Embedded Systems Security

Transcription

1 Embedded Systems Security Why security? Number of network based attacks is ever increasing Embedded Systems Engineering Armin Wasicek WS 2009/10 Hacking is profitable and it is difficult to get caught. Currently a shift from spare time hacking to organized crime is observable 2 Why Embedded Security? Number of embedded systems is increasing Embedded systems are extensible and connected Operate in an untrusted environment Incorporate useful information and valuable services Overview Security foundations: Terms and concepts Embedded Security: Design challenges Tools 3 4 1

2 General security definitions Security: Primary Attributes Computer security is the process of ensuring confidentiality, integrity, and availability of computers, their programs, hardware devices, and data. Lack of security results from a failure of one of these three properties. Confidentiality absence of unauthorized disclosure of information Integrity absence of unauthorized system alterations Availability readiness for correct service for authorized users 5 6 Security: Secondary Attributes Pathology of Intrusion and Failure Accountability availability and integrity of the person who performed the operation Authenticity integrity of a message content and origin, and possibly of some other information, such as time of emission Non-repudiability availability and integrity of the identity of the sender or receiver of a message Fault Error Failure Cause of error Unintended system state Deviation of actual from intended service Attack Interaction fault / Intrusion attempt Vulnerability Intrusion Weakness in the system Malicious, externally induced fault System boundaries System boundaries 7 8 2

3 Security Incident Taxonomy Vulnerability Life Cycle 4.Action 5.Target Probe Account Scan Process Flood Data Click to continue Authenticate Component Bypass Computer Spoof Network Read Internetwork Copy Steal Modify Delete 0. vulnerability birth 1. discovery: exploit available to private groups 2. announcement: exploit available to public 3. popularity: used by the masses 4. patch available 5. patch applied risk 3 popularity 2 announcement 1 discovery 4 patch available 5 patch applied "Penetrate and Patch" is not that it makes your system better by design, rather it merely makes it toughened by trial and error. time 9 10 Some key security issues Overview Information Security is not only a technical problem Insufficient security awareness Lacking experience in risk management No or weak security policies Security measures should be taken on all stages Security foundations: Terms and concepts Embedded Security: Design challenges Tools

4 Embedded Systems Security Security violations can have catastrophic consequences regarding the environment, human life and cost. Embedded systems pose restrictions on cost, real-time performance, power consumption and physical security. Functional Classification Security applications in embedded Systems: Software updates Support new business models Theft prevention (DRM) Access control Personalization/Identification Legal obligations Agent-based Classification Design Challenges for secure ES Example: AES Performance Processing gap Battery gap Flexibility Tamper resistance Assurance gap Cost increased computational demand of security processing. energy consumption overheads of supporting security is very high execute multiple and diverse security protocols withstand physical attacks reliable operation despite attacks from intelligent adversaries increases with the security measures integrated Embedded Controller AES in Mbps Ethernet 100Mbps WLAN 54Mbps USB 12Mbps UART 0,1Mbps J. Wilbrink, D. Nativel, T. Morin, "Networked Networks and Embedded Microcontroller Architectures", Information Quarterly, Vol. 4(4), 2005 Diagram shows throughput of an AES implementation in software and hardware on a microcontroller. Introducing encryption in an embedded application requires additional resources 16 4

5 Example: AES Energy efficiency Gigabits per joule ASIC W. Burleson, T. Wolf, R. Tessier, W. Gong, G. Gogniat, Embedded System Security: A Configurable Approach, DHS 2005 Tamper Resistance Tamper-evidence is to provide evidence that an attack has been attempted, e.g. security seals, using special covers, or enclosures Processor Tamper-resistance is to provide passive protection against an attack, e.g., scrambling of bus lines and memories or use special logic styles micron CMOS Virtex-II Pro Feedback Virtex-II Pro Feedback Fault detection Virtex-II Pro Feedback Fault tolerance Virtex-II Pro Non Feedback Hand-optimized Assembly code On Pentium II C Sparc Java K virtual machine Sparc Tamper-responsiveness is to provide an active response to the detection of an attack: e.g., zeroisation, deletion of all security relevant data (e.g. keys) Embedded Security Pyramid Information Security Economics To ensure security in an embedded system, address the problem at all abstraction levels. 19 Economic considerations of security are at least as important as the technical ones. Risk: the chance a risk event will occur and the loss or harm resulting from the occurrence. Return On Investment (ROI): identify security measures yielding a positive return Cost To Break (CTB): lowest expected cost for anyone to discover and exploit a vulnerability Security management consists of its risks and its risk mitigation measures 20 5

6 Overview How to achieve Security? Security foundations: Terms and concepts Embedded Security: Design challenges Tools Introduce asymmetry between users In a system where everyone is allowed to do everything, conflicts are foreseeable. A security policy partitions the system state into secure (authorized) states and non secure (unauthorized) states. Implementation: use hard to guess problems, e.g., uniform distribution of bits in ciphertexts (AES, ) discrete logarithm problem (RSA, DSA, ECC, ) Cryptography Cryptography is the science and art to design ciphers Cryptanalysis is the science and art of breaking them Cryptology is the study of both. plaintext key1 encryption ciphertext Encryption is the process to transform to convert a plaintext to a ciphertext under a certain secret parameter (key). The reverse process is called decryption. key2 decryption plaintext Cryptography provides the tools, that underlie most modern security protocols. Security Protocols A protocol describes how the algorithms should be used. Key agreement and exchange (Diffie-Hellman, IKE, ) Authentication (HMAC, Kerberos, ) Confidential data transport (SSH, SSL, IPSec, ) Non-repudiation (DSA, RSA-SHA1, ) Embedded Systems Security

7 Example: Digital Signatures Consists of Key generation Signing operation Verifying operation Plain RSA signatures are not secure, require a combination with a padding scheme, e.g., RSA PSS. Embedded Systems Security Compute hashsum Encrypt hash with private key Compute hashsum Decrypt hash with public key Compare Creation at sender Verification at receiver 25 Attacks on Cryptosystems Attack Prerequisites Attacker s goal Ciphertext only set of ciphertexts, encrypted plaintext or key with the same cipher. Known plaintext set of cipher texts and their corresponding plaintexts key or algorithm Chosen plaintext or Adaptive chosen plaintext Chosen ciphertext Using violence Cryptographic device and can input arbitrary plaintexts and read the device s output set of ciphertexts, can decrypt them without knowing the key physical violence, blackmailing, kidnapping, threatening, etc. duplicate the device plaintext or key anything 26 Design priciples (1) Design principles (2) Introduced 1975 by Saltzer and Schroeder Least Privilege: A subject should be given only those privileges necessary to complete its task. Fail-Safe Defaults: E.g. a permission-based approach: Unless a subject is given explicit access to an object, it should be denied access to that object by default. Economy of Mechanism/Simplicity: A security mechanisms should be as simple as possible. Complete Mediation: Accesses to objects are checked to ensure that they are allowed. Open Design: Security should not depend on the secrecy of its design or implementation. Separation of Privilege: A system should not grant permission based on a single condition. Least Common Mechanism: Mechanisms used to access resources should not be shared. Psychological Acceptability/Easy to use: Security mechanisms should not make the resource more difficult to use than if the security mechanisms were not present

8 Key Problems in Embedded Security Numerical problems require high computing power E.g., modular exponentiation operation as used in RSA C K e mod N Random number generation Needs a source of entropy (keyboard strokes or mouse moves) In low-end diskless embedded platforms it becomes increasingly difficult to gather any random material at all Initialization file containing 1024 true random bytes used as a seed for a pseudo-random generator Collect random information from the environment 29 Exemplary cases Heart pacemaker: wireless access to a combination heart defibrillator and pacemaker shut down and deliver jolts of electricity that would potentially be fatal manipulating signals from the tiny wireless radio that had been embedded in the implant as a way to let doctors monitor and adjust it without surgery. Nuclear plant : shutdown after two water recirculation pumps failed. An investigation found that the controllers for the pumps locked up due to a flood of computer data traffic on the plant's internal control system network. ATM Skimming: iniature debit card reader, which scans the card's magnetic strip, and a video camera that records the PIN number when it is entered. 30 Overview Security foundations: Terms and concepts Embedded Security: Design challenges Tools Embedded systems have stringent resource constraints, therefore solutions for Desktop PCs cannot be simply transferred. Security is achieved by exploiting asymmetry Embedded security must be solved at all levels

9 THE END Thanks for your attention! 33 9