Considerations for a new system includes the obvious application specific topics. What purpose does the device have? How do customers apply or deploy the product for their use case?

Once security becomes a topic, there will be a host of new considerations. First of all, which kind of threads are applicable for the product? After identifying the potential threads, economical considerations come into play. The threads have to be prioritized. The goal is to make threads uneconomical for the attacker. As an example, in case of protection from counterfeiting, how much effort is required to copy the product, and which measures have to be taken to increase the effort so much, that copying the product no longer makes sense economically.

The most important consideration for security is the so called root of trust. If keys are installed in the product, it is vital to security, that these keys are kept confidential, if they are private keys. It is vital, that such keys cannot be easily replaced by third parties. If there is a requirement to exchange keys, it is a requirement to authenticate the source and validity of a key, and have a secure exchange, where nobody can read the exchanged keys (key wrapping).

Another topic are regulatory considerations. Which regulations are in place for the product and its use case? Are there any ISO, DIN, FCC, IETF papers or related rulings, that affect the definition of the product? Are there functional safety requirements? Are there privacy requirements (GDPR)? Are unattended firmware updates during the life of the product a requirement?

While updates should be possible to any system in the field, an open question is, whether these updates shall be unattended or executed by the customer or by a qualified service technician.

How to Carry Out Updates?