2.6 - Embedded and Specialized Systems

Question 1

Embedded Systems

Answer 1

• Hardware and software designed for a SPECIFI function
• Or to operate as part of a larger system
• Created with single goal in mind, often with specific hardware to fit a specific size or cost
• Ex: traffic light controllers, digital watch, medical imaging system

Question 2

SoC

Answer 2

• System on a Chip
• Often Embedded Systems are running on an SoC
• multiple components running on a single chip
• Very flexible, can buy off the shelf, customizable, usually memory built and low power, don’t require a lot of power
• Security considerations: hardware might not be able to upgraded (if components are soldered to motherboard). Although might be easy to change software, can’t add hardware (like security components)
• Difficult to find firewall you could integrate with a Raspberry Pi for example
• Ex: Raspberry Pi

Question 3

FPGA

Answer 3

• Field Programmable Gate Array
• An integrated circuit that you can program after device is shipped
• Array of logic blocks, programmed in the field
• A problem doesn’t require a hardware replacement (can be reprogrammed)
  Can have new software pushed to device, provides a lot of flexibility for developer (can modify functionality)
• Common in infrastructure (firewalls, routers, switches all use FPGAs commonly)

Question 4

SCADA / ICS

Answer 4

• Supervisory Control and Data Acquisition System
• Large-scale, multi-site Industrial Control System (ICS)
• Commonly found where there is a lot of industrial facility (ex: manufacturing facilities, industrial, energy, logistics)
• Not the kind of systems you would connect to the internet (not practical or secure), it would be segmented off internet
• Good for distributed control systems, provides real-time information and system control

Question 5

IoT

Answer 5

• Internet of Things
• Connected to the internet
• Ex: Sensors (Heading / cooling / lighting)
• “smart devices” can be connected to many different type of systems in homes / businesses (home automation, video door bells)
• Ex: smart watch
• Ex: Facility automation (temperature, air quality, lighting etc)
• However, these aren’t necessarily things that been created by security pros
• Weak defaults
• You could create a segmented network in your home just for IoT, so if there was a breach, they wouldn’t have access to your home computing network

Question 6

Specialized devices

Answer 6

• Ex: Medical Devices, are very specialized, but often run older versions of OS
• Vehicles, internal network often accessible from mobile networks
• Aircraft DoS could damage the aircraft
• Smart meters - measure power / water usage

Question 7

VoIP

Answer 7

• Voice over Internet Protocol
• Instead of analog phone line or POTS (Plain Old Telephone Service)
• Relatively complexed embedded systems
• Each VoIP phone is a stand alone computer, separate boot processes, individual configurations, different capabilities/ functionalities

Question 8

HVAC

Answer 8

• Heating, Venting, and Air Conditioning systems
• Usually very complex, integrated with fire system
• Common in large HVAC to have a computer monitor the HVAC, computer can monitor and make changes
• Traditionally not built with security in mind (difficult to recover from an infrastructure DoS)

Question 9

Drones

Answer 9

• Flying vehicle, no pilot
• may be manually controlled from the ground, or can be semi-autonomous
• Extensive commercial / non commercial use
• May require federal license
• Security and fail safes are required

Question 10

MFD

Answer 10

• Multifunction Devices (Printers, scanners and fax machines in one)
• Very sophisticated firmware
• Some images are stored locally, can be retrieved externally (security risk)
• Logs on device can give attackers info on who has communicated with device

Question 11

RTOS

Answer 11

• Real-Time Operating System
• An OS with a deterministic processing schedule
• no time to wait for other processes, no other processes can override it
• Often used in automobiles, military environments, industrial equipment
• Ex: anti-lock break technology
• Extremely sensitive to security issues, non-trivial systems, need to always be available, difficult to know what security is in place (Don’t want security to get in the way, but need to know that it’s secure)

Question 12

Surveillance Systems

Answer 12

• Cameras / audio surveillance
• Embedded systems in the cameras
• Might be monitoring sensitive areas, so they might need to be authorized
• Might be physically difficult to reach (top of buildings) to change hardware, but many support update firmware so can update security

Question 13

Embedded Systems Communication

Answer 13

• Look at how embedded systems communicate with one another

- Ex: 5G

Question 14

5G

Answer 14

• Fifth Generation cellular networking
• Launched in 2020
• Provides high speed communication over wireless networks
• Can reach up to 10gigabits per second (more common range 100 -900 megabits / s)
• significant throughput
• Have a lot of impact on IoT (bandwidth less of a constraint, larger data transfers, faster monitoring and notification, additional cloud processing)

Question 15

SIM

Answer 15

• Subscriber Identity Module
• Universal integrated circuit card
• IoT will need a SIM in addition to mobile phones
• SIM provides critical information to a cellular network (phones, tablets, embedded systems)
• Contains mobile details (IMSI International Mobile Subscriber Identity)
• Important to manage SIM cards that are connected to IoT devices (Many embedded systems = Many SIM cards)

Question 16

IMSI

Answer 16

• International Mobile Subscriber Identity
• Allows mobile network provider to recognize SIM card and add it to cellular network
• may contain authentication details, contact info about IoT device

Question 17

Narrowband

Answer 17

• Allows analog communication over a narrow range of frequency
• Signal is stronger, but in a narrow range
• vs broadband signals that are less strong over a wider range

Question 18

Broadband singal

Answer 18

• Uses a large number of frequencies to communicate
• Wider communication area, but less powerful
• Many IoT devices can communicate over long distances
• SCADA equipment
• Sensors in oil fields
• Opposite of Narrowband

Question 19

Baseband signal

Answer 19

• Using a single frequency used to communicate
• Usually a digital communication over a single fiber or copper / cable
• The communication signal uses all the bandwidth (utilization is either 0 or 100)
• Can support bidirectional communication (but not at the same time on the same fiber) however, it is usually only going one way
• Very common to see baseband on wireless ethernet connection: 100BASE-TX, 1000BASE-TX, 10GBBASE-T

Question 20

100BASE-TX, 1000BASE-TX, 10GBBASE-T

Answer 20

• Ethernet standards

- that use baseband and the “base” references the baseband communication

Question 21

Zigbee

Answer 21

• Open standard IEEE 802.15.4 PAN (personal area network)
• IoT things are not communicating over wires, they’re
  using wireless networks often using the Zigbee standard
• IoT devices create a meshed network of all Zigbee devices in your home (ex: light switch communicates with Light bulbs, amazon echo: lock the door )
• This means IoT devices can hop through the Zigbee connection of other devices throughout your home to a management station
• In US, Zigbee communicates over the ISM band (Industrial, Scientific, and Medical)

Question 22

IEEE 802.15.4 PAN

Answer 22

• Open standard that Zigbee uses to communicate over wireless network (IoT’s use this)

Question 23

PAN

Answer 23

• Personal Area Network
• Alternative to WiFi and Bluetooth
• longer distances than bluetooth
• less power consumption than WiFi

Question 24

ISM Band

Answer 24

• Network in US that Zigbee communicates over

- 900MHz and 2.4GHz frequencies in the US

Question 25

Embedded System Constraints

Answer 25

• Embedded Systems are not usually running on a fully capable computer
• Low cost, purpose-built
• May be limited number of features available
• Upgradability limitations (OS, size of storage, etc)
• Limits in communication options
• Limits in hardware upgrades
• This is the on-going trade off with devices since they were built for very specific purposes
• low cost, unique management challenges

Question 26

Power constraint

Answer 26

• Often putting devices in field, often no power source (usually use battery, or solar powered)
• Batteries need to be manually replaced / maintained

Question 27

Compute constraint

Answer 27

• lower-power CPUS are limited in speed (however, this might not necessarily be bad, when you consider cost / heat)
• low cost
• often off the shelf

Question 28

Network constraint

Answer 28

• Location of devices can limit the networking options
• may not have options for a wired link
• wireless is the limiting factor
• Ex: may not have an ethernet connection in a oil field

Question 29

Crypto Constraints

Answer 29

• In embedded devices, often not a lot of crypto options
• Usually a CPU, but it’s limited and usually no cryptography options
• But prob won’t be able to change crypto upgrades, if they’re even an option

Question 30

Inability to patch

Answer 30

• Some IoT devices have no field-upgradable options
• Upgrade options may be limited or difficult to install
• might not be able to update over the network for a firmware (might need to physically plug in)

Question 31

Authentication limitations

Answer 31

• On embedded systems, this is often an after thought if it exists at all
• limited options, no multi factor
• limited integration with existing director services

Question 32

Range constraint

Answer 32

• Unusual for embedded devices to have any additional capabilities beyond their specific purpose for which it was built

Question 33

Cost Constraint

Answer 33

• Single purpose functionality comes at low cost

- low cost may affect product quality (could limit life span)

Question 34

Implied trust

Answer 34

• Limited access to hardware / software

- Difficult to verify the security posture of these embedded devices