2 Overview
2.1 Security purpose
Why protection is needed
Security in microcontrollers means protecting embedded firmware, data, and the system functionality. The need
for data protection is greatest in the case of cryptographic keys or personal data.
The firmware code is also an important asset. If an attacker gains access to the binary, they can reverse-engineer
the program in an attempt to find further vulnerabilities, bypass licensing and software restrictions. The attacker
can copy any custom algorithms, or even use it to flash a clone of the hardware. Even in the case of open-source
software, it makes sense to attest that the code is authentic, and not replaced by malicious firmware.
Denial-of-service attack (DoS attack) is another major threat when considering protection systems (such as
environmental: gas, fire, or intrusion), detection alarms or surveillance cameras. The system functionality must be
robust and reliable.
The requirement for security must not be underestimated even if it adds more complexity to the system. Today,
systems built around microcontrollers become potential targets for more and more skilled attackers who expect
financial gains. These gains can be very high, especially if the attack can be propagated to a large scale, as in the
context of the IoT. Even if no system is completely secure, it is possible to make the attack more expensive.
Indeed IoT, or smart devices, have increased the requirement for security. Connected devices are very attractive
for hackers because they are remotely accessible. The connectivity offers an angle-of-attack through protocol
vulnerabilities. In the case of a successful attack, a single compromised device can jeopardize the integrity of an
entire network (see the figure below).
Figure 1. Corrupted connected device threat
DT50942V1
Unsecure
Device
Unsecure
Device
Device
Device
Device
Device
Device
Device
Services provider
Corrupted system Attack propagation
AN5156
Overview
AN5156 - Rev 8
page 5/56
To Next Page
Loading...
Need help?
General
