Embedded systems, IoT and OT applications such as the Raspberry Pi must be protected to prevent the data on them from being leaked, for example by physical attacks. In this example use case, we show how the new Security Upgrade Kit provides a remedy and effectively protects the Raspberry Pi and the data on it.
The problem: vulnerabilities of your Raspberry Pi
The Raspberry Pi has known vulnerabilities. In addition to problems that can be caused by external access to the system. This is about protection against local attacks, where an attacker does not change or read the data when the RPI is running, but by deliberately unplugging the card. There is also the fact that the standard microSD card has other known vulnerabilities. All data can be read, modified and cloned at any time. The bootloader is unprotected and there is no system integrity. Another weakness: everything is stored on the standard microSD card like passwords, software or data.
Against this background, a number of damage scenarios are conceivable:
- License Fraud
- Botnet participation
- Know-how can be easily reverse engineered
- Passwords/hashes can be overwritten / leaked / reversed
- Login information for the connection to the VPN can be misused by the attacker
- AI Models can be altered or stolen
This makes it clear that the usual boot flow of the Raspberry Pi is insecure and susceptible to physical attacks.
The Bootflow of an unprotected Raspberry Pi: No integrity protection and security
The following graphic illustrates the boot process of a Raspberry Pi and underlines the resulting lack of system integrity and security.
The solution: the Security Upgrade Kit, which effectively secures the boot flow of your Raspberry Pi
Using the Security Upgrade Kit all valuable Partitions and so the data are hidden and not accessible by default. Only the Boot partition is visible and configured, so that the content can not be altered, overwritten or deleted. Furthermode it can be digitally signed with certain Raspberry Pi Generations, so that also the authenticity can be proven. In the boot chain we add an intermediate bootloader “uBoot” that is an open source project, available for most Raspberry Pi variants. The uBoot communicates an authenticity secret with the µSD card, which could be a PIN, A Network Server Response or a unique system feature that can be used for headless stand-alone installations.
After the secret and the bootcode was checked for consistency inside out Swissbit Flash controller, the other partitions are unlocked and exposed to the host system. Also here write access depends on the custom protection profile, that can adapted by the customer. Now the system is booted, up and running and due to the industrial pSLC Flash also the longterm, stability and so the safe operation can be guaranteed, as the card is optimized for physically stressing random read and write procedures in an extreme temperature range from -40 to +85 °C.
Render your device secure in 4 Steps
There are only a few steps to configure your Raspberry Pi installation into a secured one. Due to the fact, that we use Open Source components, the process might be adapted to your products in a similar way. Not necessarily relaying on uBoot. By default our Security Level 2 microSD cards are shipped in the so called “Transparent Mode”. In this mode you cannot see any difference from another microSD card, except for its durability. In this mode you can alter anything to your need.
The following steps guide you through the initial configuration procedure:
1 Prepare your OS
Set up your operating system. This includes the partitioning.
2. Setup U-Boot
Copy the UBoot files and add some configuration lines.
3. Setup Protection
Select the protection profile for each partition. You can decide if a partition is Read Only (RO) or Read Write (RW), as well as if it should appear by default, or only after the unlocking. There are even more interesting profiles for special purpose. Like “flexible RO”, which turns the partition from RO into a writeable mode after the unlocking. The way the unlocking should happen can also be configured. For different use-cases and security goals, we offer different mechanism, like PIN-policy: Manual user input needed, Network-Policy: a supervising network server will answer the login chellenge, or the complete standalone unlocking via a unique system and software fingerprint “hash-Policy” are possible.
4 Activate Protection
Set a PIN and an SO pin.
The following graphic illustrates how the Raspberry Pi is switched from a transparent mode to a state with active protection with the help of the Security Upgrade Kit.
How the Security Upgrade Kit protects your embedded systems and OT applications
The Security Upgrade Kit with microSD card Security Level 2 ensures data confidentiality, data integrity and data availability. This means that your company can protect its data even better and offer legally compliant products. The Kit includes appropriate documentation, software and tools too. It offers real-time in-flash data encryption with AES 256 and allows the customization of protection profiles. Areas of application include the copy protection of sensitive data or the protection of system integrity through Secure Boot. As a retrofit solution on a microSD basis, the Security Upgrade Kit offers maximum flexibility. The Security Upgrade Kit is primarily designed for Linux-based embedded systems, IoT and OT applications but can also be adapted for other operating systems if required. Thanks to the widespread use of embedded systems, IoT and OT applications, the areas of usage range from industry and the public sector to critical infrastructures.
Does that sound interesting to you? Convince yourself of our expertise and contact us.
Disclaimer: This article is sourced from the official Swissbit website. As official partners of Swissbit, we have obtained permission to utilize both articles & resources for further updates with regards to Swissbit’s products.
