SPRADO0 November   2024 F29H850TU , F29H859TU-Q1

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. 1Introduction
  5. 2The Need for a Comprehensive Security Approach
  6. 3Cryptographic Functions
    1. 3.1 Encryption and Decryption
    2. 3.2 Hashing, Digital Signing, and Authentication
    3. 3.3 Random Number Generators (RNGs)
  7. 4Establishing a Root of Trust
    1. 4.1 Secure Storage of Secrets
    2. 4.2 Preserving Key and Code Security
    3. 4.3 Secure Boot
  8. 5Secure Execution Environment
  9. 6Security Countermeasures
  10. 7Debug Security
  11. 8Conclusion

6 Security Countermeasures

An important aspect of implementing a cybersecurity strategy for embedded systems is identifying weaknesses in the system, enumerating potential attack types and scenarios, and implementing cybersecurity controls to mitigate those attacks. Embedded control systems tend to be more accessible to attack techniques that require local or physical access to the device. These include connections to the debug port, fault injection attacks such as power or clock glitching, and other side-channel attacks. A sound embedded security implementation identifies these various attack scenarios and implements countermeasures to mitigate them.

Fault injection attacks in principle attempt to redirect CPU execution by introducing a temporary anomaly in the device’s power supply voltage or system clock signal. For example, each device data sheet includes specified operating voltage ranges for power supply rails such as core, I/O, and analog, as well as operating temperature ranges. This means that the device is designed to operate correctly and meet all timing requirements within these voltage and temperature ranges; operating the device outside the specified bounds could result in unspecified behavior. In practice, violating these specifications typically results in timing-related faults: undervoltage conditions cause setup time violations, and overvoltage conditions lead to hold time violations. Alternatively, an accessible input clock signal, such as a crystal oscillator input pin, could be used to directly inject timing faults at key points in time. A well-timed fault can result in skipped instructions or redirected execution at critical security decision points in firmware, leading to unauthorized access or exposure of embedded secrets. Tools for performing the required timing analysis to execute successful fault injection attacks are increasingly easy to obtain. Countermeasures against these types of attacks can include internal voltage and clock frequency monitoring circuits.

For protection against fault injection attacks, the ability to instantaneously detect single- or double-bit faults is a valuable tool. Error Correction Code logic (ECC) is an example of such a protection mechanism, providing the ability to automatically correct single-bit faults and detect double-bit faults in memory or on a bus. The mechanism operates using a pre-computed code that is typically written into memory alongside each data word. ECC is commonly used within functional safety contexts, but is also valuable as a security countermeasure, enabling the system to either reject injected faults, or respond by halting execution and sending out an error signal. In TI’s AM26x microcontrollers, all ECC protection is available for all on-chip memories and caches, and also for various peripheral subsystems and interconnects. F29x microcontrollers feature ECC protection built directly into the C29 CPU and device interconnect, providing robust end-to-end protection against code and data faults across all memories and peripherals during application runtime.
千亿体育app官网登录(中国)官方网站IOS/安卓通用版/手机APP | 米乐app下载官网(中国)|ios|Android/通用版APP最新版 | 米乐|米乐·M6(中国大陆)官方网站 | 千亿体育登陆地址 | 华体会体育(中国)HTH·官方网站 | 千赢qy国际_全站最新版千赢qy国际V6.2.14安卓/IOS下载 | 18新利网v1.2.5|中国官方网站 | bob电竞真人(中国官网)安卓/ios苹果/电脑版【1.97.95版下载】 | 千亿体育app官方下载(中国)官方网站IOS/安卓/手机APP下载安装 |