Deeply Embedded and Nevertheless Secure? System Hardening
Our customer sells systems that can be configured through a web browser. The system was developed as a deeply embedded system on a microcontroller (Cortex-M) purely functional, without considering data security. Now his customer required a "security hardening", i.e. that the cyber security has to be increased. This was to be done with the smallest possible software changes and without hardware changes.
After a security/ threat analysis, the new requirements were clear. The most important change was the upgrade to SNMP v3. Since the existing software platform did not support this, we re-evaluated the combination of operating system, communication stacks and libraries. These components were then used to implement the system and integrate the components with the application. For this, an automated test suite was built using Python, especially for the communication tests. Finally, our implementation was subjected to an in-depth security analysis by a partner, including performing penetration tests.
- Software Development
Expertise and Technologies
In this project, based on a Cortex-M we used a whole range of web technologies: embedded WebServer, HTTP/ HTTPS, DHCP, NTP, REST API, TLS and of course SNMP v3. The processor ran a real-time operating system (RTOS) with a Flash file system that supported the favored SNMP libraries.