Enhance Security Beyond Encryption and Authentication

In addition to standard security features such as encryption and certificates, MicroEJ brings the following unique features to even smallest processors starting from $1: virtualization, sandboxing and code protection.

Security

Enhance the Security of your Devices thanks to a Virtual Execution Environment

Adjustable level of security

Security level of a product needs to be adjusted according to the real selling value: there is not a unique answer and each situation needs to be evaluated from requirements and induced costs.
MICROEJ VEE implementation – as a software platform – is able to take advantage of various implementations to enhance security such as simple authentication mechanisms to the most complex one for example.
Simple products that cannot afford a complex security implementation can still access basic security features to guarantee a minimum level of security instead of nothing.

Reliable software execution

Devices connected to the Internet are exposed to potential threats. These threats are usually reduced by installing a trusted communication channel between devices and servers (authentication and encryption). However, nothing else can prevent a trusted application to jeopardize the system once loaded and executed.

MICROEJ VEE multi-application Virtual Execution Environment actually considers apps as non-reliable software. When building the VEE for their device, developers can implement security managers to control device resources access or usage by apps and can manage app life cycle. If an app behaves unexpectedly, it can be simply be stopped and off-loaded to protect the system.

Protect your software from hackers

Reverse engineering is another way to hack embedded systems. By knowing the processor architecture and inner implementations, it is very easy to decode processor micro-instructions and to identify potential weaknesses.

MICROEJ VEE provides a special execution engine for executing software apps written in Java language. This level of code execution dramatically increases the degree of protection against reverse engineering– even using sophisticated attacks like DPA (Differential Power Analysis).

Security

How can a Virtual Execution Environment Protect the Security of your IoT Devices

MicroEJ Engine: a secure IP

Reliable software is less subject to attacks trying to make the system to fail.
MicroEJ execution engine provides advanced features useful to guarantee reliable code execution, such as automatic memory management (garbage collection), strong format and structural constraints on the binary code, runtime checks (range checking on strings and arrays), violations of memory management, stack underflows or overflows and illegal data type casts.

Execution in sandboxes

MICROEJ VEE offers a multi-app execution framework with sandboxes that isolate apps from each other. An app executes in its own virtual environment made of private threads and private data space and cannot jeopardize other apps or system execution.

A security manager and access controller enforce security policy for resource access such as CPU or memory usage or system service access (data storage, communication ports etc.).

Secure identification

It is a good practice to digitally sign applications to ensure apps are from a known and trusted source. Knowing the source helps in granting the adequate access rights to the system resources. Trusting the source means threat probability is very low.

For implementing signature, MICROEJ VEE use X509 certificates and standard algorithms used by TLS such as SHA, RSA or ECC and PKCS#11 on the server side. For protocols, MICROEJ VEE uses ASN.1.

SECURITY

Supported Security Features

Rich library support

MICROEJ VEE solution integrates major cryptographic libraries from several supplier including WolfSSL, MbedTLS, OpenSSL and BouncyCastle.

Typical functionality includes:

 

  • SSL 3.0 and TLS 1.0, 1.1 and 1.2 client and server
  • DTLS 1.0 and 1.2 client and server
  • OCSP and CRL support
  • PSK Pre-Shared Keys
  • Persistent session and certificate cache
  • PEM and DER certificate support
  • RSA and ECC signed certificate generation
  • Certificate manager