When an embedded device joins a network, it stops being just a machine and becomes a door. Every sensor, controller and gateway that can send or receive data is a potential way in — for an attacker to steal information, forge commands, or take a machine offline. In consumer IoT this is a nuisance; in industry, medicine or infrastructure it can be catastrophic. Yet embedded security is still too often treated as an afterthought bolted on at the end. This guide takes the subject apart from the ground up, so that by the end you understand not just what to do, but why each layer exists.
Why embedded security is a category of its own
Securing a laptop and securing a microcontroller are different problems. Embedded devices carry constraints that shape every decision:
- Limited resources: small memory, modest CPUs and tight power budgets rule out heavy security stacks.
- Very long lifetimes: a machine controller may run for 15–20 years, long after its original software stopped being maintained.
- Physical exposure: devices sit in the field where an attacker can touch, open and probe them.
- Rare updates: many devices were never designed to be patched at all.
- Real-world consequences: a compromised actuator does not just leak data — it can move a motor, open a valve, or stop a line.
Because of this, embedded security cannot be a single product. It is a set of layers, each covering a different kind of attack.
The threat landscape
To defend well you must know what you are defending against. Attacks on embedded communication broadly fall into a few families:
- Eavesdropping: reading data as it travels across a bus or network.
- Spoofing and injection: pretending to be a trusted device and sending forged commands or data.
- Replay: capturing a legitimate message and re-sending it later to trigger an action.
- Man-in-the-middle: sitting invisibly between two devices, reading and altering their conversation.
- Denial of service: flooding or jamming a device so it can no longer do its job.
- Physical and side-channel attacks: probing pins, sniffing buses, or measuring power and timing to extract secrets.
Every security measure below exists to close one or more of these doors.
The goals: what "secure" actually means
Security is often summarized by the CIA triad, extended for embedded systems:
- Confidentiality — only authorized parties can read the data.
- Integrity — data cannot be altered undetected in transit.
- Availability — the system keeps working when it is needed.
- Authenticity — you can prove a message really came from the device it claims to be from.
Good communication security delivers all four at once. Encryption alone, for example, gives confidentiality but says nothing about authenticity — which is why so many "encrypted" systems are still trivially spoofed.
Layer 1 — A hardware root of trust
Everything else rests on one question: can the device trust itself? A hardware root of trust is a small, tamper-resistant part of the chip whose behaviour cannot be changed by software. It anchors two essentials:
- Secure boot: at power-up, each stage of firmware is cryptographically verified before it runs, forming a chain of trust from an immutable first stage. If the firmware has been tampered with, the device refuses to start.
- Protected key storage: a secure element, TPM or the MCU's secure region stores private keys so they never leave the chip in readable form — even if an attacker has the device in hand.
Without this foundation, all higher-level security can be bypassed simply by replacing the software.
Layer 2 — Cryptography that fits embedded
Cryptography is the toolbox that makes secure communication possible. The essentials:
- Symmetric encryption (e.g. AES): fast and light, used to encrypt the actual data stream once both sides share a key.
- Asymmetric cryptography (e.g. ECC / RSA): used to authenticate devices and to exchange the symmetric key safely. ECC is preferred on embedded because it gives strong security with small keys.
- Hashing and MACs (e.g. SHA-256, HMAC): prove that a message was not altered and, with a key, that it came from a trusted sender.
- Good randomness: keys are only as strong as the entropy behind them; a proper hardware random-number generator is essential.
Two rules matter above all: never invent your own cryptography, and use hardware crypto accelerators where the chip provides them, so security does not cripple performance.
Layer 3 — Protecting data in transit
This is where communication security lives day to day. The workhorse is TLS (and DTLS for UDP-based links), which combines all four goals: it authenticates both ends, negotiates fresh session keys, encrypts the data, and detects tampering. The critical detail on embedded systems is mutual authentication: not only does the device verify the server, the server verifies the device — so an impostor cannot join the network. Depending on resources this uses either certificates (PKI) or pre-shared keys.
On top of the transport, each protocol has its own security story:
- MQTT: secure by running over TLS with client certificates; on its own it has no protection at all.
- OPC UA: designed with security built in — signing, encryption and authentication are part of the standard.
- Modbus: the classic versions have no security whatsoever; it must be tunnelled through TLS or isolated on a protected network.
- CAN: traditional CAN has no authentication; safety-critical systems add message authentication (such as CAN security extensions) on top.
A recurring lesson: many industrial protocols were designed for trusted, isolated networks and are unsafe the moment they are exposed. Recognizing which protocol protects you and which does not is half the job.
Layer 4 — Identity and key management
Cryptography is only as strong as the management of the keys behind it. This is where many projects quietly fail. A robust approach covers the whole life of a key:
- Provisioning: each device receives a unique identity and keys during manufacturing, ideally generated on-chip so the private key is never exposed.
- A PKI: certificates tie each identity to a trusted authority, so devices and servers can verify one another.
- Rotation and revocation: keys can be replaced on a schedule, and a compromised device can be shut out of the network.
- Secure storage: private keys live in the secure element, never in plain flash.
Shared, hard-coded keys across a whole product line are one of the most common and most dangerous mistakes — break one device and you break them all.
Layer 5 — Secure firmware updates (OTA)
A device that cannot be updated cannot be kept secure, because vulnerabilities are discovered for years after shipping. But the update channel is itself a prime target. A secure over-the-air update must be:
- Signed: the device installs firmware only if it carries a valid signature from the manufacturer.
- Encrypted: so the image cannot be read and reverse-engineered in transit.
- Version-protected: rollback protection prevents an attacker from forcing an old, vulnerable version.
- Fail-safe: A/B partitions or a recovery image ensure a failed update never bricks the device.
Layer 6 — Defense in depth and segmentation
No single measure is enough; strong systems assume any one layer can fail. Network segmentation divides the plant into zones separated by controlled conduits, so a breach in one area cannot spread. Gateways and firewalls filter what may cross between zones, and machines are kept off the open internet and away from office IT. The industrial security standard IEC 62443 formalizes exactly this zones-and-conduits thinking, and is the reference framework for industrial deployments.
Layer 7 — A secure development lifecycle
Security is a process, not a feature added at the end. Mature teams build it into how they work:
- Threat modelling: before writing code, ask what could go wrong and who might attack.
- Least privilege: every component gets only the access it truly needs.
- Memory-safe practices: most embedded exploits come from memory bugs; careful coding, modern languages and static analysis reduce them.
- Testing: penetration testing and fuzzing actively try to break the device before attackers do.
- An SBOM: a software bill of materials tracks every component so known vulnerabilities can be found and fixed fast.
Standards and regulation you cannot ignore
Security is increasingly a legal requirement, not just good practice. Key references include IEC 62443 for industrial systems, ETSI EN 303 645 for consumer IoT, NIST guidance, and — in Europe — the EU Cyber Resilience Act, which makes security obligations mandatory for products with digital elements. Designing to these from the start avoids expensive redesigns later.
The most common mistakes
- Assuming the network is trusted and leaving protocols unprotected.
- Hard-coded or shared passwords and keys.
- Encryption without authentication (or the reverse).
- No plan to update devices in the field.
- Rolling your own cryptography.
- Treating security as a final checkbox instead of a design principle.
A practical starting checklist
- Enable secure boot and a hardware root of trust.
- Store keys in a secure element; give every device a unique identity.
- Encrypt and mutually authenticate all communication (TLS/DTLS).
- Sign and encrypt every firmware update, with rollback protection.
- Segment the network and keep machines off the open internet.
- Threat-model early and test the finished device like an attacker would.
Getting embedded security right
Real security is not one clever trick — it is these layers working together, each chosen to fit the constraints of the device and the reality of the environment. Done well, it is invisible: the system simply works, safely, for its entire long life. Done poorly, it is a liability waiting to be discovered. This is precisely the kind of end-to-end thinking I bring to embedded projects — from the hardware root of trust to the last secure update.
If you are building or operating connected devices and need them engineered to be genuinely secure — or you want an existing system reviewed — get in touch and let's discuss your requirements.
DE