Planning Secure Product Lifecycle Management

Considerations for a new system includes the obvious application specific topics. What purpose does the device have? How do customers apply or deploy the product for their use case?

Once security becomes a topic, there will be a host of new considerations. First of all, which kind of threads are applicable for the product? After identifying the potential threads, economical considerations come into play. The threads have to be prioritized. The goal is to make threads uneconomical for the attacker. As an example, in case of protection from counterfeiting, how much effort is required to copy the product, and which measures have to be taken to increase the effort so much, that copying the product no longer makes sense economically.

The most important consideration for security is the so called root of trust. If keys are installed in the product, it is vital to security, that these keys are kept confidential, if they are private keys. It is vital, that such keys cannot be easily replaced by third parties. If there is a requirement to exchange keys, it is a requirement to authenticate the source and validity of a key, and have a secure exchange, where nobody can read the exchanged keys (key wrapping).

Another topic are regulatory considerations. Which regulations are in place for the product and its use case? Are there any ISO, DIN, FCC, IETF papers or related rulings, that affect the definition of the product? Are there functional safety requirements? Are there privacy requirements (GDPR)? Are unattended firmware updates during the life of the product a requirement?

While updates should be possible to any system in the field, an open question is, whether these updates shall be unattended or executed by the customer or by a qualified service technician.

How to Carry Out Updates?

What Are the Standards?

Due to the increasing open networking of electronic devices, the demand for security solutions for embedded systems is also increasing. Especially in safety-critical segments such as medicine, industry and automotive, the demand for security concepts to prevent cyber attacks is growing.


Solutions for Development of Secured Firmware

SEGGER provides an RTOS plus communication and security software, so developers get a head start, benefiting from SEGGER's decades of experience in the industry. SEGGER's professional software libraries and tools for Embedded System development are designed for simple usage and are optimized for the requirements imposed by resource-constrained embedded systems.

The company also supports the entire development process, with affordable, high quality, flexible, easy-to-use tools, and middleware components.

The J-Link debug probes, with Ozone the accompanying debugger and performance analyzer, and Embedded Studio the powerful cross platform C/C++ IDE, are available to support developers in creating their own embedded systems.