Security-by-design is widely recognized as a necessary and mandatory first step towards security. But it is not enough.
Security needs to be addressed throughout the lifecycle of the product or service. This may cover the processes and security measures that need to be put in place during the product’s design phase and the manufacturing stage of a product, as well as security measures ensuring that no security gaps emerge during the product’s commercial life: security should be maintained from initial deployment through maintenance to decommissioning. With our security consulting services, we can help you designing the security measures that needs to put in place for ensuring an appropriate security Life Cycle coverage.
Key elements to maintain security
Two key elements are critically required in order to maintain security over the product’s commercial life:
Ensuring that the software running on the platform has not been tampered with in the first place. This is addressed by low level security checks at product’s boot time and implemented through so-called secure boot implementations.
The ability to deploy security updates, in a secure and scalable manner. This may involve the ability to correct security measures that have proved to be vulnerable, or add new security functions to address an evolution of the threat and/or the regulatory environment, and generally speaking the ability to update the product’s Trusted Computing Base (TCB) itself.
Firmware update is a must, but needs also to be secured
In the context of Internet of Things (IoT) and Cyber Physical Systems (CPS), Firmware Over-The-Air (FOTA) management system are widely used to update products firmware in the field in order to :
- Improve the value of existing devices by enhancing their functionality and performance
- Eliminate costly recalls/local maintenance or physical replacements because of functional or security bugs.
- Reduce testing and support costs by keeping all devices at the same version, so there is no need to support older versions of the software.
Firmware updates are indeed an essential security mechanism, with both a curative use to update the firmware when vulnerabilities have been identified, and a preventive use to block unauthorized firmware updates by attackers.
A firmware update is however a highly sensitive operation, carrying a massive security risk, as an attacker can misuse it to break or disable the device, unlock restricted features, or load a modified version of the firmware with disabled security and/or safety features. It is therefore essential to provide maximum care that the FOTA system be sufficiently hardened in order to be resilient against hackers.
How we can help
At ProvenRun, with our security engineering services, we can help you developing state-of-art secure boot implementations, integrate/hardening any given FOTA system (for example a third-party one) in your design or design a new one corresponding to your requirements