Engineering Secure Devices

Engineering Secure Devices

by Dominik Merli
Released July 2024
Publisher(s): No Starch Press
ISBN: 9781718503489

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

"

As an engineer, you know that countless devices—from industrial components to smart household appliances—rely on embedded computer systems. But how do you balance the need for robust security with performance and innovative product design?

Engineering Secure Devices will guide you through crafting secure devices—from protecting crucial assets to the nature of attackers and the risks they pose. You’ll explore the technical intricacies and pros and cons of symmetric and asymmetric cryptography and learn how to use and analyze random number generators and cryptographic algorithms. You’ll learn how to ensure confidential data storage and secure memory, and devise secure device identity solutions and communication protocols to reinforce system architecture against potential threats. And finally, you’ll learn how to properly design secure boot and secure update processes, manage access control, and perform system monitoring to secure IoT devices.

Real-world case studies throughout highlight practical applications, solutions, and obstacles, such as firmware updates with SWUpdate, secure communication with MQTT, and advanced access control with AppArmor.

You’ll also dig into topics like:

  • Analyzing the performance of cryptographic implementations in both hardware and software
  • Considerations for secure boot and software update processes to ensure ongoing firmware integrity
  • Designing robust device architectures that withstand attacks while maintaining critical operations
  • Developing strategies to detect and respond to anomalies or security breaches in embedded systems

Whether you’re an IoT developer or an embedded system architect, Engineering Secure Devices equips you with the indispensable knowledge to design, secure, and support the next generation of smart devices—from webcams to four-legged robots.

"

Publisher resources

View/Submit Errata

Table of contents

  1. Cover Page
  2. Title Page
  3. Copyright Page
  4. Dedication Page
  5. About the Author
  6. About the Technical Reviewer
  7. BRIEF CONTENTS
  8. CONTENTS IN DETAIL
  9. FOREWORD
  10. ACKNOWLEDGMENTS
  11. INTRODUCTION
    1. The State of Embedded System Security
    2. Emerging Requirements, Laws, and Standards
    3. Who Should Read This Book?
    4. What Does This Book Cover?
    5. A Note on the Case Studies in This Book
  12. PART I FUNDAMENTALS
  13. 1 SECURE DEVELOPMENT PROCESS
    1. On the Variety of Guidelines
    2. Responsibility for Product Security
    3. Awareness and Training
    4. Assets and Protection Goals
      1. Valuable Product Parts
      2. Relevant Protection Needs
    5. Attackers, Threats, and Risks
      1. Potential Adversaries
      2. Potential Negative Impacts
      3. No Risks, No Priorities
    6. Security Requirements and Security Architecture
      1. Risk Treatment
      2. Secure Development Principles
    7. Secure Implementation and Security Testing
      1. Shift Left
      2. Continuous Testing and Analysis
      3. Attackers as a Service
    8. Vulnerability Monitoring and Response
      1. Reporting Vulnerabilities
      2. Reviewing and Assessing Vulnerability Reports
      3. Fixing or Addressing the Issue
      4. Testing
      5. Disclosing the Solution
      6. Avoiding Future Issues
      7. Establishing Trust
    9. Summary
  14. 2 CRYPTOGRAPHY
    1. Kerckhoffs’s Principle
    2. Levels of Security
    3. Symmetric Ciphers
      1. Data Encryption Standard
      2. Advanced Encryption Standard
    4. Modes of Operation
      1. Electronic Codebook Mode
      2. Cipher Block Chaining Mode
      3. Counter Mode
    5. Hash Functions
    6. Message Authentication Codes
    7. Authenticated Encryption
      1. Strategies and Requirements
      2. Galois Counter Mode
    8. Asymmetric Cryptography
    9. The RSA Cryptosystem
      1. Basic RSA Math
      2. Real-World RSA Usage
    10. Diffie-Hellman Key Exchange
      1. The Mathematical Beauty
      2. Man-in-the-Middle Attacks
    11. Elliptic-Curve Cryptography
      1. The Math Behind the Curves
      2. The Agony of Choice
      3. Practical Applications of ECC
    12. Summary
  15. PART II DEVICE SECURITY BUILDING BLOCKS
  16. 3 RANDOM NUMBER GENERATORS
    1. The Need for Randomness
    2. The Nature of Randomness
    3. True Random Number Generators
      1. Ring Oscillators
      2. The Health Status of Entropy Sources
    4. Pseudorandom Number Generators
    5. Practical RNG Constructions and Usage
      1. RNG Selection
      2. Error Handling
      3. Boot-Time Entropy
    6. Case Study: Random Numbers from Hardware to Python
      1. Hardware RNG and Entropy Source
      2. Hardware RNG Integration in Linux
      3. Linux RNG Architecture
      4. Cryptographically Secure Random Numbers in Python
    7. Case Study: Practical Tools for a Randomness Quick Check
      1. Simple Tools for Distribution Analysis and Pattern Recognition
      2. Problem 1: Output Space Restriction by Modulo
      3. Problem 2: Custom PRNG Designs
    8. Summary
  17. 4 CRYPTOGRAPHIC IMPLEMENTATIONS
    1. Implementation Context and Requirements
    2. Selecting Crypto Implementations
    3. AES Implementation Options
      1. Basic Architecture
      2. Optimized Operations
    4. Implementation Characteristics of RSA and ECDSA
      1. RSA Optimizations
      2. ECDSA Specifics
    5. Case Study: Crypto Performance on an STM32MP157F Device
      1. Parameter Choice for Symmetric Encryption
      2. Software vs. Hardware Implementation for SHA-256 Hashing
      3. Comparison of Software Performance of Asymmetric Crypto
    6. Summary
  18. 5 CONFIDENTIAL DATA STORAGE AND SECURE MEMORY
    1. Confidential Data
    2. The Dilemma of Keeping Secrets on Embedded Systems
    3. Secure Filesystem Approaches
      1. Encrypted Stacked Filesystems
      2. Native Filesystem Encryption
      3. Encrypted Block Devices
      4. Recommendations
      5. The Passphrase
    4. Secure Memory in Hardware
      1. External Secure Memory
      2. Internal Secure Memory
    5. Secrets in Application Code
    6. Secure Password Storage
    7. Case Study: Encrypted File Containers on Linux
      1. Crypto Benchmarking
      2. Container Creation
      3. Efficiency Analysis
    8. Read-Out Protection as a Low-Cost Solution
    9. Summary
  19. 6 SECURE DEVICE IDENTITY
    1. Every Device Is Unique
    2. Identification and Identifiers
      1. Unique Identifiers
      2. System Identities
    3. Authentication and Authenticators
      1. Authentication Protocols
      2. Dedicated Authentication Chips
      3. Multifactor Authentication
      4. Trusted Third Parties
      5. Certificates and Certificate Authorities
    4. Identity Life Cycle and Management
      1. Generation
      2. Provisioning
      3. Usage in the Field
      4. Exchange or Destruction
    5. Case Study: Identity Generation and Provisioning
      1. Identifiers and System Identity
      2. Certificate Signing Request
      3. Certificate Authority
    6. Case Study: RSA Key Generation in Production
    7. Summary
  20. 7 SECURE COMMUNICATION
    1. All the Protection Goals
    2. Transport Layer Security
      1. History
      2. TLS Basics
      3. TLS 1.3
      4. TLS 1.2
      5. Requirements for Devices and Infrastructure
      6. Application Examples and Software Libraries
    3. Case Study: Secure MQTT Communication
      1. Mosquitto Installation and Configuration
      2. The First Test Run
      3. Communication Security Analysis with Wireshark and SSLyze
    4. Secure Communication Without TLS
    5. Redundancy in Secure Communication
    6. Summary
  21. PART III ADVANCED DEVICE SECURITY CONCEPTS
  22. 8 SECURE BOOT AND SYSTEM INTEGRITY
    1. System Boot Complexity
    2. Boot Protection Concepts
    3. Classic Secure Boot Chain
    4. Considerations for Implementing Secure Boot
      1. Hardware and Software Requirements
      2. Development Process
      3. Production and Lifetime
    5. Open Source Licenses vs. Secure Boot
    6. Case Study: Secure Boot Process on an STM32MP157F Device
      1. The Boot Process
      2. Secure Boot Starts in Hardware
      3. Secure Boot Based on BL2 TF-A
      4. U-Boot’s Secure Boot Feature
    7. Integrity Protection Beyond the Boot Process
      1. Kernel Module Verification
      2. Filesystem Integrity
    8. Write Protection as a Low-Cost Solution
    9. Summary
  23. 9 SECURE FIRMWARE UPDATE
    1. The Inevitability of Updates
    2. Security Requirements
      1. Authenticity
      2. Confidentiality
      3. Secure Distribution Channel
      4. Rollback Option
      5. Version Distribution Monitoring
    3. Distribution and Deployment of Updates
      1. Local vs. Remote Updates
      2. Pull vs. Push Strategy
    4. Update Granularity and Format
      1. Firmware Parts
      2. Update Formats
      3. Issues with Package Managers
    5. Device Partitioning Strategies
      1. Update/Recovery Partition
      2. A/B System Approach
      3. A Note on Updating Bootloaders
    6. The Interplay Between Development, Backend, and Device
    7. Case Study: Secure Firmware Updates with SWUpdate
      1. SD Card Layout Customization
      2. SWUpdate Installation and Configuration
      3. Device-Specific Customization
      4. Update Process Evaluation
    8. Summary
  24. 10 ROBUST DEVICE ARCHITECTURE
    1. Devices Under Network Stress
      1. Malfunctioning Neighbor Devices
      2. Protocol Fuzzing
      3. Network and Vulnerability Scanning
      4. Flooding Attacks
      5. Robust Architectures
    2. Essential Device Functions
      1. Sensors
      2. Actuators
      3. Controllers
    3. Real-Time Systems
      1. Soft Real-Time Systems
      2. Firm Real-Time Systems
      3. Hard Real-Time Systems
      4. Impact of DoS Attacks
    4. Resource Exhaustion and Prevention Strategies
    5. Hardware-Level Implementation Options
      1. Dedicated Preprocessing Unit
      2. Multicore Architectures
    6. Operating System Capabilities
      1. Operating System Options
      2. Linux with a Real-Time Patch
    7. Application and Protocol Considerations
      1. Identify Logical Flaws
      2. Implement Input and Sender Validation
      3. Analyze Active Protection Measures
      4. Introduce Chaos Engineering and Fuzzing
    8. Case Study: Robustness Options on an STM32MP157F Device
      1. Basic System Properties
      2. Measurements on a Low-Latency Kernel
      3. Measurements on a Real-Time Kernel
      4. Real-Time Coprocessor
    9. Summary
  25. 11 ACCESS CONTROL AND MANAGEMENT
    1. Everyday Threats
    2. Access Control and Damage Containment
      1. Design and Development Phase
      2. Production Considerations
      3. Customer Activities and Decommissioning
    3. Discretionary Access Control
      1. Linux Filesystem Permissions
      2. Linux User and Group Management
      3. Linux Permission Management
      4. Access-Control Lists
    4. Case Study: Access Control for STM32MP157F-DK2 Firmware
      1. User Creation and File Provisioning in Yocto
      2. Exploration of System Files and Predefined Users
      3. SSH Daemon Access-Control Configuration
    5. Mandatory Access Control
      1. Linux Security Modules
      2. SELinux
      3. AppArmor
      4. Other LSMs and Non-LSM MACs
    6. Case Study: Application Confinement with AppArmor
      1. Installation
      2. Application Profiling
    7. Summary
  26. 12 SYSTEM MONITORING
    1. Monitoring for the Right Reasons
    2. Monitoring the Right Things
      1. User Interactions and Access Control
      2. Communication
      3. Application Behavior
      4. System Behavior
      5. Risk-Based Monitoring
    3. Designing a Monitoring Scheme
      1. Challenges for Embedded Systems
      2. Monitoring of the On-Device Logging Process
      3. Central Log Analysis and Management
    4. Case Study: Logging Events on an STM32MP157F Device
      1. User-Session Monitoring with journald
      2. Kernel Event Monitoring with auditd
      3. Service and Application Event Logging
      4. Logging to a Remote Server
    5. Summary
  27. AFTERWORD
  28. INDEX

Product information

  • Title: Engineering Secure Devices
  • Author(s): Dominik Merli
  • Release date: July 2024
  • Publisher(s): No Starch Press
  • ISBN: 9781718503489