Skip to main content

Security - the u-blox trusted domain

  • To safeguard applications, protect data, and ensure secure data transmission, system designs need to follow a set  of security principles.
  • Any exposed interfaces in applications can be used as attack surfaces.
  • Attacks always cause harm, including: immediate costs, damage, consequent costs.

An attacked system may be subject to:

  • Firmware attacks, in which altered code can modify system behaviour or grant access to secrets
  • Data attacks, which attempt to interfere with normal operation
  • Man in the middle attacks, in which interface I/O capture is used to change or replay the control of data to interfere with actual values

Read our blog post on secure IoT identities

Areas of security

ConfidentialityConfidentiality System assets can be only used by authorized parties (secrecy).

Availability Assets are accessible to authorized parties for a limited time only.


IntegrityIntegrity The correctness of system information is quantified by a measure of trust.


RobustnessRobustness Systems are impervious to intentional or unintentional interference.


 

Five pillars of security that create the u‑blox Trusted Domain

Secure Boot The firmware is authentic, has not been modified, and cannot be downgraded


secure boot and firmware
Secure Firmware Updates (FOTA) Only authenticated and validated updates can be applied


secure API
Secure Physical Interfaces and APIs

  • Only authorised users can gain debug access to a device, and each access grant is unique.
  • "Development" back doors are blocked and only authorised usage of APIs is possible.
  • Data is authenticated and integrity protected in both directions - into and out from the module

 

Secure Transport Layer
Secure Transport Layer

  • The device can authenticate and sign or encrypt the communications with the server
  • No man‑in‑the‑middle attacks in device‑to‑server communication

 

Robustness, Spoofing/Jamming detection and active countermeasures
Robustness Spoofing/Jamming detection and active countermeasures

  • Security is also about software quality
  • Robustness against software attacks and detection of potential attacks on air interfaces