share article

Share on facebook
Share on twitter
Share on linkedin

Vision-Based System Design Part 11 – Securing Embedded Vision Systems against Malicious Attackers


• Run Time – Ensures the system is protected during run time as it implements its application.
Typically, information assurance requires the use of encryption to protect both its stored data and communications. Commonly used encryption algorithms include the Advanced Encryption Standard (AES). AES is a block cypher which encrypts blocks of 128 bytes, with key sizes of 128, 192 or 256-bits. There are alternatives to AES for different applications, for example Simon and Speck developed by the National Security Agency for low power, computationally limited Internet of Things (IoT) applications.
Cryptography can also be used to digitally sign information. This enables the receiving system to verify the identity of the sender or ensure encrypted messages have not been changed. Digital signatures are achieved using public key encryption like RSA, and hashing algorithms like SHA3. The first stage in creating a signature is to use the hashing algorithms to create a fixed length hash value for an input of arbitrary length.
The resultant hash is encrypted using the private key of the sender and communicated or appended as the signature. The receiving entity, generates a hash of the information received using the same algorithm and encrypts with the senders’ public key. If both the calculated and received signatures agree, then it is known who sent or created the information and that it was not modified. As such, a digital signature is very important to verify the integrity of software during both configuration operation and field update for embedded systems.
Along with encryption to create a more secure IA solution, test access ports such as the JTAG port must also be protected once the system is deployed. This limits the ability of attackers to read back or modify data and programs if they gain physical access to the unit.
Preventing physical access and therefore modification of the system is where the anti-tamper solution is deployed. Anti-tamper techniques are used to protect a wide area of the embedded vision system. While each system and its threats are different, a common anti-tamper approach will monitor system voltage rails and temperatures to ensure an attacker can’t manipulate the temperature or apply out-of-specification voltages. Such approaches have been used by third parties to obtain unexpected behaviour in embedded systems which presented security vulnerabilities.

Implementing a security solution
When it comes to creating the secure electronic architecture for an embedded vision system, both the Zynq®-7000 SoC and Zynq® UltraScale+™ MPSoC provide the necessary building blocks for a secure system. Often these devices are used in conjunction with the reVISION™ acceleration stack which enables the use of high level development frameworks such as OpenCV and Caffe.These inbuilt facilities provided by the silicon and configuration stage enable the implementation of anti-tamper functions and secure configuration, which helps address the information assurance and anti-tamper requirements.
The remaining security solution is implemented at run-time and is used to protect data in memories, peripherals and system level control registers. Protecting these can prevent illegal memory accesses, configuration changes and malware injection. Protection mechanisms include encryption, functional isolation, Trustzone and hypervisors, while the application can implement permissions-based user accounts and secure tokens.
To secure memories and communication, encryption is used. Many encryption algorithms can be accelerated within the programmable logic of the Zynq-7000 or Zynq UltraScale+ MPSoC. However, implementing these algorithms using a hardware description language increases the development time.

Share this article

Share on facebook
Share on twitter
Share on linkedin

Related Posts

View Latest Magazine

Subscribe today

Member Login