FAQs

Exploit mitigation is a security technique used to make it more difficult for attackers to exploit vulnerabilities in an embedded system. It involves implementing various defences and countermeasures. Therefore, emproof’s Nyx adds techniques, such as stack canaries and control flow integrity, that can prevent attacks from succeeding. By implementing these prevention mechanisms, organizations can make it more difficult for attackers to exploit vulnerabilities and protect against the potential consequences of such attacks. Optionally to these prevention mechanisms, Nyx can also apply security transformations to the binary, such as code obfuscation, to make the internal workings of an embedded system difficult to understand and thus decreasing the chance of finding exploitable bugs via reverse engineering.

IP Theft – Generic term for theft of protected Intellectual Property that can be repurposed and reused allowing illegally copied versions to be produced

Reverse Engineering – Method of analysing a systems structure and inter-relationships to enable the creation of a representation in a different form or higher level of abstraction

Denial of Service – Software Bugs such as Memory Corruptions can be used to overload the system or cause system crashes – this can be mitigated by using Exploit Mitigation

Key Extraction – Private Cryptographic keys protecting a company’s valuable IP, communications etc. are extractable from the software enabling further attacks on device / company

Non-Fixable Bugs – Software bugs that cannot be fixed due to Read Only Memory restrictions can be exploited during the lifetime of the device

Zero Day Exploits – These are software bugs that are unknown to the vendor that have been found by an attacker but cannot be leveraged due to exploit mitigation techniques

Malware – Malicious software such as Botnets and Crypto lockers which are intentionally designed to cause disruption to a device

Yes, absolutely. It’s well known that large computer and networking systems, servers, and data centers use a variety of industry-standard techniques to protect themselves from cyber-attacks. However, embedded systems can be particularly vulnerable to these attacks because they often have limited resources and fixed functionality. Additionally, because these systems are often interconnected with other devices and systems, a security breach in an embedded device can provide an attacker with access to an entire infrastructure. This emphasises the need for robust security measures to protect embedded systems from cyber-attacks.

Examples of these include:

1. An attacker targets an embedded device used in a critical application, such as a medical device or an industrial control system. By exploiting vulnerabilities in the device, the attacker can disrupt its operation and potentially cause harm or damage.
2. An attacker targets an embedded device connected to a larger system or infrastructure, such as a server or network. By exploiting vulnerabilities in the embedded device, the attacker gains access to the larger system and steals or manipulates sensitive data.
3. An attacker targets an embedded device used in a high-value application, such as a military or aerospace system. By reverse engineering the device, the attacker gains access to valuable intellectual property or trade secrets.

In the past there have been famous examples for these kinds of attacks: The Stuxnet attack targeted industrial control systems used to operate centrifuges at a uranium enrichment facility in Iran, causing physical damage to the centrifuges and disrupting their operation. The Triton attack targeted a safety instrumented system at a petrochemical facility in Saudi Arabia, while the Acid Rain malware targeted industrial control systems in manufacturing and critical infrastructure.

Emproof Nyx’s solution can help by implementing exploit mitigation and obfuscation techniques. Emproof Nyx makes it difficult for attackers to reverse engineer a system and find vulnerabilities to exploit. This helps to prevent attacks on embedded systems and protect against the potential consequences of such attacks.

Virtually every embedded device that runs software will benefit from the advanced security protections offered by Emproof Nyx – including protection against reverse engineering and exploitation attacks. This is especially the case in applications that handle sensitive data, are interconnected, or run critical and functional safety. Key markets include Automotive, Medical, Avionics, Industrial IoT, Smart Infrastructure and Semiconductor.

Emproof Nyx brings state-of-the-art security to embedded systems and FPGA applications, where overhead constraints traditionally limit advanced security. Emproof Nyx prevents reverse engineering to secure valuable intellectual property and protects against exploitation attacks via an easily implementable solution that is hardware and software agnostic. Customers can implement Emproof Nyx’s solution during any phase of the product development process and product lifecycle – including retroactively upon deployment. This means that our solution can be applied to a product at any stage, from the initial development phase all the way through to when the product is already being used in the field. Emproof Nyx protects the emerging world of ubiquitous connectivity by securing devices at their core, while saving time, money and resources for its customers.

Our focus is on both bare-metal and Linux-based embedded devices running an RTOS from cyber-attacks and IP theft via reverse engineering – whilst guaranteeing real time responsiveness and functional safety requirements.

Code Obfuscation – A technique used to make the internal workings of a program difficult to understand, typically by replacing clear and concise code with something that is more complex and harder to interpret.

Exploit Mitigation – Insertion of code guards to detect and prevent the exploitation of memory corruption vulnerabilities and control-flow hijacking attacks.

Anti-Tamper – On start-up the deployed software image is checked against a known verified version enabling a customer-defined action (e.g., set device to safe-state, blow a fuse …).

Platform Security – If additional security measures such as unique identifier data or hardware security modules are available these are incorporated to provide enhanced security.

Anti-Fuzzing – Code transformation techniques used to slow down and increase the randomised data making fuzzing ineffective when used to attack the device.

Emproof Nyx protected software is 3 orders of magnitude smaller than existing solutions enabling unprecedented levels of protection in resource limited environments and does not require access to source code.

• Hardware security does not necessarily shield against the exploitation of software vulnerabilities.
• Lock bits that should close JTAG/SWD/UART to prevent debugging and firmware extraction can easily be bypassed with glitching, fault injection and exploiting imperfections in on-chip debug periphery.
• TPM/HSM are good key/certificate stores and crypto engines, but they neither protect against exploitation nor reverse engineering.
• Boot guard or verified boot protects the integrity of the firmware on legitimate devices, but they do not protect against exploitation and once such a device gets into the possession of an attacker, these mitigations can be disabled to enable incremental firmware changes aiding reverse engineering.

Emproof Nyx allows the developer to protect the entire software or just the critical modules which allows the performance to be customised depending on the resources available. Exploit mitigation typically requires 2-5% overhead whilst IP Protection would require 10-20%, both of which are significantly lower than anything else on the market currently.

Emproof Nyx only requires access to binary files (Executables/Libraries) meaning your source code remains intact and untouched and known only to you. So your code never leaves the premises of your company Emproof Nyx can be delivered within a Docker container to be run from a company’s in-house server. Alternatively, Emproof Nyx can also be run from the cloud via our in-house servers which allows a company to upload their files to be protected, configure their protections and have the result delivered back to them.

• Install Emproof Nyx add one step to your Makefile or build system, done.
• Optionally, apply customizations via command line, config file or SDK for fine tuning or access to external APIs. This way you can choose to only protect certain parts of the software or even apply stronger security mechanisms to more sensitive parts.
• Pilot projects in cases of new architectures or newly requested features.

Implementing Emproof Nyx is a post-compilation step meaning it is easily incorporated into all existing toolchains – or in other words: it does not matter if gcc, llvm, clang or any other compiler or toolchain was used.

Emproof Nyx has no impact on the software development process allowing standard industry build systems and environments such as GitLab and Makefile to be used.

Emproof Nyx has been developed and written such that it will be certified for the Automotive Functional Safety Standard ISO26262 and the Avionics Software Tool Qualification DO330.

Yes. Emproof Nyx can be deployed at any stage of the product development cycle from design phase through to in-field deployment provided it has an update option.

• Armv6-M
• Armv7-M
• Armv8-M Baseline & Mainline
• AArch64 / ARMv8-A
• Intel x86-64
• RISC-V (In progress)

Each of these ISA’s support several families of processors so most companies would only need support for one ISA.

Custom variants within these architectures and future architectures can be added to meet customer demands as needed.

There are many open-source and commercial frameworks that are used to enable reverse engineering including:

Static Analysis:

• Ghidra (developed by the NSA)
• IDA Pro
• Binary Ninja
• WINDBG
• radare2
• OllyDbg

Dynamic Analysis:

• QEMU
• Unicorn
• Avatar

Emproof Nyx IP protection employs countermeasures against both Dynamic Analysis tool and Static Analysis tools as well as human assisted, semi-automated analyses.

Fault attacks: Emproof Nyx IP protection employs code obfuscation to defends against glitching configuration checks such as debug/read-out protections that often happen at boot-time. However, Emproof Nyx does not protect against fault attacks targeting cryptographic algorithms.

The product is available through a subscription licence per supported Instruction Set Architecture (ISA). This will allow for all future updates and maintenance releases to be automatically applied ensuring constantly evolving enhancements keep pace with the latest cyber threats.

We have two options for deployment depending on the customers internal policies.

1. From a customer support perspective the easiest way to access Emproof Nyx is via a cloud connection to our secure online server. This allows a customer to upload their binaries, choose the customised levels of protections needed and download the protected binary. If support or assistance is needed Emproof Nyx can easily provide this.
2. If a customer is prohibited from sending their binaries off-site then Emproof can provide a Virtual Machine (Docker) to be installed on customers premises which allows the same level of configurations to be implemented but access for support purposes would be restricted unless online access to Emproof Nyx could be granted or physical on-site visit arranged.