Security of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices

Similar documents
Shedding too much Light on a Microcontroller s Firmware Protection. Johannes Obermaier, Stefan Tatschner, August 15, 2017

Securing IoT devices with STM32 & STSAFE Products family. Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region

Provisioning secure Identity for Microcontroller based IoT Devices

Connecting Securely to the Cloud

Security in sensors, an important requirement for embedded systems

Sicherheitsaspekte für Flashing Over The Air in Fahrzeugen. Axel Freiwald 1/2017

SECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS

Smart Grid Embedded Cyber Security: Ensuring Security While Promoting Interoperability


Presentation's title

Cyber security of automated vehicles

Trusted Platform Modules Automotive applications and differentiation from HSM

How to protect Automotive systems with ARM Security Architecture

ARM Security Solutions and Numonyx Authenticated Flash

Cyber security mechanisms for connected vehicles

Trusted Platform Module explained

Introducing Hardware Security Modules to Embedded Systems

Security in NFC Readers

Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop

SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017

PENETRATION TESTING OF AUTOMOTIVE DEVICES. Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017

Secure automotive on-board networks

MASP Chapter on Safety and Security

Market Trends and Challenges in Vehicle Security

Securing IoT devices with Hardware Secure Element. Fabrice Gendreau EMEA Secure MCUs Marketing & Application Manager

Embedded System Security Mobile Hardware Platform Security

Embedded System Security Mobile Hardware Platform Security

Trusted Execution Environments (TEE) and the Open Trust Protocol (OTrP) Hannes Tschofenig and Mingliang Pei 16 th July IETF 99 th, Prague

CardOS Secure Elements for Smart Home Applications

CSPN Security Target. HP Sure Start HW Root of Trust NPCE586HA0. December 2016 Reference: HPSSHW v1.3 Version : 1.3

Trustzone Security IP for IoT

Designing Security & Trust into Connected Devices

Secure boot under attack: Simulation to enhance fault injection & defenses

Automotive Security An Overview of Standardization in AUTOSAR

IDCore. Flexible, Trusted Open Platform. financial services & retail. Government. telecommunications. transport. Alexandra Miller

Automotive Anomaly Monitors and Threat Analysis in the Cloud

New Approaches to Connected Device Security

A Developer's Guide to Security on Cortex-M based MCUs

Microcontrollers. Claude Dardanne Executive Vice President, General Manager, Microcontrollers, Memory & Secure MCU Group.

Embedded/Connected Device Secure Coding. 4-Day Course Syllabus

System-level threats: Dangerous assumptions in modern Product Security. Cristofaro

TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

$263 WHITE PAPER. Flexible Key Provisioning with SRAM PUF. Securing Billions of IoT Devices Requires a New Key Provisioning Method that Scales

Azure Sphere Transformation. Patrick Ward, Principal Solutions Specialist

Scalable and Flexible Software Platforms for High-Performance ECUs. Christoph Dietachmayr Sr. Engineering Manager, Elektrobit November 8, 2018

Designing Security & Trust into Connected Devices

Cypress PSoC 6 Microcontrollers

SECURITY CRYPTOGRAPHY Cryptography Overview Brochure. Cryptography Overview

Designing Security & Trust into Connected Devices

Building secure devices on the intelligent edge with Azure Sphere. Paul Foster, Microsoft Dr Hassan Harb, E.On

Massively Parallel Hardware Security Platform

Lecture 3 MOBILE PLATFORM SECURITY

TPM v.s. Embedded Board. James Y

Dissecting Leakage Resilient PRFs with Multivariate Localized EM Attacks

The Future of Security is in Open Silicon Linux Security Summit 2018

Firmware Updates for Internet of Things Devices

The Next Steps in the Evolution of Embedded Processors

Danube University Krems. The University for Continuing Education. Security Issues in Resource-limited Sensor Networks. Thilo Sauter Albert Treytl

HACK MY CHIP: A RED TEAM BLUE TEAM APPROACH FOR SOC SECURITY. David HELY Grenoble INP Esisar LCIS, Valence

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)

DICE: Foundational Trust for IoT

Trojan-tolerant Hardware & Supply Chain Security in Practice

INTERNET OF THINGS KONTRON

Live Demo: A New Hardware- Based Approach to Secure the Internet of Things

Windows IoT Security. Jackie Chang Sr. Program Manager

Date: 13 June Location: Sophia Antipolis. Integrating the SIM. Dr. Adrian Escott. Qualcomm Technologies, Inc.

Microsemi Secured Connectivity FPGAs

Secure Set Intersection with Untrusted Hardware Tokens

Leveraging the full potential of NFC to reinvent physical access control. Friday seminar,

PKI Credentialing Handbook

Beyond TrustZone PSA. Rob Coombs Security Director. Part1 - PSA Tech Seminars Arm Limited

Security: The Key to Affordable Unmanned Aircraft Systems

Legacy-Compliant Data Authentication for Industrial Control System Traffic

Renesas Synergy MCUs Build a Foundation for Groundbreaking Integrated Embedded Platform Development

Hardened Security in the Cloud Bob Doud, Sr. Director Marketing March, 2018

New STM32WB Series MCU with Built-in BLE 5 and IEEE

T he key to building a presence in a new market

Implementing debug. and trace access. through functional I/O. Alvin Yang Staff FAE. Arm Tech Symposia Arm Limited

Easy Incorporation of OPTIGA TPMs to Support Mission-Critical Applications

Enterprise Key Management Infrastructure: Understanding them before auditing them. Arshad Noor CTO, StrongAuth, Inc. Chair, OASIS EKMI-TC

Securing IoT with the ARM mbed ecosystem

Creating the Complete Trusted Computing Ecosystem:

Tamper Resistance - a Cautionary Note Ross Anderson Markus Kuhn

Convergence of Safety, Systems & Cybersecurity Bill StClair, Director, LDRA, US Operations

SECURITY MODELS FOR APPLICATION PROTECTION AND AGAINST REVERSE ENGINEERING

N V M e o v e r F a b r i c s -

Secure RISC-V. A FIPS140-2 Compliant Trust Module for Quad 64-bit RISC-V Core Complex

Trojan-tolerant Hardware

SoC, why should we care about Fault Injection Attacks?

Atmel Trusted Platform Module June, 2014

New Embedded NVM architectures

Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development

Countermeasures against Cyber-attacks

Resilient IoT Security: The end of flat security models

GSE/Belux Enterprise Systems Security Meeting

ECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria. Stefan Mangard.

Preface. Structure of the Book

Lecture Embedded System Security Introduction to Trusted Computing

18-642: Security Vulnerabilities

DesignWare IP for IoT SoC Designs

Transcription:

Security of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices Dr. Johann Heyszl, Head of Hardware Security Department Fraunhofer-Institute for Applied and Integrated Security - AISEC 18th October 2017 HW-Security in Embedded Systems Heyszl 18th October 2017 1

IoT Embedded Systems Embedded Systems / IoT / Cyber-Physical Systems Powerful off the shelf SoC Chips Efficient wireless connectivity (but huge attack surface e.g. in IoT) Open-source software (e.g. OS, cryptography) Industrial control (Industrie 4.0) Automotive domain (e.g. C2C, C2X) Smart grid and critical infrastructures (e.g. rail) Defense Medical appliances and devices Building security / automation HW-Security in Embedded Systems Heyszl 18th October 2017 2 Security issues are very similar

Classical Attackers Classical hacking over network exploiting vulnerabilities in big machines (e.g. servers or personal computers) HW-Security in Embedded Systems Heyszl 18th October 2017 3

Contemporary Attackers Embedded devices are in the field and physically accessible - hardware attacks HW-Security in Embedded Systems Heyszl 18th October 2017 4

Reality for IoT / CPS / Industrie 4.0... Hardware attacks on single devices...... help to attack connected (IoT) devices HW-Security in Embedded Systems Heyszl 18th October 2017 5

Information Security in IoT Devices The combination of sensitive applications, internet connectivity, and physical accessibility makes information security extremely important in embedded devices! E.g. Mirai botnet Information security needs 1. Cryptographic algorithms This is OK nowadays Formerly poor (e.g. ENIGMA, but also Keeloq etc.) Nowadays highly secure (e.g. AES, SHA-3, ECC) Communication can be protected effectively 2. Secure implementations and devices Main problem! IT security for software (SW vulnerabilities/exploits) Secure storage of secret keys Implementation security of cryptography Topic of this talk HW-Security in Embedded Systems Heyszl 18th October 2017 6

Example Hacked IoT Device Example from Automotive Domain: Miller & Valasek s Jeep Hack 2015: Shows full remote-control of critical CAN bus (stop engine / de-activate breaking) Spend high effort on reverse engineering infotainment unit (incl. cell connect.) D-Bus (OS IPC service) accessible on TCP/IP port over (cellular) internet! Dowloaded SSH Key, started SSH server, re-flashed CAN controller per serial wire from infotainment doman, CAN controller now forwards messages over serial HW-Security in Embedded Systems Heyszl 18th October 2017 7

Stealing keys with physical access HW-Security in Embedded Systems Heyszl 18th October 2017 8

Extracting Secrets from External Flash Chips Many products with secret credentials in memories (crypto keys, user+password) Beware of high impact if used on many devices or vs. backend! De-solder BGA flash from embedded system PCB, re-ball, put in BGA socket Connect to quick-fixed FPGA / µc to read-out keys (e.g. hard-coded AES key in automotive case 2015, valid on many devices) Do not use unprotected external memories for sensitive information HW-Security in Embedded Systems Heyszl 18th October 2017 9

Extracting Secrets from Protected On-Chip Memory Read-out protection of on-chip memories is crucial for µc and larger SoCs Example: STM32 (F0, ARM Cortex M0) provides read protection and debug disable as different locking levels Researchers show attack to extract flash nonetheless a 1. Circumvent flash read-locking through debugger-allowed SRAM access (extract flash bytes from CRC calculation results in SRAM during startup) 2. Show fallback from locked debugger by erasing lock bits using UV light 3. Finally: Custom debugger to access flash word before lock-down after power-up Carefully select, configure and evaluate platforms. Add additional layer through SW mechanisms (time-randomization, redundancy in lock bits, checking state of lock bits etc.) a Obermaier, Tatschner, Shedding too much Light on a Microcontroller s Firmware Protection, WOOT 2017 HW-Security in Embedded Systems Heyszl 18th October 2017 10

Breaking crypto with physical access HW-Security in Embedded Systems Heyszl 18th October 2017 11

Implementation Attacks against Cryptography Cryptographic algorithms are highly secure (AES, ECC, RSA, SHA-256, SHA-3) If secret keys are also stored securely Cryptographic implementations are not always secure Implementation attacks 1. Side-Channel Attacks (Power, EM, Cache-based,... ) 2. Fault Attacks Target intermediate values during computation Contrary to output, intermediate values are less secure E.g. not fully mixed with secret HW-Security in Embedded Systems Heyszl 18th October 2017 12

Implementation Attacks against Cryptography Relevance for IoT Embedded Systems Classically: Smartcards (pay-tv, credit cards, passports) Building access tokens Automotive access (e.g. Keeloq) RFID tags from public transport Now: Embedded SoCs (industrial control, automotive, smart home... ) All kinds of HSMs Embedded secure elements HW-Security in Embedded Systems Heyszl 18th October 2017 13

Side-Channel Attacks against Typical Embedded Systems Recover Linux filesystem encryption key (AES) Typical embedded system (BeagleBone) Even if a lot of noise is present (from 500 MHz CPU, SoC and Linux OS) HW-Security in Embedded Systems Heyszl 18th October 2017 14

Some Attacks Require Invasive Preparation HW-Security in Embedded Systems Heyszl 18th October 2017 15

High-Resolution EM Side-Channel Analysis Best-case measurement setup for worst-case high-security evaluation HW-Security in Embedded Systems Heyszl 18th October 2017 16

A Though on RAIL Systems Highly relevant targets - Attack to stop or... Jeep Euro-Balises My opinion: Should be feasible to cause big trouble with manipulated messages Accessible in the field - full access for attackers No information security (attacker could extract keys if there were any; key management difficult - interoperability of trains) Attacker may reverse-engineer and deploy with modified software to transmit misleading messages! Effort estimation: very feasible! Remote monitoring of legacy components? Communication security of radio communication? HW-Security in Embedded Systems Heyszl 18th October 2017 17

How to achieve secure embedded systems? HW-Security in Embedded Systems Heyszl 18th October 2017 18

Embedded Security Use contemporary cryptography Most important: Security of cryptographic keys Most of IoT authentication and communication security depends on keys Key distribution and management is critical - scope of keys! Secure embedded IoT devices require holistic security concepts Hardware attacks require hardware security HW-Security in Embedded Systems Heyszl 18th October 2017 19

Embedded Security Most important security mechanisms for secure IoT devices: SoCs / µc with effective read protection and debug lock HW-protected/secure key-memory (e.g. SE) Isolation of sensitive memory regions during runtime Hardware-firewalls for isolation / compartmentalization software (MPU, MMU, TEE, HSMs, SEs) Secure Boot, which requires root-of-trust as hardwired ROM code Protected cryptographic HW engines Until here impossible to retrofit - Decided early by choice of chips! Secure updates in the field Layered / compartmentalized SW approach Remote attestion of device integrity Protected cryptographic SW implementations HW-Security in Embedded Systems Heyszl 18th October 2017 20

Secure Elements for Embedded Systems HW-Security in Embedded Systems Heyszl 18th October 2017 21

Secure Elements for Embedded Systems Increasingly available for embedded systems (SMD packages) (prev. mostly smartcards) Will be used more heavily (e.g. in automotive, industrial, also esim/euicc or TPM2.0) Highly secure memory to store sensitive data (secret keys, certificates, IP) Extraction of key is nearly impossible, even with highly invasive methods Worst-case is that the box is desoldered and misused - but limited bandwidth Hardened cryptographic libraries and hardware accelerators Programmable (Java or C) for integration of custom user functionality We currently develop SE toolbox for embedded systems in BMBF-funded projekt IUNO HW-Security in Embedded Systems Heyszl 18th October 2017 22

Secure Elements for Embedded Systems How-To 1. Take critical part of system (secret keys, cryptographic software routines, other critical functionality..) 2. Put into secure element Main CPU 010011100010101002011001 1101010101010101 010011100010101002011001 1101010101010101 SE 010011100010101002011001 HW-Security in Embedded Systems Heyszl 18th October 2017 23

Secure Elements for Embedded Systems Solution Example - Building Access System Challenge Solution Access tokens and locks with symmetric keys (partly wide-scope) Microcontroller-based plattform, no secure memory Hackers read-out firmware after clearing fuses using UV light for reverse-engineering Hackers performed side-channel attacks to recover keys in field Integrate security controller with custom C-firmware Legacy authentication and cryptography included for backwards-compatibility State-of-the-Art cryptography and authentication added Symmetric keys stored in highly-secure memory HW-Security in Embedded Systems Heyszl 18th October 2017 24

Secure Elements for Embedded Systems Solution Example - Building Access System Challenge Solution Access tokens and locks with symmetric keys (partly wide-scope) Microcontroller-based plattform, no secure memory Hackers read-out firmware after clearing fuses using UV light for reverse-engineering Hackers performed side-channel attacks to recover keys in field Integrate security controller with custom C-firmware Legacy authentication and cryptography included for backwards-compatibility State-of-the-Art cryptography and authentication added Symmetric keys stored in highly-secure memory HW-Security in Embedded Systems Heyszl 18th October 2017 24

Conclusion Many embedded systems will require more hardware/embedded security IoT, Industrie 4.0, CPS, Automobility, Critical Infrastructures, Medical devices... Security surely requires test and verification afterwards, but must be considered during all early design stages more importantly! Fraunhofer AISEC provides security assessment, consulting and solutions HW-Security in Embedded Systems Heyszl 18th October 2017 25

Contact Information Dr.-Ing. Johann Heyszl Hardware Security Department Fraunhofer-Institute for Applied and Integrated Security (AISEC) Address: Parkring 4 85748 Garching (near Munich) Germany Internet: http://www.aisec.fraunhofer.de Phone: +49 89 3229986-172 Fax: +49 89 3229986-299 E-Mail: johann.heyszl@aisec.fraunhofer.de HW-Security in Embedded Systems Heyszl 18th October 2017 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback