SECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS Christoph Krauß, christoph.krauss@aisec.fraunhofer.de Dagstuhl Seminar 11441: Science and Engineering of CPS, November 2011
Overview Introduction Securing CPS Secure embedded systems Secure elements Physical Unclonable Functions (PUF) Background Research at Fraunhofer AISEC Conclusion
Introduction From Embedded Systems to CPS Privacy Non repudiation Confidentiality + Access Control Authenticity + Integrity Required Security Services Sensor µcontroller Actuator ES Bus; Serial IF ES ES ES Internet System Complexity Embedded System (ES) Locally Connected ES Cyber Physical System
Introduction CPS introduce additional risks Former isolated systems are connected to the outside world Legacy systems provide no or little security (cf. SCADA-Systems and Stuxnet Worm) Attacks on the communication between CPS Example: Attacks on Car2X communication Physical access to CPS components enable attacks Example: Smart Meter can be manipulated Compromised embedded systems can be used to mount attacks Send false data to the backend Cars send false data to other cars in a Car2X environment
Introduction Approach at Fraunhofer AISEC Security Analysis of embedded systems used in CPS Develop security concepts for CPS Develop secure embedded systems for CPS Security Analyses in the AISEC Testlab Example: Results of performed attacks on Smart Meter Many critical security vulnerabilities in state-of-the-art Smart Meter found Eavesdropping on plaintext communication, e.g., password, possible Security flaws enabled root-access on Linux-system Access to sensitive material (certificates, secret keys, passwords) Possible to send arbitrary consumption values
Securing CPS Security for CPS Must be integral part from the beginning: Secure by design And during the whole (possibly very long) lifetime: Secure during operation Security mechanisms for CPS Secure embedded systems (focus of this talk) Secure communication Secure services
Secure Elements Example: Smart Meter BSI Protection Profile specifies secure element at least for Smart Meter Gateway Secure Element
Secure Elements Tasks of secure elements Key storage Asymmetric cryptography (signing and encryption) Session key generation Random number generation Access right check Integrity check Attestation Secure data storage Resistance against Hardware attacks!
Secure Elements Resistance to hardware attacks such as Side channel Probing & Forcing Fault Injection
Physical Unclonable Functions (PUF) Alternative or extension to secure elements Issues of storage and use of binary secret keys in secure elements Transfer from one system to another possible Extraction by invasive, semi-invasive or side-channel attacks possible Application on PUFs Authentication ID for Hardware (PUF provides an unique fingerprint of components) Using a PUF to generate the secret key instead of storing it System Integrity
Physical Unclonable Functions (PUF) Idea of PUFs Exploiting unclonable physical characteristics without keeping them secret Measuring an object with an external measurement apparatus Unique Object O Measurement apparatus M O has stable properties P 1, P 2,..., P n upon measurement with M No other object O can be manufactured, showing the same properties Even if all properties are known to an attacker Even for the original manufacturer
Physical Unclonable Functions (PUF) Concept of Weak PUFs Challenge Physical System Response C i S R C i Only few challenges (maybe only one) Only few response bits Quite simple Challenge Response Pair (CRP) behavior
Physical Unclonable Functions (PUF) Security Device NVM Security Device Weak PUF key application key application Security promise: Weak PUFs are harder to read-out invasively than NVM Key is not permanently present Analog measurements performed at disordered Weak PUF Cheap way of device identification without NVM
Physical Unclonable Functions (PUF) Physical Implementation Example: Ring Oscillator PUF Ring oscillator frequencies depend on manufacturing variations Two ROs are compared to obtain a response bit Error correction necessary to cope with noisy physical measurements
Physical Unclonable Functions (PUF) Current Research at Fraunhofer AISEC Side channel analysis of PUFs and Fuzzy Extractors Improving the Quality of Ring Oscillator PUFs on FPGAs Semi-invasive EM Attack on FPGA RO PUFs and Countermeasures Summary Weak PUFs are a special way of generating / storing secret keys Advantages No on-chip NVM necessary Harder to read-out with invasive analyses, tamper resistance possible Disadvantages Error correction necessary (possible attack surface) Methods still based on secret keys and standard cryptography
Conclusion Security for CPS is of paramount importance Secure embedded systems are one basis for secure CPS Special hardware trust anchors adapted to CPS requirements, e.g., PUFs to identify components Separate Secure Elements (i.e. Smartcard Controllers) Integrated Secure Elements Adapted Software components, e.g., Secure Operating Systems to integrate secure elements properly and to provide a secure execution environment. Secure communication Secure services etc.