Embed Size (px)
Citation preview
©2017ArmLimited
MiloschMeriacPrincipalSecurityResearchLead
Modernsecurityformicrocontrollers
ThechallengeofscalingIoT
Gaininguser-trust&keepingit
©2017ArmLimited2
Aboutme&myprojects§ PrincipalSecurityResearchLeadat
ArminCambridge,UK.Specializedonembeddedhardwaresecurity.
§ DevelopedtheArmMBED uVisor,asecurehypervisorforArmCortex-Mmicrocontrollers.
§ BeforejoiningArm,I’vecreatedarangeofopenhardwaredesignsandsoftwaretoolsaroundRF(ID)/BluetoothLowEnergysecurityresearchandelectronicartprojects.
§ Moreinformationonmyprivateprojectsatmeriac.com,Twitter@FoolsDelight &GitHub@meriac. O p e n P C D . o r g O p e n P I C C . o r g
©2017ArmLimited3
X b o x L i n u x C o r e T e a m
B l i n k e n l i g h t sS t e r e o s c o p e
O p e n B e a c o n & S o c i o P a t t e r n s
©2017ArmLimited
Quickintroduction:SecurityresearchatArm
©2017ArmLimited5
CollaborationOpportunitieswithArmResearchSecurity-topicswe'reworkingon
§ Enforcementofdevicepolicieswithhardwaresecurityfeatures,secureprotocolsandinstrumentationofdevicesandnetworks
§ IoT malwaredetection(deviceandnetwork),recoveryfrommalwareandcontainmentofaffecteddevices:fromveryconstraineddevices,throughnetworksuptodatacenters
§ Enablingend-to-endsecurity/privacyarchitectureparadigmsincloudserviceproducts
§ EnablingandpromotingautomatedverificationofArmecosystemproducts
§ Expandingourtoolsforautomatedhypervisorandsystemverification
©2017ArmLimited6
CollaborationOpportunitieswithArmResearchStrategicSecurityProjects
§ Supportnextgenerationsystemsecurityarchitecturesinheterogeneoussystems§ E.g.CHERI,seL4andMirageOS
§ Enablingmemoryauthenticationandencryptionformutuallydistrustfuledge- &cloud-computing
§ Armarchitecturesidechannelevaluationsandmitigations§ Particularlyaroundbranching,speculativeexecution,pipelinesandcaches.
§ Supportcreationofformallyverifiedsecureandsafesystemssoftware§ Improvingourverificationtoolsandformalspecifications.
©2017ArmLimited7
SecurityResearchatArmSummary
SeparationandIsolationMechanisms
Trust,IdentityandProvenance
SideChannels
Specificationsand
Correctness
CryptoPerformance,EmergingCiphers
©2017ArmLimited
Whyismicrocontrollersecurityhard?
©2017ArmLimited9
Systemdesignersmusthaveclearthreatmodelsandactaccordingly.Threatmodelsmustbedesignedintothesystemstartingatsiliconlevel.
Systemdesignersandbuildersmustfindallflaws- attackersonlyhavetofindone.Oldstuffhasoldbugs– wewon’trunoutofentertainmentanytimesoon.
DevicelifetimeThesecurityofasystemisdynamicoveritslifetime.Lifetimesofhomeautomationnodescanbe10+years.
AttacksscalewellTheassumptionofbeinghackedatsomepointrequiresasolidmitigationstrategyforregainingcontrolandsimple,reliableandinexpensiveupdates.Doourdefensesscalewithourattackers?
Assumeyoucan’tpreventbeinghackedValueofbugsisexpressedbyvalue =number_of_installations xdevice_value.Increasedvalueandlargedeploymentsdriveattackers-especiallyintheIoT.Massivelyparallelizedsecurityresearchers&attackersvs.limitedproductdevelopmentbudget&timeframe.
Security+time=comedyIfaproductissuccessful,itwillbehacked
©2017ArmLimited10
Flataddressspacesarecommonformicrocontrollers- resultingfromtheirlackofmemorymanagementunits(MMUs):yetthatdoesnotjustifytheabsenceofprivilegeseparation.
ManyexistingmicrocontrollerslikeArmCortex-M3/M4haveahardwarememoryprotectionunit(MPU)tocompensateforsecurityimpactofmissingMMU.
NoseparationFlatmemorymodelsandavoidanceofMPUsignoresvitalsecuritymodelslike“leastprivilege”.
EscalationFlatmemorymodelsenableescalation&persistenceofexploits:Devicesafetysuffers.Uncontrolledwritingtoflashmemoriesallowspersistentexploitsacrossreboots.
VerificationSecurityverificationimpossibleduetotheimmenseattacksurfaceandlackofsecureinterfacesbetweensystemcomponents.
Flatmemorymodels
Leakage“Allyourbasesarebelongtous”–thankstoleakageofidentitykeysorAPItokensattacksareabletoprogressupthecloudstack.
The80’scalled,andtheywanttheirsecuritymodelback
©2017ArmLimited11
Microcontrollerstoragesecurityisstillhighlydiverseandoftenoriginatesfromcode-readprotection.Yetyourdatamuststaysecret,Keysandfirmwareupdatesmustbesecuredagainsttamperingandrollback.
Malwaremustnotbeallowedtobecomepersistentbyinstallingitselfintoflash.Sendingpeopleouttoresetorevenre-flashpwnd IoT devicesisnotanoption.Wemustensurefordevicerecoverytoscalebetterthanthedeviceattacker.
OutofmemoryAsfunctionalityandwirelessstacksgrow,microcontrollersrunoutcodememory– firmwaredownloadsmustthereforeoftenbebufferedexternallytopreventdevicebricking. Updatemechanismsareoftenvulnerableinpresenceoflocalattackers controllingthepowersupply,glitching CPUsormanipulatingexternallystoreddata.
Datasecurity?Howconfidentareyou,thatyourSRAMiserasedwhenresettingthecopyprotectionfusesonyourmicrocontrollers?Additionallydatacanoftenbeextractedindirectly byusingCPUcoreregisters,bootloaderbugsorbysteppingthroughcode.
Datasecurity,seriously?
SidechannelsleakageMicrocontrollersoftenvulnerabletokey/dataextractionviasidechannelslikepowerorexecutiontime.
Checkyoursecurityassumptions
©2017ArmLimited
Aconsistentsecuritymodel:Privilegeseparationforlow-endMicrocontrollers
©2017ArmLimited13
SecurityforMicrocontrollers?Consistentsecuritymodelsdespitedifferencesinarchitecture
§ CompartmentalizationofthreadsandprocessesonmicrocontrollersconsistentwithMMU-enforcedapplicationCPUsecurity:Privatestackanddatasections
§ Initializationofmemoryprotectionunitbased(MPU)onprocesspermissions:
§ Whitelistapproach– onlyrequiredperipheralsshouldbeaccessibletoeachbox(“LeastPrivilege”)
§ Eachboxmusthaveprivate.bss dataandstacksections
§ Switchexecutiontonon-secureside/app,continuebootunprivilegedtoinitializeOSandlibrariestoreducetheattacksurface
©2017ArmLimited14
MemoryProtectionUnitsonArmCortex-MMicrocontrollers
§ CanpreventapplicationtasksfromcorruptingOSorothertaskdata:Improvedsystemreliabilitythroughhardwaresecurity.
§ Enableconfigurablememoryregions§ Address
§ Size
§ Memoryattributes
§ Accesspermissions
§ OptionalinallCortex-Mandavailableonmost(exceptCortex-M0)
Cortex-M
MEMORY
datafor
taskA
datafor
taskC
datafor
OSkernel
datafor
taskB
I/O#2I/O#1I/O#0
I/O#nMPU
MPUconfiguration
OSkernel(privileged)
task A
taskB
taskC
ARM
©2017ArmLimited15
§ Reduceattack-surfaceoffunction-criticalcodeandincreasebug-resilience
§ Trustedmessagescontaincommands,dataorfirmwareparts.
§ Boxsecuritynotaffectedbycommunicationstackexploits,bugsorinfectionsoutsideoftrustedbox.
§ Payloaddeliveryisagnosticofprotocolstack.
§ Resilientboxcommunicationovertheavailablechannels,protocol-independent:
§ Ethernet,CAN-Bus,USB,Serial
§ Bluetooth,Wi-Fi,ZigBee,6LoWPAN
Usecase:Secureoutboundcommunication
Exposedboxwithcommunicationstack
DecryptandverifyusingDTLS
GAP
Securedandtrusteddeviceprocess
GATT
AP
BLELL
TrustedboxwithoutcommunicationStack
OpaqueBlock
Commands,Data,
FirmwareBlob
Opaque
BluetoothCommunication
Stack
Expo
sedAp
plicationCo
de
IoT Deviceownedbyuser.InitialidentityprovisionedbySystemIntegratorMessagesdeliveredagnosticofcommunicationstack
©2017ArmLimited16
§ CommunicationprotectedusingTLS.
§ Rawmessagepayloadsdecryptedandverifieddirectlybyprotectedcode:
§ TLSprotocolboxnotexposedtocommunicationprotocolstackbugs.
§ Nointerferencebyotherboxes.
§ Client-authenticationandencryptionkeysareprotectedagainstmalware,key-extractionandidentitytheft.
§ Device-malwarecannotinterferewithoutknowingencryption- orsigning-keys.
Usecase:Secureservercommunication&Deviceidentity
Exposedboxwithcommunicationstack
DecryptandverifyusingDTLS
TLSboxhandlesonlytheSSLprotocol
OpaqueBlockOpaque
InitialkeysprovisionedbySystemIntegrator.Messagesdecodedindependentofstacksusingmbed TLSinseparatesecuritycontext
Expo
sedAp
plicationCo
de
DecryptionKeys
DecryptedBlockDecrypted
IPStack,WirelessStack
©2017ArmLimited17
Usecase:Secureremotefirmwareupdate
Exposedboxwithcommunicationstack
GAP
GATT
AP
BLELL
BluetoothCommunication
Stack
FlashinterfaceboxprotectedbymbeduVisor–withoutowncommunicationstack
Custom
App
licationCo
de
OpaqueBlock
IoTdeviceownedbyuser,InitialidentityprovisionedbySystemIntegrator,Messagesdeliveredindependentofstacks
Firmwareupdateblocks
FW005
FirmwareUpdateImage
SecureStorage,FirmwareUpdateBlocks
Re-flashUntrustedApplicationUponCompletion
Opaque
Securedandtrusteddeviceprocess
DecryptandverifyusingDTLS
§ Deliveryoffirmwareupdatemustbedecoupledfromaprotocol-independentfirmwareimageverification
§ Bugsincommunicationstacksorcloudinfrastructuremustnotcompromisethefirmwareupdate:
§ End-to-endsecurityforfirmwareupdatesbetweenthefirmwaredeveloperandthesecurebox
§ Secureboxonthedevicehasexclusiveflash-write-access
§ BoxwithflashcontrollerACLsonlyneedsthepublicupdatekeytoverifyvalidityoffirmware.
§ Localmalwarecan’tforgeavalidfirmwaresignaturetothefirmwareupdatebox,therequiredprivatefirmwaresignaturekeyisnotinthedevice.
©2017ArmLimited18
Usecase:ControlledmalwarerecoveryDevicescanberemotelyrecoveredfrommalware:
§ Enforcedcommunicationthroughtheexposedsidetotheserver.
§ ThankstoflashcontrollerACLrestrictions,malwarecannotmodifymonitorcodeorinstallitselfintonon-volatilememories.
§ Receivelatestsecurityrulesandvirusbehaviourfingerprintsfordetection.
§ Sharedetectedpatternfingerprintmatcheswithcontrolserver
§ Distributeddetectionofvirusesandliveinfrastructureattacks.
Whencommunicationwithserverbreaksforminimumtime:§ Disambiguationfromnetworkfailure:Partsofthedevicestackareresettoaknown-goodstate.
§ Device-rebootpreventsmalwarefromstayingpersistentonthedevice.
§ Deviceswitchestoasafemodeafterboottoruleoutnetworkproblemsortoremotelyupdatethefirmwareifneeded– andcontinuesoperation.
https://commons.wikimedia.org/wiki/File:Biohazard.svg
©2017ArmLimited19
OptionalsecurityextensionfortheArmv8-Marchitecture
§ DramaticallysimplifiedsecuritymodelforSafety-criticaldevicecode
§ NewsecurityarchitecturefordeeplyembeddedCortex-Mprocessors
§ Bettercontainerisationofsoftware:Simplifiedsecurityassessmentofembeddeddevices
SimilarandcompatibletoexistingTrustZonetechnology
§ Newarchitecturetailoredforembeddeddevices
§ Addsnewsecuritydomainswithvisibilityonsystem/buslevel–enablingsecurity-awareperipherals,untrusteddriversandsecureDMA.
§ PreserveslowinterruptlatenciesofArmCortex-M
§ Provideshighperformancecross-domaincalling
Outlook:ArmTrustZone TechnologyforMicrocontrollersBringingArmsecurityextensionstotheembeddedworld
©2017ArmLimited20
ApplyingArmTrustZonetoCortex-MMicrocontrollers
§ Armv8-MarchitectureintroducedwithupcomingCortex-M23andCortex-M33microcontrollers
§ Extendshardwaresecurityfeaturestosystemlevel§ Security-awareDMAperipheralsanddebugging§ Securityextendedtomemoriesandperipherals
throughbusfilters§ Memoryprotectioncontrollers(MPC)§ Peripheralprotectioncontrollers(PPC)
§ CPUcanruninsecureandinnon-securestates,withvisibilityforallbusperipherals
§ Efficientandprivacy-enabledtransitionsbetweenthetwosecuritymodes
§ Twoinstancesoftheinterruptvectortable,oneforexclusiveuseonthesecureside.
§ Stackoverflowprotection Secureregions
Non-secureregions
©2017ArmLimited
ScalingSecurity:MovingtowardsanIoT ImmuneSystem
©2017ArmLimited22
MovingtowardsIoT ImmuneSystemsOverview
• Detection
– NodeInstrumentation&BehaviourSensors
– FingerprintingNodeBehaviourandSystemNetworkTraffic
• Management
– Bigdataanalysisofsystembehaviouroverallcustomersofa“SecurityasaService”providertoweedoutfalsepositivesandtoestablishabaselinefordevicebehaviour
– Live&Continuous“SystemHealthCheck”
– Isolation,Containmentandre-flashingofinfectedNodes:“IoTImmuneSystem”
• Prevention,Removal&Containment
– ImmunizationofSystem– identifyLoopholesbyusingstatisticalanalysis(DeviceTypes,Firmwareversions,SystemEvents,ProgramExecutionPatterns,TrafficPatterns)ofeventsleadinguptoaninfection.
– Blockknow-malicioussignaturesonnetworkboundariesusingcentralizedblockliststoprotectoutdateddevices.
©2017ArmLimited23
IoT ImmuneSystemInstrumentationRequirementsforIoT NodeMalwareDetection&Removal
NodeInstrumentation• CPUlevelsensors:
– ProgramCounter&Performancecountersstatistics
– DetectionofCode/Dataaccesspatterns
– Debug-Interfaces(CoreSight TMCetc)
• StandardizedBoardlevelsensors&protocols
– CPU/BoardPowerconsumptionpatterns
– Inbound/Outboundtrafficclassification/density
– Intrusionsensors(Housing,LightSensors,Chipleveletc.)
– Hardwarerevision,ProductID,ManufacturerandFirmwareversionofthedevicevisibletologserver
– Accelerationsensorstodetectmovement/vibrationsresultingfromphysicalattacks
ImplementationDetails• Die-Sensorsorexternalwatchdogsmeasuresystembehaviour
• Signinternal/externalmeasurementsplustimestampsandstoreincryptographicledger– canbestoredinlocalnetworkorinofflinestorageifneeded.
• EstablishdistributedTrafficSensorsformeasuringTrafficdensityanddirection– toenableprotectionwithinthe(mesh)network.
• Signed/Encryptedpacketswithtraffic/behaviourobservationsaresentbacktocentralizedlogservers(localandremote)
• Feedsigned/encryptedbehaviourmeasurementsbacktoApplicationCPUwhichisresponsibleforsendingthemeasurementsbacktocentralizedservers.
• Non-Compliantapplicationsarereset/re-flashediftheycan’tprovemessagedeliverycryptographicallyusingcrypto-watchdogmethodologies.
©2017ArmLimited24
IoT ImmuneSystemInstrumentationNetworkLevelImmuneReactions&Recovery
Noderequirements• Abilitytoisolate/quarantinenodesbychanging/revokingaccesskeysandtunnellingtraffictoacontrolhost(logserver?)
• Incaseswherenodefunctionalityiscritical,wemustenableinfectednodeoperation– butmaintainnetworkQoS andprotectinternalandexternalhosts.
• Abilitytoreset&re-flashnodeswirelessly– evenassumingamaliciousapplicationontheNode.
• StandardizeFOTAfileformatsandnetworkprotocols
• Preventfirmwaredowngradeattacksofnodes,withoperationalexceptionsrevertingtopreviouslyusedfirmwareversionoveralimitedtime.
• “SecurityasaService”providercanonlypushnode-vendor-signedFirmware– “LeastPrivilege”
• EstablishWatchdog-StyleFOTAtoexternallyenforcefirmwareupdateofinfectedsystemsremotely.
ImplementationDetails• FOTArequirementsincludingpolicyenforcementanddowngradeprotectionarealreadyaddressedinthelatestFirmwareManifestFormat.WestartedanIETFstandardizationprocessalready.
• Isolationofnodescanbeachievedbyimplementingsoftwaredefinednetworkingprotocols.
– InthemostsimplecasenetworkscanbepartitionedviaVirtualLANID’s(VLANID)– whicharecommonlysupportedbymanagedrouters.ItmightmakesensetoextendtheconceptofLayerVLAN’stomeshnetworks.VLANID’scanbeusedEnd-to-EndbetweenMeshRouterandcloudarchitecturebyusingL2TP.
– Intheadvancedcasethe(wireless)networkappliesmultipleencryptionkeystosegmentthenetworkandtoenforcedistinctpolicies.
• SecureWatchdogforremoterecoveryfrommalwareinfection.
©2017ArmLimited25
IoT HealthServicesHealthasaservicefortheinternetofthings
DataProcessing• ReceivelossyaggregateddatafromNodeandNetworksensors.
• Toprotecttheusersprivacy,pre-aggregation/anonymizationoftraffic-activitypatternsshouldbedoneinthelocalnetwork(edgerouteretc.)
• CorrelatesensorDataacrosssimilardevicesandsimilarFirmwarerevisions
• Detectunusualpatternsindataflows(forexampleanIoTsensoractivelyscanningtheextendednetworkforvulnerabledevices)– especiallyinwirelessmeshnetworks
• Bigdataanalysisacrossallservicecustomerstoweedoutfalsepositives.Behaviouralchangesduetodifferentfirmwarerevisionscanbedetectedmorereliably
• Easiertodetectunusualpatternsinlargerdatasetsduetomoredataondeviceswithsimilarconfiguration
Actionstaken• TriggerNetworkimmunereactionsdependingoncalculatedlikelihood
• OptionallyallowtheHealthServicetotakeactiononyourbehalf(triggerfirmwareupdate,isolatenodesetc.).
• Optionallydisambiguatesecuritywarnings(Incidentsoflowerlikelihood)byhumanoperatorsforpremiumcustomers– andtakeextendedactionifnecessary.
• AfteridentifyingInfectionVectors,distributetraffic/behavioursignaturesfordeviceswithoutpatches
• Enforcepoliciessodeviceswithunpatcheddevicescanonlybereachedbyfiltereddata(keepingthemfunctional,butsafeathigherlatencies– RemoteMan-In-Themiddlefirewall/DPI).
• Runfiltersattrustedborderroutertoprotectcustomersprivacy.Afteraninfectionisdetected,customergetschoicetoinvolvecloudserviceintorecoveryefforts.
©2017ArmLimited26
TrustingIoT HealthServicesEdgeComputingAppliancesforResilienceandUserPrivacyProtection• Objective
– Establishtrustedcloudcomputingappliancesthatwillbedeployedtothelocalnetworkforgreateravailabilityandtrust.Appliancescanbeassimpleashardenedroutersrunningsimplesoftwareprocessorhigh-endtamper-proof19”rackservers.
– EstablishTrustedExecutionEnvironment(TEE)boxesthatcanberemotelyprovisioned(cloudorowner)– hardenedagainstlocalphysicalattacks(coldbootattacks,maliciousboardlevelmodifications&attacks)
– Cloudservicescanpushdownlow-latencyjobs,computationtasks,machinelearning,applicationofmachinelearnedmodelsorformirroringdataspeculativelyfromortothelocalnetwork.
– Platformguaranteesintegrityandsecurityacrossmultipleapplications/VM’srunningonthedeviceandprotectsagainstuserstamperingwiththedevicelocally(exfiltrationofdata,changingbehaviouretc.)
– Increasetheresilienceofcloudapplications:Corefunctionalityofacloudapplicationcanworkwithoutnetworkconnectivity.SeeAmazonAWSGreengrass asbest-practiceexampleforaccessiblecomputeattheedge.
– SupportlowpowerdeviceswithtrustedcomputingresourcesasimportanttaskscanbemigratedtoAC-poweredapplianceinthelocalnetwork.
• HardwareSecurityRequirements
– Encryptandauthenticateexternalmemoryinterfaces(DDRAM,Flash)foroperationinmutuallydistrustfulenvironments
– EstablishhardwarerootoftrustbacktotheSoC-manufacturertopreventemulation-attacks
©2017ArmLimited27
IoT ImmuneSystem&HealthServicesSummary• ReduceComplexityofthelocalsystem/networksecuritytostandardized sensorsand
ImmuneReactionInterfaces.
• EnableBig-DataSecurityAnalysisofMalwaredetectionsensors– reducenoisebycomparingsimilardevicesacrossallcustomerswhilepreservingthecustomersprivacy.Detectinfectionvectorsstatisticallybycomparingcommonalitiesofdifferenthostsrunningthesamefirmwaretoestablishbaseline
• Monitorspreadofmalwareandinferinfectedhostsfromhistorictrafficmetadatatocoordinatenodeisolation.
• Aggregatedanalysisincloudservicesallowscontinuousimprovementofsecurityrules.Theserulescanbeexportedbacktoedgecomputingnotesforgreaterprivacyandresilience.
• Rules/filterswhichareverifiedincloudservicescanbeenforcedwithlowoverheadatmeshleveltopreventlocalspreadingofmalware.
©2017ArmLimited28
Questions&FurtherReading§ [email protected] withyour
questionsandsuggestions.We’rehiring– pleasesendmeamail!
§ TheARMIoT SecurityManifesto, describinganIoT ImmuneSystem:https://pages.arm.com/iot-security-manifesto.html (Setofwhitepapers)
§ TheArmPlatformSecurityArchitecture:https://developer.arm.com/products/architecture/platform-security-architecturehttps://pages.arm.com/PSA-Building-a-secure-network.html (Whitepaper)
§ High-EndSecurityforLow-EndMicrocontrollers:Hardware-SecurityAccelerationonArmv8-MSystemshttps://doi.org/10.5281/zenodo.571159 (Slides)https://doi.org/10.5281/zenodo.571158 (Whitepaper)
2929
ThankYou!Danke!Merci!谢谢!ありがとう!Gracias!Kiitos!감사합니다धन्यवाद
©2017ArmLimited
3030 ©2017ArmLimited
TheArmtrademarksfeaturedinthispresentationareregisteredtrademarksortrademarksofArmLimited(oritssubsidiaries)intheUSand/orelsewhere. Allrightsreserved. Allothermarksfeaturedmaybetrademarksoftheirrespectiveowners.
www.arm.com/company/policies/trademarks
