{"id":3645,"date":"2021-08-01T16:45:17","date_gmt":"2021-08-01T14:45:17","guid":{"rendered":"https:\/\/mission-embedded.dev.zold.at\/?p=3645"},"modified":"2023-10-31T16:24:57","modified_gmt":"2023-10-31T15:24:57","slug":"secure-embedded-systems","status":"publish","type":"post","link":"https:\/\/mission-embedded-backup.dev.zold.at\/en\/secure-embedded-systems\/","title":{"rendered":"Secure Embedded Systems"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"3645\" class=\"elementor elementor-3645 elementor-2554\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-ad27cf9 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"ad27cf9\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-f7e11dc\" data-id=\"f7e11dc\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-9360a39 elementor-widget elementor-widget-theme-post-title elementor-page-title elementor-widget-heading\" data-id=\"9360a39\" data-element_type=\"widget\" data-widget_type=\"theme-post-title.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h1 class=\"elementor-heading-title elementor-size-default\">Secure Embedded Systems - Common Approaches and Challenges<\/h1>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-bffe802 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"bffe802\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-wide\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-ffa949f\" data-id=\"ffa949f\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-88b727d elementor-widget elementor-widget-text-editor\" data-id=\"88b727d\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><strong>The topic of embedded system security is an important part of many of our projects regardless of the industry or field of the customer \u2013 be it because of the\u00a0<a href=\"https:\/\/gdpr-info.eu\/\">GDPR<\/a>\u00a0(EU General Data Protection Regulation), cloud connectivity, safety requirements or application-specific requirements and regulations. Based on a recent project, this article aims to show how a security concept can be implemented and gives examples of typical and recurring pitfalls and challenges.<\/strong><\/p><p>\u00a0<\/p><p>One of our customers approached us in need for our security expertise because they wanted to add cloud connectivity and establish a security roadmap for their medical device portfolio consisting of existing and planned medical devices. Soon, it became clear that three solutions were necessary as is often the case when there are existing devices or machines already in the field.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ff679ec custom-list-white elementor-widget elementor-widget-text-editor\" data-id=\"ff679ec\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li>a retrofittable <strong>secure connectivity gateway<\/strong> for their existing devices,<\/li><li>an <strong>integrated secure connectivity module<\/strong> for devices where integration is easily possible and<\/li><li>a <strong>holistic security approach<\/strong> for new products<\/li><\/ul><p>\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c19e72b elementor-widget elementor-widget-text-editor\" data-id=\"c19e72b\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>This desired new functionality was to be able to transmit data from the device to a cloud service. Moreover, the transmitted data did not only include personalized medical data, but also other sensitive data, e.g. server credentials. This data certainly required protection, but it was also important to safeguard the system against attacks from the outside over the network and locally to prevent harm to the user or patient.<\/p><p>\u00a0<\/p><p>Therefore, cyber-security was of utmost importance for the customer. They asked for our technical and process expertise because the adding of security in embedded systems was a new challenge for them.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cfe4890 elementor-widget elementor-widget-image\" data-id=\"cfe4890\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"800\" height=\"747\" src=\"https:\/\/mission-embedded-backup.dev.zold.at\/wp-content\/uploads\/2020\/07\/SecurityConcept-1-e1597065057719-1030x962.png\" class=\"attachment-large size-large wp-image-2043\" alt=\"\" srcset=\"https:\/\/mission-embedded-backup.dev.zold.at\/wp-content\/uploads\/2020\/07\/SecurityConcept-1-e1597065057719-1030x962.png 1030w, https:\/\/mission-embedded-backup.dev.zold.at\/wp-content\/uploads\/2020\/07\/SecurityConcept-1-e1597065057719-300x280.png 300w, https:\/\/mission-embedded-backup.dev.zold.at\/wp-content\/uploads\/2020\/07\/SecurityConcept-1-e1597065057719-768x718.png 768w, https:\/\/mission-embedded-backup.dev.zold.at\/wp-content\/uploads\/2020\/07\/SecurityConcept-1-e1597065057719.png 1067w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-62dbcfa elementor-widget elementor-widget-text-editor\" data-id=\"62dbcfa\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Following the design process outlined\u00a0<a href=\"https:\/\/mission-embedded-backup.dev.zold.at\/reports\/security-for-cyber-physical-systems\/\">in this article<\/a>, the exact security scope and the applicable standards (e.g. AAMI TIR 57 for medical devices) were identified and agreed on with the customer and certifying authorities. It was decided that the system should be in accordance with a security level 3 (following\u00a0<a href=\"https:\/\/de.wikipedia.org\/wiki\/IEC_62443\">IEC 62443<\/a>-4-2, SL3).<\/p><p>\u00a0<\/p><p>Mission Embedded developed a single concept to address all three necessary solutions and provide new as well as existing devices with the relevant security capabilities (e.g. secure storage, secure communication).<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-23d76b0 elementor-widget elementor-widget-text-editor\" data-id=\"23d76b0\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>This approach provided the benefit that all other elements in the overall system architecture, user, and operator manuals as well as certification artifacts could be <strong>reused without modification<\/strong>.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2d108fe elementor-widget elementor-widget-text-editor\" data-id=\"2d108fe\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>In the following chapter, we will take a more detailed look at the security concept, also showing why and how it was implemented.<\/p><p>\u00a0<\/p><h2>Risk Assessment<\/h2><p>According to the\u00a0<a href=\"https:\/\/mission-embedded-backup.dev.zold.at\/reports\/security-for-cyber-physical-systems\/\">ME security management process<\/a>, a risk assessment was conducted first. Together with the customer, approximately 50 risks have been identified and categorized. This number of risks is not uncommon for such projects. Below, you find an excerpt of risks that we often encounter in our projects, especially when working with legacy systems:<\/p><p>\u00a0<\/p><p><strong>Risk 1<\/strong>\u00a0\u00a0\u00a0 Due to weak password management and authentication, a user or attacker can access the system and misconfigure the device and its settings. (At a glance, this might not seem like the top risk of the system. However, due to its high probability of occurrence, as well as the devastating impact it might have when looking at a medical device, it was categorized as a risk that absolutely needed to be mitigated.)<\/p><p>\u00a0<\/p><p><strong>Risk 2<\/strong>\u00a0\u00a0\u00a0 Due to unprotected plain text storage, data manipulation is possible, which might then also be transmitted to the server. Thus, wrong data is stored on the server, which may compromise the integrity and authenticity of all records stored on the server.<\/p><p>\u00a0<\/p><p><strong>Risk 3<\/strong>\u00a0\u00a0\u00a0 Due to a missing secure storage, the keys, certificates, and other sensitive information are stored in \u201cplain text\u201d on the unencrypted file system.<\/p><p>\u00a0<\/p><p><strong>Risk 4<\/strong>\u00a0\u00a0\u00a0 Due to an unsecured communication channel, backend or due to vulnerabilities in the application itself, code execution via malformed data can be achieved, i.e., a\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Buffer_overflow\">buffer overflow attack<\/a>,\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Return-oriented_programming\">ROP<\/a>\u00a0(return-oriented programming), etc. Due to the possible code execution, the entire system can be compromised. This means that also unencrypted data might be retrieved from the system.<\/p><p>\u00a0<\/p><p><strong>Risk 5<\/strong>\u00a0\u00a0\u00a0 Due to a lack of OS hardening (e.g., firewall), the system might be discoverable, and\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Spoofing_attack\">spoofing<\/a>\u00a0and\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Denial-of-service_attack\">denial of service attacks<\/a>\u00a0are possible. Moreover, if unsecured or weakly secured interfaces are open and are listening to connections, system access with high impact is possible due to a potential root exploit.<\/p><p>\u00a0<\/p><p><strong>Risk 6<\/strong>\u00a0\u00a0\u00a0 An unprotected debug interface allows access to the entire system and its data, i.e., done by an insider (standard password), or due to weak password policies, etc. As a consequence, wrong data might be displayed, algorithms manipulated, etc.<\/p><p>\u00a0<\/p><p><strong>Risk 7<\/strong>\u00a0\u00a0\u00a0 A malformed firmware image can be booted\/installed from the SD card by a third party. Due to missing code signatures and other checks, the entire system is compromised, not visible to the operator or user. Thus, there is a threat of manipulation of data and algorithms, etc.<\/p><p style=\"margin-right: 0px; margin-bottom: 10px; margin-left: 0px; font-size: 14px; letter-spacing: 0.4px; line-height: 1.6em; text-align: justify;\">\u00a0<\/p><h2>Objectives<\/h2><p>Based on the identified and categorized risks, the objectives for the system are determined. Each objective is assigned to one or several identified risks which allows mapping between risks and objectives. The following image and list include common objectives that need to be tackled in many cases:<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-41836af elementor-widget elementor-widget-image\" data-id=\"41836af\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"795\" height=\"672\" src=\"https:\/\/mission-embedded-backup.dev.zold.at\/wp-content\/uploads\/2020\/07\/SecurityObjectives-1.png\" class=\"attachment-large size-large wp-image-2039\" alt=\"\" srcset=\"https:\/\/mission-embedded-backup.dev.zold.at\/wp-content\/uploads\/2020\/07\/SecurityObjectives-1.png 795w, https:\/\/mission-embedded-backup.dev.zold.at\/wp-content\/uploads\/2020\/07\/SecurityObjectives-1-300x254.png 300w, https:\/\/mission-embedded-backup.dev.zold.at\/wp-content\/uploads\/2020\/07\/SecurityObjectives-1-768x649.png 768w\" sizes=\"(max-width: 795px) 100vw, 795px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1892ed8 elementor-widget elementor-widget-text-editor\" data-id=\"1892ed8\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div><h3>Secure Boot:<\/h3><p>To prevent the system from entering a tampered state, it has to ensure that only a firmware is booted, which has been authenticated and provides integrity, i.e., through the use of code signatures validating the origin of the firmware from a trusted source during the boot procedure.<\/p><p>\u00a0<\/p><h3>Secure Interfaces\/HW:<\/h3><p>To limit the attack surface of the system, unused interfaces shall be disabled and\/or adequately protected (i.e., passwords).<\/p><p>\u00a0<\/p><h3>Secure OS:<\/h3><p>To protect the system from outside attacks, the operating system needs to be hardened. This includes settings regarding firewalls, disabling not required services, malware detection, integrity verification, mandatory access control systems to limit users and applications, configuration of login interfaces to prevent\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Brute-force_attack\">brute force attacks<\/a>\u00a0and more.<\/p><\/div>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-9f69dfb\" data-id=\"9f69dfb\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-01bfc88 elementor-widget elementor-widget-text-editor\" data-id=\"01bfc88\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<h3>Secure Storage:<\/h3><p>To be able to reasonable secure secrets, such as certificates, encryption keys, and server credentials, as well as measurement logs, secure storage needs to be implemented\/available on the system, i.e., through file system encryption based upon secure hardware.<\/p><p>\u00a0<\/p><h3>Secure Communication:<\/h3><p style=\"margin-right: 0px; margin-bottom: 10px; margin-left: 0px; font-size: 14px; letter-spacing: 0.4px; line-height: 1.6em; text-align: justify;\">To ensure that data is securely transmitted from the system to the server, confidentiality, integrity, and authenticity need to be ensured for the communication channel. Hence, message encryption and signing must be provided, and the used channel needs to be authenticated.<\/p><p>\u00a0<\/p><h3>Secure Update:<\/h3><p>To prevent the system from entering a tampered state, updates need to be able to be securely installed. This includes code signatures and verifications before the update is applied.\u00a0<\/p><p>\u00a0<\/p><p>In the following subsection, we provide a more detailed look on how each objective was realized in this specific project.<\/p><h2 style=\"margin-right: 0px; margin-bottom: 10px; margin-left: 0px; font-size: 14px; letter-spacing: 0.4px; line-height: 1.6em; text-align: justify;\">\u00a0<\/h2><h2>Implementation<\/h2><p>To fulfil these objectives, we need to establish a chain of trust, as explained in this\u00a0<a href=\"https:\/\/mission-embedded-backup.dev.zold.at\/reports\/security-for-cyber-physical-systems\/\">article<\/a>. In the given project the following chain of trust was implemented, using the mechanism in the specific system architecture (Linux + NXP i.MX SoC). The root of trust constitutes the foundation upon which all further mechanisms are built, in this specific project the CAAM (Cryptographic Accelerator and Assurance Module). In other projects, we are using\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Trusted_Platform_Module\">Trusted Platform Modules<\/a> (TPM) for example.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4b15e01 elementor-widget elementor-widget-image\" data-id=\"4b15e01\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"800\" height=\"773\" src=\"https:\/\/mission-embedded-backup.dev.zold.at\/wp-content\/uploads\/2020\/07\/Chain-of-Trust.png\" class=\"attachment-large size-large wp-image-2041\" alt=\"\" srcset=\"https:\/\/mission-embedded-backup.dev.zold.at\/wp-content\/uploads\/2020\/07\/Chain-of-Trust.png 880w, https:\/\/mission-embedded-backup.dev.zold.at\/wp-content\/uploads\/2020\/07\/Chain-of-Trust-300x290.png 300w, https:\/\/mission-embedded-backup.dev.zold.at\/wp-content\/uploads\/2020\/07\/Chain-of-Trust-768x742.png 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c83a3f3 elementor-widget elementor-widget-text-editor\" data-id=\"c83a3f3\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<h3>Secure Boot<\/h3><p>The used processing platform provides a hardware root of trust through one-time programmable keys. If fused and enforced, the ROM bootloader, supporting High Assurance Boot (HAB), validates the second stage bootloader through the validation of a code signature on boot. The system only continues to boot if the signature was verified, otherwise it stalls. Hence, the second stage bootloader can be fully trusted as this stage and is only reachable from a valid source. In this specific case, the second stage bootloader is a custom modified and enhanced U-Boot.<\/p><p>\u00a0<\/p><p>U-Boot continuous to validate the Linux Kernel (e.g. zImage), thus ensuring that all deployed security related Kernel Modules are in place. Moreover, U-Boot validates the initRamFS (initRD) and the rootFS signature. The latter two components are required by a Kernel security extension, which was used to ensure that the Root filesystem has not been tampered with. This extension calculates and compares the authenticity of the rootFS (rootFS signature). Hence, no manipulated firmware, etc. will be executed.<\/p><p>\u00a0<\/p><h3>Secure Interfaces<\/h3><p>All interfaces have been protected with strong password policies satisfying the current\u00a0<a href=\"https:\/\/www.nist.gov\/\">NIST<\/a>\u00a0(National Institute of Standards and Technology) guidelines. Moreover, debug interfaces have been set into a mode which also requires a preceding authentication. Moreover, USB interfaces are restricted allowing only a limited set of device classes. System access via USB is protected through authentication.<\/p><p>\u00a0<\/p><h3>Secure OS<\/h3><p>To protect the OS, numerous measures have been deployed. First and foremost, password policies are enforced, firewalls are configured and set, only the required services and applications are running (i.e. disabled telnet, etc.), and applications run with the minimum required permissions to hinder root exploits.<\/p><p>\u00a0<\/p><p>Additionally, the system also keeps audit logs. To protect these logs and limit the possibilities of root exploits, a MAC (mandatory access control) system was deployed and configured. As a result, even the root user is confined, preventing, for instance, deletion of the audit log by root. Correctly configuring the MAC was probably the most difficult part.<\/p><p>\u00a0<\/p><p>What makes MAC difficult to configure is that every system is unique and requires an adapted policy to some extent. Hence, choosing the right MAC system for the right purpose is important to find a good trade-off between cost, benefit, and complexity.<\/p><p>\u00a0<\/p><h3>Secure Storage<\/h3><p>In order to implement a secure storage, the hardware of the SoC must support the possibility to encrypt and decrypt data through processor unique encryption. This feature was, for example, used in combination with the system extensions mentioned above to encrypt the data partitions. To achieve this, the CAAM (Cryptographic Accelerator and Assurance Module) of the SoC was used. Using this secure storage and further encryption mechanics, sensitive data such as keys\/certificates are protected. Secure storage is critical for the key management on the device, as it protects the keys from unauthorized access (manipulation and disclosure). In order to give each device its unique identity, the key generation capabilities of the device are used in combination with a\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Public_key_infrastructure\">PKI<\/a>\u00a0(public key infrastructure) to get signed certificates for each device that can be used for the secured communication.<\/p><p>\u00a0<\/p><h3>Secure Communication<\/h3><p>In order to protect data in transmission, a two-way authentication ensures that the device only communicates with a valid server and that the server can verify that it communicates with the correct device.<\/p><p>\u00a0<\/p><h3>Secure Update<\/h3><p>To ensure that firmware and data can be securely updated unattended, Mission Embedded integrated a proven-in-flied secure update mechanism. A dual boot failsafe extension was also integrated into the secure update mechanism to prevent the system getting bricked through an update.<\/p><p>\u00a0<\/p><h3>Test and Validate<\/h3><p>Penetration tests typically consist of\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Port_scanner\">port scans<\/a>,\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Sniffing_attack\">sniffing<\/a>,\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Replay_attack\">replay attacks<\/a>, brute force\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Dictionary_attack\">dictionary attacks<\/a>, probing, firmware upgrade\/downgrade, installation of manipulated firmware, etc. Altogether, these tests verify the correct functioning of the implemented mechanisms and guarantee the specified goal and security level of the system. All deployed mechanisms were verified according to predefined test cases in-house. We also support our customers mastering the certification process with a notified body.<\/p><p>\u00a0<\/p><h2>Conclusion<\/h2><p>This article provides an overview of how device security can be implemented on a modern SoC platform for a mobile medical device, including secure boot, secure storage, secure communication, secure update, and other mechanisms.<\/p><p>\u00a0<\/p><p>This project was an excellent example for integrating our Yocto Security Layers in a customer project. These layers add security functionalities to the Bootloader and the Kernel \/ OS, e.g., the base configuration of the firewall, password policies, secure update mechanisms, and security related Kernel modules. Those basic layers, continuously refined and extended, provide the fundamentals for future security projects and applications.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-22aaf69 elementor-widget elementor-widget-text-editor\" data-id=\"22aaf69\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<h3>3 Mission Embedded Security Solutions \u2013 One Security Concept:<\/h3><ul style=\"margin: 10px 0px 10px 17px; list-style-type: disc; font-size: 14px;\"><li><strong>ME Secure Gateway<\/strong> for already deployed systems<\/li><li><strong>Integrable ME Secure Connectivity Module<\/strong> for already existing products<\/li><li>Joint product development with a <strong>holistic security approach<\/strong> for new products<\/li><\/ul><p>\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-0f38d5c elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"0f38d5c\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-830849a\" data-id=\"830849a\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-14e0813 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"14e0813\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-be44f65\" data-id=\"be44f65\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap\">\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-04f2155\" data-id=\"04f2155\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4869abe elementor-button-info elementor-widget elementor-widget-button\" data-id=\"4869abe\" data-element_type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"https:\/\/mission-embedded-backup.dev.zold.at\/en\/news\/\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">< Back to News<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>The topic of embedded system security is an important part of many of our projects regardless of industry or field.<\/p>\n","protected":false},"author":6,"featured_media":5882,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[161,154],"tags":[68,122,101],"class_list":["post-3645","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-embedded-systems-en","category-projects-products-use-cases","tag-security-en","tag-security-concept-en","tag-security-concept"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Secure Embedded Systems - Mission Embedded<\/title>\n<meta name=\"description\" content=\"Based on a recent project, this article shows how a security concept can be implemented and gives examples of typical challenges.\" \/>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Secure Embedded Systems - Mission Embedded\" \/>\n<meta property=\"og:description\" content=\"Based on a recent project, this article shows how a security concept can be implemented and gives examples of typical challenges.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/mission-embedded-backup.dev.zold.at\/en\/secure-embedded-systems\/\" \/>\n<meta property=\"og:site_name\" content=\"Mission Embedded\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-01T14:45:17+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-10-31T15:24:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/mission-embedded-backup.dev.zold.at\/wp-content\/uploads\/2022\/03\/Security-Objectives.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"510\" \/>\n\t<meta property=\"og:image:height\" content=\"283\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"ithelps digital\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ithelps digital\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/mission-embedded-backup.dev.zold.at\/en\/secure-embedded-systems\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/mission-embedded-backup.dev.zold.at\/en\/secure-embedded-systems\/\"},\"author\":{\"name\":\"ithelps digital\",\"@id\":\"https:\/\/mission-embedded-backup.dev.zold.at\/#\/schema\/person\/36a76d6652cab0814640996f25e469a3\"},\"headline\":\"Secure Embedded Systems\",\"datePublished\":\"2021-08-01T14:45:17+00:00\",\"dateModified\":\"2023-10-31T15:24:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/mission-embedded-backup.dev.zold.at\/en\/secure-embedded-systems\/\"},\"wordCount\":1975,\"publisher\":{\"@id\":\"https:\/\/mission-embedded-backup.dev.zold.at\/#organization\"},\"image\":{\"@id\":\"https:\/\/mission-embedded-backup.dev.zold.at\/en\/secure-embedded-systems\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/mission-embedded-backup.dev.zold.at\/wp-content\/uploads\/2022\/03\/Security-Objectives.jpg\",\"keywords\":[\"security\",\"security concept\",\"security concept\"],\"articleSection\":[\"Embedded Systems\",\"Projects, Products &amp; Use cases\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/mission-embedded-backup.dev.zold.at\/en\/secure-embedded-systems\/\",\"url\":\"https:\/\/mission-embedded-backup.dev.zold.at\/en\/secure-embedded-systems\/\",\"name\":\"Secure Embedded Systems - Mission Embedded\",\"isPartOf\":{\"@id\":\"https:\/\/mission-embedded-backup.dev.zold.at\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/mission-embedded-backup.dev.zold.at\/en\/secure-embedded-systems\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/mission-embedded-backup.dev.zold.at\/en\/secure-embedded-systems\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/mission-embedded-backup.dev.zold.at\/wp-content\/uploads\/2022\/03\/Security-Objectives.jpg\",\"datePublished\":\"2021-08-01T14:45:17+00:00\",\"dateModified\":\"2023-10-31T15:24:57+00:00\",\"description\":\"Based on a recent project, this article shows how a security concept can be implemented and gives examples of typical challenges.\",\"breadcrumb\":{\"@id\":\"https:\/\/mission-embedded-backup.dev.zold.at\/en\/secure-embedded-systems\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/mission-embedded-backup.dev.zold.at\/en\/secure-embedded-systems\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/mission-embedded-backup.dev.zold.at\/en\/secure-embedded-systems\/#primaryimage\",\"url\":\"https:\/\/mission-embedded-backup.dev.zold.at\/wp-content\/uploads\/2022\/03\/Security-Objectives.jpg\",\"contentUrl\":\"https:\/\/mission-embedded-backup.dev.zold.at\/wp-content\/uploads\/2022\/03\/Security-Objectives.jpg\",\"width\":510,\"height\":283},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/mission-embedded-backup.dev.zold.at\/en\/secure-embedded-systems\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/mission-embedded-backup.dev.zold.at\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Secure Embedded Systems\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/mission-embedded-backup.dev.zold.at\/#website\",\"url\":\"https:\/\/mission-embedded-backup.dev.zold.at\/\",\"name\":\"Mission Embedded\",\"description\":\"MISSION EMBEDDED\",\"publisher\":{\"@id\":\"https:\/\/mission-embedded-backup.dev.zold.at\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/mission-embedded-backup.dev.zold.at\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/mission-embedded-backup.dev.zold.at\/#organization\",\"name\":\"Mission Embedded GmbH\",\"url\":\"https:\/\/mission-embedded-backup.dev.zold.at\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/mission-embedded-backup.dev.zold.at\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/mission-embedded-backup.dev.zold.at\/wp-content\/uploads\/2018\/03\/ME_Logo_300dpi.jpg\",\"contentUrl\":\"https:\/\/mission-embedded-backup.dev.zold.at\/wp-content\/uploads\/2018\/03\/ME_Logo_300dpi.jpg\",\"width\":621,\"height\":113,\"caption\":\"Mission Embedded GmbH\"},\"image\":{\"@id\":\"https:\/\/mission-embedded-backup.dev.zold.at\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/at.linkedin.com\/company\/mission-embedded\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/mission-embedded-backup.dev.zold.at\/#\/schema\/person\/36a76d6652cab0814640996f25e469a3\",\"name\":\"ithelps digital\",\"url\":\"https:\/\/mission-embedded-backup.dev.zold.at\/en\/author\/ithelps\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Secure Embedded Systems - Mission Embedded","description":"Based on a recent project, this article shows how a security concept can be implemented and gives examples of typical challenges.","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Secure Embedded Systems - Mission Embedded","og_description":"Based on a recent project, this article shows how a security concept can be implemented and gives examples of typical challenges.","og_url":"https:\/\/mission-embedded-backup.dev.zold.at\/en\/secure-embedded-systems\/","og_site_name":"Mission Embedded","article_published_time":"2021-08-01T14:45:17+00:00","article_modified_time":"2023-10-31T15:24:57+00:00","og_image":[{"width":510,"height":283,"url":"https:\/\/mission-embedded-backup.dev.zold.at\/wp-content\/uploads\/2022\/03\/Security-Objectives.jpg","type":"image\/jpeg"}],"author":"ithelps digital","twitter_card":"summary_large_image","twitter_misc":{"Written by":"ithelps digital","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/mission-embedded-backup.dev.zold.at\/en\/secure-embedded-systems\/#article","isPartOf":{"@id":"https:\/\/mission-embedded-backup.dev.zold.at\/en\/secure-embedded-systems\/"},"author":{"name":"ithelps digital","@id":"https:\/\/mission-embedded-backup.dev.zold.at\/#\/schema\/person\/36a76d6652cab0814640996f25e469a3"},"headline":"Secure Embedded Systems","datePublished":"2021-08-01T14:45:17+00:00","dateModified":"2023-10-31T15:24:57+00:00","mainEntityOfPage":{"@id":"https:\/\/mission-embedded-backup.dev.zold.at\/en\/secure-embedded-systems\/"},"wordCount":1975,"publisher":{"@id":"https:\/\/mission-embedded-backup.dev.zold.at\/#organization"},"image":{"@id":"https:\/\/mission-embedded-backup.dev.zold.at\/en\/secure-embedded-systems\/#primaryimage"},"thumbnailUrl":"https:\/\/mission-embedded-backup.dev.zold.at\/wp-content\/uploads\/2022\/03\/Security-Objectives.jpg","keywords":["security","security concept","security concept"],"articleSection":["Embedded Systems","Projects, Products &amp; Use cases"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/mission-embedded-backup.dev.zold.at\/en\/secure-embedded-systems\/","url":"https:\/\/mission-embedded-backup.dev.zold.at\/en\/secure-embedded-systems\/","name":"Secure Embedded Systems - Mission Embedded","isPartOf":{"@id":"https:\/\/mission-embedded-backup.dev.zold.at\/#website"},"primaryImageOfPage":{"@id":"https:\/\/mission-embedded-backup.dev.zold.at\/en\/secure-embedded-systems\/#primaryimage"},"image":{"@id":"https:\/\/mission-embedded-backup.dev.zold.at\/en\/secure-embedded-systems\/#primaryimage"},"thumbnailUrl":"https:\/\/mission-embedded-backup.dev.zold.at\/wp-content\/uploads\/2022\/03\/Security-Objectives.jpg","datePublished":"2021-08-01T14:45:17+00:00","dateModified":"2023-10-31T15:24:57+00:00","description":"Based on a recent project, this article shows how a security concept can be implemented and gives examples of typical challenges.","breadcrumb":{"@id":"https:\/\/mission-embedded-backup.dev.zold.at\/en\/secure-embedded-systems\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/mission-embedded-backup.dev.zold.at\/en\/secure-embedded-systems\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mission-embedded-backup.dev.zold.at\/en\/secure-embedded-systems\/#primaryimage","url":"https:\/\/mission-embedded-backup.dev.zold.at\/wp-content\/uploads\/2022\/03\/Security-Objectives.jpg","contentUrl":"https:\/\/mission-embedded-backup.dev.zold.at\/wp-content\/uploads\/2022\/03\/Security-Objectives.jpg","width":510,"height":283},{"@type":"BreadcrumbList","@id":"https:\/\/mission-embedded-backup.dev.zold.at\/en\/secure-embedded-systems\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/mission-embedded-backup.dev.zold.at\/"},{"@type":"ListItem","position":2,"name":"Secure Embedded Systems"}]},{"@type":"WebSite","@id":"https:\/\/mission-embedded-backup.dev.zold.at\/#website","url":"https:\/\/mission-embedded-backup.dev.zold.at\/","name":"Mission Embedded","description":"MISSION EMBEDDED","publisher":{"@id":"https:\/\/mission-embedded-backup.dev.zold.at\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/mission-embedded-backup.dev.zold.at\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/mission-embedded-backup.dev.zold.at\/#organization","name":"Mission Embedded GmbH","url":"https:\/\/mission-embedded-backup.dev.zold.at\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mission-embedded-backup.dev.zold.at\/#\/schema\/logo\/image\/","url":"https:\/\/mission-embedded-backup.dev.zold.at\/wp-content\/uploads\/2018\/03\/ME_Logo_300dpi.jpg","contentUrl":"https:\/\/mission-embedded-backup.dev.zold.at\/wp-content\/uploads\/2018\/03\/ME_Logo_300dpi.jpg","width":621,"height":113,"caption":"Mission Embedded GmbH"},"image":{"@id":"https:\/\/mission-embedded-backup.dev.zold.at\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/at.linkedin.com\/company\/mission-embedded"]},{"@type":"Person","@id":"https:\/\/mission-embedded-backup.dev.zold.at\/#\/schema\/person\/36a76d6652cab0814640996f25e469a3","name":"ithelps digital","url":"https:\/\/mission-embedded-backup.dev.zold.at\/en\/author\/ithelps\/"}]}},"_links":{"self":[{"href":"https:\/\/mission-embedded-backup.dev.zold.at\/en\/wp-json\/wp\/v2\/posts\/3645","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mission-embedded-backup.dev.zold.at\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mission-embedded-backup.dev.zold.at\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mission-embedded-backup.dev.zold.at\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/mission-embedded-backup.dev.zold.at\/en\/wp-json\/wp\/v2\/comments?post=3645"}],"version-history":[{"count":0,"href":"https:\/\/mission-embedded-backup.dev.zold.at\/en\/wp-json\/wp\/v2\/posts\/3645\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mission-embedded-backup.dev.zold.at\/en\/wp-json\/wp\/v2\/media\/5882"}],"wp:attachment":[{"href":"https:\/\/mission-embedded-backup.dev.zold.at\/en\/wp-json\/wp\/v2\/media?parent=3645"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mission-embedded-backup.dev.zold.at\/en\/wp-json\/wp\/v2\/categories?post=3645"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mission-embedded-backup.dev.zold.at\/en\/wp-json\/wp\/v2\/tags?post=3645"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}