The Embedded systems targeted and designed for a specific application need, gets connected to internet. Many of the tasks, computations and applications accomplished in Desktop PC are achieved through embedded device as well. Thus, leaving the devices vulnerable to attacks, which leads to the necessity to address the issues of design constraints and limitations in hardware to provide a cost-effective solution. Secured systems are-
iWave offers Services and IP for secure OS / IoT:
Why Security is Important ….??!
The immense need to address this security in Embedded Systems, invades following protection of data:
In connected devices, this secure data is transferred through public networks. So, it is important to ensure that secure data is protected from unauthorized access thus ensuring security.
WolfSSL SSL/TLS Library
iWave have partnered with wolfSSL Inc, a popular USA based embedded SSL/TLS and cryptography provider for the IoT. The partnership allows iWave to add the benefits of wolfSSL embedded SSL/TLS library and hardware crypto support onto several iWave devices (such as SOMs, Dev. Boards, and SBCs) that include hardware cryptography modules. The partnership expands iWave’s commitment to providing our customers with a completely secure embedded platform optimized to meet the performance specifications of connected IoT solutions.
The wolfSSL embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments. wolfSSL advanced feature set, size, and speed make it work seamlessly in desktop, enterprise, and cloud environments. iWave devices with the wolfSSL stack are well balanced to deploy in connected space and well supported with a strong engineering team to help customers through product development and deployment cycles.
iWave Expertise in wolfSSL:
Security in Embedded System:
Security in Embedded System is mostly a combination of Hardware, Software, and Mechanical solutions. A hardware solution is like Secure SoC, Secure ROM, TrustZone, Hardware Cryptography, Tamper Detection, etc. The software solution includes software encryption algorithms, Trusted Software. In most cases it will be a combination of Hardware and Software solutions to ensure the highest security.
Tamper Detection module will provide physical protection for the devices. In case of any tampering, the Tamper detection modules inform the SoC of the corresponding events as below
When the SoC detects the tampering event, a security violation alarm is asserted for
Many SOC manufacturers provide a “Secure Boot” option which adds cryptographic checks to each stage of the Secure boot process. The firmware code is signed using the device manufacturer’s code verification private key. The Secure Bootloader, on boot up, checks the validity of the code by verifying the signature using the code verification public-key.
Cryptographic signature algorithms:
Cryptographic algorithms are used to encrypt and decrypt the data. Most famously used Cryptographic algorithms are public key- private key cryptographic algorithms. This algorithm uses two different but mathematically linked keys.
A similar Cryptographic algorithm approach is used in the secure boot with few enhancements. Here along with cryptographic algorithms, certain measures are taken so that the system cannot be hacked.
In Secure Boot, the Public key is encrypted and stored in one-time programmable registers.
ROM code contains a signature verification module and the code verification public-key to verify the firmware code.
Why it is Secure…!!!
Chain of Trust:
A secure boot checks for “authenticated image” in every stage of the boot process. This process aims to check the integrity of the “authenticated image”, hence preventing any unauthorized software from running.
The secure boots rely on the idea of “Chain of Trust”. Starting with an implicitly trusted component, every other component can be authenticated before being executed, hence always only authenticated trusted image is running.
ROM code verifies & authenticates the signed 1st stage boot loader.
The 1st stage boot loader verifies & authenticates the signed 2nd stage boot loader.
The 2nd stage boot loader verifies & authenticates the signed OS image followed by file system mounting and launching the application.
Arm TrustZone technology is a System on Chip (SoC) and CPU system-wide approach for security. TrustZone is hardware-based security built into SoCs by semiconductor chip designers who want to provide secure endpoints and a device root of trust.
Trusted OS like OPTEE (Open Portable Trusted Execution Environment) runs securely on Trustzone hardware embedded in the SoC. The processor core of SoC has two virtual cores: Secure and Non-Secure
The Secure Boot loader (ROM) in the SoC ensures that the device boots up with the Secure OS/firmware with the right process privileges. The Memory Management Unit (MMU) configured by the OS permits access to the buffers in the Internal RAM that involves secret key operations only to the secure processes with special OS privileges.
OP-TEE OS running in TrustZone provides key features like isolation from REE, small footprint, and portability.
For more details, information about OPTEE OS refer: Here
IoT Communication with the cloud over MQTT is secured with SSL/TLS. Every data transfer will be encrypted using TLS protocol. Apart from SSL/TLS, Cloud may have its own authentication methods and policies to allow/restrict the connection.
Security Optimized Embedded Solutions
Copyright © 2020 iWave Systems Technologies Pvt. Ltd.