth are appealing not only to consumers but cyber-criminals as well. Even wireless standards where encryption was originally considered like IEEE802.11 with Wired Equivalent Privacy (WEP) standard have been cracked and exploited necessitating stronger security methods (Wi-Fi Protected Access (WPA), 802.11i, WPA2 Personal and WPA2 Enterprise).

What specific measures should an embedded developer consider in order to create a secure product? What are the limitations that can be anticipated when implementing a particular security feature? A good place to start (but definitely not finish) is data encryption.

Encryption Overview

Encryption plays a vital role in the overall security puzzle. It is instrumental in safeguarding private information and is undoubtedly an efficient method to ensure the safety of business and personal data. In its simplest terms, encryption is the translation of data into a secret code. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Modern encryption is achieved using algorithms with a “key” to encrypt text or other data into digital nonsense and then decrypt it by restoring it to its original form (Figure 1). 

Encryption algorithms protect data from intruders and make sure that only the intended recipient can decode and read the information. Each algorithm uses a string of bits known as a key to perform the calculations. The larger the key (the more bits in the key), the greater the number of potential combinations that can be created, thus making it harder to break the code and unscramble the contents. 

While encryption is one of the best and most popular ways to protect data on both embedded and desktop platforms, it incorporates some unique challenges to an embedded developer who might be restricted by memory resources and processing power. Each encryption algorithm should be selected based on the amount of security that is needed in conjunction with the amount of memory and processing power at the developer’s disposal. Consider an example where a steady stream of high rate unencrypted data is being encrypted by the processor. If the encryption method is CPU intensive due to the algorithm or the key length, other vital processes could be starved or data could be lost depending on the architecture.

The upside of long keys is that they make it more difficult for an unintended user to decipher the data. For example, using the now industry standard 128-bit encryption key, it would be 4.7 sextillion (4,700,000,000,000,000,000,000) times more difficult than cracking a 56-bit encryption key. Given the current power of computers, a 56-bit key is no longer considered secure whereas a 128-bit key is. While a longer encryption key provides better protection, the embedded developer must keep in mind that it will also require more processing power to encrypt and decrypt data.

When public key encryption is implemented on a large scale, such as a secure Web server, a digital certificate is required. A digital certificate is information that says that the Web server is trusted by an independent source known as a certificate authority. The certificate authority acts as a middleman that both computers trust, and confirms that each computer is in fact who it says it is, and then provides the public keys of each computer to the other. 

Shared secrets are the most common security method for accessing confidential information. A shared secret is something known to both the user and the holder of the confidential information. The most common shared secrets are a user ID and password. These shared secrets allow the user to log into the site of the holders of confidential information such as financial institutions or online merchants. Shared secrets should be unique, and should be changed periodically in order to ensure continued security. All of these requirements add up to a fairly substantial task to provision and manage shared secrets for encryption. 

Types of Encryption

There are many algorithms for encrypting data based on these types. Some of the most common are: 

• Data Encryption Standard (DES)—uses a 56-bit key to encrypt the data. DES is now considered to be insecure for many applications. This is chiefly due to the 56-bit key size being too small; DES keys have been broken in less than 24 hours.
• Triple DES (3DES)—uses three successive DES operations to provide stronger encryption than DES. The algorithm is believed to be practically secure, although it is theoretically susceptible to some attacks. In recent years, Triple-DES has been superseded by the Advanced Encryption Standard (AES).
• Advanced Encryption Standard (AES)—also known as Rijndael, can use 128, 192 or 256 bits to encrypt and decrypt data in blocks of 128 bits. AES encryption is often a popular standard for embedded devices because it can run on very low level hardware and often can be implemented in less than 64K of code space.

As mentioned, AES serves as a replacement for DES. DES has been cracked and declared no longer suitable for securing sensitive data.

In 1997, the National Institute of Standards and Technology (NIST) started its effort to develop the AES. It brought together researchers from 12 countries who submitted encryption algorithms. Fifteen different formulas were “attacked” for vulnerabilities and evaluated by the worldwide cryptographic community. The winning algorithm was finally selected in October 2000. It incorporates the Rijndael encryption formula developed by two Belgian cryptographers, Vincent Rijmen and Joan Daemen. The final standard was published in December 2001. Rijndael (aka AES) is internationally accepted as a standard method of encryption for storing and transmitting data (Figure 2). It can also be implemented in a small amount of space, and can be run on a 16-bit, or even 8-bit processor, making it a very good choice for embedded applications.

It is estimated that it would take a computer typing 255 keys per second approximately 149 trillion years to crack the AES code. In addition to the increased security that comes with larger key sizes, AES can encrypt data much faster than Triple-DES. 

Authentication 

Today’s networks are no longer isolated from outside intrusion and threats. Encryption protects data in storage and in transit. But it does not have the capability to validate and separate authorized users from potentially malicious ones. 

Authentication, which involves verification of the user’s identity, is a fundamental concern when it comes to the security of a device. Authentication is often the first line of defense against an attack. Authentication relies on something that the user has or knows which can be compared to a known constant. This “something” has to be unique, and either secret (like a password), or sufficiently complex to be almost impossible to forge, such as a retina, fingerprint, handprint or other unique identification. Authentication also can occur by proxy, such as a stored authentication token embedded in the user’s workstation memory, or on a smart card. 

In many cases authentication is not a high priority for embedded development because often times the assumption is made that whoever has physical possession of the embedded device has the right to utilize its functionality. As more and more embedded devices take hold in our everyday lives, user authentication will become more of a necessity. 

Each authentication method has strengths and weaknesses. Passwords are considered the weakest because they can be shared or stolen. Complexity rules are largely unenforceable and modern browsers offer the “convenience” of remembering user passwords. Although attempts have been made to strengthen passwords by disallowing simple words, users are ingenious at finding ways around stronger password rules. 

While an attacker can attempt to crack passwords using the entire password space, an attack that utilizes words from a dictionary is faster because the number of dictionary words and combinations make a far smaller number than every possible character combination. Using a unique username / password combination can make a device harder for an attacker to exploit. For example, if the attacker knows a valid username (something like ‘admin’ is common on most home DSL / Cable routers), they will only need to devise a method to check that specific username against a number of passwords. If the attacker is forced to guess the username and password, the amount of attempts needed to do so will increase exponentially. To prevent novice hackers from gaining access to your computer or files, experts recommend using complicated passwords. There are many utilities that rate the strength of a password. It is good for a developer if given enough space and a visual interface, to coach the user to enter a strong password.

Secure Sockets Layer (SSL) and Secure Shell (SSH) are two protocols that are used to provide secure communications over the Internet, as well as authentication. Both SSL and SSH have become extremely important to overall network security by maintaining strict authentication for protection against intruders as well as symmetric encryption to protect transmission of data. As processing power and memory density increase, SSH and SSL are showing up more regularly in embedded systems. While they work to provide similar security parameters, it is important to note that they are not identical in approach and application.

SSL is a protocol that provides encryption services between a Web server and a Web browser using public-key cryptography. This protocol was basically designed to secure Web sessions among users via encryption and requires an application to drive it. SSL’s easy implementation as a drop-in solution makes it popular among designers looking for a quick solution. 

In contrast, SSH is a program that provides strong authentication and secure communications over unsecured channels. SSH can accomplish much more than SSL, essentially providing a secure tunnel between users. It is used as a replacement for Telnet, rlogin, rsh, and rcp, tools used to log into another computer over a network, to execute commands in a remote machine and to move files from one machine to another. SSH also supports AES as one of its many encryption algorithms. Once a session key is established, SSH uses AES to protect data in transit. 

Using authentication in conjunction with encryption can provide a high level of security against low level attacks. But as computers advance in technology, so does the technology that attacks them. Often attackers will use scripts, or well known holes in applications to exploit a system, bypassing authentication all together. A system that is designed from the beginning with security in mind will provide a good platform for added authentication and encryption. 

Encryption is an important part of an advanced security strategy. Encryption algorithms like Triple-DES and AES are some of the best and most popular ways to protect data in embedded products. It is important to understand, however, that incorporating encryption presents unique challenges in the form of memory resource restrictions; it can also be very processor intensive.

In addition to encryption there is a group of very useful tools for adding security. Authentication can provide a defense against many attacks. To strengthen security even further, SSL and SSH are recommended for certain embedded applications. Encryption and authentication are most effective when used in conjunction with a hardened OS and TCP stack that has been developed and tested with security precautions in mind. All of these things will provide a secure perimeter between the non-secure application software, the secure application software, and potential threats to your embedded device.

It is crucial to integrate security in embedded devices. Today, embedded engineers are faced with new and increasing security challenges. Looking beyond just encryption, designing for advanced security requires consideration of authentication, hardened operating systems and testing specifically for security. A design philosophy with advanced security as a key factor will enable systems to be more robust, ensure greater reliability and provide new embedded design opportunities.  

Lantronix
Irvine, CA.
(949) 453 3990.
[www.lantronix.com].