Costs challenge info-appliance security

As ever-increasing numbers of intelligent, networked devices connect to corporate local-area networks and the Internet, concerns are emerging for dealing with security in embedded systems and information appliances. Devices used in distributed environments, for example, such as industrial applications or retail systems, are becoming critical to the day-to-day operation of some enterprises. Leaving them exposed to potential accidental changes, to sabotage or to eavesdropping will become too great a risk for most businesses.

But as device designers examine such risk, they will have to make some determinations: What price do they want to pay for security? What are the greatest security concerns for device connectivity? What are the performance issues associated with adding security to a networked device? What are the security risks vs. an application's bill of materials? For devices, "just enough" security means implementing limited, but effective security elements, like secret-key cryptography, and using them sparingly.

Securing an embedded or small-footprint info appliance presents an unusual challenge. Whereas a PC is loaded with resources like memory and computational power, a device that has been retrofitted for network access-such as medical-monitoring equipment or a point-of-sales system-has few spare resources. So, how should design engineers secure a resource-limited device without increasing its resources and cost? The first step is to understand what designers are protecting and from whom.

Designing the best security solution requires careful consideration of the alternative approaches to security in the context of the particular design, with three goals in mind: authentication, privacy and integrity.

Authentication is proving a person is who he says he is, so when a channel is authentic, the receiver is guaranteed that the sender is the authorized party. Privacy involves keeping secret all aspects of a data transfer, so a private channel encrypts all the data transferred.

At present, these security categories are implemented using a variety of cryptographic techniques: public- and secret-key cryptography; hash-function-based methods; and the most appropriate key-distribution mechanism.

Key distribution
Modern cryptography assumes the key-and only the key-is the difference between properly interpreting a communique or not. It assumes the adversary knows all details about communications (ciphers and protocol) except the key. This assumption strongly emphasizes the key and the maintenance of its secrecy. As a result, key distribution is vital to any network security policy.

There are at least three channels any connected system must protect: configuration management, the data stream and a firmware update mechanism. In the design of an information appliance, design engineers must keep those alternatives in mind as they make their choice.

The device's configuration-management channel is the most sensitive and vulnerable to attack. Typical management applications like Telnet, HTTP and Simple Network Management Protocol expose passwords and can be used to create new accounts or change privileges. Therefore, the configuration-management channel must be private, and access to it must be authenticated.

Channel checks
Real-time data in the data stream is usually not worth protecting, and sometimes it cannot afford the latency. However, to prevent an adversary from attacking a data stream, the channel can use authentication and integrity checks, which are much less costly than privacy protection.

The firmware update channel needs multiple protection schemes if designers are using FTP. The FTP control channel requires privacy because passwords are exposed. The FTP data channel may require less protection if the firmware contains no sensitive information (such as passwords). Secure Sockets Layer and Internet Protocol Secure are more than sufficient to protect a networked device, even from technically sophisticated cryptographers. However, their disadvantages are large footprints and associated royalties-either of which could price a device out of the market. Computationally intensive public-key cryptography may require a more advanced processor.

Because the intelligent device requires a private channel, secret-key cryptography must be a part of the solution. Secret-key cryptography can be used to protect hash values used for authentication. If key distribution can be handled manually there is no need for public-key cryptography.

Additional coverage of info-appliance security can be found online at www.eet.com/in_focus.