Security of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices

Size: px

Start display at page:

Download "Security of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices"

Steven Whitehead
5 years ago
Views:

1 Security of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices Dr. Johann Heyszl, Head of Hardware Security Department Fraunhofer-Institute for Applied and Integrated Security - AISEC 18th October 2017 HW-Security in Embedded Systems Heyszl 18th October

2 IoT Embedded Systems Embedded Systems / IoT / Cyber-Physical Systems Powerful off the shelf SoC Chips Efficient wireless connectivity (but huge attack surface e.g. in IoT) Open-source software (e.g. OS, cryptography) Industrial control (Industrie 4.0) Automotive domain (e.g. C2C, C2X) Smart grid and critical infrastructures (e.g. rail) Defense Medical appliances and devices Building security / automation HW-Security in Embedded Systems Heyszl 18th October Security issues are very similar

3 Classical Attackers Classical hacking over network exploiting vulnerabilities in big machines (e.g. servers or personal computers) HW-Security in Embedded Systems Heyszl 18th October

4 Contemporary Attackers Embedded devices are in the field and physically accessible - hardware attacks HW-Security in Embedded Systems Heyszl 18th October

5 Reality for IoT / CPS / Industrie Hardware attacks on single devices help to attack connected (IoT) devices HW-Security in Embedded Systems Heyszl 18th October

6 Information Security in IoT Devices The combination of sensitive applications, internet connectivity, and physical accessibility makes information security extremely important in embedded devices! E.g. Mirai botnet Information security needs 1. Cryptographic algorithms This is OK nowadays Formerly poor (e.g. ENIGMA, but also Keeloq etc.) Nowadays highly secure (e.g. AES, SHA-3, ECC) Communication can be protected effectively 2. Secure implementations and devices Main problem! IT security for software (SW vulnerabilities/exploits) Secure storage of secret keys Implementation security of cryptography Topic of this talk HW-Security in Embedded Systems Heyszl 18th October

Example Hacked IoT Device Example from Automotive Domain: Miller & Valasek s Jeep Hack 2015: Shows full remote-control of critical CAN bus (stop engine / de-activate breaking) Spend high effort on

7 Example Hacked IoT Device Example from Automotive Domain: Miller & Valasek s Jeep Hack 2015: Shows full remote-control of critical CAN bus (stop engine / de-activate breaking) Spend high effort on reverse engineering infotainment unit (incl. cell connect.) D-Bus (OS IPC service) accessible on TCP/IP port over (cellular) internet! Dowloaded SSH Key, started SSH server, re-flashed CAN controller per serial wire from infotainment doman, CAN controller now forwards messages over serial HW-Security in Embedded Systems Heyszl 18th October

8 Stealing keys with physical access HW-Security in Embedded Systems Heyszl 18th October

Extracting Secrets from External Flash Chips Many products with secret credentials in memories (crypto keys, user+password) Beware of high impact if used on many devices or vs. backend!

9 Extracting Secrets from External Flash Chips Many products with secret credentials in memories (crypto keys, user+password) Beware of high impact if used on many devices or vs. backend! De-solder BGA flash from embedded system PCB, re-ball, put in BGA socket Connect to quick-fixed FPGA / µc to read-out keys (e.g. hard-coded AES key in automotive case 2015, valid on many devices) Do not use unprotected external memories for sensitive information HW-Security in Embedded Systems Heyszl 18th October

Extracting Secrets from Protected On-Chip Memory Read-out protection of on-chip memories is crucial for µc and larger SoCs Example: STM32 (F0, ARM Cortex M0) provides read protection and debug

10 Extracting Secrets from Protected On-Chip Memory Read-out protection of on-chip memories is crucial for µc and larger SoCs Example: STM32 (F0, ARM Cortex M0) provides read protection and debug disable as different locking levels Researchers show attack to extract flash nonetheless a 1. Circumvent flash read-locking through debugger-allowed SRAM access (extract flash bytes from CRC calculation results in SRAM during startup) 2. Show fallback from locked debugger by erasing lock bits using UV light 3. Finally: Custom debugger to access flash word before lock-down after power-up Carefully select, configure and evaluate platforms. Add additional layer through SW mechanisms (time-randomization, redundancy in lock bits, checking state of lock bits etc.) a Obermaier, Tatschner, Shedding too much Light on a Microcontroller s Firmware Protection, WOOT 2017 HW-Security in Embedded Systems Heyszl 18th October

11 Breaking crypto with physical access HW-Security in Embedded Systems Heyszl 18th October

12 Implementation Attacks against Cryptography Cryptographic algorithms are highly secure (AES, ECC, RSA, SHA-256, SHA-3) If secret keys are also stored securely Cryptographic implementations are not always secure Implementation attacks 1. Side-Channel Attacks (Power, EM, Cache-based,... ) 2. Fault Attacks Target intermediate values during computation Contrary to output, intermediate values are less secure E.g. not fully mixed with secret HW-Security in Embedded Systems Heyszl 18th October

13 Implementation Attacks against Cryptography Relevance for IoT Embedded Systems Classically: Smartcards (pay-tv, credit cards, passports) Building access tokens Automotive access (e.g. Keeloq) RFID tags from public transport Now: Embedded SoCs (industrial control, automotive, smart home... ) All kinds of HSMs Embedded secure elements HW-Security in Embedded Systems Heyszl 18th October

14 Side-Channel Attacks against Typical Embedded Systems Recover Linux filesystem encryption key (AES) Typical embedded system (BeagleBone) Even if a lot of noise is present (from 500 MHz CPU, SoC and Linux OS) HW-Security in Embedded Systems Heyszl 18th October

15 Some Attacks Require Invasive Preparation HW-Security in Embedded Systems Heyszl 18th October

16 High-Resolution EM Side-Channel Analysis Best-case measurement setup for worst-case high-security evaluation HW-Security in Embedded Systems Heyszl 18th October

17 A Though on RAIL Systems Highly relevant targets - Attack to stop or... Jeep Euro-Balises My opinion: Should be feasible to cause big trouble with manipulated messages Accessible in the field - full access for attackers No information security (attacker could extract keys if there were any; key management difficult - interoperability of trains) Attacker may reverse-engineer and deploy with modified software to transmit misleading messages! Effort estimation: very feasible! Remote monitoring of legacy components? Communication security of radio communication? HW-Security in Embedded Systems Heyszl 18th October

18 How to achieve secure embedded systems? HW-Security in Embedded Systems Heyszl 18th October

19 Embedded Security Use contemporary cryptography Most important: Security of cryptographic keys Most of IoT authentication and communication security depends on keys Key distribution and management is critical - scope of keys! Secure embedded IoT devices require holistic security concepts Hardware attacks require hardware security HW-Security in Embedded Systems Heyszl 18th October

20 Embedded Security Most important security mechanisms for secure IoT devices: SoCs / µc with effective read protection and debug lock HW-protected/secure key-memory (e.g. SE) Isolation of sensitive memory regions during runtime Hardware-firewalls for isolation / compartmentalization software (MPU, MMU, TEE, HSMs, SEs) Secure Boot, which requires root-of-trust as hardwired ROM code Protected cryptographic HW engines Until here impossible to retrofit - Decided early by choice of chips! Secure updates in the field Layered / compartmentalized SW approach Remote attestion of device integrity Protected cryptographic SW implementations HW-Security in Embedded Systems Heyszl 18th October

21 Secure Elements for Embedded Systems HW-Security in Embedded Systems Heyszl 18th October

Secure Elements for Embedded Systems Increasingly available for embedded systems (SMD packages) (prev. mostly smartcards) Will be used more heavily (e.g. in automotive, industrial, also esim/euicc or TPM2.

22 Secure Elements for Embedded Systems Increasingly available for embedded systems (SMD packages) (prev. mostly smartcards) Will be used more heavily (e.g. in automotive, industrial, also esim/euicc or TPM2.0) Highly secure memory to store sensitive data (secret keys, certificates, IP) Extraction of key is nearly impossible, even with highly invasive methods Worst-case is that the box is desoldered and misused - but limited bandwidth Hardened cryptographic libraries and hardware accelerators Programmable (Java or C) for integration of custom user functionality We currently develop SE toolbox for embedded systems in BMBF-funded projekt IUNO HW-Security in Embedded Systems Heyszl 18th October

23 Secure Elements for Embedded Systems How-To 1. Take critical part of system (secret keys, cryptographic software routines, other critical functionality..) 2. Put into secure element Main CPU SE HW-Security in Embedded Systems Heyszl 18th October

24 Secure Elements for Embedded Systems Solution Example - Building Access System Challenge Solution Access tokens and locks with symmetric keys (partly wide-scope) Microcontroller-based plattform, no secure memory Hackers read-out firmware after clearing fuses using UV light for reverse-engineering Hackers performed side-channel attacks to recover keys in field Integrate security controller with custom C-firmware Legacy authentication and cryptography included for backwards-compatibility State-of-the-Art cryptography and authentication added Symmetric keys stored in highly-secure memory HW-Security in Embedded Systems Heyszl 18th October

Secure Elements for Embedded Systems Solution Example - Building Access System Challenge Solution Access tokens and locks with symmetric keys (partly wide-scope) Microcontroller-based plattform, no

25 Secure Elements for Embedded Systems Solution Example - Building Access System Challenge Solution Access tokens and locks with symmetric keys (partly wide-scope) Microcontroller-based plattform, no secure memory Hackers read-out firmware after clearing fuses using UV light for reverse-engineering Hackers performed side-channel attacks to recover keys in field Integrate security controller with custom C-firmware Legacy authentication and cryptography included for backwards-compatibility State-of-the-Art cryptography and authentication added Symmetric keys stored in highly-secure memory HW-Security in Embedded Systems Heyszl 18th October

26 Conclusion Many embedded systems will require more hardware/embedded security IoT, Industrie 4.0, CPS, Automobility, Critical Infrastructures, Medical devices... Security surely requires test and verification afterwards, but must be considered during all early design stages more importantly! Fraunhofer AISEC provides security assessment, consulting and solutions HW-Security in Embedded Systems Heyszl 18th October

27 Contact Information Dr.-Ing. Johann Heyszl Hardware Security Department Fraunhofer-Institute for Applied and Integrated Security (AISEC) Address: Parkring Garching (near Munich) Germany Internet: Phone: Fax: johann.heyszl@aisec.fraunhofer.de HW-Security in Embedded Systems Heyszl 18th October

Shedding too much Light on a Microcontroller s Firmware Protection. Johannes Obermaier, Stefan Tatschner, August 15, 2017

Shedding too much Light on a Microcontroller s Firmware Protection Johannes Obermaier, Stefan Tatschner, August 15, 2017 Shedding too much Light on a Microcontroller s Firmware Protection Microcontrollers