Sunday, September 28, 2014

Embedded Zombies

I have decided to coin a new term: embedded zombies. The security field has largely concentrated on IT devices: laptops, servers, phones.  But we have recently seen several examples of ways to hijack devices with embedded processors. These embedded zombies can then be used to attack IT systems, cyber-physical systems, IoT systems, you name it.

The shellshock bug is the latest example---see Bruce Schneier's blog post. Shellshock is a bug in the bash *nix shell.  It endangers *nix-based IT systems, such as Apple machines.  But since many embedded devices, ranging from the networking equipment that runs the Web to consumer devices, also run *nix and bash, those systems are in danger as well. A few months ago, researchers Karsten Noll and Jacob Lehl showed how to hijack the processors on USB devices. Once again, the zombie USB device can be used to attach IT, cyber-physical, or embedded systems.

A system is only as secure, private, and trustworthy as the lest secure/private/trustworthy component. Given the complexity of even simple, cheap systems, we have to limit our trust in  just about every system.

Saturday, August 16, 2014

RPiSoC Webinar has announced a webinar on the RPiSoC platform. RPiSoC is a board with a PSoC system-on-chip that connects to the Raspberry Pi and allows it to make use of the PSoC I/O analog and digital configurable I/O. You can find more information on the webinar here.

Monday, August 11, 2014

NIST CPS Public Working Group Meeting

NIST is having its first face-to-face meeting of its Cyber-Physical Systems Public Working Group today and tomorrow.  The agenda is here.  The plenary meetings will be available online and a live webcast.

Thursday, July 31, 2014

USB Trojan attack reports on a recently discovered gaping security hole in USB---see this link. Bugs carried on USB sticks have been implicated in many attacks, including Stuxnet, but this attack relies on modifying the USB controller's software, which is extremely difficult to detect.

Thursday, June 19, 2014

NIST CPS Public Working Group

NIST has announced the first webinar meeting of its Cyber-Physical Systems Public Working Group (CPS PWG).  More details can be found here.

Saturday, May 3, 2014

Second Edition of High Performance Embedded Computing

The second edition of my book High Performance Embedded Computing has just been published by Morgan Kaufman.  This book takes a more advanced view of embedded system design than does my other book Computers as Components. HPEC goes into detail on system architectures, design algorithms, performance analysis, energy and power.  A new chapter concentrates on cyber-physical systems. This new edition also covers thermal-aware design of embedded systems.

You can find the book's overheads and other supplements at my Web site. And you can order it from a variety of sources, including Amazon.

Thursday, April 10, 2014

More on Stuxnet

I just ran across this excellent article on Stuxnet in, of all places, Foreign Policy magazine. It contains the best technical overview of Stuxnet that I've seen so far.

Friday, March 14, 2014


I attended a meeting today on the DARPA SHIELD program where I learned a lot about the problems of assuring the integrity of electronic hardware.  Counterfeit parts are a major concern for the U. S. military and a growing concern for companies.  The SHIELD program will develop a tag with a unique ID that can be attached to all sorts of electronic components.  The tag chip will be designed to
resist efforts to examine or alter it.

Counterfeit parts are widespread and come from a variety of sources.  False designs that contain Easter eggs designed to activate at a later date and cause problem are just one of the concerns.  A lot of fake chips are recycled from old, recycled electronics; ironically, much of that recycled gear comes from U. S. consumers.  Other fakes were made by the manufacturer but didn't pass all their tests for performance, temperature, etc.  The entities that sell these chips range from mom-and-pop operations to sophisticated criminal organizations to countries.  Some of the counterfeiters just want to make money while others are intent on harming the United States.

Interestingly, DARPA thinks that some of the most serious threat comes not from the high-end components but from simpler, commodity parts.  If your Ethernet chip goes bad, it can cause just as much problems as a bad high-performance CPU.  And intermittent failures, which are common in counterfeits, are harder to debug and trace to the part causing the problem.

Electronic parts have very long, complex supply chains.   All it takes is one slip-up anywhere along that path to allow bad parts to slip into the sytsem. Paperwork on the sources of components isn't enough.  The SHIELD program could make a big change in how we think about manufacturing and using electronics.

Friday, March 7, 2014


DARPA has announced a new program on hardware assurance; here is the DARPA press release.  The SAE AS5553A standard, which we have discussed before in this blog, defines documentation procedures used to keep track of hardware provenance.  SHIELD is a much more automated approach to this problem.

The SHIELD program aims at designing a small chip that can be affixed on components.  A handheld device can then be used interrogate the device and verify that the tag identifies the proper device.   The device is designed to be cheap---less than a penny---and to be resistant to tampering.

DARPA lists several thread models that are of interest to them: recycled components sold as new; unauthorized overproduction of authorized components; substandard components sold as new; parts remarked with higher reliability or newer manufacturing dates; out-and-out copies; parts that are repackaged and destined for unauthorized applications.

Wednesday, February 5, 2014

Wall Street Journal Reports on Power Substation Attack

Today's Wall Street Journal leads with an important article on a terrorist attack on an electric power substation.  When I started to read the article, I wondered if they were describing an exercise or simulated attack.  They weren't.  A team of terrorists attacked a PG&E substation in Silicon Valley.   They cut communication lines, then used rifle shots to puncture the transformer vessels and drain them of their cooling oil.  The transformers promptly overheated.  The terrorists got away just before the police arrived.  Whoever did it was well-trained---their rifle cartridges didn't have fingerprints.

This attack is disturbing on a number of levels, of course.  One cyber-physical angle is that, although this was primarily a physical assault, they also attacked the communication links into the substation as preparation.  It appears that communication was at least close to being a single point of failure in the system.  Monitoring the status of communication clearly helps with terrorist attacks such as these and it can also help contain other types of non-malicious faults.

I commend the Wall Street Journal for bringing this event to the public's attention.

Thursday, January 30, 2014

Privacy and Security

Security is a big focus in personal, server, and embedded computing.  Computer security or cybersecurity broadly refers to all sorts of information security.  We often focus on malicious attacks but good computer security offers protection against natural events as well.

Privacy is a related but distinct issue.  Computer privacy refers to what others can find out about us.  This of course includes what we tell the world and what information about us the bad guys can steal from our computers.  But privacy also includes what can be inferred from our data.  In a lot of cases, our agreement to release one kind of data allows others to infer more about us.

A good cyber-physical example of the nature of privacy is offered by your electric meter.  Your electric utility reads your meter periodically to bill you for the electricity you use.  But those meter readings tell more about what you do.  With even sparse electricity readings, such as the typical monthly reading, an observer can estimate the number of people living in your house.  I have heard rumors that some authoritarian regimes use just this technique to find people hiding in homes.  With more frequent readings, an observer could tell when you are likely to be away from the house.  This is the cyber-physical equivalent of the old thieves' trick of driving by to find houses with no lights, then targeting those houses for burglaries.

As we install more cyber-physical systems and IoT devices, we will create new privacy problems for ourselves.  Some of these are variations on old-world privacy issues; other problems are relatively novel.  Hopefully, we can roll out these systems so that we don't create long-lasting privacy holes that society can't easily plug.

Wednesday, January 29, 2014

More on IoT Security has a number of interesting posts on the semiconductor industry and chip design.  Two recent posts address the intersection of chip design and the Internet-of-Things:
  • Don Dingee described a technique for modifying one-time programmable keys.  He makes the very good point that a lot of devices whose data is identified with us may be sold or transferred, creating a potential security and privacy problem.
  • Pawan Fangaria talks about the importance of MEMS sensors for IoT and discusses MEMS design techniques.

Sunday, January 26, 2014

Internet of Things security

Proofpoint, a computer security company, has confirmed what we long suspected: Internet-of-things devices pose computer security threads.  Their article, which you can find here, describes how they found a variety of household Internet-connected devices were sending out malicious emails.  The offending devices included multimedia devices and "at least one refrigerator."

 The idea of refrigerators as sleeper agents or Skynet nodes may sound like a Saturday Night Live sketch, but this observation has some serious implications.  PC security, while far from perfect, is much better than it was 20 years ago.  IoT devices are at a primitive level, but unlike PCs, consumers often have no reason to worry about them.  Malware on PCs may be used to attack other computers, but everyday users understand the very real threat to their data that is posed by these programs.  As a result, consumers are willing to invest in computer security tools.  So long as malware on IoTs is used to attack other computers without seriously affecting the device, consumers are unlikely to care much that their refrigerator has become a zombie.  And the market for these devices is sufficiently cost-sensitive that manufacturers are unlikely to introduce strong security measures on their own.  Like so many things, it may take a disastrous event to wake people up to the problem.

Wednesday, January 8, 2014

787 Battery As A Cyber-Physical System

The problems with the 787 battery a year ago haven't recurred, thankfully.  So now is a good time to step back and think about the implications of this issue for cyber-physical system design.  Here are a few informational links:
  • Aviation Week provided excellent coverage, including this description of battery testing and a photo of the damaged battery.
  • Boeing's review of the battery certification process. 
  • An interesting article from Avionics Magazine on the battery issue.
While the battery behavior itself is ultimately a chemistry issue that is far beyond my expertise, the root causes go back to cyber-physical system design.  During normal operation after the engines are started on the ground, the airplane's electric energy comes from the auxiliary power unit, a small jet engine driving an electric generator. The battery is provided in part as an emergency electricity source in case the main generator fails.  The 787 is a fly-by-wire aircraft, so the flight controls depend on electronics.  But the 787 goes well beyond minimal fly-by-wire to use a great deal of electronics that are important to the aircraft operation.  As a result, the battery needs to be able to supply a great deal of energy in some cases.  The battery technologies generally used in aircraft---and those that are generally approved under certification procedures---provide lower energy density than does the lithium battery technology used in the 787.  Energy density is very important in an airplane because weight is a critical factor in overall aircraft performance.  Aircraft designs must be certified.  Although lithium batteries had been used in certified aircraft design in a handful of cases, the 787 represented an early use of this type of battery.  The detailed design of the battery subsystem was driven by competing system constraints: on the one hand, weight; on the other hand, heavy use of electronics.