2.6 - Embedded and Specialized Systems Flashcards
Security Implications of Embedded and Specialized Systems
1
Q
Embedded Systems
A
- Hardware and software designed for a SPECIFI function
- Or to operate as part of a larger system
- Created with single goal in mind, often with specific hardware to fit a specific size or cost
- Ex: traffic light controllers, digital watch, medical imaging system
2
Q
SoC
A
- System on a Chip
- Often Embedded Systems are running on an SoC
- multiple components running on a single chip
- Very flexible, can buy off the shelf, customizable, usually memory built and low power, don’t require a lot of power
- Security considerations: hardware might not be able to upgraded (if components are soldered to motherboard). Although might be easy to change software, can’t add hardware (like security components)
- Difficult to find firewall you could integrate with a Raspberry Pi for example
- Ex: Raspberry Pi
3
Q
FPGA
A
- Field Programmable Gate Array
- An integrated circuit that you can program after device is shipped
- Array of logic blocks, programmed in the field
- A problem doesn’t require a hardware replacement (can be reprogrammed)
Can have new software pushed to device, provides a lot of flexibility for developer (can modify functionality) - Common in infrastructure (firewalls, routers, switches all use FPGAs commonly)
4
Q
SCADA / ICS
A
- Supervisory Control and Data Acquisition System
- Large-scale, multi-site Industrial Control System (ICS)
- Commonly found where there is a lot of industrial facility (ex: manufacturing facilities, industrial, energy, logistics)
- Not the kind of systems you would connect to the internet (not practical or secure), it would be segmented off internet
- Good for distributed control systems, provides real-time information and system control
5
Q
IoT
A
- Internet of Things
- Connected to the internet
- Ex: Sensors (Heading / cooling / lighting)
- “smart devices” can be connected to many different type of systems in homes / businesses (home automation, video door bells)
- Ex: smart watch
- Ex: Facility automation (temperature, air quality, lighting etc)
- However, these aren’t necessarily things that been created by security pros
- Weak defaults
- You could create a segmented network in your home just for IoT, so if there was a breach, they wouldn’t have access to your home computing network
6
Q
Specialized devices
A
- Ex: Medical Devices, are very specialized, but often run older versions of OS
- Vehicles, internal network often accessible from mobile networks
- Aircraft DoS could damage the aircraft
- Smart meters - measure power / water usage
7
Q
VoIP
A
- Voice over Internet Protocol
- Instead of analog phone line or POTS (Plain Old Telephone Service)
- Relatively complexed embedded systems
- Each VoIP phone is a stand alone computer, separate boot processes, individual configurations, different capabilities/ functionalities
8
Q
HVAC
A
- Heating, Venting, and Air Conditioning systems
- Usually very complex, integrated with fire system
- Common in large HVAC to have a computer monitor the HVAC, computer can monitor and make changes
- Traditionally not built with security in mind (difficult to recover from an infrastructure DoS)
9
Q
Drones
A
- Flying vehicle, no pilot
- may be manually controlled from the ground, or can be semi-autonomous
- Extensive commercial / non commercial use
- May require federal license
- Security and fail safes are required
10
Q
MFD
A
- Multifunction Devices (Printers, scanners and fax machines in one)
- Very sophisticated firmware
- Some images are stored locally, can be retrieved externally (security risk)
- Logs on device can give attackers info on who has communicated with device
11
Q
RTOS
A
- Real-Time Operating System
- An OS with a deterministic processing schedule
- no time to wait for other processes, no other processes can override it
- Often used in automobiles, military environments, industrial equipment
- Ex: anti-lock break technology
- Extremely sensitive to security issues, non-trivial systems, need to always be available, difficult to know what security is in place (Don’t want security to get in the way, but need to know that it’s secure)
12
Q
Surveillance Systems
A
- Cameras / audio surveillance
- Embedded systems in the cameras
- Might be monitoring sensitive areas, so they might need to be authorized
- Might be physically difficult to reach (top of buildings) to change hardware, but many support update firmware so can update security
13
Q
Embedded Systems Communication
A
- Look at how embedded systems communicate with one another
- Ex: 5G
14
Q
5G
A
- Fifth Generation cellular networking
- Launched in 2020
- Provides high speed communication over wireless networks
- Can reach up to 10gigabits per second (more common range 100 -900 megabits / s)
- significant throughput
- Have a lot of impact on IoT (bandwidth less of a constraint, larger data transfers, faster monitoring and notification, additional cloud processing)
15
Q
SIM
A
- Subscriber Identity Module
- Universal integrated circuit card
- IoT will need a SIM in addition to mobile phones
- SIM provides critical information to a cellular network (phones, tablets, embedded systems)
- Contains mobile details (IMSI International Mobile Subscriber Identity)
- Important to manage SIM cards that are connected to IoT devices (Many embedded systems = Many SIM cards)