BG Networks is Attending Embedded World 2022: June 21-23 in Nuremberg
| SPECIFIC VULNERABILITIES |
|---|
| Unauthenticated code executed after boot |
| Debug ports not closed ( JTAG, USB, UART ) |
| Processor misconfiguration opening a debug port |
| Unencrypted code in flash dumped reverse engineered |
| Unencrypted software update leads to plain text code listing |
| Hard-coded keys in source code used to decrypt user certificates |
| Unused and unprotected RAM |
| Kicking the watch dog |
| Abuse of diagnostic management features |
| Fixing vulnerabilities throughout the chain of distribution |
| Abuse of diagnostic management features |
| Safety critical messages that are not authenticated |
| Direct interfaces between wireless and safety critical ECUs |
| Manipulation sensors signals for autonomous vehicle control |
| NHTSA Best Practice Number | Short Description of NHTSA General Best Practice Recommendation |
|---|---|
| G.17 | Auto industry members should implement rapid incident detection to mitigate safety risks and transition the vehicle to a minimum risk condition. |
| G.23 | Manufacturers should participate in best practices development and join Auto-ISAC. |
| G.24 | Extended automotive industry companies are recommended to join Auto-ISAC. |
| G.25 | Auto-ISAC members should collaborate expeditiously to contain vulnerabilities. |
| G.28 | Manufacturers to assess metrics for a response process. |
| G.30 | Manufacturers should plan for addressing new vulnerabilities for vehicles in the field, at dealers, in inventory, and in future vehicles. |
| G.31 | Manufacturers should report incidents to CISA and US-CERT. |
| G.32 | Auto industry members should participate in cyber incident response exercises such as CyberStorm. |
| G.38 | Auto industry members should collaborate on workforce educational efforts. |
| G.40 | Connections to 3rd party devices should be authenticated and only given limited access. |
| G.43 | Cybersecurity protections should not unduly restrict access of 3rd party repair services. |
Hardware Root of Trust
Secure Boot
Authentication
Encryption
Secure File System
Secure Interfaces
Secure OTA Firmware Updates
Key Generation and Management
Seamless Handoff to Manufacturing
BGN-SAT Secures Your Embedded Device
Authenticate
Ensure only your code is run and prevent code injection or modification
Hardware Root of Trust
- Use hardware-based code that can’t be modified to establish a trusted starting point after reset.
Secure Boot
- Automatically generate keys, sign binaries, and program device using the hardware root of trust to authenticate firmware on device boot
- Lock the processor to ensure only authenticated code is executed
Secure Each Device Uniquely
Rapidly generate keys and provision devices during manufacturing
1-Click Secure Deployment in Manufacturing
- Security profile defined during development enables a seamless handoff from engineering to manufacturing
- 1-click deployment automatically generates and securely stores per-device keys, signs and encrypts firmware, programs device, and secures interfaces
Key Generation and Management
- Unique key generation and management for each device
Encrypt
Protect your IP and data from being stolen
Encryption
- Protect data and code at rest and in motion using the latest standards-based encryption algorithms.
Secure File System
- Generate keys and encrypt binaries for bootloader, OS kernel, and filesystem to prevent reverse engineering of your IP and protect confidential data
- Utilize hardware-based cryptographic accelerators for secure and efficient implementation
Securely Update
Deploy new features and fix security vulnerabilities
Secure OTA firmware updates
- Enable remotely deploying new firmware to devices in the field
Authentication
- Used to prevent untrusted updates
