Connected Devices = Security Risks

Embedded developers need a security strategy from the initial stages of device design.

By Cheryl Coup, Editor

Connectedness is a critical theme in every embedded market. So is security. Few markets show the dilemma as well as the industrial market in general and the embedded medical market in particular. The ability to widely share information is critical to both providing better patient care and to cutting the burgeoning cost of medical treatment. Practitioners require complete access to records and treatment at the point of care along with the availability of high-tech diagnostic and treatment options, such as imaging. Patients (and the federal government) demand that all such information is kept secure at every node on the network. Add in the evolution of LTE and IP-based communications networks for an ever-wider array of instant-access wireless devices, and security soars to the forefront.

How do designers guarantee connectivity and security? They have to begin that quest right at the beginning. With every imaginable type of device now connected, security is an issue in embedded applications ranging from high-security military devices to mobile and consumer products. Mark Huang, product marketing manager of American Portwell Technology Inc., and Rohit Sukhija, director of marketing for TeamF1, give their insight on security considerations for embedded developers, how security and performance trade off, and how the migration to multicore architectures will affect security measures.

Embedded Intel Solutions: What changes do you see occurring in embedded designs to incorporate new security measures?


Rohit Sukhija, Team F1: With connected embedded devices being practically ubiquitous, secure connectivity and perimeter defense are no longer a concern only for military and specialized applications, but something that the designer of every embedded device has to factor in. Further, embedded devices have more constraints than non-embedded ones in terms of resource usage. Everything from CPU horsepower to memory and power use are much more of a premium for embedded devices in general. This has led to a demand for high-performance and low-resource-usage security implementations as well as helper hardware engines to offload many compute-intensive security tasks from embedded CPUs. A major challenge for embedded designers is to develop and use standards-based security technologies in constrained environments without significantly impacting the user experience (e.g., through lower performance or more battery use). Embedded devices also tend to be purpose-built. With the diverse requirements of embedded devices in different verticals, security has many faces and levels with specific implementation needs for each application and market to which the device caters. A push toward more scalable and modular software implementations that address these security challenges along with hardware acceleration and multicore processing is inevitable.


Mark Huang, American Portwell Technology: An increasingly greater variety of devices is connected to the network to share information. Embedded security hardware must have more network interfaces to route and control packets from different sources. The number of network-interface port requirements increases to four or more. In addition, a highly efficient CPU with a hardware security acceleration engine enables embedded security platforms to both deliver performance and address the increasing concerns of security issues.

Embedded Intel Solutions: How are developers addressing tradeoffs in optimizing embedded designs for performance versus security?

Sukhija, Team F1: To provide the performance needed by security technologies, embedded developers use hardware with co-processors, multiple cores, and accelerator engines to offload the primary CPU from compute-intensive tasks. These systems have to be designed with more complex software for managing various symmetric and asymmetric compute resources, which involve balancing complexity with getting the most performance bang-for-the-buck. After all, these complexities directly impact time to market, reliability, and quality. Fortunately, with hardware and processing power becoming cheaper every day, a balance can easily be found between the efficient use of processing power and getting enough performance for security requirements to be met. But the onus still is on engineers to find this balance rather than rely on a formulaic tradeoff.

Huang, Portwell: Both performance and security are critical in real-world applications. To address the increasing requirements of both, developers have the options of using a core logic CPU and chipset with a built-in security engine or adding a dedicated security co-processor in the embedded design.

Embedded Intel Solutions: How are developers addressing new security challenges with the evolution to LTE and IP-based networks?

Sukhija, Team F1: With high-speed packet-switching networks becoming the norm, more devices are interconnecting with each other and with the general Internet cloud conveniently and cost effectively. This expands the traditional connectivity ecosystem to wider horizons with new applications becoming common on connected embedded devices each day. Security is evolving into a natural part of this ecosystemas a core component rather than an add-on or an afterthought. Embedded developers are addressing these requirements by having a security strategy in mind from the initial stages of device design, so devices are built with a natively secure system. Standardized security softwareincluding everything from secure connectivity to intrusion prevention and even anti-malware technologies (once a mainstay of desktop and server computing)--are now being seen as security features common to embedded devices. On the hardware side, designs have started to include special-purpose hardware (in the form of IP cores on existing chips or additional chips on the board) to enhance the performance of software implementations. The ability to scale up with desired security features is the biggest challenge for designing secure embedded devices in the future.

Huang, Portwell: Embedded hardware design needs to keep up with the demand for performance. Intels next-generation Cave Creek (Intel codename) chipset equipped with the Intel QuickAssist 1.5 technology, coupled with the new Sandy Bridge (Intel codename) CPU, will be able to address the demand for computing power and accelerate security packet processing.

Embedded Intel Solutions: How is the evolution to multicore platforms affecting security issues for embedded designs?

Sukhija, Team F1: Multicore platforms are starting to be a great vehicle for meeting the challenges of high-performance and scalable embedded security. The performance of security protocols relies on the computing muscle of additional cores--especially in asymmetric multiprocessing methodologies. There, the inherent parallelism of many different security technologies, which have to be applied on a stream of network packets, can be leveraged by partitioning dedicated functions to various cores working in their own realm--with the option of dynamically reallocating the compute resources should the need arise. Designers will face major challenges in multicore processing before highly optimized software at every level of the system in embedded devices becomes commonplace. The migration has already started, however. It will inexorably lead to more standardized software architectures of security technologies on multicore platforms, which are not so tightly tied to the specific multicore processors that are in use (as is the case today).

Huang, Portwell: The multicore architecture enables a same-footprint embedded platform to deliver a solution to applications that require greater performance and better security management.



Cheryl Berglund Coup is editor of Her articles have appeared in EE Times, Electronic Business, Microsoft Embedded Review, and Windows Developers Journal. She has developed presentations for the Embedded Systems Conference and ICSPAT. Berglund Coup has held a variety of production, technical marketing, and writing positions within technology companies and agencies in the Northwest.