IP Theft – Generic term for theft of protected Intellectual Property that can be repurposed and reused allowing illegally copied versions to be produced
Reverse Engineering – Method of analysing a systems structure and inter-relationships to enable the creation of a representation in a different form or higher level of abstraction
Denial of Service – Software Bugs such as Memory Corruptions can be used to overload the system or cause system crashes – this can be mitigated by using Exploit Mitigation
Key Extraction – Private Cryptographic keys protecting a company’s valuable IP, communications etc. are extractable from the software enabling further attacks on device / company
Non-Fixable Bugs – Software bugs that cannot be fixed due to Read Only Memory restrictions can be exploited during the lifetime of the device
Zero Day Exploits – These are software bugs that are unknown to the vendor that have been found by an attacker but cannot be leveraged due to exploit mitigation techniques
Malware – Malicious software such as Botnets and Crypto lockers which are intentionally designed to cause disruption to a device
Yes, absolutely. It’s well known that large computer and networking systems, servers, and data centers use a variety of industry-standard techniques to protect themselves from cyber-attacks. However, embedded systems can be particularly vulnerable to these attacks because they often have limited resources and fixed functionality. Additionally, because these systems are often interconnected with other devices and systems, a security breach in an embedded device can provide an attacker with access to an entire infrastructure. This emphasises the need for robust security measures to protect embedded systems from cyber-attacks.
Examples of these include:
In the past there have been famous examples for these kinds of attacks: The Stuxnet attack targeted industrial control systems used to operate centrifuges at a uranium enrichment facility in Iran, causing physical damage to the centrifuges and disrupting their operation. The Triton attack targeted a safety instrumented system at a petrochemical facility in Saudi Arabia, while the Acid Rain malware targeted industrial control systems in manufacturing and critical infrastructure.
Emproof Nyx’s solution can help by implementing exploit mitigation and obfuscation techniques. Emproof Nyx makes it difficult for attackers to reverse engineer a system and find vulnerabilities to exploit. This helps to prevent attacks on embedded systems and protect against the potential consequences of such attacks.
Virtually every embedded device that runs software will benefit from the advanced security protections offered by Emproof Nyx – including protection against reverse engineering and exploitation attacks. This is especially the case in applications that handle sensitive data, are interconnected, or run critical and functional safety. Key markets include Automotive, Medical, Avionics, Industrial IoT, Smart Infrastructure and Semiconductor.
Emproof Nyx brings state-of-the-art security to embedded systems and FPGA applications, where overhead constraints traditionally limit advanced security. Emproof Nyx prevents reverse engineering to secure valuable intellectual property and protects against exploitation attacks via an easily implementable solution that is hardware and software agnostic. Customers can implement Emproof Nyx’s solution during any phase of the product development process and product lifecycle – including retroactively upon deployment. This means that our solution can be applied to a product at any stage, from the initial development phase all the way through to when the product is already being used in the field. Emproof Nyx protects the emerging world of ubiquitous connectivity by securing devices at their core, while saving time, money and resources for its customers.
Our focus is on both bare-metal and Linux-based embedded devices running an RTOS from cyber-attacks and IP theft via reverse engineering – whilst guaranteeing real time responsiveness and functional safety requirements.
Code Obfuscation – A technique used to make the internal workings of a program difficult to understand, typically by replacing clear and concise code with something that is more complex and harder to interpret.
Exploit Mitigation – Insertion of code guards to detect and prevent the exploitation of memory corruption vulnerabilities and control-flow hijacking attacks.
Anti-Tamper – On start-up the deployed software image is checked against a known verified version enabling a customer-defined action (e.g., set device to safe-state, blow a fuse …).
Platform Security – If additional security measures such as unique identifier data or hardware security modules are available these are incorporated to provide enhanced security.
Anti-Fuzzing – Code transformation techniques used to slow down and increase the randomised data making fuzzing ineffective when used to attack the device.
Emproof Nyx protected software is 3 orders of magnitude smaller than existing solutions enabling unprecedented levels of protection in resource limited environments and does not require access to source code.
Emproof Nyx allows the developer to protect the entire software or just the critical modules which allows the performance to be customised depending on the resources available. Exploit mitigation typically requires 2-5% overhead whilst IP Protection would require 10-20%, both of which are significantly lower than anything else on the market currently.
Emproof Nyx only requires access to binary files (Executables/Libraries) meaning your source code remains intact and untouched and known only to you. So your code never leaves the premises of your company Emproof Nyx can be delivered within a Docker container to be run from a company’s in-house server. Alternatively, Emproof Nyx can also be run from the cloud via our in-house servers which allows a company to upload their files to be protected, configure their protections and have the result delivered back to them.
Implementing Emproof Nyx is a post-compilation step meaning it is easily incorporated into all existing toolchains – or in other words: it does not matter if gcc, llvm, clang or any other compiler or toolchain was used.
Emproof Nyx has no impact on the software development process allowing standard industry build systems and environments such as GitLab and Makefile to be used.
Emproof Nyx has been developed and written such that it will be certified for the Automotive Functional Safety Standard ISO26262 and the Avionics Software Tool Qualification DO330.
Yes. Emproof Nyx can be deployed at any stage of the product development cycle from design phase through to in-field deployment provided it has an update option.
Each of these ISA’s support several families of processors so most companies would only need support for one ISA.
Custom variants within these architectures and future architectures can be added to meet customer demands as needed.
There are many open-source and commercial frameworks that are used to enable reverse engineering including:
Emproof Nyx IP protection employs countermeasures against both Dynamic Analysis tool and Static Analysis tools as well as human assisted, semi-automated analyses.
Fault attacks: Emproof Nyx IP protection employs code obfuscation to defends against glitching configuration checks such as debug/read-out protections that often happen at boot-time. However, Emproof Nyx does not protect against fault attacks targeting cryptographic algorithms.
The product is available through a subscription licence per supported Instruction Set Architecture (ISA). This will allow for all future updates and maintenance releases to be automatically applied ensuring constantly evolving enhancements keep pace with the latest cyber threats.
We have two options for deployment depending on the customers internal policies.