The number of IoT devices connected to the internet are increasing rapidly and is expected to reach 75.44 billion by the end of 2025, which clearly states a fivefold increase within a decade. IoT devices are expected to become the major target for malware attacks. Even in 2019, of the overall cyber-attacks, it is estimated that IoT related breaches is about 26%.

Ranging from automobiles, medical implants to casinos – IoT related attacks have become prominent and it is essential to incorporate security features within IoT devices to help lower the increasing menace.

This blog covers a few steps that can be employed in securing Embedded Firmware for IoT Applications at a high level. While these guidelines help you understand the overall picture, it is also necessary to analyze the threats that are specific to your product and integrate them with due diligence. Some of the considerations discussed here include

  • Securing Boot Firmware
  • Secure firmware update
  • Secure data storage
  • IoT Product Physical Security

Securing Boot Firmware

The First and foremost step in securing the firmware is to protect the processor which is the heart of the system. Almost all the modern variants of the MCUs/MPUs etc., are equipped with features that are specific to security such as HAB (high assurance boo) and TPM (Trusted Platform Module). In some cases, the processor offers a Secure Boot mechanism in which it validates the sanity of the boot code before it starts executing it.

Some silicon vendors provide mechanisms where the hash of the boot code can be stored in a One Time Programmable (OTP) memory. Once the boot code is prepared, the hash is created and stored in these flashes. Upon bootup, the processor reads the complete boot code, calculates the hash and compares it with the pre-programmed value. Only if there is a match, the code will be executed.

On a more powerful system, it is possible to encrypt the hashes with a private key. The public keys can be programmed along with the boot code. The system calculates the hash and compares it with the hash that was decrypted with the public key. To authenticate the veracity of the public key, its hash is stored in the OTP flashes.

On simpler devices, when the reprogramming of boot code is envisaged, microcontrollers offer a mechanism that tend to blow fuses that will permanently lockout the code area in flash and prevent it from further writes and reads by external sources. Such mechanisms lock out the binaries and increase the security as it is difficult to reverse engineer the firmware and identify potential weaknesses.

Once the boot code is authenticated by the system, it validates the next level of firmware/applications by maintaining the chain of trust.

Secure firmware update

In many cases, during the life cycle of a product, it is required to update the firmware for specific reasons like: adding new features, fixing defects in the present release etc., Such products offer secure firmware update feature where by the new firware can be sent to the device either remotely Over The Air (OTA) or physically using memory cards. Before usage, the firmware is must be authenticated and updated in a fail-safe manner.

Modern firmware typically take advantage of asymmetric cryptographic algorithms with the private keys stored securely at the vendor facility. The public key is stored usually in a secured location within the end-product. The firmware to be updated will be signed by the private key and shared over the internet in a secured manner. The device validates the downloaded image with the public key that is available with itself.

While the above mechanism only validates the authenticity of the image, sometimes it is also essential to protect the firmware against reverse engineering. In such scenarios, the whole image is encrypted with the help of the private key. Only the end device will be able to decrypt it and program itself.

When such designs tend to improve security, it is of prime necessity to consider the flexibility of the update process as well. For example, if there is a security breach at the server, these designs should be able to revoke the present keys and replace them with another set.

Secure data storage

This section emphasizes on the importance of safe guarding the data content of the end device. These devices might be collecting sensitive information that should be protected against un-authorized access. In such cases, mechanisms such as encrypting the disk drives can be used to render the disk content unusable, unless it is decrypted by the same set of keys. The key storage should be in a safe place that is protected against cyber-attacks. Cryptographic chips are also available for storing the keys in a secured manner, that even when probing at wafer level, the data cannot be retrieved. Though the cost might go up by a few tens of cents, the amount of security these devices offer is really worth it.

Across product lines, the OEM must ensure that different keys are used for each of them. In this case, even if one of the products is compromised, it will lose effect on the others.

Also, communication with external devices, if possible, must be encrypted to prevent hacking of the system easily.

IoT Product Physical Security

Securing the IoT device physically is also a major consideration that is supposed to be taken into account while improving the security outlook. They include:

Closing Debug Ports – Debug serial ports, USB drivers etc., are used during the course of development. These features should be removed in the final release to reduce the surface of attack. In boot loaders such as Linux Uboot, break-on-user-input feature must be disabled to avoid manipulation of boot images.

JTAG/SWD connectors – Debugging tools such as debuggers and emulators that come in handy during board bring up must also be prevented from access in the field.

Firewall and closing ports – Network enabled products must run at least a minimal version of firewall. Also, closing of TCP/IP/UDP ports that are not in use is highly recommended. Using non-standard port numbers add a small level of security than that of using the standard ports.

Passwords – Many Linux systems have ubiquitous passwords such as root, admin, password, root123. These login credentials must be hardened and validated before product launch.

Mechanicals – Physical product designs can also include mechanisms that prevent easy device access as well as tamper detection mechanisms.

As an English phrase states – “a chain is as strong as its weakest link”, it is essential to ensure whether all the steps in the device operation is carefully reviewed and scrutinized. Security audits can be performed to profile the effectiveness of the design. Standards such as ISO/IEC 27001 can be a base to start with. But as mentioned earlier, these are all just outlines that aid in Securing Embedded Firmware for IoT Applications. Other device specific and domain related improvements must be built over it.

About Embien:

Embien is in the field of embedded product design since a decade and has helped customers realize products with all the features needed for today’s world.

For developing a secured embedded system for your business or to perform a security audit of your present design, get in touch with our team.

With deployment of IoT is spreading across various domains and applications, the requirements of the underlying communication mechanism varies. There is no one-size-fill-all solution as the needs are different in case of throughput, range, power consumption etc. There are many wireless communication technologies, such as Short-range wireless, Cellular, LPWAN etc.

LPWAN stands for Low Power Wide Area Network, designed for sending small data packages over long distances. While short range technologies like Bluetooth, Wi-Fi, Zigbee are cheap, it is limited by distance, cellular technologies like 3G, 4G and 5G have more transmission rate and range but are more costly and high power consuming. LPWAN has overcome the cons of existing wireless technology by compromising on the data rate and featuring the long-range data transmission, low power consumption and being economical. Some of the technologies that comes under LPWAN includes Narrowband IoT (NB-IoT), Sigfox, LoRa and others.

Heterogeneous Wireless communication Technologies

Of these LPWAN, LoRa has a significant market share and finds application across use cases.

Following are key features of LoRa Technology,

  • It has very wide coverage range about 5 km in urban areas and 15 km in suburban areas
  • Battery lifetime up to 15 years
  • One LoRa gateway takes care of thousands of nodes.
  • Easy to deploy and low cost.
  • Enhanced the secure data transmission by embedded end-to-end AES128 encryption

In this blog, we will cover the underlying technology behind LoRa and its network topology.

LoRa Technology

LoRa is a long range, low power, inexpensive technology for Internet of Things (IoT) developed by a company called Cycleo, France in 2009, later acquired by Semtech in 2012. The LoRa radio and modulation part is patented and its source is closed. Semtech has licensed its LoRa intellectual property to other chip manufacturers. The LoRa Alliance, an open, non-profit association has been formed to promote the adoption of this technology and has grown to more than 500 members since its inception in March 2015.

The most important aspect of the LoRa is that it uses license-free sub-gigahertz radio frequency ISM bands in the deployed region such as 868 MHz in Europe and 915MHz in North America. Thus, there is no need for a separate licensing for using LoRa in any country.

Usually in digital communication, there are three types of basic modulation techniques such as

Amplitude Shift Keying, Frequency Shift Keying and Phase Shift Keying, in which either amplitude or frequency or phase of the carrier varies according to the digital signal changes. The short coming with these approaches is that since the bandwidth is quiet limited the signal is quiet prone to interference and could be easily jammed. To over come this, spread spectrum techniques are being used where by the signal is modulated such that it is spread across the entire bandwidth. There are many spread spectrum techniques such as DSSS, FHSS, THSS, CSS etc.

Chirp Spread Spectrum

LoRa is a proprietary spread spectrum modulation scheme that is based on Chirp Spread Spectrum modulation (CSS). Chirp Spread Spectrum is a spread spectrum technique that uses wideband linear frequency modulated chirp pulses to encode information.A chirp is a sinusoidal signal whose frequency increases(up chirp) or decreases(down chirp) over time across the entire bandwidth. This signal is used as the carrier and is modulated according to the data to be transmitted.

LoRa uses three bandwidths: 125kHz, 250kHz and 500kHz. The chirp uses the entire bandwidth and the spreading factors are – in short – the duration of the chirp. LoRa operates with spread factors from 7 to 12. This delivers orthogonal transmissions at different data rates. Moreover it provides processing gain and hence transmitter output power can be reduced with same RF link budget and hence will increase battery life.

LoRa WAN

While LoRa is the underlying physical part, LoRaWAN is the network on which that LoRa operates. It is a media access control (MAC) in the data link layer that is maintained by the LoRa Alliance. LoRaWAN defines a set of rules and software that ensures data arrives with an acknowledgement and does not have duplicate packets. It is a network architecture that is deployed in a star topology and so the communication between the end node and gateway is bidirectional.

LoRaWAN defines role of end points and gateway. End points or End nodes are the remote nodes typically housing the sensors/actuators. Gateways or Concentrators forms the heart of the star topology, to which the end points communicate to.

Lora WAN Network Architecture

When an end node transmits data to the gateway, it is called an uplink. When the gateway transmits data to the end node, it is called a downlink. The gateways forward this packet to the network server. The network server collects the messages from all gateways and filters out the duplicate data and determines the gateway that has the best reception. The network server forwards the packet to the correct application server where the end user can process the sensor data. Optionally the application server can send a response back to the end node. When a response is sent, the network server receives the response and determines which gateway to use to broadcast the response back to the end node.

The LoRaWAN protocol defines the Adaptive Data Rate (ADR) scheme to control the uplink transmission parameters of LoRa devices. Whether the ADR functionality will be used is requested by the end nodes by setting the ADR flag in the uplink message. If the ADR flag is set, the network server can control the end node’s transmission parameters. ADR should only be used in stable Radio Frequency (RF) situations where end nodes do not move. Mobile end nodes which are stationary for longer times can enable ADR during those times.

This blog introduced the basics behind LoRa technology including the underlying communication techniques and network topology. In the next blog, we will cover the communication model in more detail including the classes, bands and also the typical configuration available in a gateway.

About Embien: Embien Technologies is a proven enabler in adoption of IoT. We have been working with different communication technologies such as ZigBee, BLE, SigFox, LoRa, NB-IoT and have designed gateways to inter-operate between them. Our services include end device development, gateways design, cloud application development and analytics.

Geo positioning system or GPS has become more or less a norm for smart phones. Geo positioning system was first created for the navigation of defense vehicles in any part of world. But over the period of time, this system is being used in many other purposes outside defense and has proved itself to be a revolutionary technology in today’s world. Apart of the smartphone, most of the premium cars and commercial vehicle do have inbuilt GPS for fleet tracking, vehicle Telematics, and driver assistance.

Apart from such fleet navigation use cases, GPS are now being used for many applications such as locating nearby restaurants, hotels and gas stations and finds huge applications in tourism industry. Personal navigation devices also employ GPS technology.

Also most of the IoT/M2M applications use GPS modules. Some of them are as follows

  • Smart utility metering
  • Connected health and patient monitoring
  • Smart buildings
  • Security and video surveillance
  • Smart payment and PoS systems
  • Wearable devices etc

While the term GPS in general represents the technology, there are numerous systems being used to achieve this. In this blog, we will briefly describe about the various such Geo positioning systems and related concepts.

Geo Positioning System – Technology

Any geo positioning system uses about three to four satellites from more than a dozen of satellites orbiting in a group (satellite constellation) to provide autonomous geo-spatial positioning. These satellites transmit 1500 bits of data such as the satellite health, its position in space, propagation delay effects, constellation status, the time of information being sent, etc. This allows a small electronic receiver to determine its location in terms of latitude and longitude based on triangulation of the data obtained from at least three satellites. With four or more satellites, the receiver can also determine the 3D position, i.e. Latitude, longitude and altitude. In addition, a GPS receiver can provide information about the speed and direction.

Anyone with the GPS receiver can access the system. Since it is an open source and providing almost accurate 3D position, navigation and timing 24 hours a day, 7 days a week, all over the world, it is used in numerous applications even in GIS data collection, mapping and surveying.

Geo Positioning System – Types

At present there are many options available for geo positioning system each of them owned and operated by countries such as US, Russia, European Union, China, etc. They are as follows

NAVSTART GPS – GPS, Global Positioning System is a one among the various satellite navigation system designed and operated by the U.S. Department of defense. Official name of GPS is Navigational Satellite Timing and Ranging Global Positioning System (NAVSTAR GPS).

GLONASS – Global Orbiting Navigation Satellite System, GLONASS developed by Russian, is an alternative to GPS and is the second global navigational system in operation providing global coverage with comparable precision. A GLONASS satellite design has various upgraded versions and the latest is GLONASS-K2 which is expected to operate in early 2018.

Galelio – Galelio is created by European Union with the aim to provide an independent high precision positioning system for European nations.

BeiDou – BieDuo Navigation Satellite System (BDS) is a Chinese satellite navigation system consisting of two separate satellite constellations BeiDuo-1 and BeiDuo-2. BeiDuo-1 is decommissioned and BeiDuo-2 also known as COMPASS offering services to customers in the Asia-Pacific region with a partial constellation of 10 satellites in orbit.

IRNSS – Indian Regional Navigation Satellite System also known as NAVIC (Navigation with Indian Constellation) is a regional satellite navigation system covering the Indian region extending 1500Km. This constellation is already in orbit and expected to operate in early 2018.

Satellite Based Augmentation System (SBAS)

All the above systems are autonomous and governed by the respective countries. Other than autonomous systems, other regional augmented systems are available that run with the aid of other autonomous satellites. These augmentation systems will provide reference signals (Signal in Space- SIS) via satellites to the receivers including correction information with the objective of increasing the accuracy of the position. In addition to the accuracy they also help to maintain the reliability and availability of the navigation system. The whole system is known as SBAS (Satellite Based Augmentation System) and satellite providing the SIS signal are known as SBAS GEO satellites. Some of them are as follows,

GAGAN – GPS-Aided Geo Augmented Navigation – It is the implementation of SBAS by Indian government. It supports pilots to navigate in the Indian airspace by an accuracy of 3m.

QZSS Quasi Zenith Satellite System is a project governed by Japanese government and operated in order to receive the US operated GPS in the Asia-Oceania regions with Japan as a primary focus.

Other commonly available SBASs are WAAS (US), EGNOS (EU) and MSAS (Japan).

GNSS

The above mentioned satellite systems such as global, regional and augmented systems are integrated together to form Global Navigation Satellite System, GNSS. It is a standard term for satellite navigation systems providing autonomous geo spatial positioning with global coverage. It is a satellite system that is used to pinpoint the geographic location of a user’s receiver anywhere in the world. Three GNSS systems are currently in operation: the United States’ Global Positioning System (GPS), the Russian Federation’s Global Orbiting Navigation Satellite System (GLONASS) and the Europe’s Galileo.

Most degrading factor of a receiver, i.e. Line of Sight degradation can be solved with the GNSS system due to its accessibility to multiple satellites and if one satellite system fails, GNSS receivers can pick up signals from other system.

Navigation messages

Any satellite in the constellation will transmit a detailed set of information such as each satellite position, network to receiver called the navigation messages. Following are available in the navigation message, 

  1. Date and time together with the satellite status and an indication of its health 
  1. Almanac data – Contains coarse orbit and status information of all the satellites in the constellation. It allows the GPS receiver to predict which satellites are overhead, shortening acquisition time. Almanac data can be received from any of the satellites. The receiver must have a continuous fix for approximately 15 minutes to receive a complete almanac data. Once downloaded it is stored in the non volatile memory.
  1. Ephemeris data – Contains precision correction to the almanac data necessary for the receiver to calculate the position of the satellite. It is continuously updated every 2 hours and so ephemeris data of a deactivated receiver will become stale after 3 to 6 hours.

Time-To-First-Fix (TTFF)

For a receiver to get a fix, it needs a valid almanac, initial location, time and ephemeris data. When a receiver is switched ON, it requires some time delay for the first fix. This delay depends on how long since the stored data’s being used. The time delay is commonly termed as Time To Fist Fix, TTFF and it is one of the main factor for receiver selection.

About Embien

Embien Technologies is a leading provider of embedded design services for the Automotive, Semi-conductor, Industrial, Consumer and Health Care segments. Embien has successfully designed and developed many products with GPS for various domains such as Wrist wearable based tracker device for healthcare, Vehicle Telematics device for automotive, Data acquisition/logger devices for industry etc.