Embedded devices have unique security needs ranging from IP protection, anti-cloning / anti-counterfeit capability, device software integrity, user data protection, securing network communication, device authentication and ability to run only trusted applications. A wide range of open source technologies are available that can help implement the aforementioned security requirements. However, it is not always apparent which mechanisms are best suited for a given use case, resulting in a steep learning curve. This blog series aims to give a high-level overview of the different methods to secure your product and help accelerate your trusted software deployment.
Implementing device security can be broadly classified as follows:
- Design phase
- Deploying authorized software
- Secure / Verified Boot
- Secure firmware update
- Data / Intellectual Property protection mechanisms
- Encrypted file and key storage
- Trusted Execution Environment (TEE)
- Trusted Platform Module (TPM)
- IoT network security
- Access control and system hardening
- SELinux, AppArmor, grsecurity
- Deploying authorized software
- Ongoing product life cycle phase
- Monitoring software vulnerabilities and patching
- Security audit and scanning
The first post in this series explores secure boot and encrypted file storage. You can read it here.