Data Encryption - At Rest & In Transit
Data Encryption - At Rest & In Transit
Embedded or mobile computing devices often have less computing power than typical computing devices. This lack of resources was often used to argue for a lack of encryption since not enough computing power is available. However, publications like (https://www.emsec.rub.de/media/crypto/veroeffentlichungen/2011/01/21/wollingeretalembeddedworld2003.pdf)
and the improved cryptographic performance of elliptic curve-based cryptography (with particular regard to embedded devices, refer e.g. to http://www.atmel.com/Images/Atmel-8951-CryptoAuth-RSA-ECC-Comparison-Embedded-Systems-WhitePaper.pdf) show that the use of cryptography on modern embedded devices is feasible.
and the improved cryptographic performance of elliptic curve-based cryptography (with particular regard to embedded devices, refer e.g. to http://www.atmel.com/Images/Atmel-8951-CryptoAuth-RSA-ECC-Comparison-Embedded-Systems-WhitePaper.pdf) show that the use of cryptography on modern embedded devices is feasible.
Thus it must be ensured that secure transport and storage mechanisms are used wherever necessary, e.g. when it comes to wireless transport, pairing mechanisms, encryption of key material or user data.
These publications illustrate limitations and deviations from security best practices when it comes to hardware-related functions/embedded devices, thus motivating the need to require typical security controls despite any limitations:
