rsingh2083
Posts: 6
Joined: Fri Jul 24, 2020 7:24 pm

How to secure my application on Rpi3B ?

Sat Aug 08, 2020 5:09 am

Hi all,

My team has worked on face recognition application which boots at startup on raspbian. We tested it on rpi-3B but now want to go commercial with it.
1.] My problem is that it resides on sd-card hence it can be easily copied by anyone hence I was thinking if EMMC would be much secure for my application (and faster also) ?

2.] If not then are there any alternative boards which can give me "some decent level of" assurance wrt software security ?

3.] We are new to baords and all, hence dont have much idea on how to make our software secure , running on linux & SBC's.

Please help !!! :|

User avatar
davidcoton
Posts: 6522
Joined: Mon Sep 01, 2014 2:37 pm
Location: Cambridge, UK

Re: How to secure my application on Rpi3B ?

Sat Aug 08, 2020 8:53 am

Software security is difficult. If anyone has physical access to your computer (Pi or other), assume they can access your code.
  • You could put the Pi in a box without an access slot for the SDCard.
  • You could glue the card in place (with some obvious downsides).
  • You could use a Compute Module (CM3+ or wait for CM4 -- any day/week/month now!).
  • You could change to a licensing business model, but your code could still be stolen and hacked (is it Python or a compiled language?).
Location: 345th cell on the right of the 210th row of L2 cache

User avatar
DougieLawson
Posts: 41687
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: How to secure my application on Rpi3B ?

Sat Aug 08, 2020 11:05 am

  • Have the Raspberry Pi call home to a server that checks a crypto Oauth ID.
  • Write a private crypto key on a USB stick that needs to be available for your application to run.
  • Use an authenticator module so that you need a 2FA from a phone app (like the Google or MS ones)
Languages using left-hand whitespace for syntax are ridiculous

DMs sent on Twitter/LinkedIn will be answered next month.
Fake doctors - are all on my foes list.

The use of crystal balls and mind reading is prohibited.

hortimech
Posts: 549
Joined: Wed Apr 08, 2015 5:52 pm

Re: How to secure my application on Rpi3B ?

Sat Aug 08, 2020 12:01 pm

First, I am not a lawyer. If you haven't written all the code yourself, then you may have to provide the source code anyway. If you have taken the source code of an opensource project and altered it in anyway, you will probably have to provide your alterations back to the opensource project to comply with that projects license. As I said, I am not a lawyer, so if you have used any opensource code, I suggest you consult a lawyer with the relevant experience.

hippy
Posts: 10575
Joined: Fri Sep 09, 2011 10:34 pm
Location: UK

Re: How to secure my application on Rpi3B ?

Sat Aug 08, 2020 12:28 pm

rsingh2083 wrote:
Sat Aug 08, 2020 5:09 am
3.] We are new to baords and all, hence dont have much idea on how to make our software secure , running on linux & SBC's.
As a commercial venture it would be worth employing or contracting someone who has the knowledge and experience you require.

Unrewarded assistance to help you make money may be in limited supply.

W. H. Heydt
Posts: 14974
Joined: Fri Mar 09, 2012 7:36 pm
Location: Vallejo, CA (US)

Re: How to secure my application on Rpi3B ?

Sat Aug 08, 2020 5:46 pm

Forget trying to secure the code. Make your money from providing support contracts on the code.

LTolledo
Posts: 5827
Joined: Sat Mar 17, 2018 7:29 am
Location: Anime Heartland

Re: How to secure my application on Rpi3B ?

Sun Aug 09, 2020 12:31 am

arm yourself with a "lawyer" or a legal team, a very powerful and influential one is preferred.
"Don't come to me with 'issues' for I don't know how to deal with those
Come to me with 'problems' and I'll help you find solutions"

Some people be like:
"Help me! Am drowning! But dont you dare touch me nor come near me!"

SabrinaZ
Posts: 4
Joined: Mon Oct 12, 2020 10:13 pm

Re: How to secure my application on Rpi3B ?

Mon Oct 12, 2020 10:40 pm

Zymbit provides a hardware security solution for RPi with encrypted file system, key management, physical security, measured identity, and more features.
Take a look at this solution at https://www.zymbit.com/blog-security-mo ... pberry-pi/
Zymkey 4i is the product: https://community.zymbit.com/t/getting- ... rry-pi/202

Return to “Beginners”