Taking a Transformational Approach to Embedded System Security

Embedded system security is essential and, at the same time, complex and challenging to implement. This is because embedded systems are fragmented across hardware architectures, operating systems, and software toolchains.

Enter Emproof.

The Emproof story began in Germany’s Ruhr-Universität Bochum, a top international university and research institute with a global reputation for its work in developing innovative measures against cyberattacks.

Marc Fyrbiak and the other founders of Emproof met here while researching IT security. Fyrbiak worked on the hardware security side, while Philipp Koppe and Tim Blazytko focused on research in software security. During various research projects interrogating system vulnerabilities, they noted the weaknesses associated with embedded system security. They also recognized the serious implications of such vulnerabilities in an increasingly connected world.

They found that, although embedded systems became ubiquitous, the security protecting these devices hadn’t evolved.

Why were operating systems and much of the hardware architecture used today specified years ago? And why were they so fragmented?

For embedded systems, it almost seemed like every hardware provider had their own toolchain to support that hardware.

There were dozens of real-time operating systems in use, each designed to fit a specific niche. Many different microcontrollers were also out there, each requiring software optimized for their specific needs.

“On the downside, embedded system security was a difficult nut to crack. On the upside, if you happened to be one of the world’s leading experts on security technologies and architectures, you were among the few people that had the experience to do so,” says Fyrbiak, co-founder of Emproof.

As for what they were dealing with, here’s an example. Through any number of vulnerabilities, attackers can initiate a buffer overflow and take the impacted system over. This can lead to direct hardware control affecting peripheral devices, like an electric pump or a pacemaker. An attack like this could have critical, real-world consequences. In many cases, there’s no way to prevent this kind of systemic corruption or confine the capabilities once compromised.

As IT security experts, Fyrbiak and his colleagues didn’t need to prove security threats via calculations; they could carry them out. In one case, they extracted cryptographic key material embedded into the software. From loading it into an analysis program to obtaining the key, the process took 15 minutes.

There are other issues, like human error. Useful information for hackers like debug symbols shouldn’t be left in the software, but they often are, and it massively benefits an attacker who can make more sense of the software if they have this information for the identification of software bugs and reverse engineering.

Exploit mitigation can be used to make it impossible for some software bug classes to exploit the system or leverage other bugs.

“We make sure checks are in place to detect when something like this happens and we can do any user-defined action,” states Fyrbiak.

Some bug classes can’t be removed, but they can be made much harder to find. The approach involves a binary transformation engine, in which an original program is taken, and a protected version is generated without needing to supply the source code.

Put differently, the Emproof solution takes a program and lifts it to a mathematical intermediate representation that is universal across all architectures. It does the analysis and transformation on the mathematical domain, and then it goes back again.

There are a lot of hardware architectures in the market, and the Emproof solution is designed to adapt to something that may also be proprietary. Because the technology can easily generate the lifting and lowering part from and to the mathematical domain, it’s possible to integrate a new architecture within a couple of weeks.

Of course, once done, there’s another challenge. Can you make something small, effective, and easy to integrate?

Overhead in the embedded world is a prevalent issue. But dealing with that issue was one of the reasons they were able to attract Brian Kelly, an experienced chief executive officer with a long history of leading technology innovation firms. “Emproof’s technology adds only 10 percent overhead where standard overhead is often 1000% or more. That’s an extraordinary feat. It took a long time but that’s what the team did,” states Kelly, CEO of Emproof.

Concerning market growth, people are just starting to come to terms with putting security into embedded systems. Emproof suggests the customer base of one in 100 target companies will grow in five years to 20 out of 100. They will be led by strategic pillars of the embedded market as automotive, aerospace, medical devices, and smart infrastructure, which won’t be easy as they have high functional safety bars and long sales cycles.

 “But,” adds Kelly, “that’s where we need to be long term and that’s where we’re going to be successful. Our goal is to build a sustainable company that provides ubiquitous, robust and cost-effective software security for all embedded systems.”