Embedded Security: how to avoid unauthorized software installation on industrial printers

THE SCENARIO:

Nowadays, safety is becoming a topic of absolute importance in all areas of product development. Just think of the news cases that tell of companies forced to pay to get their data back rather than attacks on government bodies to steal sensitive data, for example on vaccinations against COVID19.

In this global scenario, even in the industrial field, there is a need to protect their products against possible situations that undermine the correct functioning of their products, causing brand's damage as well as sometimes irreparable damage to end users.

THE CONTEXT:

In this global scenario, there are numerous actions that can and sometimes must be done to ensure good security of your device in the field. One of these possible actions is to make sure that the software that runs when a device starts up or an update package is received comes from a safe source.

This context can also include industrial printing systems which, due to the very varied nature of the products on which they operate, greatly benefit from the always-on remote connection from which to obtain updates quickly and efficiently. At the same time, for the same reason it is necessary to be sure that what is sent both approved and properly issued by the manufacturer.

THE KEY ROLE OF DAVE Embedded Systems:

In order to guarantee that the software that is running is safe and approved, it is necessary to implement hardware and software mechanisms that together guarantee this protection. Hence, DAVE Embedded Systems expert in this field is able to offer its customers the possibility of integrating these services which, in a nutshell, allow you to verify the authenticity of the software packages you are about to run, thus avoiding the possibility of be unwanted installations. The mechanism is that of the secure boot that is a mechanism that allows you to:

• sign the binaries to be executed with unique signatures
• securely, the device in the field is able to verify the signatures and then decide whether or not to launch this software
• in case the packages are not suitable, the device restarts (if it succeeds - depends on the implementation) with the old software or it crashes thus avoiding problems with software of dubious origin

DAVE Embedded Systems is therefore able to prepare not only the on-board verification mechanism of the embedded system but also of the signature and key management machines that must be duly protected at the customer site.

DAVE Embedded Systems is also able to create solutions for fabless companies that provide for the generation of keys and signatures at its headquarters but then require the actual installation at an external manufacturing company.

WHO IS THE CUSTOMER:

The customer is a company that manufactures industrial printers and that, thanks to the remote interaction with the devices, are able to offer new services to their customers thanks to the continuous monitoring of the device as well as quickly offer updates of their devices.

Therefore, being able to benefit from the network, it is important to take precautions against possible attacks from the outside rather than making sure that you cannot install the wrong software on the devices, giving your technical office an extra guarantee on the software that runs on the machine which surely comes from there.

APPLICATION BLOCK DIAGRAM

In this case there is no real application block diagram but a management system which, together with other actions aimed at increasing the safety of the product, avoid the possibility of running into some typical problems related to cybersecurity and software counterfeiting

Download

Related products

AXEL Ulite - i.MX6UL

AXEL Lite - i.MX6