Giles Peckham, Regional Marketing Director at Xilinx,
and Adam Taylor CEng FIET, Embedded Systems Consultant
In this increasingly interconnected world, there are several malicious attackers who wish to exploit vulnerabilities in embedded vision systems for nefarious purposes. Should the attackers be successful, depending upon the application, this could have serious results such as loss of life or the release of sensitive information. Therefore, should a developer’s embedded vision system be compromised, this security breach could have a significant impact, ranging from reputational damage to legal and regulatory repercussions.
To protect against malicious attackers, an embedded vision system should be subjected to a threat analysis during its design phase. This threat analysis performed early in the design cycle, prior to starting the detailed design, ensures the system and its information remain secure in operation.
This threat analysis will consider different elements of the design, its data sensitivity and the different methods in which the system can be attacked. Of course the sensitivity of the embedded vision system and its data will vary depending upon its application. For example, a military system may contain more sensitive aspects than a commercial surveillance system. However, in the commercial space, more complex applications such as ADAS or autonomous robotic vision systems will contain several sensitive elements.
As such, the threat analysis will consider elements including:
• Application – Is the application mission or life critical? What is the end effect if the device security is compromised?
• Data – The criticality of the information stored within the system.
• Deployment – Is the system remotely deployed or used within a controlled environment?
• Access – Both physical and remote, does the system allow access remotely for control, maintenance or updates? If so, how does the application verify the access is authorised?
• Communication Interfaces – Is information transmitted to or from the system critical? Should the application be concerned about eavesdroppers snooping? Does the equipment need to be able to protect against advanced attacks for example reply attacks?
• Reverse Engineering – Does the embedded system contain Intellectual Property or other sensitive design techniques which must be protected?
The results of this threat analysis are used by the engineering design team to implement strategies within the design which address these identified threats. At a high level, addressing the identified threats can be categorised into one of the following approaches:
• Information Assurance – Ensuring information stored within the system and its communications are secure. This also needs to address identity assurance which ensures access to the unit is from a trusted source. For example, when communicating and controlling its operation or updating application software in the field.
• Anti-Tamper – Ensures the system can protect itself from external attacks to access the system and its contents.