Embedded systems are less powerful than classic IT systems and have a much longer life cycle. Consequently, security for embedded systems needs new concepts that take into account the peculiarities of the Internet of Things (IoT) – for example, a deterministic approach.
Securing embedded systems against hackers
Industry 4.0 and Industrial IoT are changing production, with networked machines proliferating in factories. In contrast to the closed production facilities of the past, networking with the Internet opens up new attack vectors such as malware or hacking. With networking based on IT standards, machine tools and industrial equipment now resemble a conventional computer and must be secured with similar precautions. But many tried-and-true methods that are successful in a data center are not suitable for networked IoT devices.
Industrial applications need small footprint
The reason: IoT devices are a highly constrained system environment. This is especially true for embedded systems in machines and plants. In them, main processors, memory and input/output are not very powerful and are also largely utilized in many applications.
The systems are often designed to be as economical as possible for cost reasons, but also to save power in certain application scenarios. Conventional security concepts with high power consumption are therefore ruled out from the outset.
What is needed are security applications with a small binary footprint, both on the storage media and in the main memory. This requirement also applies to updates of the security solution. Because of the enormous dynamics in the development of malware, signature databases in data centers are sometimes updated several times a day.
This cannot be replicated in the limited IoT system environment, and assuming thousands of networked devices, even the best broadband networks would be overwhelmed.
Sealing closed industrial systems
In short, IoT security should follow different security concepts than IT security. Networked industrial devices are closed systems that often have to manage for a long period of time without user intervention from the outside. Experts speak here of deterministic systems that execute a finite number of operations, all of which are defined in the firmware of the devices.
The consequence from a security point of view is that any operation not provided for in the device software can be interpreted as a hacker attack and defended against accordingly.
The software of machines and systems in the industrial sector must be sealed against various types of attacks. Providers such as Karamba Security take a novel approach to this: based on a static analysis, the solution determines which function calls are valid. In technical terms, they check the control flow integrity (CFI).
Using a call diagram, the firmware ensures at runtime that only legitimate function calls can be executed. This blocks, for example, any attempt to load malware directly into memory – a typical gateway for cybercriminals.
Whitelisting simplifies scanning
The firmware is supplemented with a whitelisting component. This contains a database with the signatures of all legitimately executable binaries, such as applications and system libraries. As soon as a binary file is loaded, the security software calculates its unique signature and compares it with the signature from the database. If there are any discrepancies here, the execution of the respective binary file is prevented.
Control flow integrity and whitelisting detect attacks before the system is compromised. This allows the device to protect itself from attacks without relying on patch updates via connection to a network. Especially in scenarios where a constant connection to a network cannot be guaranteed, non-delayed or delayed updates can lead to security breaches. Therefore, a solution that does not rely on updates is better.
Functional updates are still possible
Deterministic security also has another advantage over traditional security approaches: It avoids false positives as well as false negatives. If a solution uses databases with attack techniques and malware signatures, false positives are a regular occurrence. In systems with high data throughput, a false positive is even more likely than a real attack. In the industry, this leads to avoidable production downtime that ultimately causes lost revenue and troubleshooting costs.