Upload
adneves
View
255
Download
0
Embed Size (px)
Citation preview
8/10/2019 Set Top Box Security.pdf
1/51
Set Top Box
Security
Budapest, September 19, 2010
Zoltn HornkTams JsKristf Kernyi
8/10/2019 Set Top Box Security.pdf
2/51
Outline
SEARCH-LAB Security Evaluation Analysis andResearch Laboratory
Embedded systems
Introduction
Security
Set-Top Boxes
Security solutions
PCB security
Interfaces
Chipset security featuresSmart card security
Demonstration
2
8/10/2019 Set Top Box Security.pdf
3/51
SEARCH-LABintroduction
SEARCH-LAB introduction
8/10/2019 Set Top Box Security.pdf
4/51
Introduction of SEARCH-LAB
SEARCH Laboratoryestablished at theBudapest University of Technology in 1999with the financial help of Nokia Hungary
SEARCH-LAB Ltdestablished in 2002 as aspin-off company to provide professional services
4
8/10/2019 Set Top Box Security.pdf
5/51
Professional activities
SAFECode: Software AssuranceForum for Excellence in Code
Aims:
dedicated to increasing trustin information and communications
technology productsadvancement of proven softwareassurance methods
SHIELDS: Detecting known security vulnerabilities
from within design and development toolshttp://www.shields-project.eu
5
http://www.shields-project.eu/http://www.shields-project.eu/http://www.shields-project.eu/http://www.shields-project.eu/8/10/2019 Set Top Box Security.pdf
6/51
8/10/2019 Set Top Box Security.pdf
7/51
What is an embedded system
Computer systems designed for a specific purpose
As opposed to general purpose systems like PCs
Used where specific computing capability is needed
Limited resources
Input (designated knobs, dials)
Output (directly driving something)
Power (battery? cooling?)
Cheap components (mass production)
Not designed to be upgraded for new service areas
Used literally everywhere on the GlobeRanging from very simple to quite complex systems
Most people have got at least one in their pockets
7
8/10/2019 Set Top Box Security.pdf
8/51
Security challenges of embedded systems
Freedom to tinker?
is your freedom to understand, discuss, repair, andmodify the technological devices you own
The embedded system is sometimes not even theholders property
Works in a hostile environmentIncentive to abuse the device to get more (unpaid)services
Attackers have unlimited time to reverse engineer thehardware and the software of these devices
Cracking an embedded system usually results in lossof profit for the owner (through the services)
8
8/10/2019 Set Top Box Security.pdf
9/51
Security advantages
Developers have full controlof designing thehardware architecture
Developers can use custom designedprocessors/chipsets with enhanced security features
The software can be protected by some kind oftrusted computing solutions
End-to-end securityis harder to crack than security
of open systems
9
8/10/2019 Set Top Box Security.pdf
10/51
Example: Set-Top Boxes
Digital television receiver
Terrestrial, cable, satellite or IPTV
Tuner, demodulator, demultiplexer
Conditional Access (Pay-TV)
Common Interface
Built-in card-reader
Additional features
Hard disk (DVR, PVR)
USB
Network (VOD, Web access)Parental control
10
8/10/2019 Set Top Box Security.pdf
11/51
General model for STB
11
8/10/2019 Set Top Box Security.pdf
12/51
General STB architecture
System-on-Chip (SOC)
Processor core
Some RAM
Some Flash
Embedded controllers for network, USB, etc
Various engines for video decoding, decryption,descrambling, etc
Main SDRAM
Flash memory for firmware
HDD interfaceOther interfaces
12
8/10/2019 Set Top Box Security.pdf
13/51
Attack paths
Attackers prime goal: viewing unsubscribed content
Attack paths
Extract Control Words out of the STB (to distribute)
Inject downloaded CWs directly into own STBExtract recorded programmes from PVR disk
Dump VoD programmes from disk or multicast
To reach this
External or internal interfaces could be eavesdroppedHacked software could be loaded on the STB
13
8/10/2019 Set Top Box Security.pdf
14/51
Securitysolutions
Security solutions
8/10/2019 Set Top Box Security.pdf
15/51
Security solutions
Interfaces
JTAG, RS-232, Smart Card, Infrared, I2C, USB, Ethernet,HDMI, VGA,
Probing resistance
TSOP chips, BGA
Secure signal routingGluing
Chipset security features
System-on-Chip security
Firmware integrity protectionSmart Card Security
Shared secret between the Smart Card and SoC
15
8/10/2019 Set Top Box Security.pdf
16/51
Interfaces
8/10/2019 Set Top Box Security.pdf
17/51
JTAG
Generic test access point for electronic components
Standardized signals, but often custom protocol
Used during
Development
Finalization on the production line
Maintenance at service points
This interface has full control over the component
SoC, other chips
Many gaming consoles have been hacked with the use
of this interfacePossibility to lock it (password protect or disable)
17
8/10/2019 Set Top Box Security.pdf
18/51
Serial interfaces
RS-232Common serial interface
Could be external or internal
Could be used to
Obtain debug information
Initiate firmware upgradeRead out data for finalization on the production line
Smart card
Smart card reader chip usually connected to UART
Infrared
No protectionFull features only known to the programmer whoimplements it
I2C
18
8/10/2019 Set Top Box Security.pdf
19/51
External connections
USB
Widespread interface
Could unlock or bypass security features when correcttoken inserted
Hard to find out which profiles are implemented
EthernetEthernet interface with TCP/IP stack implies the samewell-known weaknesses as it does on PCs
Is the stack well implemented?
Are the servers well implemented?
Is there a firewall?
19
8/10/2019 Set Top Box Security.pdf
20/51
HDD, Display
External or internal file systems
IDE or SATA HDD, USB PVR
File system
File/content encryption
Display interfaces
HDMI
HDMI has a two-way serial interface, like mostdisplay adapter interfaces
HDCP key exchange (master key just cracked)
Device control (e.g. CEC)Could be used for even more purposes
DVI
VGA
20
8/10/2019 Set Top Box Security.pdf
21/51
Probing resistance
8/10/2019 Set Top Box Security.pdf
22/51
Secure component selection
TSOP chips
Easily probed logic analyzer
Easily replaced break-out boards
BGA means a level of physical protectionagainst tapping and probing attacks
In many cases chip identity concealed(grinding)
In some cases special chips used(mixing pins)
22
8/10/2019 Set Top Box Security.pdf
23/51
Secure signal routing
Exposing signal lines is dangerous for
Key components (Flash, RAM)
Any confidential data transmittedin plaintext
An attacker could sniff the data
being sent and receivedAnd could do much more
23
8/10/2019 Set Top Box Security.pdf
24/51
Gluing
Could hide chipidentification string
Hides sensitive signal linesand exposed pins
Makes the removing
process really hardRemoves also top layer ofPCB signal lines
Heat-resistant glue types
Not often used because ofthe high cost
24
8/10/2019 Set Top Box Security.pdf
25/51
Chipset security features
8/10/2019 Set Top Box Security.pdf
26/51
System-on-Chip central units
Provides the majority of the core functions for theembedded device integrated into one chip
Main SoC blocks are
CPU
Memory controllers RAM, Flash
External interface controllers RS-232, Ethernet, USB, IRInternal interface controllers SATA, Smart card, I2C, SPI
Complete MPEG stream processor
Demultiplexing
DescramblingDecoding
A lot of general purpose pins
26
8/10/2019 Set Top Box Security.pdf
27/51
SoC security
Secure unique identity
Unique serial number stored inside the chip duringmanufacturing
Cannot be changed
Secure key storage
Small amount of ROM, RAMHolds the keys for cryptographic operations
Some unique
Others shared
Secure on-chip cryptographic enginesThe core CPU is slow, needs hardware acceleration forcrypto functions
Secure DMA using key in SoC-internal RAM/ROM
27
8/10/2019 Set Top Box Security.pdf
28/51
SoC security II
Antifuses
OTP One Time Programmable memory cells
Can set certain behavior of the chip like forcing flashauthentication
Usually set as the final step of manufacturing
Secure bootloaderBefore booting the firmware
SoC-internal boot code runs, which authenticatesthefirmware before running it or loading it to the RAM
Integrity
Authenticity
Only signed code will start
28
8/10/2019 Set Top Box Security.pdf
29/51
Firmware security
Mandatory AES-256 encryption for the systemsoftware on new STBs
RSA-1024/2048 digital signature
Runtime integrity checking
The SoC checks the integrity of the firmware not just at
boot time but later, in random or pre-set time intervalsAuthenticated flash memory update
Firmware upgrade only from authenticated source
Potentially insecure channel
Therefore signedDowngrade protection (version number is signed alongwith the firmware, lower version will not install)
29
8/10/2019 Set Top Box Security.pdf
30/51
Memory security
Flash security
Authenticated flash image
Write protection
Write Enable pin
Hardware logic in the flash chip (passwords)
Write-protecting certain (boot) sectors of the flashRAM security
Performed by SoC (designated module)
RAM encryption
Transparent for the CPU and authenticated developers
Prevents disassembling the RAM contents after dumping
Source ID monitoring
Acts like a firewall between RAM and SoC cores, onlygranting access to certain areas for certain cores
30
8/10/2019 Set Top Box Security.pdf
31/51
Smart card security
8/10/2019 Set Top Box Security.pdf
32/51
Chipset pairing and protection of link to smart card
ECM is decrypted by the smart card to yield CW
Must be transmitted to SoC for descrambling
Simple serial interface (UART)
Could be sniffed
Encrypted channel between SoC and smart card
SoC and smart card sharea symmetric encryption key,which is unique
Pairing between smart card and chipset (STB, CAM)
Pairing also prevents to use a STB at another contentprovider (protects provider investment)
Similar type of link protection can be used to encryptall communication between smart card and SoC,not just CWs
32
8/10/2019 Set Top Box Security.pdf
33/51
Embedded SystemsSecurity Services
8/10/2019 Set Top Box Security.pdf
34/51
34
SEARCH-LABs Testing Tools
Embedded systems debugging toolsGeneric JTAG and manufacturer-specific evaluation tools
Boundary and parallel scanning
Content analysis of memory chips
Man-in-the-Middle (MiM) analysis and manipulation toolsFlash MiM
Smart card MiM
USB MiM
UART/serial MiM
Flash memory manipulator toolVHDL programmable run-time XILINX logic
Post-processing on a PCVarious reverse engineering tools
Soldering and rework equipment,X-ray microscopy
8/10/2019 Set Top Box Security.pdf
35/51
35
JTAG pin reconstruction based on X-ray images
6 GenIO27 VSS JTClk EMU1
5 GenTest0 JTRst VDDLMM
4 JTDI JTDO EMU0
3 JTM S E MU 0 G en IO 30 M Bu sRx F Bus Rx
2 GenIO26 VSS EarData
1
A B C D E F
8/10/2019 Set Top Box Security.pdf
36/51
36
JTAG test device and its connection
8/10/2019 Set Top Box Security.pdf
37/51
37
Logging board
8/10/2019 Set Top Box Security.pdf
38/51
38
Patch board
8/10/2019 Set Top Box Security.pdf
39/51
39
Phone boots up with patch board
8/10/2019 Set Top Box Security.pdf
40/51
40
Logic analysis environment
8/10/2019 Set Top Box Security.pdf
41/51
41
MiM Flash Manipulator
Flash Manipulator board that is able to switch betweenan original Flash and another one with manipulated content
8/10/2019 Set Top Box Security.pdf
42/51
42
MiM Flash Manipulator
XILINX
RAM
USB Port
PORT
3PORT
2
PORT 1
OriginalFlash
Modified
Flash
Place of theFlash Memory Chip
on the PCB
8/10/2019 Set Top Box Security.pdf
43/51
43
Man in the middle connection
between Flash memory and CPU
8/10/2019 Set Top Box Security.pdf
44/51
44
Capabilities of our MiM Flash Manipulator
VHDL programmable XILINX logic
Fast enough for run-time operation
Logic analyzer capabilities
Programmable triggers
Records up to 2MB of internal bus traffic
Post processing on PC (connected via USB)Flash memory manipulation
Shows original content during boot loaderto bypass integrity checking
Switches to the manipulated flash chip during operation
Arbitrary code can be executed this wayPossibility to run internal testing algorithms
Similar solutions for Smart cards, USB, UART/serialconnections
8/10/2019 Set Top Box Security.pdf
45/51
45
Summary
Attack potential is there
SIM unlocking, IMEI number forgery
Cracked video set-top-boxes (with upgrade guarantee)
Security evaluation of embedded systems require
Laboratory infrastructurePrepared hardware and security professionals
Adequate tools and methods
Research background
Continuous attack technology watch
8/10/2019 Set Top Box Security.pdf
46/51
Demonstration
8/10/2019 Set Top Box Security.pdf
47/51
Target
Generic Set-Top Box off the shelf
Probing security very low
TSOP chips for SoC, RAM, Flash
External signal routing
Chipset security medium
Secure boot
Flash authentication
No flash encryption
No RAM encryption
No run-time integrity checkingContent security low
No smart card pairing
47
8/10/2019 Set Top Box Security.pdf
48/51
Conclusion
8/10/2019 Set Top Box Security.pdf
49/51
Set-Top Box security
If all the security solutions are appliedSecure component selection and signal routing
Secure chipset with
Boot authentication
Flash encryption
RAM encryptionRuntime integrity protection/source monitoring
Authenticated updates
Secure channel (Smart Card pairing with SoC)
Only encrypted Control Words transferred
Display of Smart Card number on screen then hacking a solution is not cost-efficient
Provides a high level of security
49
8/10/2019 Set Top Box Security.pdf
50/51
50
Zoltn Hornk
managing director
8/10/2019 Set Top Box Security.pdf
51/51
Interested for
more?