Abstract
Security is increasingly widespread in many embedded systems. Embedded systems requiring security range from the smallest RFID tag to satellites orbiting the earth. This widespread need for security is expected to continue for many more decades. Future growth services include identify control (e-passport, e-VISA), public services (e-administration, e-commerce, e-banking, transportation), communication (SIM card, PDAs), retail business (inventory systems), health care (patient monitoring, RFID, pharmaceuticals supply chain), and entertainment (games, movie industry). For example, the global shipment of smart cards exceeded five billion units in 2008. This is expected to increase by 11% through 2012 (RNCOS 2009). In 2008, 70% of the shipment was attributable to mobile subscribers. The use of contactless smart cards is expected to grow by 30% through 2012 (RNCOS 2009). This section will briefly introduce some types of security attacks on embedded systems and then overview some interesting embedded systems describing their security requirements.
Embedding security into devices is not a straightforward process. First the type of security functionality to embed into the device must be determined. This is often a challenge since specifying security requirements largely depends upon attack or threat models, which may not be fully known at the time. Designers must also ensure that their implementations are secure, since this is typically the focus of attacks. Unlike other embedded constraints such as energy, performance, and cost, which can be verified and quantified, the verification of security is often not possible (apart from functionality). In general, the security cannot be quantified nor can it be readily verified due to the possibility of unforeseen future attacks. From a security point of view, a complete understanding of the device from the process level and up is necessary in order to verify that the security and its implementation are sound. This section will discuss attacks and the need for security in some interesting embedded systems.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Anderson R (2001) Security engineering. Wiley, New York
Drimer S (2007) Volatile FPGA design security – a survey. Computer Laboratory, University of Cambridge, Cambridge, UK. http://www.cl.cam.ac.uk/~sd410
Gao (2002) Critical infrastructure protection: commercial satellite security should be more fully addressed. USGAO, GAO-02–781. http://www.gao.gov/new.items/d02781.pdf
Gebotys C, Ho S, Tiu CC (2005) EM analysis of Rijndael an ECC on a wireless java-based PDA, CHES 2005, LNCS 3659 GmbH 250–265
Grand J (2005) Advanced hardware hacking techniques. Defcon 12. http://grandideastudio.com/wp-content/uploads/advanced_hardware_hacking_slides.pdf
Hancke GP (2005) A practical relay attack on ISO 14443 proximity cards. http://www.cl.cam.ac.uk/~gh275/distance.pdf
Hoppe T, Dittman J (2007) Sniffing/replay attacks on CAN buses: a simulated attack on the electronic window lift classified using an adapted CERT taxonomy. Workshop on Embedded Security in Systems (WESS)
Huang A (2002) Keeping secrets in hardware: the Microsoft Xbox case study. MIT AI lab, AI Memo 2002–08. http://www.ai.mit.edu
ISO 7816 (1987–2005) Identification cards – integrated circuit cards, 1st edn. International Organization for Standardization, ISO/IEC, Geneva, Switzerland
ISO 14443 (1999) Identification cards – contactless integrated circuit(s) cards – proximity cards. Final committee draft. International Organization for Standardization, ISO/IEC, Geneva, Switzerland
ISO 7810 (2003) Identification cards – physical characteristics. Final draft. International Organization for Standardization, ISO/IEC, Geneva, Switzerland
Jansen W, Ayers R (2004) Guidelines on PDA forensics SP800–72. http://csrc.nist.gov/publications/nistpubs/800--72/sp800--72.pdf
Jun B (2008) Protecting consumer electronics, HT1–108, RSA 2008 presentation
Kent J (2006) Security fears raised at conference. http://news.bbc.co.uk/2/hi/technology/5399050.stm
Kocher P, Jaffe J, Jun NB (1999) Differential power analysis. In: CRYPTO’99. Springer, New York, pp 388–397
Kotadia M (2004) Bluetooth phone hacking tools ‘spreading quickly’. http://networks.silicon.com/mobile/0,39024665,39118440,00.htmG
Kuhn M, Anderson R (1996) Tamper resistance – a cautionary note. Second USENIXworkshop on electronic commerce, Oakland, CA, pp 1–11
Landers K (2008) Millions of dollars lost in identity theft. Transcript from AM. http://www.abc.net.au/am/content/2008/s2325433.htm
Marwedel P (2006) Embedded system design, 2nd edn. Birkhauser, Springer, New York
Marwedel P, Gebotys C (2004) Panel on secure and safety-critical vs. insecure, non safety-critical embedded systems: do they require completely different design approaches? In: ACM Proc of CODES+ISSS’04, 8–10 Sept 2004, Stockholm, Sweden, pp 72–73
NASA Web site. http://techtran.msfc.nasa.gov/SBIR/tether.html
Newitz A (2006) The RFID hacking underground. WIRED, issue 14.05. http://www.wired.com/wired/archive/14.05/rfid.html
Oren Y, Shamir A (2006) Power analysis of RFID tags. http://www.wisdom.weizmann.ac.il/~yossio/rfid.
Paar C (2008) New directions in lightweight cryptographic primitives for RFID applications. In: RFID CUSP workshop, John Hopkins University, presentation, Baltimore, MD
Paar C (2009) Crypto Engineering: Some History and Some Case studies, CHES 2009 Presentation http://www.iacr.org/workshops/ches/ches2009/presentations/07_Invited_Talk_II/CHES2009_paar.pdf
Rao JR, Rohatgi P, Scherzer H, Tinguely S (2002) Partitioning attacks: or how to rapidly clone some GSM cards. IEEE Symp Security Privacy 31–41
Rieback M et al (2006) A platform for RFID security and privacy administration. In: Proceedings of the 20th conference on large installation system administration, Washington, DC
RNCOS (2009) Smart card market forecast to 2012. RNCOS. http://www.reportbuyer.com/banking_finance/debit_credit_cards/smart_card_market_forecast_2012.html
Schneier (2005) Eavesdropping on bluetooth automobiles, Schneier on security. http://www.schneier.com/blog/archives/2005/08/eavesdropping_o.html
Shamir A, Van Someren N (1998) Playing hide and seek with stored keys. In: Financial cryptography 1998, Springer, Berlin, 10.1007/3–540–48390-X 1999. LNCS 1648:118–124
Tarnovsky C (2008) Security failures in secure devices. Black Hat briefings and training. http://www.blackhat.com/presentations/bh-europe-08/Tarnovsky/Presentation/bh-eu-08-tarnovsky.pdf
VanTilborg HCA (2005) Encyclopedia of cryptography and security. Springer, New York
Xnet (2007) Hackers control a British military communications satellite, xnet solutions, http://www.890 xnet.com.pk/news/2007/05/hackers-control-british-military.html
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2010 Springer Science+Business Media, LLC
About this chapter
Cite this chapter
Gebotys, C.H. (2010). Introduction to Secure Embedded Systems. In: Security in Embedded Devices. Embedded Systems. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-1530-6_2
Download citation
DOI: https://doi.org/10.1007/978-1-4419-1530-6_2
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-1529-0
Online ISBN: 978-1-4419-1530-6
eBook Packages: EngineeringEngineering (R0)