Security and Its Features in Embedded Design
Security is a very important part of an embedded design, but in order to determine if you need security and how secure the embedded design must be, you should know what things you want to protect and the cost you can accept.
Some embedded designs are required security. For example, the security is needed to protect both the storage and communication of credit card information from end users, terminal operators, service technicians and organized crime. And media players must secure rights management of content and copy protection from content pirates.
Security features
Cryptographic acceleration
The most important function of cryptographic acceleration is it can free the host CPU to perform other tasks. It also can be used to protect data transmitted through insecure network with a secure socket layer. There are several cryptographic algorithms that can be used to accomplish specific security goals:
- Encryption algorithms
- Hashing algorithms
- Authentication algorithms
- True random number generator
Secure boot
Secure boot can establish a known good starting point for device operation by using hardware based “root of trust”. This allows the device to prevent external entities from modifying customer-developed algorithms; to stop unauthorized users from misusing the customer’s system; and to protect the device operation by preventing insertion of malware, reverse engineering and system cloning. There are three features of secure boot that offer different types of protection but have different costs and requirements:
- Intellectual property (IP) protection
Intellectual property (IP) protection does not allow copying of the code sitting in external flash. By encrypting the code and data contents of the external boot image, this protects the software investment that went in to the embedded system.
- Takeover protection
Takeover protection allows the processor to only run the software you’ve programmed on it. By using non-volatile one-time-programmable memory within an embedded device, the device can establish a hardware based root of trust to only run software that is authorized.
- Open manufacturing protection
Open manufacturing protection gives an embedded system design company the ability to protect their secrets from their third party manufacturers. By having a shared secret between the embedded system design company and the device, the third party manufacturer is able to produce the system but unable to see any sensitive information.
Secure run time
Secure run time protects your secure algorithms and data from the rest of the software in the embedded system, including: ARM TrustZone, secure DMA, secure storage, and secure watchdog timer.