Upload
heriberto-sears
View
223
Download
0
Tags:
Embed Size (px)
Citation preview
OUTLINE
Introduction
Classification of attacks
Countering attacks
Case Study
2
http://www.hq.nasa.gov/office/ospp/securityguide/images/Cartoons/Computer.jpg
FUNCTIONAL SECURITY MECHANISMS
Cryptographic algorithms, including symmetric ciphers,Public-key ciphers.Hash functions. Network security protocols ( IPSec and SSL )
BUT, they are not tamper proof and do not provide complete security solutions.
4
http://www.flickr.com/photos/aperture_lag/2328240402/
CAUSES OF SECURITY LAPSES
Operations in untrusted environment
Network induced vulnerability
Downloaded software execution
Complex design process
5
http://media.maxim-ic.com/images/appnotes/2033/2033Fig04a.gif
CLASSIFICATION OF ATTACKS Based on functional objectives
Privacy attacks Integrity attacks Availability attacks
Based on agents or means used to launch attack Software attacks Physical or Invasive attacks Side Channel Attacks
6
PHYSICAL AND SIDE CHANNEL ATTACKS
Buffer overflow problem effects can include overwriting stack memory, heaps, and functionpointers
7
SOFTWARE ATTACKS
Physical Attacks Power Analysis attacks Timing attacks Fault Injection attacks Electromagnetic Analysis attacks
http://img133.imageshack.us/img133/6973/intrusiontn3.jpg
COUNTERING SECURITY ATTACKS Specific objectives of the mechanisms
Attack Prevention Attack Detection Attack Recovery Tamper evident design technique
8
COUNTERMEASURES FOR SOFTWARE ATTACKS
The major considerations are :-1. Ensure privacy and integrity of sensitive
code and data during every stage of software execution in an embedded system.
2. Determine with certainty that is a safe from a security stand point to execute a given program
3. Remove security loopholes in software that make the system vulnerable to such attacks
9
Hardware Support Idea is to isolate or restrict secure
memory areas Cryptocell ™
Secure Bootstrapping Operating System Enhancements Software authentication and validation
10
http://www.discretix.com/images/CryptoCellComple.gifhttp://www.discretix.com/images/HWcontext.gif
COUNTERMEASURES FOR PHYSICAL AND SIDE CHANNEL ATTACKS
Physical attack protection IBM 4758 PCI cryptographic adapter
11
It is a comprehensive security solution for SOCs
Foremost and primary objective is to segregate access to sensitive information of a ARM based SOC architecture
CASE STUDY : ARM TRUSTZONE™
13
http://www.windowsfordevices.com/files/misc/arm_trustzone_arch_concept_diag.gif
http://www.arm.com/rximages/21885.gif
http://www.design-reuse.com/news_img2/news16975/arm_trustzone.gif
Trusted Code base Regulates the entire security of entire
system Regulates all security tasks that involves
manipulation of keys Uses demarcation to separate domains
using ‘S-bit’
14
REFERENCES1. Cryptocell™, Directrix
http://www.discretix.com/CryptoCell/
2. ARM TrustZone™ http://www.arm.com/products/security/trustzone/
3. IBM 4758 PCI cryptographic adapter http://www-03.ibm.com/security/cryptocards/
4. ARM DONS ARMOR,TrustZone Security Extensions Strengthen ARMv6 Architecture By Tom R. Halfhill {8/25/03-01}
5. Security in Embedded Systems : Design Challenges,Srivaths Ravi and Anand Raghunathan,NEC Laboratories America,Paul Kocher Cryptography Research,and Sunil Hattangady,Texas Instruments Inc.
15