Embedded
Security

Based on many years of experience with the most diverse requirements of our customer projects, we have developed a security concept for you that includes the most important points for your product:

  • Know-how protection (application, algorithms, hardware switching, licenses)
  • Protection against misuse of your devices, e.g. in the cloud
  • Secure networking of your devices
  • Secure data acquisition and transmission
  • Legal compliance
  • Penetration testing, red teaming and application security (code audit, secure coding, secure design) with ext. partner

 

 

Our offers _ for the safety of your products

Our software offers are freely accessible and use open-source solutions. For the signing of boot loaders, specific solutions from the controller manufacturer sometimes have to be used.

  • Security training and individual project advice
     
  • Security features in our standard BSPs and individually adapted solutions
     
  • Safe initialization (Provisioning) at our production site in Mainz (Germany)
     
  • Software lifecycle management

We prefer a holistic approach and work according to best practice recommendations as well as the international series of standards established in the industry for "Industrial communication networks - IT security for networks and systems" (IEC 62443). 

In order to make this process as cost-effective as possible for you, we work with a selection of basic methods with which the most varied of security requirements can be implemented. In practice, just reaching the first security level is a significant improvement in the protection of your product.

Security level
(SL)
Technical means
of the attacker
Resources (time / money)
of the attacker
Skills
of the attacker
Motivation
of the attacker
Confidentiality Damage
(according to IoTSF)
Integrity damage
(according to IoTSF)
Availability damage
(according to IoTSF)
Significance
1 none low none User error publication
sensitive data
limited minimal • Prevention of
accidental user errors
• Has data loss
minimal consequences
2 general IT knowledge low general low,
deliberately targeted
Loss
sensitive data
limited limited • Scriptkiddy
• Data loss has limited
Influence on person / organization
3 highly developed moderate system-specific moderate,
deliberately targeted
Loss very much
sensitive data
limited high, catastrophic • Prevention of
medium attacks (hackers)
• Has data loss
significant impact
4 highly developed extended system-specific high,
deliberately targeted
Loss very much
sensitive data
high, catastrophic high, catastrophic • Prevention of
major attacks (hackers)
(States / organizations)

Cybercrime is real and the requirements of the legislature are varied and depend on the use of your end product.

Together with you, we determine the legal requirements relevant to your project and decide on the solution.

The following laws must be observed when launching IT products:

  • Cybersecurity Act - All products are classified in classes according to the security level
  • Product liability laws and the state of the art
  • Federal Data Protection Act (BDSG)
  • IT security law for critical infrastructures (CRITIS)

For a better introduction to the subject, we regularly offer training courses on security. This gives you a comprehensive overview. Subject areas of our training courses include:

  • Legal Aspects - Standards and guidelines
    - What does the legislator prescribe?
     
  • Basics (Security Pyramid) - from the module to the runtime
    - What protective measures are there?
     
  • Security by Design - Developing safe products
    - How is security taken into account in the development process?
     
  • Safe initialization - Safety features in production
    - How do you get your key on the module?
     
  • Software Lifycycle Management - Sustainable software maintenance
    - How do you provide your product with updates?

Briefly tell us your project requirements and the risks you want to protect yourself against and we will offer you a corresponding in-house workshop or project consultation.

Price from 1800 € / day plus expenses
 

Security features already included in our phyBSP:

  • Secure-Boot for Barebox (NXP-i.MX 6)
  • Secure-Boot for u-boot (NXP-i.MX 7, NXP-i.MX 8)
  • Signed Linux kernel as a FIT image
  • CAAM module for encrypting the file system

The following additional features that are not part of the standard BSP can be created in the form of an individual BSP for your product:

  • Kernel hardening
  • Integration of additional security modules
  • Trusted Execution Environment (optee)
  • Authentication and secure connection (TLS)

Our service offers:

  • Activation of Secure Boot
  • Device-specific X509 certificates for authentication for all cloud providers (e.g. Microsoft Azure, AWS, Google IOT), update servers (e.g. MenderIO, FoundriesIO, etc.) or your own server
  • Installation of a Linux minimal system for a simplified final configuration and software installation in your products
  • Device registration in the cloud (Microsoft Azure, AWS, Google IOT)
  • Activation / deactivation of controller features eg: JTAG
  • Encryption of directories or partitions on your device

We are your reliable partner for these tasks, as we can take over the security of your private keys and other secrets during production and software import with our provisioning service in Mainz (Germany).

We ensure maximum security:

  • Own production at the Mainz location
    Inspection and auditing are possible and desirable
  • Defined process and roles
  • Protected area with restricted access
  • Direct contact with the relevant responsible employees (building trust)
  • Key sovereignty remains with you
    Use of hardware secure modules
  • No initialization of products for military or secret service use
    Risk minimization for you and PHYTEC

Let us make you a non-binding offer.

Use our software lifecycle management for the sustainable and binding maintenance of the board support packages for your customer-specific hardware. We test your hardware with the latest patches and updates throughout the product life cycle.

You have questions about embedded security
or do you need support for your project? 

 

Our security team will be happy to help you.

The right controller _ We support you in making the right choice

Security pyramid _ All possible measures to defend against attacks can be roughly divided into three areas.

The following Basic security requirements are the cornerstone of a secure embedded Linux system:

Secure Boot

The use of Secure Boot ensures that only trustworthy, signed software can be executed on the hardware module. Secure Boot is the core of the chain of trust. With the help of this chain of trust, it can be guaranteed that only verified software is used right through to the end application.

Trusted Execution Environment (op-tee)

ARM TrustZone is a feature for SoCs and processors in the ARM processor families Cortex-A and Cortex-M. There are two separate domains in the TrustZone (normal world and secure world). In the secure world, the keys are stored and can be accessed via an API from the normal Linux world. The TrustZone is the basis for the Trusted Execution Environment, of which op-tee is an OpenSource implementation.

eMMC with Replay Protected Memory Block

Secret data can be stored in the RPMB partition, which is protected from unauthorized access.

Device identification

Secure device identification is a fundamental requirement for communication with your devices in networks. To this end, we are working on a process for secure crypto-chip initialization, among other things.

TPM and Secure Elements

Crypto chips and secure elements such as the TPM chip make it possible to store and manage cryptographic keys. The private keys are stored in a tamper-proof manner regardless of the software used.

NXP CAAM

When Secure Boot is activated, the CAAM module from NXP offers functionality similar to a TPM chip, but without the certified physical protection.

Characteristics of the chain of trust

  • Trusted ROM Bootloader checks the software image before it is executed
  • Use of RSA-4096 key pairs and SHA-256 signatures
  • These algorithms meet the requirements of the BSI (Federal Office for Information Security) and the NIST (National Institute of Standards and Technology) until 2030 and beyond
  • Basis for the establishment of a Trusted Execution Environment (TEE) and the ARM TrustZone®

Network Security

When devices communicate with a server or with each other, the connection must be secure. TLS is the most common protocol and application-independent method for implementing an encrypted connection.

  • Establish a secure connection regardless of the application or protocol used
  • TLS (SSL) is recognized as the best practice and industry standard for encrypted communication

General recommendations
to increase the
Application security

  • Only run services that you really need on your device
  • Close all ports and only open required ports very selectively
  • Always use password-protected logins (including COM and Telnet interfaces)
  • Use standard protocols for data transfer
  • Use common implementations for encryption (no in-house development)

Mainline Linux

Linux is our first choice as an operating system for industrial series use. One of our clear goals is to make the advantages of a mainline BSP available to our customers as early as possible:

  • Stable code, fast bug / security fixes as well as the maintenance and further development of mainline drivers by the community
  • Mainline is a guarantee for the maintenance of current operating system versions, even after many years
  • We often offer both a vendor and a mainline BSP at the same time. That way, you can decide when to get started with Mainline.
  • For phyBOARD-BSPs: The latest kernel version with the latest security patches is included
  • For phyBOARD-BSPs: The latest Yocto-Minor releases are included
  • For phyBOARD BSPs: Annual BSP updates with all security patches of the mainline
  • LTS kernel in the BSPs for the PHYTEC products
  • Custom tests with continuous integration

interface

All interfaces accessible in the end product are a potential security risk for embedded systems.

  • Only use interfaces that are required
  • User-dependent access to interfaces
  • Use of encrypted connection

In addition to attacks via interfaces or the network connections, direct manipulation of the hardware also represents a security risk. The following methods are available to protect your electronics from physical attacks:

Tamper Protection

  • Protects sensitive data such as encryption or private keys
  • Permanently deletes data if the device is tampered with
  • A wide variety of realizations are possible

Encapsulation (resin casting)

  • Physical access to individual components is prevented
  • Detection of the components and parts used is prevented
  • Reverse engineering using electrical measurements is not possible

Education + Training _ Use our know-how for your product development

With the know-how transfer from our experts to your developers, you will reach your goal faster!

 

Participants in our training courses receive a solid knowledge of professional hardware and software development.