Security of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices Dr. Johann Heyszl, Head of Hardware Security Department Fraunhofer-Institute for Applied and Integrated Security - AISEC 18th October 2017 HW-Security in Embedded Systems Heyszl 18th October 2017 1
IoT Embedded Systems Embedded Systems / IoT / Cyber-Physical Systems Powerful off the shelf SoC Chips Efficient wireless connectivity (but huge attack surface e.g. in IoT) Open-source software (e.g. OS, cryptography) Industrial control (Industrie 4.0) Automotive domain (e.g. C2C, C2X) Smart grid and critical infrastructures (e.g. rail) Defense Medical appliances and devices Building security / automation HW-Security in Embedded Systems Heyszl 18th October 2017 2 Security issues are very similar
Classical Attackers Classical hacking over network exploiting vulnerabilities in big machines (e.g. servers or personal computers) HW-Security in Embedded Systems Heyszl 18th October 2017 3
Contemporary Attackers Embedded devices are in the field and physically accessible - hardware attacks HW-Security in Embedded Systems Heyszl 18th October 2017 4
Reality for IoT / CPS / Industrie 4.0... Hardware attacks on single devices...... help to attack connected (IoT) devices HW-Security in Embedded Systems Heyszl 18th October 2017 5
Information Security in IoT Devices The combination of sensitive applications, internet connectivity, and physical accessibility makes information security extremely important in embedded devices! E.g. Mirai botnet Information security needs 1. Cryptographic algorithms This is OK nowadays Formerly poor (e.g. ENIGMA, but also Keeloq etc.) Nowadays highly secure (e.g. AES, SHA-3, ECC) Communication can be protected effectively 2. Secure implementations and devices Main problem! IT security for software (SW vulnerabilities/exploits) Secure storage of secret keys Implementation security of cryptography Topic of this talk HW-Security in Embedded Systems Heyszl 18th October 2017 6
Example Hacked IoT Device Example from Automotive Domain: Miller & Valasek s Jeep Hack 2015: Shows full remote-control of critical CAN bus (stop engine / de-activate breaking) Spend high effort on reverse engineering infotainment unit (incl. cell connect.) D-Bus (OS IPC service) accessible on TCP/IP port over (cellular) internet! Dowloaded SSH Key, started SSH server, re-flashed CAN controller per serial wire from infotainment doman, CAN controller now forwards messages over serial HW-Security in Embedded Systems Heyszl 18th October 2017 7
Stealing keys with physical access HW-Security in Embedded Systems Heyszl 18th October 2017 8
Extracting Secrets from External Flash Chips Many products with secret credentials in memories (crypto keys, user+password) Beware of high impact if used on many devices or vs. backend! De-solder BGA flash from embedded system PCB, re-ball, put in BGA socket Connect to quick-fixed FPGA / µc to read-out keys (e.g. hard-coded AES key in automotive case 2015, valid on many devices) Do not use unprotected external memories for sensitive information HW-Security in Embedded Systems Heyszl 18th October 2017 9
Extracting Secrets from Protected On-Chip Memory Read-out protection of on-chip memories is crucial for µc and larger SoCs Example: STM32 (F0, ARM Cortex M0) provides read protection and debug disable as different locking levels Researchers show attack to extract flash nonetheless a 1. Circumvent flash read-locking through debugger-allowed SRAM access (extract flash bytes from CRC calculation results in SRAM during startup) 2. Show fallback from locked debugger by erasing lock bits using UV light 3. Finally: Custom debugger to access flash word before lock-down after power-up Carefully select, configure and evaluate platforms. Add additional layer through SW mechanisms (time-randomization, redundancy in lock bits, checking state of lock bits etc.) a Obermaier, Tatschner, Shedding too much Light on a Microcontroller s Firmware Protection, WOOT 2017 HW-Security in Embedded Systems Heyszl 18th October 2017 10
Breaking crypto with physical access HW-Security in Embedded Systems Heyszl 18th October 2017 11
Implementation Attacks against Cryptography Cryptographic algorithms are highly secure (AES, ECC, RSA, SHA-256, SHA-3) If secret keys are also stored securely Cryptographic implementations are not always secure Implementation attacks 1. Side-Channel Attacks (Power, EM, Cache-based,... ) 2. Fault Attacks Target intermediate values during computation Contrary to output, intermediate values are less secure E.g. not fully mixed with secret HW-Security in Embedded Systems Heyszl 18th October 2017 12
Implementation Attacks against Cryptography Relevance for IoT Embedded Systems Classically: Smartcards (pay-tv, credit cards, passports) Building access tokens Automotive access (e.g. Keeloq) RFID tags from public transport Now: Embedded SoCs (industrial control, automotive, smart home... ) All kinds of HSMs Embedded secure elements HW-Security in Embedded Systems Heyszl 18th October 2017 13
Side-Channel Attacks against Typical Embedded Systems Recover Linux filesystem encryption key (AES) Typical embedded system (BeagleBone) Even if a lot of noise is present (from 500 MHz CPU, SoC and Linux OS) HW-Security in Embedded Systems Heyszl 18th October 2017 14
Some Attacks Require Invasive Preparation HW-Security in Embedded Systems Heyszl 18th October 2017 15
High-Resolution EM Side-Channel Analysis Best-case measurement setup for worst-case high-security evaluation HW-Security in Embedded Systems Heyszl 18th October 2017 16
A Though on RAIL Systems Highly relevant targets - Attack to stop or... Jeep Euro-Balises My opinion: Should be feasible to cause big trouble with manipulated messages Accessible in the field - full access for attackers No information security (attacker could extract keys if there were any; key management difficult - interoperability of trains) Attacker may reverse-engineer and deploy with modified software to transmit misleading messages! Effort estimation: very feasible! Remote monitoring of legacy components? Communication security of radio communication? HW-Security in Embedded Systems Heyszl 18th October 2017 17
How to achieve secure embedded systems? HW-Security in Embedded Systems Heyszl 18th October 2017 18
Embedded Security Use contemporary cryptography Most important: Security of cryptographic keys Most of IoT authentication and communication security depends on keys Key distribution and management is critical - scope of keys! Secure embedded IoT devices require holistic security concepts Hardware attacks require hardware security HW-Security in Embedded Systems Heyszl 18th October 2017 19
Embedded Security Most important security mechanisms for secure IoT devices: SoCs / µc with effective read protection and debug lock HW-protected/secure key-memory (e.g. SE) Isolation of sensitive memory regions during runtime Hardware-firewalls for isolation / compartmentalization software (MPU, MMU, TEE, HSMs, SEs) Secure Boot, which requires root-of-trust as hardwired ROM code Protected cryptographic HW engines Until here impossible to retrofit - Decided early by choice of chips! Secure updates in the field Layered / compartmentalized SW approach Remote attestion of device integrity Protected cryptographic SW implementations HW-Security in Embedded Systems Heyszl 18th October 2017 20
Secure Elements for Embedded Systems HW-Security in Embedded Systems Heyszl 18th October 2017 21
Secure Elements for Embedded Systems Increasingly available for embedded systems (SMD packages) (prev. mostly smartcards) Will be used more heavily (e.g. in automotive, industrial, also esim/euicc or TPM2.0) Highly secure memory to store sensitive data (secret keys, certificates, IP) Extraction of key is nearly impossible, even with highly invasive methods Worst-case is that the box is desoldered and misused - but limited bandwidth Hardened cryptographic libraries and hardware accelerators Programmable (Java or C) for integration of custom user functionality We currently develop SE toolbox for embedded systems in BMBF-funded projekt IUNO HW-Security in Embedded Systems Heyszl 18th October 2017 22
Secure Elements for Embedded Systems How-To 1. Take critical part of system (secret keys, cryptographic software routines, other critical functionality..) 2. Put into secure element Main CPU 010011100010101002011001 1101010101010101 010011100010101002011001 1101010101010101 SE 010011100010101002011001 HW-Security in Embedded Systems Heyszl 18th October 2017 23
Secure Elements for Embedded Systems Solution Example - Building Access System Challenge Solution Access tokens and locks with symmetric keys (partly wide-scope) Microcontroller-based plattform, no secure memory Hackers read-out firmware after clearing fuses using UV light for reverse-engineering Hackers performed side-channel attacks to recover keys in field Integrate security controller with custom C-firmware Legacy authentication and cryptography included for backwards-compatibility State-of-the-Art cryptography and authentication added Symmetric keys stored in highly-secure memory HW-Security in Embedded Systems Heyszl 18th October 2017 24
Secure Elements for Embedded Systems Solution Example - Building Access System Challenge Solution Access tokens and locks with symmetric keys (partly wide-scope) Microcontroller-based plattform, no secure memory Hackers read-out firmware after clearing fuses using UV light for reverse-engineering Hackers performed side-channel attacks to recover keys in field Integrate security controller with custom C-firmware Legacy authentication and cryptography included for backwards-compatibility State-of-the-Art cryptography and authentication added Symmetric keys stored in highly-secure memory HW-Security in Embedded Systems Heyszl 18th October 2017 24
Conclusion Many embedded systems will require more hardware/embedded security IoT, Industrie 4.0, CPS, Automobility, Critical Infrastructures, Medical devices... Security surely requires test and verification afterwards, but must be considered during all early design stages more importantly! Fraunhofer AISEC provides security assessment, consulting and solutions HW-Security in Embedded Systems Heyszl 18th October 2017 25
Contact Information Dr.-Ing. Johann Heyszl Hardware Security Department Fraunhofer-Institute for Applied and Integrated Security (AISEC) Address: Parkring 4 85748 Garching (near Munich) Germany Internet: http://www.aisec.fraunhofer.de Phone: +49 89 3229986-172 Fax: +49 89 3229986-299 E-Mail: johann.heyszl@aisec.fraunhofer.de HW-Security in Embedded Systems Heyszl 18th October 2017 26