Conf42 Python 2025 - Online

- premiere 5PM GMT

Enhancing Embedded Device Security: Mitigating Attack Risks Cost-Effectively

Video size:

Abstract

Protect your embedded devices from sophisticated cyberattacks! Learn cost-effective strategies like secure coding, secure boot, CFI, encryption, ASLR, and more to reduce vulnerabilities by up to 85%. Balance performance and security to safeguard IoT, vehicles, and medical devices

Summary

Transcript

This transcript was autogenerated. To make changes, submit a PR.
Hello, everyone. I'm Monika. Thank you for joining me. Today's talk is about enhancing embedded device security, a cost effective approach. Embedded devices are essential in our day to day life. We are very much dependent on them in every aspect. they are in home automation. Transportation and medical devices, education there everywhere. However, these devices often like the, the robo security measures, which puts them, at risk, due to the cost power and performance trade offs. So in this talk, we are going to discuss about some of the applications. we can use to improve the security of these devices. Cyber criminals often target the embedded devices which are in critical infrastructures, or industrial systems or AOT systems. for example, you can think of flight controls or it can be, A healthcare system, or it can be a gas pipeline, or it can be any other which are very critical. So often they try to exploit the weaknesses through a for example, they may try like this default password, the password. Passwords, or they may exploit the outdated firmware where they know that this buffer overflows or stack overflows or any other kind of issues are already exist and they try to exploit those first. a study shows that, 83 percent of the embedded systems actually, lack the security features. so the breaches, which incur due to this, lack of security features is very costly. Often organizations pay millions of dollars because of the damages and as well as to recover, these systems. So to improve the security of the embedded devices, it is crucial to, consider addressing the known vulnerabilities as well. so secure core practicing, eliminates the potential, vulnerabilities like a buffer overflows and memory corruptions. secure boot mechanisms, helps to enhance the security by blocking the unauthorized access to the software. and also, they, they validate the authenticity of the firmware that is being executed, and this is very important because otherwise, otherwise anyone can inject the malicious code, during the boot up, and then they corrupt the boot software or they can take control of the device after the OS comes up. secure boot mechanisms can also helps to mitigate, some of the, some of the attacks, along with this intrusion detection also helps to improve the network security where it can detect the any suspicious activities or possible attacks. It can alert the administrator or even we can take automated actions to prevent any attacks. obfuscation also helps. to enhance the security of the devices by, randomizing the symbol names and the function calls in the code. this, this, makes, harder for the attacker to reverse engineer the code to create, targeted attacks. To improve the robustness of the embedded devices, it is important to consider other advanced security measures as well. for example, control flow integrity, encryption of the code or, address space randomization, or we can, insert the stack and erase or authenticate any dynamic, modules that are, dynamically loaded. Control flow integrity, helps with, helps with, security because, It doesn't let the attacker to execute any part of the code. control flow integrity makes sure that only the validated execution paths are actually executed. other than that, like any other paths won't be executed. attacker won't be jumped from one part of the code to any part of the code, because it's prohibited to do address space randomization. Helps, also helps because every time the device is, boot up, every time the device boot up, the image kind of loads it a different place in the ram. So it, it, it helps with the mitigating certain kinds of attacks as well as it also makes the, it also makes it harder for the, attacker to. To create any targeted, attacks. Authenticating any, dynamically loaded models is also very important, because otherwise, attacker might include a malicious code as part of the dynamic models. also strictly controlling the access to the parts of the memory by different models. When, there are like a multiple system on trips is very. Important as well, because there are sometimes if one of the component is actually a compromise, it is highly possible that through that attacker might compromise the other component, other devices on that chip as well. So instead of that, if we can strictly access the control, we can mitigate some of the security attacks as well. The other proactive measure to improve the security, includes, regularly updating the software. for example, patching the software regularly is, crucial, either to fix the bugs or to fix any known security issues. most of the time, cybercriminals tries to exploit these unknown issues. So it's very important to, close, those, known issues. other techniques are like, address sanitization and undefined behaviors, like sanitization at runtime, or also, helps to mitigate some of the attacks. For example, sometimes attackers, can craft, can craft The system to run into undefined behavior and then corrupt the memory so that they can take control over it by enabling these in the devices, we can make sure that we are these any attacks which are related to this are mitigated. as discussed in the beginning, the security of the embedded devices is often trade off with the performance and the cost. however, we can still prioritize the security on these devices by conducting the threat models to identify the critical vulnerabilities and by, only considering the restricted risk profiles, which are actually, suitable for the, for these, embedded for the given embedded device and as well as for a given, constraint, we can also consider like improving the performance of these, secure algorithms or introducing the, hardware, dedicated, hardware accelerators, for the cryptography related things, or we can, Use the lightweight algorithms to reduce the load on the embedded core and, uh, and also we can, utilize like existing environments if there are any security issues. we can, use them or if there are any trusted, trusted, trusted execution environments, we can use them to maximize the protection, but without affecting the performance. Here are the list of different, techniques that we have discussed, and these, techniques can be, rolled out to the existing, embedded devices to reduce the attacking surfaces. so with all these, different kinds of method, it makes it, harder for the attacker to craft the cases, specific to a, given device and then, exploit those vulnerabilities. So these methods, these methods helps to reduce the number of attacks. By collaboratively considering to, considering the security by design, by using the industry standard frameworks and then using the scanning tools to detect the vulnerabilities and also threat modeling to detect any known, known threats ahead of the time and then, improve the code accordingly. And also by designing the layered architecture to integrate the defense in, principles. And then by implementing the secure protocols, we can reduce the, we can reduce the attacks on this embedded systems. study shows that 80 percent of the critical vulnerabilities are reduced by regular updates and, scanning. 90 percent of the, attempted breaches were blocked because of the enhanced protocols. now we can see that, these security measures are, really important by incorporating at least, some of these measures will really ensure that, embedded devices are protected at least to some extent. we can provide the confidence to the users, by following this core principle where we can provide the, robo security frameworks. to protect the critical operations, we can monitor the, systems in real time to, for the, and provide the security status and also provide the visibility into the systems. we can also make sure that the mission critical, environments are always, performed, have a consistent performance. this way we can, we can, Not only just show that, security is going to be, add on future, but it's a foundation of everything that we do with the embedded systems. In conclusion, with the adoption of security measures which are discussed in this talk, we can transform the embedded systems from the vulnerabilities into resilient technologies. We can enable a secure, intelligent, and interconnected digital systems which are ready for the future challenges. The key takeaways from this talk are, we can implement the robo security measures from the beginning of the project itself, and, we can continuously monitor for regular, updates, for the, security patches or implementing the security protocols or, updating, any known, issues or, And also optimizing the security, without compromising the functionality, all, functionality. we can also build a trust, with the user by fostering the conference, through the transparency and the reliability. So the next actions that we would need to take is assess our systems and then implement the best practices. Practices that suits the needs and without impacting the performance of the systems. And also it is very important to stay up to date on the current security trends and as well as the emerging threats. I hope you like my talk. Thank you for giving me this opportunity and have a very good day.
...

Mounika Ponugoti

Staff Engineer @ Qualcomm

Mounika Ponugoti's LinkedIn account



Join the community!

Learn for free, join the best tech learning community for a price of a pumpkin latte.

Annual
Monthly
Newsletter
$ 0 /mo

Event notifications, weekly newsletter

Delayed access to all content

Immediate access to Keynotes & Panels

Community
$ 8.34 /mo

Immediate access to all content

Courses, quizes & certificates

Community chats

Join the community (7 day free trial)