Smart Phones as it stands today have some of the most sophisticated security measures deployed by the manufacturers to be able to restrict the users from manipulating the device. Specifically on Android, that being open platform , the Greek or development community have been often successful in defeating these measures, thus installing custom ROMs to be able to customize the phone or even unlock the phone before the expiry of the term with service provider. Part I of the series cover general Android architecture to make readers aware about the basic Android platform and the associated framework including the common terminology used like Rooting and Flashing. Part II links it all together and takes a deep dive as to what really happens at the hardware level during an unlock operation and tricks hackers use to fool or bypass bootloaders and install custom ROMs. Part III covers various flavors of bootloaders that are offered by the manufacturer to provide levels of protection/security and the way some of them get compromised. Leveraging existing security measures discussed in first three parts, Part IV takes it further and describes ideal security capabilities that could be included on next generation embedded devices. Techniques describes are to rather to increase cost of attack with a acceptable level of risk for a particular application. Just like there is no free security, there is no full security!!

Smart Phones as it stands today have some of the most sophisticated security measures deployed by the manufacturers to be able to restrict the users from manipulating the device. Specifically on Android, that being open platform , the Greek or development community have been often successful in defeating these measures, thus installing custom ROMs to be able to customize the phone or even unlock the phone before the expiry of the term with service provider. Part I of the series cover general Android architecture to make readers aware about the basic Android platform and the associated framework including the common terminology used like Rooting and Flashing. Part II links it all together and takes a deep dive as to what really happens at the hardware level during an unlock operation and tricks hackers use to fool or bypass bootloaders and install custom ROMs. Part III covers various flavors of bootloaders that are offered by the manufacturer to provide levels of protection/security and the way some of them get compromised. Leveraging existing security measures discussed in first three parts, Part IV takes it further and describes ideal security capabilities that could be included on next generation embedded devices. Techniques describes are to rather to increase cost of attack with a acceptable level of risk for a particular application. Just like there is no free security, there is no full security!!

In Part 1 of this series, we covered the fundamental concepts and principles incorporated by flow meters along with various flow measurement methods used in mechanical flow meters. Part 2 covers the pulse based counting method and the various sensors that are used in industry and the way they generate different pulse waveforms to be used in variety of flow meters.

Flow meters are used to measure the rate of flow of liquids or gases, just like electric meters measure the amount of electricity consumed. However, unlike electric meters, which are either electro-mechanical or electronic meters, there are just too many variants in flow-meters, all with different concepts on how the flow of fluid is measured, with some even customized to measure special fluids. A new generation of electronic flow meters provide better control and accuracy of fluid measurement, however still leave several choices on how fluid is measured. Part I of this series covers basic flow meter fundamentals including types of flow meters and the main considerations and challenges in selecting a flow meter.

In the world of embedded and computer security, one of the often debated topics is whether 128-bit symmetric key, used for AES (Advanced Encryption Standard) is computationally secure against brute-force attack. Governments and businesses place a great deal of faith in the belief that AES is so secure that its security key can never be broken, despite some of the inherent flaws in AES. This article describes the strength of the cryptographic system against brute force attacks with different key sizes and the time it takes to successfully mount a brute force attack factoring future advancements in processing speeds.

.entry-summary

Public Key Cryptography offers ultimate security being based asymmetric keys and is the backbone for popular protocols like SSL (Security Socket Later) to be able to communicate securely between web-servers and browsers. However whole ecosystem is based on passing or exchanging security certificates. Article explains public key cryptography and the role of security certificates and the way they are used by the secure protocols to provide ultimate security.

.entry-summary

Public Key Cryptography offers ultimate security being based asymmetric keys; however it does have a specific purpose and is often not a replacement of symmetric crypto algorithms like AES. This article provides the security behind Public Key Cryptography with practical details on how this is used by some of the popular tools like PGP, SSL as well as Digital signature.

.entry-summary

RSA SecurID® is a pretty popular mechanism for performing secure remote access for a user to a network resource. However this gets often confused with RSA public key algorithm that is based on Asymmetric or Public key cryptography. RSA SecurID is based on two-factor Authentication that makes it different than publically known RSA algorithm. The Article presents the underlying security architecture behind RSA Secure ID and potentially vulnerabilities.

.entry-summary

Energy theft and meter tampering are world-wide problems that contribute heavily to revenue losses. Consumers have been found manipulating their electric meters, causing them to stop, under-register or even bypass the meter, effectively using power without paying for it. Apart from preventing physical tampers requiring smart solutions on chip, smart grid technologies are now in the process of being deployed. These solutions require a combination of different technologies and rely on network connectivity, posing significant security issues that must be addressed from the beginning. This paper covers vulnerabilities, challenges and techniques to prevent tampering in an energy meter, improving overall security (hardware and software) in a smart grid.

.entry-summary

Boot-up, the sequence of steps that a system performs between when you switch on power and load applications, is simple in theory but often complex in reality. The main job of a boot loader is to load the operating system, but software and hardware engineers view this process in different ways.

.entry-summary

How often are homeowners approached by a salesperson at the doorstep selling a device that can go in a wall and supposedly save energy or reduce the monthly electricity bill substantially? The so-called "power-saver device" (known by different names) is nothing but power-factor correction (PFC) device that connects to the mains and improves power factor, and thus the apparent power measured by the meter. However, it's important to notice that a residential user's utilities bill is based on real power rather than apparent power, and thus none of these devices really reduce their monthly bills. In this article, I explain the different power types that an electricity meter measures, power factor, and power factors' implications on power measurement. Although a PFC device may be useful for industrial applications, the additional cost does not really justify this device to be used in residential applications, contrary to the claims.

.entry-summary

Analog-to-digital converters (ADC) are advertised as having "n" bit resolution, which often is misunderstood to mean accuracy. Resolution does not imply accuracy nor does accuracy imply resolution. Application determines if missing codes are allowed and degree of accuracy required. This article illustrates some of the application examples to show significant difference between accuracy and resolution

.entry-summary

The operation and control of the current power grid depends on a complex network of computers, software, and communication technologies that, if compromised by hackers, could be used to cause great damage, including extended power outages and destruction of electrical equipment. Therefore, known vulnerabilities in these systems must be mitigated in order to increase the security and success of the Smart Grid. Advanced Metering Infrastructure (AMI) offers a more sophisticated two way communication system that collects measure and analyzes energy usage, from network-connected devices such as electricity meters, gas meters, and/or water meters. But all these devices are susceptible to hackers. This article highlights what is needed to secure a smart grid.

.entry-summary

The implementation of security features in embedded applications like utility metering, power distribution etc is becoming increasingly important. Lot of hacks around this area are related to tampering the time. While most of the anti-hacking techniques known can be handled in software, it is always secure and accurate to implement necessary ones in hardware. It is also efficient and cheaper to implement these techniques in System on Chip(SoC) than adding additional necessary logic on board that may open up more security holes. These hardware techniques need to be active at all times and must be monitored in all conditions. Since the Real Time Clock or RTC is a module that functions independently (both in terms of power supply and system clocks) with respect to rest of the blocks in a SoC, it inherently becomes the choice to implement the anti tamper functions. This article describes some of the techniques that can be well handled by RTC within a SoC by providing efficient protection against hardware as well as software tampers, thereby making it an essential item in every secure system. A small yet powerful block.

.entry-summary

Today energy theft is a worldwide problem that contributes heavily to revenue losses. Consumers have been found manipulating their electric meters, causing them to stop, under-register or even bypassing the meter, effectively using power without paying for it. This article discusses vulnerabilities, challenges and techniques to prevent tampering in an energy meter.

.entry-summary

Embedded electronic control units are finding their way into more and more complex safety critical and mission critical applications. Many of these applications operate in adverse conditions, which can cause code runaway in the embedded control units, putting them into unknown states. A watchdog timer is the best way to bring the system out of an unknown state into a safe state. Given its importance, the watchdog has to be carefully designed, so as to reduce the chances of its operation being compromised by runaway code. This paper outlines the need for robust Watchdog and the guidelines that must be considered while designing a fault tolerant system monitor aka Watchdog. New methods for refreshing a watchdog, write protection mechanism, early detection of code runaway and a quick self-test of the watchdog have been described herein.

.entry-summary

Voice over IP offers organizations lower telecommunications costs and greater network efficiency through convergence of voice, data and video. It can be used to stay connected during an emergency or calamity, giving employees access to their phone resources from IP phones at other locations. The rate at which VoIP is growing has given rise to network security concerns that need to be addressed as early as possible. NIST issued a report titled "Security Consideration for Voice Over IP Systems" last year, which focuses on VoIP security problems and recommendations, and highlights the current level of concern.

.entry-summary

Voice over IP offers organizations lower telecommunications costs and greater network efficiency through convergence of voice, data and video. It can be used to stay connected during an emergency or calamity, giving employees access to their phone resources from IP phones at other locations. The rate at which VoIP is growing has given rise to network security concerns that need to be addressed as early as possible. NIST issued a report titled "Security Consideration for Voice Over IP Systems" last year, which focuses on VoIP security problems and recommendations, and highlights the current level of concern.