DEV Community: Henk Kok

EU Governance Considerations for Secure Embedded Systems Development

Henk Kok — Thu, 05 Jan 2023 14:28:06 +0000

The EU Radio Equipment Directive, which will be enforced on August 1, 2024, will have enormous impact on selling embedded systems in Europe. Next to that: the EU is in the process of introducing the Cyber Resilience Act. Embedded systems are found in a wide range of industries, from medical devices to automotive systems to industrial controls. These systems often have unique security challenges due to their small size and specialized functions. It is important for developers to follow best practices for secure design and development to ensure the safety and reliability of these systems. It is also important to consider governance considerations such as regulatory standards, threat modeling and risk assessment, and incident response planning.

Vulnerability of radio equipment to different security breaches and consequences
Source: Impact Assessment on Increased Protection of Internet-Connected Radio Equipment and Wearable Radio Equipment

Embedded System Development: A short overview of best practices from a govenance and security perspective

With the continuously rising amount of cybercrime scenario's, it is essential to follow best practices for secure design and development when working with embedded systems. One key principle is to follow secure coding practices and use tools such as static code analysis and fuzz testing to identify and mitigate vulnerabilities in the system. For example, static code analysis can detect issues such as uninitialized variables or buffer overflows that could potentially lead to security vulnerabilities. Fuzz testing involves sending random or unexpected input to the system in order to uncover any unexpected behavior or vulnerabilities. It is also important to implement proper input validation and sanitization to prevent malicious code injection. For instance, input validation can help to ensure that only expected data types are accepted by the system, while input sanitization involves filtering or encoding potentially malicious input to prevent injection attacks.

In addition to these practices, it is important to implement testing and validation methods to ensure the security and reliability of the system. This can include penetration testing, in which simulated attacks are launched against the system to identify vulnerabilities, and fault injection, in which controlled faults are introduced into the system to identify how the system responds and if it is able to recover properly.

Another key aspect of secure design and development for embedded systems is the implementation of secure boot and firmware updates. This can include measures such as digital signing and secure bootloader design to prevent unauthorized updates and maintain the integrity of the system. For example, a secure bootloader can check for a valid digital signature on the firmware before allowing it to be loaded, ensuring that only authorized updates are installed on the system.

Hardware security measures, such as secure communication protocols and tamper-resistant hardware, can also help to prevent unauthorized access to the system. For example, implementing secure communication protocols such as SSL/TLS can ensure that data transmitted between the embedded system and external devices is encrypted and protected from interception. Tamper-resistant hardware can include features such as physical protection against tampering or hardware-based security measures such as secure elements or trusted platforms.

Often overlooked: Thread modeling

In a lot of embedded scenario's we need to make a trade-off between ensuring usability and strong UX (user experience) on the one hand, and high levels of security on the other. Therefor it is important to use Thread modeling next to User Experience modeling.

Threat modeling is an essential consideration in the design and development of secure embedded systems. This process involves identifying potential threats and vulnerabilities that could impact the system, and implementing measures to mitigate or eliminate these risks. Threat modeling can be done at various stages of the development process, from initial concept to final deployment, and should be an ongoing process to ensure that the system remains secure over time. In order to effectively threat model an embedded system, it is important to understand the system's assets, such as services, devices, physical equipment, people, and data, and to consider the potential threats to these assets. This can involve analyzing threat taxonomies and risk scenarios to identify potential risks and prioritize their impact and likelihood. By implementing appropriate security measures based on the results of threat modeling, developers can create more secure and reliable embedded systems that meet the needs of their users.

EU Governance Perspective: Massive changes ahead in the upcoming years

The EU is now focusing heavily on improving governance for embedded systems. While this is not going fast and might not yet cover all important aspects, it is important to consider governance considerations to ensure compliance with upcoming regulatory standards and protect against potential security risks. One significant regulatory change that will impact the design and development of embedded systems is the Radio Equipment Directive, which will be enforced on August 1, 2024. This directive applies to devices with wireless radio communications, including wireless internet of things (IoT) devices, and requires that these devices meet certain requirements in order to be sold in the EU. This means that many wireless IoT devices currently on the market will become illegal to sell in the EU after August 2024, unless they are updated to comply with the new requirements.

In addition to the Radio Equipment Directive, the NIS2 Directive and the Cyber Resiliency Act will also have significant impacts on the design and development of embedded systems in the EU. The NIS2 Directive, which will take effect at the end of 2024, will require medium and large-sized companies in certain sectors, such as electrical equipment manufacturing and the chemicals industry, to implement information security management systems. The Cyber Resiliency Act, which is set to take effect in 2025-2026, will apply to all products with a digital dimension, including devices, software, and electronic and software components, and will require that these products meet new CE marking requirements for cybersecurity.

Operational perspective on Railroad and Healthcare industry

From an operational perspective, it is essential for both the railroad and healthcare industries to prioritize security and governance in the development of embedded systems in order to ensure the compliance and security of their operations.

One example of how threat modeling can be applied in the development of new embedded systems for the railway industry is the CENELEC Protocollo Vitale Standard. This standard is designed to ensure the security and reliability of operational technology (OT) systems in the railway industry, including industrial process measurement, control, and automation systems. In order to effectively threat model these systems, it is important to understand the system's assets, such as services, devices, physical equipment, people, and data, and to consider the potential threats to these assets. This can involve analyzing threat taxonomies and risk scenarios to identify potential risks and prioritize their impact and likelihood. Once potential threats have been identified, appropriate security measures can be implemented to mitigate or eliminate these risks. For example, the CENELEC Protocollo Vitale Standard includes requirements for secure communication protocols, access control, and incident response planning, which can help to protect against potential cyber threats to OT systems in the railway industry. By considering governance considerations such as threat modeling and implementing appropriate security measures, developers can create more secure and reliable embedded systems for the railway industry.

In the development of embedded systems for the healthcare industry, it is essential to prioritize security and governance in order to protect sensitive patient data and ensure the reliability and continuity of vital healthcare systems. This is especially important in the European Union, where the Radio Equipment Directive (RED) requires that devices with wireless radio communications, including many healthcare devices, meet new CE marking requirements for cybersecurity by August 2024. To meet these requirements and ensure the security and reliability of their embedded systems, companies should focus on implementing controls across three key domains: people, processes, and technology. This can include hiring top-tier cybersecurity talent, investing in cybersecurity tooling and capabilities, and integrating security best practices into all operations. By adopting a holistic approach to security and governance, developers can create more secure and reliable embedded systems for the healthcare industry that meet the requirements of the RED and ensure the protection of sensitive patient data.

Less is More: reduce your attack surface

Keep in mind that a cyber criminal only has to exploit one vulnerability to be successful, while your system must be protected against all vulnerabilities. This is an unballanced game. Therefor the best approach to security in embedded systems is to reduce the attack surface as much as possible. This means removing unnecessary code and interfaces, separating out applications and functions using hardware or software partitioning, and implementing principles such as least privilege and mandatory access control. While it may be tempting to mindlessly deploy a monolithic system, it is important to carefully consider what is truly necessary and take steps to remove any unnecessary components. Always remember: It is not a matter of if, but when, an attack will occur, and being prepared and proactive is the key to minimizing the impact and protecting ourselves and our assets.

Further Reading

For further reading on the topics of security principles and governance considerations for embedded systems, check out the following resources:

the EU Radio Equipment Directive, set to be enforced on August 1, 2024, will have a significant impact on the sale of wireless IoT devices in the EU and should be considered when designing and developing these systems
the EU Cyber Resilience Act
the Complete Guide to NIST: Cybersecurity Framework, 800-53, 800-171
NIST cybersecurity framework: How it will impact healthcare
the ISA/IEC 62443 framework for industrial control systems security
the EU-wide cybersecurity requirements to protect privacy and personal data
the European Union's Cybersecurity Act (CSAC) provide important regulatory frameworks for the design and development of embedded systems in the EU
from a more general perspective: the ISO/IEC 2700x family of standards for information security management
Railroad specific: Development and validation of a safe communication protocol compliant to railway standards
Healthcare specific: MDCG 2019-16 - Guidance on Cybersecurity for medical devices

MicroPython officially becomes part of the Arduino ecosystem

Henk Kok — Sat, 31 Dec 2022 14:47:45 +0000

Last month MicroPython officially became part of the Arduino ecosystem. The inclusion of MicroPython as a member of the Arduino family is an exciting development for those interested in using Python to develop for any board with a serial REPL interface, like the ESP32. The ESP32 is a low-cost, low-power system-on-chip (SoC) microcontroller with built-in WiFi and Bluetooth capabilities, making it a popular choice for a wide range of projects, including IoT devices, home automation, and wearable electronics.

You can find the Arduino MicroPython Firmware and the Arduino IDE for MicroPython here: https://docs.arduino.cc/micropython/

So what is the Arduino Ecosystem?
As an experienced developer, you may already be familiar with the Arduino platform and its capabilities. Arduino is an open-source hardware and software platform that is widely used for building electronics projects, including microcontroller-based projects such as IoT devices, robotics, and home automation systems.

At its core, the Arduino platform consists of a microcontroller board, a development environment (IDE), and a programming language originally based on C/C++. Next to the Arduino IDE for MicroPython you can now also use MicroPython on the Arduino microcontroller board, so on the hardware, which enable you to write, upload, and debug code for the microcontroller based on your Python knowledge.

There are currently four Arduino boards that officially supports MicroPython. They are listed below:

Nano 33 BLE
Nano 33 BLE Sense
Nano RP2040 Connect
Portenta H7

MicroPython?
MicroPython is an open-source programming language based on Python that is specifically designed for use on microcontrollers and small embedded systems. It was created in 2013 by Damien George, a software engineer from Australia, with the goal of bringing the simplicity and ease of use of Python to the world of microcontroller programming, which is typically done using low-level languages like C.

As a high-level, expressive language that is familiar to many experienced Python developers, MicroPython has become a popular choice for a wide range of projects, including IoT devices, robotics, and home automation systems.

In addition to creating MicroPython, Damien George has also played a significant role in the development of the Pyboard, a microcontroller board specifically designed for use with MicroPython. He has also written several books on the subject, including "Programming with MicroPython" and "Getting Started with MicroPython," which provide valuable resources for those looking to learn more about using MicroPython with microcontrollers.

As a Python developer, you may be familiar with the many benefits of using Python for a wide range of projects, including its simplicity, readability, and wide range of libraries and frameworks. However, you may also be interested in exploring new platforms and technologies, such as microcontrollers. If this is the case, you may be wondering how you can use your Python skills to develop for microcontrollers, one of them being the popular ESP32 chip. Now you can also start to use the 4 supported Arduino boards!

One option for doing this is by using the Arduino IDE for MicroPython, , a simple, cross-platform IDE for MicroPython that supports any board with a serial REPL interface so it can also work with non-Arduino boards like the ESP32. With MicroPython, you can use your existing Python skills and knowledge to write code for microcontrollers, such as the Nano 33 BLE or the ESP32, without the need to learn a new language or deal with the complexities of low-level programming.

However, it's important to note that there are some differences between developing for the ESP32 using MicroPython and using traditional Python on a computer or server. These differences stem from the fact that the ESP32 is a microcontroller, which is a type of small, low-power computer that is designed to perform a specific set of tasks.

One of the main differences is that a board has limited resources compared to a typical computer. This means that you need to be mindful of the amount of memory and processing power you are using in your code. You may also need to optimize your code to ensure that it runs efficiently on the the chosen board.

Another difference is that a board has a number of built-in peripherals, such as WiFi and Bluetooth, that you can access and control using MicroPython. This can be a powerful tool for building IoT devices and other projects that require connectivity. However, it also means that you need to be familiar with the specific capabilities and limitations of eg. the Nano 33 BLE or ESP32 when developing your code.

Arduino IDE for MicroPython
The Arduino IDE for MicroPython, created in collaboration with Murilo Polese who wrote the initial version, offers a robust development platform that combines the benefits of both worlds. This results in a more efficient and effective development experience.

Please visit this lab to get started: https://labs.arduino.cc/en/labs/micropython

Embedded Software Development for the ESP32 C3: A Guide for RISC-V Developers

Henk Kok — Wed, 28 Dec 2022 23:20:37 +0000

The ESP32 C3 is a powerful and versatile microcontroller that is well-suited for a wide range of applications. Based on the open RISC-V architecture, it offers a combination of processing power, memory, and wireless connectivity that make it ideal for Internet of Things (IoT) devices, wearables, and smart home applications. In this post, we'll take a closer look at the ESP32 C3 and explore some of the key considerations for writing embedded software for this platform.

The ESP32 C3 microcontroller is a powerful and versatile device that is well-suited for a wide range of applications. Based on the RISC-V architecture, it features a dual-core processor with a clock speed of up to 240 MHz, as well as 512 KB of SRAM and 4 MB of flash memory. This combination of processing power and memory makes it well-suited for a variety of applications, including Internet of Things (IoT) devices, wearables, and smart home applications. In addition to its processor and memory, the ESP32 C3 also includes support for WiFi and Bluetooth, making it easy to connect to other devices and the internet. This makes it ideal for a wide range of IoT applications, such as smart thermostats, security cameras, and more. The ESP32 C3 also includes a range of other features, such as support for peripherals like a camera interface and a range of power-saving modes, giving you even more flexibility when designing your systems. Overall, the ESP32 C3 is a powerful and versatile microcontroller that is well-suited for a wide range of applications.

Choosing your IDE
Setting up a development environment is an essential part of our workflow when starting a new project. This is especially true when working with the ESP32 C3 microcontroller, which requires a number of specific tools and libraries to be installed. Before you can start writing code for the ESP32 C3, you'll need to install a compiler such as GCC, as well as any necessary libraries and tools. The ESP32 C3 is supported by a number of popular integrated development environments (IDEs), including Eclipse, Visual Studio Code, and Arduino, giving you plenty of options for writing and debugging your code. You'll also need to install the appropriate drivers for your device, as well as any necessary firmware, to ensure that everything is set up properly. Setting up a development environment can be a time-consuming process, but it's an essential step in building reliable and efficient embedded systems. By taking the time to properly set up your environment, you'll be well-equipped to write high-quality code for the ESP32 C3 and other microcontrollers.

Writing Code
The RISC-V architecture is designed to be simple and efficient, and the ESP32 C3 includes a range of libraries and support for a variety of programming languages, including C, C++, and Python. This gives you plenty of flexibility when it comes to choosing the right language for your project. However, writing code for the ESP32 C3 also requires careful consideration of a number of factors. For example, you'll need to think about memory constraints, as the ESP32 C3 only has a limited amount of SRAM and flash memory available. You'll also need to consider power consumption, as the ESP32 C3 is often used in battery-powered applications where power is at a premium. In addition to these technical considerations, you'll also need to think about how you'll communicate with other devices and the internet. The ESP32 C3 includes support for WiFi and Bluetooth, but you may need to use other methods of communication depending on your application. Overall, writing code for the ESP32 C3 requires a combination of technical expertise and careful planning to ensure that your code is efficient, reliable, and performs well.

Debugging & Testing
When working with the ESP32 C3 microcontroller, you'll have access to a range of debugging tools to help you find and fix any issues in your code. These tools include in-circuit debuggers (ICDs) and software debuggers, which allow you to trace the execution of your code and identify problems. It's important to thoroughly test your code to ensure that it is reliable and performs as expected. This might involve testing your code under a variety of conditions, such as different input values or operating environments. You might also need to perform stress testing to ensure that your code can handle heavy workloads or other demanding conditions. The ESP32 C3 includes support for a range of debugging tools, including its own on-chip USB-to-JTAG engine, which can be used to debug the device by connecting a secondary USB cable to the special debug USB pins. Alternatively, you can also use an external JTAG probe to debug the ESP32 C3, although this requires additional setup.
An example of this setup can be found here: https://visualgdb.com/tutorials/esp32/esp32-c3/

(source: https://visualgdb.com/tutorials/esp32/esp32-c3/)

OTA Update: Over-The-aAir Update
When working with the ESP32 C3 microcontroller, there are a number of considerations to keep in mind when it comes to deploying your code. One of the most common methods of deploying code to the ESP32 C3 is to use a tool such as a USB cable to transfer the code directly to the device. Alternatively, you can also use an over-the-air (OTA) update to deploy your code wirelessly. Whichever method you choose, it's important to ensure that your code is transferred to the device correctly and without any errors. In addition to deploying your code, you'll also need to think about how you'll update your code over time. This might involve creating a system for tracking and managing software updates, or building in mechanisms for remotely updating your code. Finally, you'll need to consider any security considerations related to deploying your code to an embedded device. This might involve implementing measures such as secure boot or encryption to protect your code and prevent unauthorized access. By carefully planning your code deployment and considering these various factors, you'll be able to ensure that your code is deployed smoothly and securely to the ESP32 C3 and other embedded devices.
Go to https://docs.espressif.com/projects/esp-idf/en/latest/esp32c3/api-reference/system/ota.html for more information and a comprehensive step-by-step guide.

Conclussion
the ESP32 C3 microcontroller is a powerful and versatile device that is well-suited for a wide range of applications. As an (embedded) software engineer, you'll need to consider a number of factors when working with the ESP32 C3, including setting up a development environment, writing code that is efficient and reliable, debugging and testing your code, and deploying your code to the device. Each of these steps is crucial to the success of your project, and requires a combination of technical expertise and careful planning. By following best practices and using the right tools and resources, you'll be able to develop high-quality code for the ESP32 C3 and other embedded devices. Whether you're working on IoT devices, wearables, or other types of embedded systems, the ESP32 C3 is a valuable tool that can help you build innovative and reliable systems.