Skip to content
Tuxera logo
Get started

We are here to help

We’ll help you find the right solution

Have a question or need guidance? Whether you’re searching for resources or want to connect with an expert, we’ve got you covered. Use the search bar on the right to find what you need.

Talk to an expert Get a quote
Search icon
Most popular searches
Data Corruption Functional Safety​ RDMA SMB Compression​ File Systems​ Automotive Ethernet​ Transparent Failover​ Data Platform Providers Media Production​ CRA
20.02.2023

Data in the stream: minimizing security risks in embedded devices

The way verified data is stored on an embedded device can add a security risk. We provide an overview of why data verification matters, the risks involved, plus a clever approach some experts are using to deal with that.

As we have spoken about previously, ensuring that data on an embedded device is verified correctly can prevent costly security risks for the manufacturer. And when it comes to securely storing that data, an important factor is where and how the data is actually stored.

Why storing crucial data in the same stream is a security risk

When talking about embedded device security, we are particularly interested in so called security-specific data – that’s the hash data and other important pieces needed to do fs-verity for a file. The fs-verity implementation on ext4 stores that security-specific data at the end of a file, and then it hides that data. In principle, this makes the data more secure, as it is then tougher to find or locate (and might therefore be able to quietly stay uncorrupted or untampered). In practice though, the data is not hidden very well. Why? Because on a block device, simply accessing the next block can allow you to find the hidden data 

What is fs-verity?

Fs-verity is a tool that validates a single file, or selected portion of a file system. It checks the media for any corruption or tampering. 

Learn more about fs-verity, dm-verity, and fs-crypt by reading our whitepaper, “Linux file system verification – understanding fs-verity.” 

Crossing data streams for better data security

One possible option that has been suggested is to use multiple streams for the data storage. With this method, the security-specific data is stored in a different stream, so it is still connected to the file (through the file system) but not directly accessible. This is a method that makes sense, it has worked for us, and is what we plan to release as a feature of Tuxera Reliance Velocity. 

From a user’s point of view, there is no difference in the implementations between ext4 and Tuxera Reliance Velocity. Both the IOCTL commands and the user space tools will be able to utilize the security specific data the exact same way. Making a copy of the file and security data is actually easier with separate streams – this is the use case that is followed by validated apps in the Google Play Store (for example).  

Final thoughts

Leaving data at the end of a file and hiding it is a method with real risks to embedded device security. Those risks can end up incurring costs to device manufacturers due to important data getting maliciously corrupted, in addition to loss of valuable development time. However, by storing the security-specific data to a different stream instead, risk is minimized – the data is harder to access, but still connected via the file system. Want to know more about tackling data security risks in embedded devices? GET IN TOUCH

RELATED ARTICLES

Read more about this topic

How to build cybersecurity resilience for in-vehicle and vehicle-to-everything connections
20.02.2023

How to build cybersecurity resilience for in-vehicle and vehicle-to-everything connections

Are you ready to fail?
20.02.2023

Are you ready to fail?

How to optimize metadata management in Linux file systems
20.02.2023

How to optimize metadata management in Linux file systems

Improving data integrity in Linux embedded systems with OverlayFS
20.02.2023

Improving data integrity in Linux embedded systems with OverlayFS

Suggested content for:

Our products

Related products

Your mission-critical systems demand uncompromising reliability. Tuxera products mean absolute data integrity. We specialize in file systems, software flash controllers, and secure networking and connectivity solutions. We are the perfect fit for data-intensive, mission-critical workloads. Using Tuxera’s time-proven solutions means that your data is safe and secure – always.

Proven success

Related success
stories

Our solutions are trusted by major brands worldwide. When you need reliable, scalable, and lightening-fast data access and transfer across any system or device, Tuxera delivers. Our track record speaks for itself. We’ve been in this business for decades with a clear mission: to be the partner you can trust. Read on to find out more.

Industries

Related industries

From satellites to smart meters, our software protects critical data and ensures seamless connectivity wherever mission-critical systems operate.

Related pages and blog posts
Technical Articles
Datasheets & Specs
Whitepapers