2.6 Explain the security implications of embedded and specialized systems. Flashcards
Embedded System
Hardware or Software designed for a specific function
Or to operate as a part of a larger system
- Built with only a task in mind\
- Can be optimized for size/cost
- low-cost and purpose-built
Examples: Traffic controllers
digital watches
medical imaging system
Pros:
low cost
Cons:
Limits in communication options
upgradability limits
limited or missing features
Ther may not be a direct power source ( batteries)
Low power CPUs (cost and heat considerations)
Wireless is a limiting factor.
Cryptography options are limited.
Upgrade options are limited.
Security is an after thought
Range- usually does just one thing well
SoC
System on a Chip - Multiple components running on a single chip
Common with embedded systems
example - raspberry pi
It is very flexible, and you can customize the software
Small form factor
Cache memory, flash memory
usually lower power consumption
Difficult to upgrade hardware
limited off-shelf security options
FPGA
Field programmable gate array
common type of hardware you will find on embedded systems
An integrated circuit that can be configured after manufacturing
- Array of logic blocks
- Programmed in the field
A problem does not require a hardware replacement
a software update can reprogram the FPGA
Can add new capabilities via software
Common in infrastructure:
firewall logic
routers
SCADA
Supervisory control and Data Acquisition System
- Large Scale, Multi-site industrial control system (ICS)
- Commonly found in places where there are a large amount of industrial equipment.
- PC manages equipment
- Distributed Control systems
- requires extensive segmentation, no access from outside
IoT
Internet of things
Smart devices
- Sensors like heating and cooling
- Smart devices like home automation and doorbells.
- Wearable technology
- Facility automation
- Weak default security settings.
Describe some Specialized embedded systems
Medical devices - heart monitors , insulin pumps, often using older OS
Vehicles - internal networks often accessible from mobile networks.
Control internal electronics
Aircraft - Dos could damage the aircraft, an outage would be problematic
Smart meters - Measure power and water usage
VoIP
Voice over IP
instead of the analog phone line to the POTS(Plain old telephone service)
It is a relatively complex embedded system but really important
Each device is a computer
- separate boot process
- individual configurations
- different capabilities and functionalities
HVAC
Heating, ventilation, and Air conditioning system
- Thermodynamics, fluid mechanics and heat transfer
Complex science
- must be integrated into the fire system
PC manages equipment
- makes cooling and heating decisions for workspaces and data centers
Traditional not built with security in mind.
- difficult to recover from and infrastructure Dos.
Drones
Flying Vehicle
RTOS
Real time operating system
OS designed to work on a deterministic processing schedule
- no time to wait for other processes
- industrial equipment, automobiles, military environments
extremely sensitive to security issues
- non-trivial systems
need to always be available
difficult to know what type of security is in place
Surveillance systems
Video/Audo surveillance
- embedded systems in the cameras and monitoring stations
Secure the security systems
- restrict access from others
- Prevent a denial of service
Physically difficult to replace cameras
- Accessible independently over the network
- May allow for firmware upgrades.
5G
fifth generation cellular networking
- launched in 2020 worldwide
Significant performance improvements
- at higher frequcnies
- Eventually 10 gigabits per second
- slow speeds from 100-900 Mbit/s
Significant impact to IoT
- Bandwidth becomes less of a constraint
-larger data transfers
- faster monitoring and notification
- additional cloud processing.
SIM
subscriber identity value
A universal integrated circuit card
Used to provide information to the cellular network provider(used in IoT devices as well as phones)
- phones, tablets, embedded systems
Contains module details
- IMSI ( international module subscriber identity)
- Authentication information, contact information
Important to manage
- many embedded systems, many SIM cards
Narrowband
Narrowband-IoT (NB-IoT) is a type of baseband radio that has limited data rates between 20 to 100 Kilobits per second (Kbps). This is more suitable for inaccessible locations that require signal penetrating power.
If the embedded device is not using the cellular network to communicate, then it may be using frequencies over a narrowband connection.
Communicates over a narrow range of frequencies.
- over a longer distance
- conserve the frequency of use
Many IoT devices can communicate offer a large distance
- SCADA equipment
- Sensors in oil fields
Baseband
General a single cable with a digital signal can be fiber or copper
Utilization is either 0% or 100%
Bidirectional comm
Ethernet standard
- 100base-tx, 1000base-t, 10gbase-t
Zigbee
Internet of Things networking
- open standard -EEE 802.15.4 PAN
Alternative to WIFI and Bluetooth
- longer distances than Bluetooth
- less power consumption than wifi
Mesh network of all Zigbee devices in your home
- Light switch communicate to light bulbs
- Tell Amazon Echo to lock the door
Uses the ISM Band
- 900MHz and 2.4GHz frequencies in the USA
LTE-M
LTE Machine Type Communication (LTE-M) is a type of baseband radio that supports cellular network bandwidth of up to 1 Megabit per second (Mbps).
Logistic SCADA
Logistics SCADA systems are used to control automated transport and lift systems plus sensors for component tracking. This would be prominent in a factory or distribution warehouse.
Energy SCADA
Energy SCADA systems would control and automate power generation and distribution. General utilities would also include water/sewage and transportation networks.
Manufacturing SCADA
Manufacturing supervisory control and data acquisition (SCADA) systems would control automated production systems, such as forges, mills, and assembly lines.
Facilities SCADA
Facilities SCADA systems would control site and building management systems. These operate automated heating, ventilation, and air conditioning (HVAC), lighting, and security systems.
IaC
Infrastructure as Code (IaC) is the process of managing data centers through automated means.
SIEM
A Security Information and Event Manager (SIEM) collects, analyzes and manages information from multiple sources to provide a centralized method of security.
SRTP
Secure Real-time Transport Protocol (SRTP) is the secure version of Real-time Transport Protocol (RTP), a network protocol used for transport of voice and video data. SRTP provides confidentiality for the actual call data.
SIPS
Session Initiation Protocol Secure (SIPS) is the encrypted version of Session Initiation Protocol (SIP), a session control protocol used to establish, manage, and disestablish communications sessions. SIPS protects session data and end-user devices
PBX
PBX is a private telephone network that is used by a business or company. PBX users can communicate internally and externally through various channels of communication including Voice through IP.
QOS
Quality of Service (QOS) refers to data traffic management technology that reduces network packet loss, jitter and latency.
Arduino
Arduino is an example of a SoC board that was initially devised as an educational tool. It is now widely used for industrial application and hacking.
Raspberry Pi
Raspberry Pi is an example of a System on Chip (SoC) board that was initially devised as an educational tool. It is now widely used for industrial application and hacking.
