Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Embedded Security
VO Embedded Systems Engineering
Armin Wasicek
Why security? Number of network based
attacks is ever increasing
Hacking is profitable and it is difficult to get caught.
Currently a shift from „spare time hacking“ to organized crime is observable
2 18.12.2012 Embedded Security
Why Embedded Security?
Number of embedded
systems is increasing
Embedded systems
are ubiquitious
Incorporate
• useful information and
• valuable services
3 18.12.2012 Embedded Security
Emerging Security Requirements
Connectivity
Increasing number of devices is connected to a larger network
Vision of the “Internet of Things”
Extensibility
Updating software
Plugging in additional components
Complexity
Demand for increased functionality
Non–functional constraints
Operation in Untrusted Environment
even the owners of a system can present a security risk
4 18.12.2012 Embedded Security
Security definitions,
classifications, and
taxonomies
18.12.2012 Embedded Security 5
General security definitions
”Computer security is the process of ensuring confidentiality, integrity, and availability of computers, their programs, hardware devices, and data. Lack of security results from a failure of one of these three properties.”
Security is a system property. Security is much more than a set of functions and mechanisms. IT security is a system characteristic as well as a set of mechanisms that span the system both logically and physically.
NIST
McGraw-Hill
6 18.12.2012 Embedded Security
Security, in an objective sense, measures the absence of threats to acquired values, in a subjective sense, the absence of fear that such values will be attacked.
Arnold Wolfers
Security: Primary Attributes
Confidentiality [ disclosure] Assets are accessible for reading, copying, locating only by
authorized parties.
Integrity [ deception] Assets are accessible for reading, copying, locating only by
authorized parties.
Availability [ DoS] Assets are ready for correct service for authorized users
7 18.12.2012 Embedded Security
Security: Secondary Attributes
Accountability availability and integrity of the person who performed the operation
Authenticity integrity of a message content and origin, and possibly of some other
information, such as time of emission
Non-repudiability availability and integrity of the identity of the sender or receiver of a
message
8 18.12.2012 Embedded Security
Relationship Safety - Security
Safety Characteristics
Protection against unintended changes within the system
Absence of catastrophic consequences of faults
Safety boundaries ensure availability and independent behavior in case of failures
Strongly related to fault containment and tolerance
Security Characteristics
Protection against unauthorized modifications of the system
Access policies strive to contain intrusion attempts
Security protocols ensure that data flows are secure
Security unifies technical, organizational, political, financial, and legal aspects
9 18.12.2012 Embedded Security
Relationship Dependability - Security
10 18.12.2012 Embedded Security
Pathology of Faults
Fault Cause of error
Error Unintended system state
Failure Deviation of actual from intended service
11
fault error failure
System boundaries
18.12.2012 Embedded Security
Propagation of Security failures
In a safety-critical systems a failure has catastrophic consequences
Propagation from the security domain to the safety domain:
Unintended behavior of a system is caused by a previous intrusion
AVI chain illustrates this propagation
intrusion error
attack
hacker,
designer,
or operator
failurevulnerability
System boundaries
Attack Interaction fault / Intrusion attempt
Vulnerability Weakness in the system
Intrusion Malicious, externally induced fault
12 18.12.2012 Embedded Security
Classification of counter measures
Any particular security mechanism falls into one (or more)
of these broad categories
13 18.12.2012 Embedded Security
Incident
1.Attackers
Hackers
Spies
Terrorists
Corporate
Raiders
Professional
Criminals
Vandals
Voyeurs
7.Objective
s
Challenge,
status, thrill
Political gain
Financial gain
Damage
Attack
3.Vulnerabi
lity
Configuration
Implemen-
tation
Design
2.Tool
Physical
Attack
Information
Exchange
User
command
Script or
program
Autonomous
agent
Toolkit
Distributed
tool
Data tap
6.Unauthori
zed Result
Increased
access
Disclosure of
information
Corruption of
information
Denial of
service
Theft of
resources
Security Incident Taxonomy
Event
4.Action
Probe
Scan
Flood
Authenticate
Bypass
Spoof
Read
Copy
Steal
Modify
Delete
5.Target
Account
Process
Data
Component
Computer
Network
Internetwork
Click to continue…
14 18.12.2012 Embedded Security
Vulnerability Life Cycle
0. vulnerability birth
1. discovery: exploit
available to private groups
2. announcement: exploit
available to public
3. popularity: used by the
masses
4. patch available
5. patch applied
15
discovery1
2 announcement
3 popularity
4 patch available
5 patch applied
risk
time
"Penetrate and Patch" is not that it makes your system better by design, rather it merely makes it toughened by trial and error.
18.12.2012 Embedded Security
Some key security issues
Information Security is not only a technical problem
Insufficient security awareness
Lacking experience in risk management
No or weak security policies
Security measures should be taken on all stages
16 18.12.2012 Embedded Security
Implementing security
How to implement security?
Partition the users in groups, assign roles
Introduce asymmetry between users
„In a system where everyone is allowed to do
everything, conflicts are foreseeable.“
18 18.12.2012 Embedded Security
Security Policies
• Origins from the military: Bell-LaPadula
• Integrity models are mostly
domain-specific
• Other common policies:
• Discretionary Acess Control (DAC)
• Mandatory Acess Control (MAC)
• Role-based Acess Control (RBAC)
18.12.2012 Embedded Security 19
A security policy is a high-level specification of the security properties that a given system should possess.
TOP SECRET
SECRET
CONFIDENTIAL
OPEN
write-up
read-down
Asymmetry
Use ‚hard to guess‘ problems to achieve asymmetry
uniform distribution of bits in ciphertexts (AES, …)
discrete logarithm problem (RSA, DSA, ECC,…)
Cryptographic ciphers forge these problems in executable
algorithms and schemes
18.12.2012 Embedded Security 20
Security Protocols
Key agreement and exchange (Diffie-Hellman, IKE, …)
Authentication (HMAC, Kerberos, …)
Confidential data transport (SSH, SSL, IPSec, …)
Non-repudiation (DSA, RSA-SHA1, …)
A protocol describes how the algorithms should be used.
21 18.12.2012 Embedded Security
Cryptography
Cryptography is the science and art to design ciphers
Cryptanalysis is the science and art of breaking them
Cryptology is the study of both.
Encryption is the process to transform to
convert a plaintext to a ciphertext under a
certain secret parameter (key).
The reverse process is called decryption.
plaintext plaintextencryption decryption
key1 key2
ciphertext
Cryptography provides the tools, that underlie most modern security protocols.
22 18.12.2012 Embedded Security
Attacks on Cryptosystems
Attack Prerequisites Attacker‘s goal
Ciphertext–only set of ciphertexts, encrypted with the same cipher.
plaintext or key
Known–plaintext set of cipher texts and their corresponding plaintexts
key or algorithm
Chosen–plaintext or Adaptive-chosen-plaintext
Cryptographic device and can input arbitrary plaintexts and read the device’s output
duplicate the device
Chosen–ciphertext set of ciphertexts, can decrypt them without knowing the key
plaintext or key
Using violence physical violence, blackmailing, kidnapping, threatening, etc.
anything
23 18.12.2012 Embedded Security
Example: Digital Signatures
18.12.2012 Embedded Security 24
Sender Receiver
Attacker
channel
message
manipulate
Attacker model: e.g., Dolev-Yao: ‚the attacker carries the message‘
Extend message with security tag
Transmit a message an a way
that the attacker cannot modify
its contents.
Integrity of contents
Confidentiality of keys
Encrypt - Sign Decrypt - Verify
Example: Digital Signatures
Consists of
Key generation
Signing operation
Verifying operation
“Plain” RSA signatures are not secure, require a combination with a padding scheme, e.g., RSA-PSS.
25 18.12.2012 Embedded Security
Design principles (1)
Introduced 1975 by Saltzer and Schroeder
Least Privilege: A subject should be given only those privileges
necessary to complete its task.
Fail-Safe Defaults: E.g. a permission-based approach: Unless a
subject is given explicit access to an object, it should be denied
access to that object by default.
Economy of Mechanism/Simplicity: A security mechanisms should
be as simple as possible.
Complete Mediation: Accesses to objects are checked to ensure
that they are allowed.
26 18.12.2012 Embedded Security
Design principles (2)
Open Design: Security should not depend on the secrecy of
its design or implementation.
Separation of Privilege: A system should not grant
permission based on a single condition.
Least Common Mechanism: Mechanisms used to access
resources should not be shared.
Psychological Acceptability/Easy to use: Security
mechanisms should not make the resource more difficult to
use than if the security mechanisms were not present.
27 18.12.2012 Embedded Security
Design challenges for
embedded security
Embedded Systems Security
Security violations can have catastrophic consequences
regarding the environment, human life and cost.
Embedded systems pose restrictions on cost, real-time
performance, power consumption and physical security.
Security applications in Embedded Systems:
29
─ Support new business models (DRM)
─ Personalization/Identification
─ Legal obligations
─ Software updates
─ Theft prevention
─ Access control
18.12.2012 Embedded Security
Key Problems in Embedded Security
Numerical problems require high computing power
• E.g., modular exponentiation operation as used in RSA:
Random number generation
• Needs a source of entropy (keyboard strokes or mouse moves)
• In low-end diskless embedded platforms it becomes
increasingly difficult to gather any random material at all
• Initialization file containing 1024 true random bytes used as a
seed for a pseudo-random generator
• Collect random information from the environment
NKC e mod
30 18.12.2012 Embedded Security
Integrity Attacks Privacy Attacks Availability Attacks
Electromagnetic
Analysis
Power Analysis
Fault injection
Timing Analysis
Virus
Trojan HorseMicroprobing
Eavesdropping
Fu
nct
ion
al
Cla
ssif
icat
ion
Ag
ent-
bas
ed
Cla
ssif
icat
ion
Physical Attacks
Side-Channel Attacks
Software Attacks
Embedded System
Attacks
31 18.12.2012 Embedded Security
Embedded Security Pyramid
32
To ensure security in an embedded system, address the problem at all abstraction levels.
18.12.2012 Embedded Security
Design Challenges for secure ES
Processing gap increased computational demand of security processing.
Battery gap energy consumption overheads of supporting security is very high
Flexibility execute multiple and diverse security protocols
Tamper resistance withstand physical attacks
Assurance gap reliable operation despite attacks from intelligent adversaries
Cost increases with the number of integrated security measures
33 18.12.2012 Embedded Security
Solving these challenges
Perform rigorous security engineering method
Focus on key threat scenarios
Introduce security early in the specification and design
Research on suitable schemes and algorithms
Follow secure coding guidelines
Use specialized hardware support
18.12.2012 Embedded Security 34
Example: AES Performance
Diagram shows throughput
of an AES implementation in
software and hardware on a
microcontroller.
Introducing encryption in an
embedded application
requires additional resources
35
Embedded Controller AES in Mbps Ethernet 100Mbps
WLAN 54Mbps
UART 0,1Mbps
USB 12Mbps
J. Wilbrink, D. Nativel, T. Morin, "Networked Networks and Embedded Microcontroller Architectures", Information Quarterly, Vol. 4(4), 2005
18.12.2012 Embedded Security
Example: AES Energy efficiency
10-6
10-5
10-4
10-3
10-2
10-1
100
101
102
0.18 micron CMOS
Virtex-II Pro FPGA
Feedback
Virtex-II Pro FPGA
Feedback Fault
detection
Virtex-II Pro FPGA
Feedback Fault
tolerance
Virtex-II Pro FPGA
Non Feedback
Hand-optimized Assembly code On Pentium II
C Sparc
Java K virtual machine
Sparc
Gigabits per joule
ASIC
FPGA
Processor
W. Burleson, T. Wolf, R. Tessier, W. Gong,
G. Gogniat, “Embedded System Security:
A Configurable Approach”, DHS 2005
36 18.12.2012 Embedded Security
Tamper Resistance
Tamper-evidence is to
provide evidence that an
attack has been attempted, e.g. security seals, using special covers, or enclosures.
Tamper-resistance is to provide passive protection against
an attack, e.g., scrambling of bus lines and memories or use special logic styles.
Tamper-responsiveness is to provide an active response to the
detection of an attack: e.g., zeroisation, deletion of all security relevant data (e.g. keys).
37
AttackAttack
prevent ion
Tamper
ev idence
At tack
detect ion
At tack
recovery
t
18.12.2012 Embedded Security
Examples and concluding
remarks
Information Security Economics
Economic considerations of security are at least as
important as the technical ones.
Risk: the chance a risk event will occur and the
loss or harm resulting from the occurrence.
Security management consists of its risks and its
risk mitigation measures
Return On Investment (ROI): identify security measures yielding a positive return Cost To Break (CTB): lowest expected cost for anyone to discover and exploit a vulnerability
39 18.12.2012 Embedded Security
Exemplary cases
Heart pacemaker:
• wireless access to a combination heart defibrillator and pacemaker
• shut down and deliver jolts of electricity that would potentially be fatal
• manipulating signals from the tiny wireless radio that had been embedded
in the implant as a way to let doctors monitor and adjust it without surgery.
Nuclear plant :
• shutdown after two water recirculation pumps failed.
• An investigation found that the controllers for the pumps locked up due to a
flood of computer data traffic on the plant's internal control system network.
ATM Skimming:
• iniature debit card reader, which scans the card's magnetic strip, and a
video camera that records the PIN number when it is entered.
40 18.12.2012 Embedded Security
Exemplary cases
Wastewater incident:
• In March 2000, a former consultant to a waste water plant in
Maroochy Shire, Queensland, Australia, accessed the control system
of the plant and released up to 1 million Liter of sewage into the
surrounding waterways.
Automotive hacking:
• Researchers access the automotive Controller Area Network (CAN)
network via the On–Board Diagnostics (OBD) port
• Override the driver and adversarially control functions like disabling
the brakes, selectively braking individual wheels on demand, and
stopping the engine.
41 18.12.2012 Embedded Security
Stuxnet:
• The Stuxnet computer worm infected in 2010 industrial software
and equipment.
• The worm strives to propagate through the Supervisory Control
and Data Acquisition (SCADA) system to the Programmable
Logic Controller (PLC)s deployed in factory floors, military
installations, chemical and power plants.
• Reprogamming of these devices by sending program code to
the infected machines.
Exemplary cases
42 18.12.2012 Embedded Security
Summary
Embedded systems have stringent resource constraints, therefore
solutions for Desktop PCs cannot be simply transferred.
Embedded security must be solved at all levels of the pyramid
Security is achieved by exploiting asymmetry
Follow proven design principles
Learn from documented security incidents
43 18.12.2012 Embedded Security
ENDE
Danke für die Aufmerksamkeit!
18.12.2012 Embedded Security 44