book

Engineering Secure Devices

Name: Engineering Secure Devices
Author: Dominik Merli
ISBN: 9781718503489

by Dominik Merli

July 2024

Intermediate to advanced

288 pages

7h 54m

English

No Starch Press

Read now

Unlock full access

Cover Page
Title Page
Copyright Page
Dedication Page
About the Author
About the Technical Reviewer
BRIEF CONTENTS
CONTENTS IN DETAIL
FOREWORD
ACKNOWLEDGMENTS

INTRODUCTION
The State of Embedded System SecurityEmerging Requirements, Laws, and StandardsWho Should Read This Book?What Does This Book Cover?A Note on the Case Studies in This Book
PART I FUNDAMENTALS
1 SECURE DEVELOPMENT PROCESS
On the Variety of GuidelinesResponsibility for Product SecurityAwareness and TrainingAssets and Protection GoalsValuable Product PartsRelevant Protection NeedsAttackers, Threats, and RisksPotential AdversariesPotential Negative ImpactsNo Risks, No PrioritiesSecurity Requirements and Security ArchitectureRisk TreatmentSecure Development PrinciplesSecure Implementation and Security TestingShift LeftContinuous Testing and AnalysisAttackers as a ServiceVulnerability Monitoring and ResponseReporting VulnerabilitiesReviewing and Assessing Vulnerability ReportsFixing or Addressing the IssueTestingDisclosing the SolutionAvoiding Future IssuesEstablishing TrustSummary
2 CRYPTOGRAPHY
Kerckhoffs’s PrincipleLevels of SecuritySymmetric CiphersData Encryption StandardAdvanced Encryption StandardModes of OperationElectronic Codebook ModeCipher Block Chaining ModeCounter ModeHash FunctionsMessage Authentication CodesAuthenticated EncryptionStrategies and RequirementsGalois Counter ModeAsymmetric CryptographyThe RSA CryptosystemBasic RSA MathReal-World RSA UsageDiffie-Hellman Key ExchangeThe Mathematical BeautyMan-in-the-Middle AttacksElliptic-Curve CryptographyThe Math Behind the CurvesThe Agony of ChoicePractical Applications of ECCSummary
PART II DEVICE SECURITY BUILDING BLOCKS
3 RANDOM NUMBER GENERATORS
The Need for RandomnessThe Nature of RandomnessTrue Random Number GeneratorsRing OscillatorsThe Health Status of Entropy SourcesPseudorandom Number GeneratorsPractical RNG Constructions and UsageRNG SelectionError HandlingBoot-Time EntropyCase Study: Random Numbers from Hardware to PythonHardware RNG and Entropy SourceHardware RNG Integration in LinuxLinux RNG ArchitectureCryptographically Secure Random Numbers in PythonCase Study: Practical Tools for a Randomness Quick CheckSimple Tools for Distribution Analysis and Pattern RecognitionProblem 1: Output Space Restriction by ModuloProblem 2: Custom PRNG DesignsSummary
4 CRYPTOGRAPHIC IMPLEMENTATIONS
Implementation Context and RequirementsSelecting Crypto ImplementationsAES Implementation OptionsBasic ArchitectureOptimized OperationsImplementation Characteristics of RSA and ECDSARSA OptimizationsECDSA SpecificsCase Study: Crypto Performance on an STM32MP157F DeviceParameter Choice for Symmetric EncryptionSoftware vs. Hardware Implementation for SHA-256 HashingComparison of Software Performance of Asymmetric CryptoSummary
5 CONFIDENTIAL DATA STORAGE AND SECURE MEMORY
Confidential DataThe Dilemma of Keeping Secrets on Embedded SystemsSecure Filesystem ApproachesEncrypted Stacked FilesystemsNative Filesystem EncryptionEncrypted Block DevicesRecommendationsThe PassphraseSecure Memory in HardwareExternal Secure MemoryInternal Secure MemorySecrets in Application CodeSecure Password StorageCase Study: Encrypted File Containers on LinuxCrypto BenchmarkingContainer CreationEfficiency AnalysisRead-Out Protection as a Low-Cost SolutionSummary
6 SECURE DEVICE IDENTITY
Every Device Is UniqueIdentification and IdentifiersUnique IdentifiersSystem IdentitiesAuthentication and AuthenticatorsAuthentication ProtocolsDedicated Authentication ChipsMultifactor AuthenticationTrusted Third PartiesCertificates and Certificate AuthoritiesIdentity Life Cycle and ManagementGenerationProvisioningUsage in the FieldExchange or DestructionCase Study: Identity Generation and ProvisioningIdentifiers and System IdentityCertificate Signing RequestCertificate AuthorityCase Study: RSA Key Generation in ProductionSummary
7 SECURE COMMUNICATION
All the Protection GoalsTransport Layer SecurityHistoryTLS BasicsTLS 1.3TLS 1.2Requirements for Devices and InfrastructureApplication Examples and Software LibrariesCase Study: Secure MQTT CommunicationMosquitto Installation and ConfigurationThe First Test RunCommunication Security Analysis with Wireshark and SSLyzeSecure Communication Without TLSRedundancy in Secure CommunicationSummary
PART III ADVANCED DEVICE SECURITY CONCEPTS
8 SECURE BOOT AND SYSTEM INTEGRITY
System Boot ComplexityBoot Protection ConceptsClassic Secure Boot ChainConsiderations for Implementing Secure BootHardware and Software RequirementsDevelopment ProcessProduction and LifetimeOpen Source Licenses vs. Secure BootCase Study: Secure Boot Process on an STM32MP157F DeviceThe Boot ProcessSecure Boot Starts in HardwareSecure Boot Based on BL2 TF-AU-Boot’s Secure Boot FeatureIntegrity Protection Beyond the Boot ProcessKernel Module VerificationFilesystem IntegrityWrite Protection as a Low-Cost SolutionSummary
9 SECURE FIRMWARE UPDATE
The Inevitability of UpdatesSecurity RequirementsAuthenticityConfidentialitySecure Distribution ChannelRollback OptionVersion Distribution MonitoringDistribution and Deployment of UpdatesLocal vs. Remote UpdatesPull vs. Push StrategyUpdate Granularity and FormatFirmware PartsUpdate FormatsIssues with Package ManagersDevice Partitioning StrategiesUpdate/Recovery PartitionA/B System ApproachA Note on Updating BootloadersThe Interplay Between Development, Backend, and DeviceCase Study: Secure Firmware Updates with SWUpdateSD Card Layout CustomizationSWUpdate Installation and ConfigurationDevice-Specific CustomizationUpdate Process EvaluationSummary
10 ROBUST DEVICE ARCHITECTURE
Devices Under Network StressMalfunctioning Neighbor DevicesProtocol FuzzingNetwork and Vulnerability ScanningFlooding AttacksRobust ArchitecturesEssential Device FunctionsSensorsActuatorsControllersReal-Time SystemsSoft Real-Time SystemsFirm Real-Time SystemsHard Real-Time SystemsImpact of DoS AttacksResource Exhaustion and Prevention StrategiesHardware-Level Implementation OptionsDedicated Preprocessing UnitMulticore ArchitecturesOperating System CapabilitiesOperating System OptionsLinux with a Real-Time PatchApplication and Protocol ConsiderationsIdentify Logical FlawsImplement Input and Sender ValidationAnalyze Active Protection MeasuresIntroduce Chaos Engineering and FuzzingCase Study: Robustness Options on an STM32MP157F DeviceBasic System PropertiesMeasurements on a Low-Latency KernelMeasurements on a Real-Time KernelReal-Time CoprocessorSummary
11 ACCESS CONTROL AND MANAGEMENT
Everyday ThreatsAccess Control and Damage ContainmentDesign and Development PhaseProduction ConsiderationsCustomer Activities and DecommissioningDiscretionary Access ControlLinux Filesystem PermissionsLinux User and Group ManagementLinux Permission ManagementAccess-Control ListsCase Study: Access Control for STM32MP157F-DK2 FirmwareUser Creation and File Provisioning in YoctoExploration of System Files and Predefined UsersSSH Daemon Access-Control ConfigurationMandatory Access ControlLinux Security ModulesSELinuxAppArmorOther LSMs and Non-LSM MACsCase Study: Application Confinement with AppArmorInstallationApplication ProfilingSummary
12 SYSTEM MONITORING
Monitoring for the Right ReasonsMonitoring the Right ThingsUser Interactions and Access ControlCommunicationApplication BehaviorSystem BehaviorRisk-Based MonitoringDesigning a Monitoring SchemeChallenges for Embedded SystemsMonitoring of the On-Device Logging ProcessCentral Log Analysis and ManagementCase Study: Logging Events on an STM32MP157F DeviceUser-Session Monitoring with journaldKernel Event Monitoring with auditdService and Application Event LoggingLogging to a Remote ServerSummary
AFTERWORD
INDEX

Overview

As an engineer, you know that countless devices—from industrial components to smart household appliances—rely on embedded computer systems. But how do you balance the need for robust security with performance and innovative product design?

Engineering Secure Devices will guide you through crafting secure devices—from protecting crucial assets to the nature of attackers and the risks they pose. You’ll explore the technical intricacies and pros and cons of symmetric and asymmetric cryptography and learn how to use and analyze random number generators and cryptographic algorithms. You’ll learn how to ensure confidential data storage and secure memory, and devise secure device identity solutions and communication protocols to reinforce system architecture against potential threats. And finally, you’ll learn how to properly design secure boot and secure update processes, manage access control, and perform system monitoring to secure IoT devices.

Real-world case studies throughout highlight practical applications, solutions, and obstacles, such as firmware updates with SWUpdate, secure communication with MQTT, and advanced access control with AppArmor.

You’ll also dig into topics like:

Analyzing the performance of cryptographic implementations in both hardware and software
Considerations for secure boot and software update processes to ensure ongoing firmware integrity
Designing robust device architectures that withstand attacks while maintaining critical operations
Developing strategies to detect and respond to anomalies or security breaches in embedded systems

Whether you’re an IoT developer or an embedded system architect, Engineering Secure Devices equips you with the indispensable knowledge to design, secure, and support the next generation of smart devices—from webcams to four-legged robots.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781098182205Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills