Embedded Security - Institute of Computer Engineering (E191) · Some key security issues ... key 1 key 2 ciphertext Cryptography provides the tools, that underlie most modern security

Embedded Security

VO Embedded Systems Engineering

Armin Wasicek

Why security? Number of network based

attacks is ever increasing

Hacking is profitable and it is difficult to get caught.

Currently a shift from „spare time hacking“ to organized crime is observable

2 18.12.2012 Embedded Security

Why Embedded Security?

Number of embedded

systems is increasing

Embedded systems

are ubiquitious

Incorporate

• useful information and

• valuable services


Emerging Security Requirements

Connectivity

Increasing number of devices is connected to a larger network

Vision of the “Internet of Things”

Extensibility

Updating software

Plugging in additional components

Complexity

Demand for increased functionality

Non–functional constraints

Operation in Untrusted Environment

even the owners of a system can present a security risk


Security definitions,

classifications, and

taxonomies

18.12.2012 Embedded Security 5

General security definitions

”Computer security is the process of ensuring confidentiality, integrity, and availability of computers, their programs, hardware devices, and data. Lack of security results from a failure of one of these three properties.”

Security is a system property. Security is much more than a set of functions and mechanisms. IT security is a system characteristic as well as a set of mechanisms that span the system both logically and physically.

NIST

McGraw-Hill


Security, in an objective sense, measures the absence of threats to acquired values, in a subjective sense, the absence of fear that such values will be attacked.

Arnold Wolfers

Security: Primary Attributes

Confidentiality [ disclosure] Assets are accessible for reading, copying, locating only by

authorized parties.

Integrity [ deception] Assets are accessible for reading, copying, locating only by

authorized parties.

Availability [ DoS] Assets are ready for correct service for authorized users


Security: Secondary Attributes

Accountability availability and integrity of the person who performed the operation

Authenticity integrity of a message content and origin, and possibly of some other

information, such as time of emission

Non-repudiability availability and integrity of the identity of the sender or receiver of a

message


Relationship Safety - Security

Safety Characteristics

Protection against unintended changes within the system

Absence of catastrophic consequences of faults

Safety boundaries ensure availability and independent behavior in case of failures

Strongly related to fault containment and tolerance

Security Characteristics

Protection against unauthorized modifications of the system

Access policies strive to contain intrusion attempts

Security protocols ensure that data flows are secure

Security unifies technical, organizational, political, financial, and legal aspects


Relationship Dependability - Security


Pathology of Faults

Fault Cause of error

Error Unintended system state

Failure Deviation of actual from intended service

11

fault error failure

System boundaries

18.12.2012 Embedded Security

Propagation of Security failures

In a safety-critical systems a failure has catastrophic consequences

Propagation from the security domain to the safety domain:

Unintended behavior of a system is caused by a previous intrusion

AVI chain illustrates this propagation

intrusion error

attack

hacker,

designer,

or operator

failurevulnerability

System boundaries

Attack Interaction fault / Intrusion attempt

Vulnerability Weakness in the system

Intrusion Malicious, externally induced fault


Classification of counter measures

Any particular security mechanism falls into one (or more)

of these broad categories


Incident

1.Attackers

Hackers

Spies

Terrorists

Corporate

Raiders

Professional

Criminals

Vandals

Voyeurs

7.Objective

s

Challenge,

status, thrill

Political gain

Financial gain

Damage

Attack

3.Vulnerabi

lity

Configuration

Implemen-

tation

Design

2.Tool

Physical

Attack

Information

Exchange

User

command

Script or

program

Autonomous

agent

Toolkit

Distributed

tool

Data tap

6.Unauthori

zed Result

Increased

access

Disclosure of

information

Corruption of

information

Denial of

service

Theft of

resources

Security Incident Taxonomy

Event

4.Action

Probe

Scan

Flood

Authenticate

Bypass

Spoof

Read

Copy

Steal

Modify

Delete

5.Target

Account

Process

Data

Component

Computer

Network

Internetwork

Click to continue…


Vulnerability Life Cycle

0. vulnerability birth

1. discovery: exploit

available to private groups

2. announcement: exploit

available to public

3. popularity: used by the

masses

4. patch available

5. patch applied

15

discovery1

2 announcement

3 popularity

4 patch available

5 patch applied

risk

time

"Penetrate and Patch" is not that it makes your system better by design, rather it merely makes it toughened by trial and error.


Some key security issues

Information Security is not only a technical problem

Insufficient security awareness

Lacking experience in risk management

No or weak security policies

Security measures should be taken on all stages


Implementing security

How to implement security?

Partition the users in groups, assign roles

Introduce asymmetry between users

„In a system where everyone is allowed to do

everything, conflicts are foreseeable.“


Security Policies

• Origins from the military: Bell-LaPadula

• Integrity models are mostly

domain-specific

• Other common policies:

• Discretionary Acess Control (DAC)

• Mandatory Acess Control (MAC)

• Role-based Acess Control (RBAC)


A security policy is a high-level specification of the security properties that a given system should possess.

TOP SECRET

SECRET

CONFIDENTIAL

OPEN

write-up

read-down

Asymmetry

Use ‚hard to guess‘ problems to achieve asymmetry

uniform distribution of bits in ciphertexts (AES, …)

discrete logarithm problem (RSA, DSA, ECC,…)

Cryptographic ciphers forge these problems in executable

algorithms and schemes


Security Protocols

Key agreement and exchange (Diffie-Hellman, IKE, …)

Authentication (HMAC, Kerberos, …)

Confidential data transport (SSH, SSL, IPSec, …)

Non-repudiation (DSA, RSA-SHA1, …)

A protocol describes how the algorithms should be used.


Cryptography

Cryptography is the science and art to design ciphers

Cryptanalysis is the science and art of breaking them

Cryptology is the study of both.

Encryption is the process to transform to

convert a plaintext to a ciphertext under a

certain secret parameter (key).

The reverse process is called decryption.

plaintext plaintextencryption decryption

key1 key2

ciphertext

Cryptography provides the tools, that underlie most modern security protocols.


Attacks on Cryptosystems

Attack Prerequisites Attacker‘s goal

Ciphertext–only set of ciphertexts, encrypted with the same cipher.

plaintext or key

Known–plaintext set of cipher texts and their corresponding plaintexts

key or algorithm

Chosen–plaintext or Adaptive-chosen-plaintext

Cryptographic device and can input arbitrary plaintexts and read the device’s output

duplicate the device

Chosen–ciphertext set of ciphertexts, can decrypt them without knowing the key

plaintext or key

Using violence physical violence, blackmailing, kidnapping, threatening, etc.

anything


Example: Digital Signatures


Sender Receiver

Attacker

channel

message

manipulate

Attacker model: e.g., Dolev-Yao: ‚the attacker carries the message‘

Extend message with security tag

Transmit a message an a way

that the attacker cannot modify

its contents.

Integrity of contents

Confidentiality of keys

Encrypt - Sign Decrypt - Verify

Example: Digital Signatures

Consists of

Key generation

Signing operation

Verifying operation

“Plain” RSA signatures are not secure, require a combination with a padding scheme, e.g., RSA-PSS.


Design principles (1)

Introduced 1975 by Saltzer and Schroeder

Least Privilege: A subject should be given only those privileges

necessary to complete its task.

Fail-Safe Defaults: E.g. a permission-based approach: Unless a

subject is given explicit access to an object, it should be denied

access to that object by default.

Economy of Mechanism/Simplicity: A security mechanisms should

be as simple as possible.

Complete Mediation: Accesses to objects are checked to ensure

that they are allowed.


Design principles (2)

Open Design: Security should not depend on the secrecy of

its design or implementation.

Separation of Privilege: A system should not grant

permission based on a single condition.

Least Common Mechanism: Mechanisms used to access

resources should not be shared.

Psychological Acceptability/Easy to use: Security

mechanisms should not make the resource more difficult to

use than if the security mechanisms were not present.


Design challenges for

embedded security

Embedded Systems Security

Security violations can have catastrophic consequences

regarding the environment, human life and cost.

Embedded systems pose restrictions on cost, real-time

performance, power consumption and physical security.

Security applications in Embedded Systems:

29

─ Support new business models (DRM)

─ Personalization/Identification

─ Legal obligations

─ Software updates

─ Theft prevention

─ Access control


Key Problems in Embedded Security

Numerical problems require high computing power

• E.g., modular exponentiation operation as used in RSA:

Random number generation

• Needs a source of entropy (keyboard strokes or mouse moves)

• In low-end diskless embedded platforms it becomes

increasingly difficult to gather any random material at all

• Initialization file containing 1024 true random bytes used as a

seed for a pseudo-random generator

• Collect random information from the environment

NKC e mod


Integrity Attacks Privacy Attacks Availability Attacks

Electromagnetic

Analysis

Power Analysis

Fault injection

Timing Analysis

Virus

Trojan HorseMicroprobing

Eavesdropping

Fu

nct

ion

al

Cla

ssif

icat

ion

Ag

ent-

bas

ed

Cla

ssif

icat

ion

Physical Attacks

Side-Channel Attacks

Software Attacks

Embedded System

Attacks


Embedded Security Pyramid

32

To ensure security in an embedded system, address the problem at all abstraction levels.


Design Challenges for secure ES

Processing gap increased computational demand of security processing.

Battery gap energy consumption overheads of supporting security is very high

Flexibility execute multiple and diverse security protocols

Tamper resistance withstand physical attacks

Assurance gap reliable operation despite attacks from intelligent adversaries

Cost increases with the number of integrated security measures


Solving these challenges

Perform rigorous security engineering method

Focus on key threat scenarios

Introduce security early in the specification and design

Research on suitable schemes and algorithms

Follow secure coding guidelines

Use specialized hardware support


Example: AES Performance

Diagram shows throughput

of an AES implementation in

software and hardware on a

microcontroller.

Introducing encryption in an

embedded application

requires additional resources

35

Embedded Controller AES in Mbps Ethernet 100Mbps

WLAN 54Mbps

UART 0,1Mbps

USB 12Mbps

J. Wilbrink, D. Nativel, T. Morin, "Networked Networks and Embedded Microcontroller Architectures", Information Quarterly, Vol. 4(4), 2005


Example: AES Energy efficiency

10-6

10-5

10-4

10-3

10-2

10-1

100

101

102

0.18 micron CMOS

Virtex-II Pro FPGA

Feedback

Virtex-II Pro FPGA

Feedback Fault

detection

Virtex-II Pro FPGA

Feedback Fault

tolerance

Virtex-II Pro FPGA

Non Feedback

Hand-optimized Assembly code On Pentium II

C Sparc

Java K virtual machine

Sparc

Gigabits per joule

ASIC

FPGA

Processor

W. Burleson, T. Wolf, R. Tessier, W. Gong,

G. Gogniat, “Embedded System Security:

A Configurable Approach”, DHS 2005


Tamper Resistance

Tamper-evidence is to

provide evidence that an

attack has been attempted, e.g. security seals, using special covers, or enclosures.

Tamper-resistance is to provide passive protection against

an attack, e.g., scrambling of bus lines and memories or use special logic styles.

Tamper-responsiveness is to provide an active response to the

detection of an attack: e.g., zeroisation, deletion of all security relevant data (e.g. keys).

37

AttackAttack

prevent ion

Tamper

ev idence

At tack

detect ion

At tack

recovery

t


Examples and concluding

remarks

Information Security Economics

Economic considerations of security are at least as

important as the technical ones.

Risk: the chance a risk event will occur and the

loss or harm resulting from the occurrence.

Security management consists of its risks and its

risk mitigation measures

Return On Investment (ROI): identify security measures yielding a positive return Cost To Break (CTB): lowest expected cost for anyone to discover and exploit a vulnerability


Exemplary cases

Heart pacemaker:

• wireless access to a combination heart defibrillator and pacemaker

• shut down and deliver jolts of electricity that would potentially be fatal

• manipulating signals from the tiny wireless radio that had been embedded

in the implant as a way to let doctors monitor and adjust it without surgery.

Nuclear plant :

• shutdown after two water recirculation pumps failed.

• An investigation found that the controllers for the pumps locked up due to a

flood of computer data traffic on the plant's internal control system network.

ATM Skimming:

• iniature debit card reader, which scans the card's magnetic strip, and a

video camera that records the PIN number when it is entered.


Exemplary cases

Wastewater incident:

• In March 2000, a former consultant to a waste water plant in

Maroochy Shire, Queensland, Australia, accessed the control system

of the plant and released up to 1 million Liter of sewage into the

surrounding waterways.

Automotive hacking:

• Researchers access the automotive Controller Area Network (CAN)

network via the On–Board Diagnostics (OBD) port

• Override the driver and adversarially control functions like disabling

the brakes, selectively braking individual wheels on demand, and

stopping the engine.


Stuxnet:

• The Stuxnet computer worm infected in 2010 industrial software

and equipment.

• The worm strives to propagate through the Supervisory Control

and Data Acquisition (SCADA) system to the Programmable

Logic Controller (PLC)s deployed in factory floors, military

installations, chemical and power plants.

• Reprogamming of these devices by sending program code to

the infected machines.

Exemplary cases


Summary

Embedded systems have stringent resource constraints, therefore

solutions for Desktop PCs cannot be simply transferred.

Embedded security must be solved at all levels of the pyramid

Security is achieved by exploiting asymmetry

Follow proven design principles

Learn from documented security incidents


ENDE

Danke für die Aufmerksamkeit!


Documents

Embedded Security - Institute of Computer Engineering (E191) · Some key security issues ... key 1 key 2 ciphertext Cryptography provides the tools, that underlie most modern security