Additional security layers should be provided when remote updates and bug fixes are supported by the embedded device.
We hear about security breaches at big retailers and banking institutions just about every day. Looking in the near future, we can only expect these breaches to happen even more frequently as hackers use more sophisticated tools and the value of the information they can extract continues to grow. And attacks against embedded systems are also growing dramatically. Attacks that target critical infrastructure or the secure data of millions of customers are scary, but bringing it down to a more personal level, there are major concerns about the ease of which hackers can access data from the embedded systems in homes, cars and the hundreds of embedded devices that the general population interacts with on a daily basis.
The most obvious security functions required in an MCU or FPGA are support for common cryptographic standards for encrypting and decrypting sensitive data. Additionally, secure password protection is critical so that passwords can’t be accessed via network attacks or physical tampering. Some of the most advanced password protection techniques use the nanoscale differences in the integrated circuit manufacturing process to create unique device passwords that never leave the device and are never visible to outside attacks.
Also to provide another layer of security to a device, it can be necessary to disable some of the functions used to access on-chip data. MCUs and FPGAs need to provide protection–perhaps via special locks or passwords–so that unauthorised users cannot access data via these ports.
Often an embedded device can be reprogrammed remotely, a useful capability for fixing bugs and adding features. Unfortunately, if this facility isn't protected, an attacker could insert their own malicious code and hijack confidential data as it flows through the system. Additional security layers need to be provided when remote updates and bug fixes are supported by the embedded device or security functions could be easily compromised.
Read more: Download the full application note