How secure can a .NETMF device be, and which GHI product provides the most security? When I say secure, I am referring to resistance to hacking, reprogramming, and general malfeasance. I wish to create a device that will store private information in an encrypted form and, if possible, keep that information secure even in the face of a determined attacker with physical access to the device. No reasonable password (one users will actually use) is sufficient in the face of a brute force attack with hardware access, imho.
So, is there a way to secure a .NETMF device against such an attack, and do any of the GHI SoM’s have the ability to protect the code? I won’t be attaching Ethernet, WiFi, Bluetooth, or any other external communication other than a touch screen, but it does little good if a hacker can simply open the device and attach to the existing, unused I/O ports.
I’ve become fond of .NETMF and GHI’s support of and products for it. However, I fear I may have to abandon both for this project. Please, tell me I’m wrong.
[quote=“Gregg”]
How secure can a .NETMF device be[/quote]
Physical attacks are difficult to protect against, but there are degrees of threats here. If you need to protect against large organizations with sufficient skills, budget, labs and time at hand, then good luck.
However, if your threats are more ordinary, then it may be sufficient to use a single-chip SoC, avoid the use of external memory chips, and after programming the SoC, have it locked down. The STM32 series of chips has this ability, it allows you to protect the chip against reading and writing of the internal flash and RAM from the outside. Of course, once this state is entered, it cannot be left again. So if there are bugs, you cannot reprogram the chip anymore, e.g. via JTAG.
Everything Cuno said, however I think that there is also a mode to allow writes but not reads allowing you to have updates. Encryption however is out out out. SD cards have an encryption system so that you can store data which only one device can read. However GHI has said that this is not possible/practical with these devices.
Stick to single chip SoCs (as I intend to do); it will keep all but the best crackers out.
What part are you trying to secure? Some customers I talked to were worried about malware/virus infecting the device. This will never happen on NETMF for example.
That’s not true at all. Something like Pyxis 2 is almost certainly at least as vulnerable to malware as any Windows system. More vulnerable, is my bet, as it likely doesn’t implement any security.
Any NETMF system which relies on loading code from insecure locations would be vulnerable. If you can write to the flash, then you could even write compromised versions of system assemblies.
@ godefroi - What I mean is that it is not possible for a malware/virus to infect a NETMF device over the network.
And even loading malware on top of an existing application is very difficult, near impossible. After all, NETMF can run one application. And we are not talking about loading executable objects remotely. I only seen this happen as a community initiative not on a commercial product. It is a nightmare to debug and use to say the least.
Anyway, this is why I was asking what the Gregg is worried about.