《克服安全问题的嵌入式系统 毕业论文外文翻译.doc》由会员分享,可在线阅读,更多相关《克服安全问题的嵌入式系统 毕业论文外文翻译.doc(8页珍藏版)》请在三一文库上搜索。
1、附录AOvercome security issues in embedded systemsBy Gary DrosselEmbedded Systems Design(06/12/07, 12:15:00 H EDT)Traditional security techniques may not suffice anymore. Embedded systems are getting more complex and hackers are getting smarter.Embedded systems traditionally have had very limited secur
2、ity options. Indeed, fitting a robust set of security features into such a small mechanical footprint can be challenging. Storage components, processing power, battery life, time-to-market, and overall cost concerns have prevented most security features from being implemented. Overcoming these desig
3、n challenges has become crucial to embedded systems designers in light of the growing threat of security breaches as more systems are shared or attached to networks and new regulations are adopted that make security mandatory.The security industry has focused largely on portable storage devices for
4、the consumer electronics industry. The basic premise here is that users want security capabilities to travel with the device, such as with a USB thumb drive. This approach lets users protect their data on any system, whether its on an office or home PC, an Internet kiosk, or a public computer. Softw
5、are applications and data are password-protected using industry-defined security protocols, which often are targeted by Internet hackers. Portable data devices are also highly susceptible to theft. Once stolen and the security encryption defeated, the fully intact data can be accessed, loaded onto a
6、 PC or the Internet, sold, or worse.On the other hand, embedded systems applications for the enterprise OEM market face their own unique challenges. These OEMs (original equipment manufacturers) targeting the netcom, military, industrial, interactive kiosk, and medical markets typically provide infr
7、astructure equipment to their customers by supplying everything from network routers and voting machines to medical diagnostic equipment and data recorders. The key requirement is that data must be rendered unreadable should the storage devices be removed from the systems for which theyre intended.
8、The host system must maintain ultimate control over security algorithms to protect the data and prevent IP theft. Security requirements can vary for these applications. They can be as simple as ensuring that the correct storage product is in the host, or as intricate as tying the software IP and app
9、lication data directly to the storage device.Tying security to the hostTwo key functions are required in enterprise OEM applications to protect application data and software IP. The first is a need to ensure that the end customer is using a qualified storage device in the system. Due to warranty or
10、service contracts, the OEM must verify that the storage device originally shipped with the equipment is indeed still in the system. The second is a need to tie specific application data and software IP to the specific drive for which it is intended to prevent theft and ensure software integrity. In
11、this way, even if the portable storage device is stolen, the data cant be accessed and the device wont function properly.Optimally, the host should have access to at least two unique pieces of data for validation purposes. One identifies the drive and ensures its the correct product. The second data
12、 string identifies the specific drive and its correlating data. The host system can then use that data to create encryption/decryption keys for software IP and application data. Such a method doesnt provide copy protection, but it restricts the use of particular software on any system other than the
13、 original host.Design considerationsDesign considerations for enterprise OEM applications are many. First, its important to ensure the integrity of the stored data. The drive itself must not be susceptible to corruption due to power disturbances. Portability has become of huge importance, so the tec
14、hnology considered must be low power and small and light enough to match the design requirements. In addition, extreme environmental conditions such as shock, vibration, altitude, and a wide temperature range must be considered. Multiple-year product lifecycle and high-endurance ratings are also imp
15、ortant. If a drive wears out unexpectedly, critical data can be lost, so a feedback mechanism that prevents field failures and unplanned downtime would be beneficial.Consumer applications typically only need the storage device to store data. In enterprise OEM applications, designers must consider op
16、erating systems requirements for storage. An operating system must be kept open to accommodate needed read/write functions. The traditional use of write protection becomes impossible on a storage device that supports an open operating system.Another important consideration for enterprise OEMs is the
17、 accidental overwriting of critical system files, such as the master boot record. When a power fluctuation occurs, address lines can float to undetermined states. If theres still enough power to write to the storage component, data could be written to an improper location, potentially corrupting cri
18、tical system files.Many embedded systems have different security requirements for different data types. Perhaps theres a need to write-protect a file or look-up table or to have a password-protected area for regulatory validation. The traditional approach would be to implement multiple storage devic
19、es, such as a secure EPROM for validation codes; a CD-ROM for read-only access; or a flash card for data and user statistics or tracking.This may not be the best solution for power and space-constrained embedded designs. Not only does using three different devices for one system have a larger-than-d
20、esired footprint, but the cost is also increased exponentially by the purchase and programming of three devices.Storage security solutionsAdvanced storage technologies are now available that let designers add the security thats required for their particular design. These new storage solutions defini
21、tely provide the desired environmental performance, low power, small footprint, and longer product lifecycles.For instance, to streamline the embedded design that would need the three different storage devices previously mentioned, this same application could use one advanced storage system divided
22、into task-specific zones. By using advanced zoning techniques, one solid-state drive can be partitioned into zones providing the ability for separate security measures deployed on each zone, as shown in Figure 1. The result is a dramatic savings in space and cost. In the previous example, Zone 1 can
23、 store the operating system, Zone 2 can be partitioned for read-only access, and Zone 3 can be used for data tracking or storing classified data. In this way, one drive performs the tasks originally handled by three separate devices. Given that advanced solid-state drives can be divided into up to f
24、ive partitions, theres potential for even more functionality. To prevent the theft of application data and software IP, advanced storage technologies enable this information to be tied to a specific storage drive and enable a specific drive to be tied to a specific host system, as in Figure 2. A res
25、tricted area, only accessible by one or several vendor-specific commands, can be used as a handshaking area to implement these requirements.View the full-size imageAdvanced storage systems can have two or more keys resident in its restricted (non-user) data space. The first key could identify the sp
26、ecific media (such as flash drive and hard drive) and the second could contain a randomized number specific to that individual drive. The designer can send a vendor-specific command to read the information from the media and use it as a key for a host-specified encryption/decryption algorithm.Should
27、 the storage system be removed from the host system for which it was originally intended and placed in a similar system, the new host could identify the transplanted drive as the correct media type. However, the randomized number will be completely different. As a result, the data will be unusable b
28、y the new host. Should the data itself be copied to a different type of drive, the host can tell its not the correct drive and again the data wont be usable.The security design challenges for embedded systems are different and potentially more demanding than those for the consumer market. While most
29、 consumer storage devices contain only data, enterprise OEM applications contain operating systems, need to protect critical system files, and must ensure the data is rendered unusable should the device be removed from the host system for which it was originally intended. This has often led to solut
30、ions that incorporate multiple drives, a process which can be both complicated and expensive. One of the best ways to enhance security while minimizing cost in embedded systems is to use advanced zoning technology to set up multiple zones with different security parameters on one drive. In this way,
31、 the myriad functions, and security requirements can all be met. Table 1 shows the design tradeoffs associated with various storage solutions.Gary Drossel, vice president of product planning for SiliconSystems, manages the companys product marketing and planning, strategic marketing, and application
32、 engineering efforts. He received a BS degree in electrical and computer engineering from the University of Wisconsin. Drossel can be reached at .附录B克服安全问题的嵌入式系统由Gary Drossel嵌入式系统设计06/12/07 ,美国东部时间12时15分00秒嵌入式系统正变得日益复杂和黑客越来越聪明,传统的安全技术可能已经无法满足当前的需要了。嵌入式系统传统上已经有非常有限的安全性选项。事实上,拟合强大的安全功能集成到这样一个小机械足迹是非常富
33、有挑战性的。存储部件、处理能力、电池寿命、产品上市时间以及总成本的关注都妨碍了最高的安全功能得到应用。鉴于日益严重的安全漏洞威胁是许多系统共享或连接到网络,克服这些设计挑战对于嵌入式系统设计师已经迫在眉睫,新的强制性安全法规已经被采用。安全行业已侧重于移动存储设备的消费类电子产品行业。这种关注的基本前提是,用户需要具有安全性能的便携设备,如指纹识别。这种方法可以保护用户存储于任何系统中的数据,无论是在办公室、个人电脑还是互联网站,亦或公用计算机上。行业规定的安全协议的加密软件和数据的应用,往往针对的是互联网黑客的攻击。便携式数据设备很容易失窃。一旦被盗了,安全密码被破解后,就可以获取里面的原始
34、数据,这些数据可能被下载在电脑上或上传到英特网上出售,甚至产生更糟糕的后果。另一方面,嵌入式系统在企业OEM市场应用方面也自己面临着少有的挑战。这些原始设备制造商(原始设备制造商)的对象是网络、军事、工业、互动亭和医疗市场。他们为这些消费者提供诸如网络路由、投票器、医疗诊断设备、数据记录器等一系列基础设备。通常提供基础设施设备,以他们的客户提供从网络路由器和投票机的医疗诊断设备和数据记录器。关键的要求是,当存储设备从已有的系统拔出后,数据必须不可读。为了保护数据的安全以防IP盗窃,主机系统必须通过安全算法掌握最终控制权。安全要求可能为这些应用变化。它们可能是简单的验证存储在主机上的密码,或者是
35、错综复杂的软件IP地址绑定和直接向便携设备申请数据。安全绑定到主机原始设备制造商需要的两项主要功能是保护应用数据和软件的知识产权。首先是需要确保最终用户使用存储设备中使用正版系统。由于保单或服务合约, OEM必须核实存贮设备最初的配置的确还在系统中。其次防止窃取和保证软件的安全性,配合特定的驱动来绑定相应的应用数据和软件的IP是必要的。这样,即使便携式存储设备被盗,数据也无法访问并且设备将无法正常运行。为保护数据的安全,主机应该至少两次对特殊的数据进行认证。第一次认证时驱动,确保是可是别的设备。第二个数据的字符串识别特定的驱动器和其相关的数据。然后主机就能利用软件IP和应用数据编/解码关键词。
36、这种方法不支持复制保护,但它限制使用特定软件,的原始主机除外。设计注意事项针对企业OEM应用的设计注意事项是很多的。首先,确保存储数据的完整性是重要的。驱动器本身不能容易因电源的干扰造成崩溃。便携性已成为极为重要,所以必须考虑技术的低功耗和体积小,重量轻,以符合设计要求。此外,极端环境条件,如冲击,振动,海拔,温度范围必须加以考虑。多年的产品生命周期和高耐力评分也很重要。如果一个驱动器意外损坏,关键数据可能会丢失,因此,能够防止外地失败和意外停机的一种反馈机制将是有益的。消费类应用通常只需要存储设备来存储数据。在企业OEM应用中,设计师必须考虑存储空间的操作系统要求。操作系统必须保持开放,以适
37、应需要的读/写功能。传统写保护功能就不可能在支持一个开放的操作系统存储设备上使用。另一个重要的企业的OEM注意事项是意外覆写重要的系统文件,如主引导记录。当一个电源发生波动,地址线会漂移到某个未定的状态。如果仍然有足够的电力写入存储元件,数据可以被写入不当的位置,有可能损害的关键系统文件。许多嵌入式系统对不同的数据类型有不同的安全要求。也许有必要用管理验证密码保护区来写保护文件或查找表。传统的做法是,实现多种存储设备,如验证码的安全EPROM; CD-ROM的只读访问权限;或数据闪存卡和用户统计或跟踪。这未必是电力和空间受限的嵌入式设计最好的解决办法。不仅在一个系统使用三种不同的设备有一个超出
38、预想的引脚,而且采购和编程的三种器件的成本也成倍增加。存储安全解决方案先进的存储技术现在可以为设计者们的特殊设计提供加密,这些新的存储解决方案准确提供提问界面环境,低功耗,小体积和更长的产品生命周期。例如,要简化嵌入式设计,将需要前面提到的三个不同的储存装置,这个同样可以应用在具体任务分出来的一个先进的存储系统中。通过使用先进的分区技术,一个固态硬盘可以分割成提供单独安全措施部署的各个区,如图1所示。其结果是大大节约了空间和成本。在前面的示例中,1区可存储操作系统,2区可划分为只读访问,而3区可用于数据跟踪或储存机密数据。这样,一个驱动器执行了最初由三个独立的设备完成的任务。由于先进的固态硬盘
39、可分为多达5个分区,它还有潜力实现更多的功能。为了防止应用数据和软件知识产权被盗,先进的存储技术使此信息与某个特定的存储驱动器挂钩,并且使用一个特定的驱动器连接到一个特定的主机系统,如图2 所示。一个被限制的区域,仅可以用一个或多个供应商提供的特殊指令来进入,并可作为来执行这些要求握手区域来使用。检视完整大小的图片先进的存储系统可以有两个或两个以上存在其限制(非用户)数据空间的密匙,第一个密匙可确定特定的媒体(如闪存驱动器和硬盘驱动器),而第二个密匙则可以含有个别驱动器特定的随机数。设计者可以利用供应商提供的特殊命令来读取媒体信息,并可以使用这个密匙来作为制定区域的加密/解密算法。如果存储系统
40、打算从主机系统移除,并加入一个类似的新的系统,新的主机系统仍可确定移植驱动器为正确的媒体类型。当然,随机号码将完全不同。因此,该数据将无法被新的主系统使用。如果数据本身被复制到不同类型的驱动器,主系统可以告诉这不是正确的驱动器数据,并再次将其禁用。然而,随机号码将完全不同。因此,该数据将无法使用的新的东道国。如果数据本身被复制到不同类型的驱动器,东道国可以告诉这不是正确的驱动器的数据,并再次将不会被使用。设计安全会受到不同的嵌入式系统和有可能比这些更严格的消费市场的挑战。绝大多数消费类存储设备只包含数据信息,而企业OEM应用包含操作系统,需要保护的关键系统文件,并必须确保提供的数据在工作设备退出主机系统后无法使用。这往往导致解决方案会包括多个驱动器,这个过程就会变得复杂和昂贵。提高安全性并且节约嵌入式系统成本的最佳方式之一,就是在一个驱动器上利用先进的分区技术来设置多个不同安全参数的分区。这样一来,很多的功能与安全的要求都能得到满足。表1显示的设计与权衡各种存储解决方案。表1显示了各种存储解决方案的设计与权衡。加里Drossel ,副总裁兼产品规划SiliconSystems ,管理该公司的产品营销、规划战略营销和应用工程事务。他获得了Wisconsin大学电子和计算机工程学士学位。 Drossel联系方式 。