So as a design engineer, it falls on you to design products that are secure enough to counteract the threats that are out there. You’ve got to protect sensitive data, prevent unauthorised access, and safeguard against cyber threats.
The question is: how?
When it comes to embedded devices, there’s often a lot of focus on software security.
There’s nothing wrong with that, but all too frequently it means that there’s less focus on ensuring that your hardware is “secure by design”, with security at the forefront of every decision you make, including component choice.
From a hardware perspective, a key place to start is with your memory – here are some questions you can ask to help guide your thinking:
How much memory do you actually need? Memory can often be over specified, by minimising memory allocation you reduce the attack surface for potential buffer overflows or memory corruption exploits.
If your memory needs to be removable, which form factor should you use? It’s often the case that memory needs to be removable, and if that’s the case, it’s worth considering whether you need to use a standard form factor. Both SD and USB can be accessed by other parties, while a proprietary form factor like a Datakey product makes your data safer and more secure.
If you do need to use a standard form factor, what can you do to ensure greater security?
Not all SD cards and USB sticks are created equal – some products (like the ranges from Flexxon) offer additional memory protection, which helps prevent unauthorised removable memory being used in the system.
If memory is built into the device and cannot be removed, how secure can you make it? Even if the memory is not removable, there’s still potential for it to be accessed, which is why it’s important to ask the question – what else can be done at a design stage to make your memory as safe and secure as possible? Embedded memory can often come with on-board security, which is vastly preferable to standard components.
What environment will the memory operate in? If the environment is likely to be harsh, or you have a specific requirement for product to last a long time, you’ll need to consider this before specifying components.
Whether it’s temperature ranges from -55C to 125C, or the ability to read/write under high vibration levels or G-Force, understanding what the product will have thrown at it can help you specify the right memory for the job.
What is your product life expectancy? There’s two parts to this, can you find memory with future availability to match the life expectancy of your overall product and how long will each individual memory device last within the system?
Nexus has customers whose systems were designed in late 80’s or 90’s and are still in use. Because of the type of memory used, they can still supply it today.
Is your memory fit for use? This one can get missed, there are so many different variations of NAND Flash memory, so it is important to delve into how your system will be using that memory.
For example, consider the amount of data you will be using and the frequency of the data writes. Decide if you need shut down protection and how long the data needs to remain stored in the memory.
Recently Nexus have come across quite a few examples where clients had come to them for help because the SD Cards being used were failing. In most cases these cards were from reputable industrial memory manufacturers. When Nexus investigated, asked the right questions and in some cases tested the cards, it became clear there was nothing wrong with the cards, the problem was that the correct card wasn’t specified in the first place! When they switched over to memory that was fit for purpose, the “failures” disappeared.
Secure by design
What does secure by design look like in practise? Let’s take a look at live example in the world of renewables.
With solar and wind farms typically sited in remote locations, data transfer – for data logging or configuration purposes, for example – cannot always be done through wired or wireless connections.
Removable memory devices are also used for datalogging purposes, as large wind turbines have condition monitoring systems that use accelerometers mounted to the housing of the gearbox and other drivetrain components to record vibration levels.
Digital signal processing techniques are used to transform vibration levels into a frequency spectrum. Changes in that signature over time are typically indicative of the gradual wear of a component whereas a sudden change might be indicative of broken gear tooth. Even when remote monitoring is possible, the local storage of data is a common practice.
Understandably, wind turbines operate in harsh environments. They experience temperature extremes and high moisture levels. Arguably the harshest condition the electronics must endure is vibration, and the electrical connection established between any removable memory device and its receptacle must be sound.
For example, a USB 3.0 type A connector has an insertion force of 35N maximum and an extraction force of 10N minimum. Industrial removal memory devices are available that have similar insertion and removal mechanisms, but which are certified to military vibration test standard MIL-STD 810F, Test Method 514.5. Some are also tested to MIL-STD 810F, Test Method 509.4 Proc. 1 (salt and fog), which will be of benefit to offshore and coastal windfarm applications.
With the life expectancy of a wind turbine circa 20 years, and because of lack of easy access once operational, care must be taken when designing in all system components.
For example, one of Nexus Industrial Memory’s customers subjected a Datakey serial removable memory ‘token’ and matching receptacle to Highly Accelerated Life Testing (HALT) to simulate 20 years of operation in a turbine’s nacelle. The HALT included intense and rapid temperature and high vibration level cycling. Other than there being wear on the contacts, the device retained its electrical integrity and functionality.
Industrial memory devices are also employed on large-scale solar farms. For instance, the health of the power inverters tends to be monitored as part of the operator’s predictive maintenance strategy.
Whilst remote access to the inverters tends to be easier than for, say, accessing data logging equipment in wind turbines, local storage is still desirable. The devices are exposed to temperature extremes and, in some cases, must operate in environments where sand and dust are an issue; and for this reason, devices that have been tested to military standards are often used.
A more common use for removable memory devices on solar farms is for user authentication during maintenance. This introduces another consideration when designing an embedded system for use in the renewable energies sector; the frequency with which the devices will be inserted and removed.
Commercial USB is rated at 1,500 insert/extract cycles minimum; i.e. you are likely to get more than that, but it is not guaranteed. Conversely, industrial memory devices and their corresponding receptacles are rated much higher, at 200,000 cycles in some cases.
Granted, maintenance is not an everyday task, so 1,500 cycles should be adequate, but the higher cycle rating of industrial devices is a measure of their durability and ruggedness.
There is also the security aspect of the device’s form factor to consider. The device is being used as a kind of key to access expensive electric equipment; and large-scale solar and windfarms are increasingly being regarded as ‘critical infrastructure’ and securing is becoming ever more important.
If lost or stolen, an industrial form factor memory device will be hard to interrogate without a corresponding receptacle; both devices and receptacles are only available through authorised distributors, such as Nexus industrial Memory. By the same token, a USB receptacle inside or on the panel of equipment is a doorway for hackers.
Also, industrial grade receptacles are available that are IP67 rated, where the ‘6’ denotes totally protected against dust and the ‘7’ denotes the measure of protection against temporary immersion in water.
Up for the challenge?
As the above use cases indicate, there’s an awful lot to consider when it comes to specifying memory and making it secure by design, and the more thinking that goes into the design process, the less likely you are to encounter issues further down the line.
So, the question is: does your design and sourcing process need evaluating?
Author details: Michael Barrett is Managing Director of Nexus
