Questions tagged [embedded-system]
The embedded-system tag has no summary.
91 questions
0
votes
1
answer
209
views
How does flash encryption actually work
I have been reading about NVS flash partitions for use in embedded systems and that the NVS key-value data can be encrypted by using a symmetric key. This symmetric key is then stored in a separate ...
- 309
0
votes
1
answer
155
views
Microcontroller integrity check using salted secure hash: Will this work?
We have a device that contains multiple CPUs with low power.
The main CPU ...
... needs to check if the second CPU(s) contain(s) valid (authorized) software.
... has access to a copy of the correct (...
- 339
1
vote
0
answers
188
views
U-Boot hardening - how manage U-Boot Environment Variables
I'm running on a Linux Embedded product and U-Boot Bootloader.
I enabled the Secure Boot Chain of Trust, from ROM to Kernel + DM-verity and DM-Crypt partition protection.
Now I'm worried about the U-...
- 11
1
vote
0
answers
132
views
Is Tricore architecture of Infineon vulnerable to stack overflow attack?
In this topic, 'be vulnerable to stack overflow attack' actually refer to an attacker manipulating the return address of a function to perform a control flow hijacking. Smashing the stack by ...
- 11
1
vote
1
answer
238
views
Do microcontroller processors like Arm Cortex-M support the TPM's Dynamic root of trust (similar to e.g. Intel TXT)?
The TPM (Trusted Platform Module) has a feature called dynamic root-of-trust. If i understand correctly a measurement of the current system is taken (to enable attestation) by the CPU and transmitted ...
- 21
0
votes
0
answers
90
views
what are the locations to store symmetric keys on the embedded controller without HSM or certs involvement?
I am trying to find the locations on the embedded devices with micros that don't support HSM/SHE. What are the ideas/suggestions for storing the symmetric keys? I found solutions that suggest using ...
1
vote
0
answers
103
views
MbedTls - keeping context private?
Let's assume we're running on mbed system with internal and external RAM. Dumping external RAM is much more easier for attacker on such systems when debug ports are locked.
I'm wondering if the ...
- 11
0
votes
1
answer
2k
views
How can one use HTTPS without a domain name, or on a local network?
I was looking at the LXI Device Specification 2022 Version 1.6. For those not familiar with LXI, it is a standard for lab instruments like oscilloscopes, function generators, LCR meters and many more ...
- 103
4
votes
3
answers
27k
views
Is there a way to scan a pdf to ensure it doesn't contain anything that could be a virus?
The answers to Can a PDF file contain a virus? show that clearly it can!
Sometimes we can be quite sure a certain pdf should not need to do anything sophisticated - for example a book in pdf form - so ...
- 1,340
22
votes
6
answers
6k
views
When connecting an Arduino Uno to the internet (ethernet) what are some attacks it's susceptible to and how can I secure against them?
I am connecting an Arduino Uno to the internet via ethernet (using the ethernet shield v2) and querying NTP time. Making requests to a NTP server is the only internet related thing it does. You can ...
- 331
0
votes
1
answer
245
views
After EOL, can safety-critical systems be secured when connected to internet-connected components? [Automotive]
NOTE: This was originally asked on the main StackOverflow site, but now moved here because of the security nature of the question.
Since internet-connected Infotainment Systems are now connected with ...
- 113
2
votes
0
answers
186
views
IoT Device Authentication
I am working on an IoT device and companion app to control features on the device. I'm using an ESP32 MCU - http://esp32.net/
I've implemented a JSON REST API on HTTPS over TLS 1.2 with a self signed ...
- 21
0
votes
0
answers
238
views
What is a good common approach for encrypted backup/restore on an embedded device?
An embedded device with Linux supports backup/restore of files encrypted with openssl. The idea of backup is: tar -c .... | openssl smime -encrypt -binary -aes-256-cbc -out backupfile.encrypted -...
- 101
1
vote
1
answer
292
views
Securing IoT application
I'm designing an IoT product, I'm searching solutions to secure the system.
The system's protocol is MQTT, while it's very helpful, it contains vulnerabilities.
I've read enough to come with this ...
- 123
0
votes
2
answers
211
views
How to Prevent Copying of Device Source Code in Manufacturing
Suppose you are going to mass manufacture custom circuit boards and would like the manufacturer to upload the device firmware onto these boards before shipping them out. What are some security systems/...
- 1