SECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS

Similar documents
Security in sensors, an important requirement for embedded systems

$263 WHITE PAPER. Flexible Key Provisioning with SRAM PUF. Securing Billions of IoT Devices Requires a New Key Provisioning Method that Scales

Security of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices

Trusted Platform Modules Automotive applications and differentiation from HSM

Smart Grid Embedded Cyber Security: Ensuring Security While Promoting Interoperability

Hardware-Level Security for the IoT. Mark Zwolinski March 2017

MASP Chapter on Safety and Security

Examples for the Calculation of Attack Potential for Smartcards

IDACCS Wireless Integrity protection in a smart grid environment for wireless access of smart meters

Smart Meter Security. Martin Klimke, Principle of Technical Marketing Infineon Chip Card and Security

Secure automotive on-board networks

ECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria. Stefan Mangard.

Securing IoT devices with STM32 & STSAFE Products family. Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region

TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

Secure Design Methodology and The Tree of Trust

Securing IoT devices with Hardware Secure Element. Fabrice Gendreau EMEA Secure MCUs Marketing & Application Manager

The Design and Evaluation Methodology of Dependable VLSI for Tamper Resistance

Cybersecurity Solution in Hardware

Cyber security of automated vehicles

CIS 6930/4930 Computer and Network Security. Topic 6.2 Authentication Protocols

SEGRID storyline. Workshop SEGRID November 14 th, 2016, Barcelona, Spain

Security of Biometric Passports ECE 646 Fall Team Members : Aniruddha Harish Divya Chinthalapuri Premdeep Varada

Outline. Trusted Design in FPGAs. FPGA Architectures CLB CLB. CLB Wiring

System-Level Failures in Security

Trusted Platform Module explained

Connecting Securely to the Cloud

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

SECURITY FOR CONNECTED OBJECTS. Alain MERLE CEA-LETI

SIDE CHANNEL ANALYSIS : LOW COST PLATFORM. ETSI SECURITY WEEK Driss ABOULKASSIM Jacques FOURNIERI

CSWAE Certified Secure Web Application Engineer

Certified Secure Web Application Engineer

Network Security and Cryptography. December Sample Exam Marking Scheme

CUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE

Dynamic Behavior of RS latches using FIB processing and probe connection

CIS 700/002 : Special Topics : Protection Mechanisms & Secure Design Principles

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

Flash Memory Bumping Attacks

How microprobing can attack encrypted memory

WAP Security. Helsinki University of Technology S Security of Communication Protocols

Hardware Security. A Presentation by Eli Clampett and James Carey

6.857 L17. Secure Processors. Srini Devadas

The embedded security challenge: Protecting bits at rest

IMPLEMENTING MICROSOFT CREDENTIAL GUARD FOR ISO 27001, PCI, AND FEDRAMP

CSC 474/574 Information Systems Security

e-commerce Study Guide Test 2. Security Chapter 10

Test Conditions. Closed book, closed notes, no calculator, no laptop just brains 75 minutes. Steven M. Bellovin October 19,

Kerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos

Industrial Control System Security white paper

Appendix A Sourcecode

Chip Lifecycle Security Managing Trust and Complexity

Hardware Security Challenges and Solutions. Mike Bartley TVS, Founder and CEO

WHAT FUTURE FOR CONTACTLESS CARD SECURITY?


Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

A Survey of BGP Security Review

HOST Authentication Overview ECE 525

Embedded System Security. Professor Patrick McDaniel Charles Sestito Fall 2015

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

New Security Features in DLMS/COSEM

CompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals

Security in NFC Readers

CSE / 60537: Biometrics

Authentication Handshakes

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

HACK MY CHIP: A RED TEAM BLUE TEAM APPROACH FOR SOC SECURITY. David HELY Grenoble INP Esisar LCIS, Valence

Threat analysis. Tuomas Aura CS-C3130 Information security. Aalto University, autumn 2017

Verteilte Systeme (Distributed Systems)

CSC 474/574 Information Systems Security

Question No: 2 Which identifier is used to describe the application or process that submitted a log message?

SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification

Message authentication. Why message authentication. Authentication primitives. and secure hashing. To prevent against:

CSCI 667: Concepts of Computer Security. Lecture 9. Prof. Adwait Nadkarni

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

TERRA. Boneh. A virtual machine-based platform for trusted computing. Presented by: David Rager November 10, 2004

CIS 4360 Secure Computer Systems Applied Cryptography

Security Requirements

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013

Outline Key Management CS 239 Computer Security February 9, 2004

Most Common Security Threats (cont.)

Securing Cloud-based IoT Applications with Trustworthy Sensing

BEYOND TRADITIONAL PASSWORD AUTHENTICATION: PKI & BLOCKCHAIN

From Design to Resign: Securing the Electronics Lifecycle

Lord of the Rings J.R.R. TOLKIEN

An Analysis of Delay Based PUF Implementations on FPGA

Privacy and Security in Smart Grids

Security and Privacy Issues In Smart Grid

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

User Authentication. Modified By: Dr. Ramzi Saifan

Ten Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier

Smart Cameras with onboard Signcryption for securing IoT Applications

AIT 682: Network and Systems Security

Authentication. Identification. AIT 682: Network and Systems Security

White-Box Cryptography State of the Art. Paul Gorissen

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)

Security analysis and assessment of threats in European signalling systems?

Atmel Trusted Platform Module June, 2014

Introduction to VANET

Transcription:

SECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS Christoph Krauß, christoph.krauss@aisec.fraunhofer.de Dagstuhl Seminar 11441: Science and Engineering of CPS, November 2011

Overview Introduction Securing CPS Secure embedded systems Secure elements Physical Unclonable Functions (PUF) Background Research at Fraunhofer AISEC Conclusion

Introduction From Embedded Systems to CPS Privacy Non repudiation Confidentiality + Access Control Authenticity + Integrity Required Security Services Sensor µcontroller Actuator ES Bus; Serial IF ES ES ES Internet System Complexity Embedded System (ES) Locally Connected ES Cyber Physical System

Introduction CPS introduce additional risks Former isolated systems are connected to the outside world Legacy systems provide no or little security (cf. SCADA-Systems and Stuxnet Worm) Attacks on the communication between CPS Example: Attacks on Car2X communication Physical access to CPS components enable attacks Example: Smart Meter can be manipulated Compromised embedded systems can be used to mount attacks Send false data to the backend Cars send false data to other cars in a Car2X environment

Introduction Approach at Fraunhofer AISEC Security Analysis of embedded systems used in CPS Develop security concepts for CPS Develop secure embedded systems for CPS Security Analyses in the AISEC Testlab Example: Results of performed attacks on Smart Meter Many critical security vulnerabilities in state-of-the-art Smart Meter found Eavesdropping on plaintext communication, e.g., password, possible Security flaws enabled root-access on Linux-system Access to sensitive material (certificates, secret keys, passwords) Possible to send arbitrary consumption values

Securing CPS Security for CPS Must be integral part from the beginning: Secure by design And during the whole (possibly very long) lifetime: Secure during operation Security mechanisms for CPS Secure embedded systems (focus of this talk) Secure communication Secure services

Secure Elements Example: Smart Meter BSI Protection Profile specifies secure element at least for Smart Meter Gateway Secure Element

Secure Elements Tasks of secure elements Key storage Asymmetric cryptography (signing and encryption) Session key generation Random number generation Access right check Integrity check Attestation Secure data storage Resistance against Hardware attacks!

Secure Elements Resistance to hardware attacks such as Side channel Probing & Forcing Fault Injection

Physical Unclonable Functions (PUF) Alternative or extension to secure elements Issues of storage and use of binary secret keys in secure elements Transfer from one system to another possible Extraction by invasive, semi-invasive or side-channel attacks possible Application on PUFs Authentication ID for Hardware (PUF provides an unique fingerprint of components) Using a PUF to generate the secret key instead of storing it System Integrity

Physical Unclonable Functions (PUF) Idea of PUFs Exploiting unclonable physical characteristics without keeping them secret Measuring an object with an external measurement apparatus Unique Object O Measurement apparatus M O has stable properties P 1, P 2,..., P n upon measurement with M No other object O can be manufactured, showing the same properties Even if all properties are known to an attacker Even for the original manufacturer

Physical Unclonable Functions (PUF) Concept of Weak PUFs Challenge Physical System Response C i S R C i Only few challenges (maybe only one) Only few response bits Quite simple Challenge Response Pair (CRP) behavior

Physical Unclonable Functions (PUF) Security Device NVM Security Device Weak PUF key application key application Security promise: Weak PUFs are harder to read-out invasively than NVM Key is not permanently present Analog measurements performed at disordered Weak PUF Cheap way of device identification without NVM

Physical Unclonable Functions (PUF) Physical Implementation Example: Ring Oscillator PUF Ring oscillator frequencies depend on manufacturing variations Two ROs are compared to obtain a response bit Error correction necessary to cope with noisy physical measurements

Physical Unclonable Functions (PUF) Current Research at Fraunhofer AISEC Side channel analysis of PUFs and Fuzzy Extractors Improving the Quality of Ring Oscillator PUFs on FPGAs Semi-invasive EM Attack on FPGA RO PUFs and Countermeasures Summary Weak PUFs are a special way of generating / storing secret keys Advantages No on-chip NVM necessary Harder to read-out with invasive analyses, tamper resistance possible Disadvantages Error correction necessary (possible attack surface) Methods still based on secret keys and standard cryptography

Conclusion Security for CPS is of paramount importance Secure embedded systems are one basis for secure CPS Special hardware trust anchors adapted to CPS requirements, e.g., PUFs to identify components Separate Secure Elements (i.e. Smartcard Controllers) Integrated Secure Elements Adapted Software components, e.g., Secure Operating Systems to integrate secure elements properly and to provide a secure execution environment. Secure communication Secure services etc.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback