cryptography basics for embedded developers embedded
play

Cryptography basics for embedded developers Embedded Linux - PowerPoint PPT Presentation

Mar 17, 2023 •159 likes •417 views

Cryptography basics for embedded developers Embedded Linux Conference, San Diego, 2016 "If you think cryptography is the solution to your problem, then you don't understand your problem " - Roger Needham Cryptography basics are

  1. Cryptography basics for embedded developers Embedded Linux Conference, San Diego, 2016

  2. "If you think cryptography is the solution to your problem, then you don't understand your problem " - Roger Needham

  3. Cryptography basics are important Misuse of cryptography is common source of vulnerabilities ● “41 of the 100 apps selected [...] were vulnerable [...] due to various forms of SSL misuse.” * ○ Understanding crypto basics will improve the security of devices ● Important for anyone using cryptography (e.g. libraries) ○ Think about security requirements for your product ● Can it be attacked? Why would it? How? ○ Consider how cryptography can be applied correctly to support your requirements ○ Reduce the risk of your product being compromised ● * Source: “Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security” CCS’2012

  4. About me Eystein Stenberg ● CS/Crypto master’s ○ 7 years in systems, security management ○ eystein@mender.io ○ Mender.io ● Over-the-air updater project for Linux/Yocto ○ Under active development ○ Open Source ○ Reach me after on email or exhibitor hall ●

  5. The mandatory legal note Some use of cryptography / software has legal implications ● Most notably: export restrictions in the USA ● I will only consider technological aspects, not legal ones ●

  6. Session overview Our goals ● Crypto basics and pitfalls ● Encryption ○ Signatures & Message Authentication Codes ○ Secure hashing ○ Key management ○ Crypto for embedded ● Expensive operations ○ Alternatives ○

  7. Attacker motivation Why would someone attack your product? ● Can someone make money from a compromise? How much? ● All crime starts with a motive ●

  8. Your goal is to lower attacker ROI It is always possible to compromise ● Lower Return on Investment (ROI) for attacker; either ● Decrease value of successful attack ○ Increase cost of successful attack ○ Focus on increasing cost of attack in this session ●

  9. Decreasing value of attack can be effective too

  10. CIA concepts implemented with crypto primitives Confidentiality ● Is there something secret ? ○ Primitives: encryption ○ Integrity ● Should we detect altering of information? ○ Primitives: secure hashing, signatures, MAC ○ not encryption Authenticity ● Do we need to know who create/request information? ○ Primitives: signatures, MAC ○

  11. Symmetric encryption: one shared secret key Cleartext Encrypt Ciphertext Decrypt Cleartext Use for confidentiality ● Efficient, relatively low resource consumption ● Typical key & block sizes: 128, 192, 256 bit ● Difficult to keep shared things secret ● Note block cipher mode when encrypting large volumes of data with same key ● Example: AES (Advanced Encryption Standard) + CBC mode ●

  12. Pitfall: Use insecure symmetric block cipher mode Original Encrypted with ECB mode Encrypted with CBC mode Source: Larry Ewing

  13. Asymmetric encryption: public and private key Cleartext Encrypt Ciphertext Decrypt Cleartext Use for confidentiality of little data (e.g. symmetric key) with multiple parties ● Very compute-intensive operation (~1000 x symmetric) ○ Large volume of ciphertext can leak information about private key ○ Advantage over symmetric: safe to share public key with anyone ● Examples: RSA (key/block size ~4096 bits), Elliptic Curve (key/block size ~256 bits) ●

  14. Message Authentication Code (symmetric) Generation: Message MAC alg. Message Send Message & MAC MAC1 MAC1 ?= Verification: Message MAC alg. MAC2 MAC2 Use for authenticity ● Efficient, typical key & MAC sizes: 160, 256 bit ● Difficult to keep shared things secret ● If you need confidentiality too, look at Authenticated Encryption (AE/AEAD) ● Example: HMAC-SHA256 ●

  15. Digital signature (asymmetric) Message Send Secure Message Generation: hash1 Sign Message & hash Signature Signature Secure Accept/Reject Verification: Message hash2 Verify hash Signature Use for authenticity ● Less efficient than MAC (~1000x), but no shared secret ● Common misconception: “signing is encrypting with private key” ● Examples: DSA (key/block size ~4096 bits), ECDSA (key/block size ~256 bits) ●

  16. Cryptographically secure hashing Given hash, infeasible to generate a message hash Message that yields the hash. Infeasible to modify a message in such a way Message1 mod hash1 that it generates the same hash. Message1 Infeasible to find any two messages that yields hash1 != the same hash. = hash2 Message2 Hash is efficient to compute. hash Message

  17. Hash function implementations Insecure if it does not meet all four criteria ● Secure hash algorithm (SHA) family ● SHA-256, SHA-384, SHA-512 (number denotes bits of output) ○ Insecure hash algorithms ● MD5 (128 bits): Attack that can find two messages with same hash in seconds ○ SHA-1 (160 bits): Attack reduced collision to 63-bit operation (ideal is 160/2 = 80) ○ Bottom line: use SHA-256 (or larger) if you use it for security ●

  18. The Key Exchange Problem: Using the right key Someone said they are Alice on the Hello, I’m Alice , network, are they please store my telling the truth? Key A Alice, Key A The Evil Alice Bob Network All cryptography is based on keys ● If someone can make you use the wrong key, security is broken ● Need secure {ID, key} mappings ○ Secure key exchange requires a pre-existing secure channel (barring quantum crypto) ● Typically inserted during provisioning (e.g. web-browsers, phone apps, ...) ○ It is a notoriously hard problem, especially in many-to-many conversations (e.g. web) ●

  19. Using the right key: Public Key Infrastructure (PKI) My CA vouches for this being Alice’s Hello, I’m Alice , key, so I accept. please store my Key A Alice, Key A, CASign The Evil Secure Alice Bob Network channel CA’s key Certificate Most common way to “solve” the key exchange problem ● Delegate problem with absolute trust to one (or more) Certificate Authority (CA) ● If CA says it’s the right binding by signing { ID, key } , we will trust him ○ Still need to securely obtain CA’s key (pre-existing secure channel, e.g. provisioning) ● Introduces a single point of compromise for the entire system (CA’s private key) ● Complex to manage (keep the CA secure, rekeying CA, cert issue, cert revocation, …) ●

  20. Using the right key: Trust-based Do I have Alice’s key? Tom and John Hello, I’m Alice , trust it, so I accept. please store my Key A Alice, Key A The Evil Tom, Key T Secure Alice Bob Network channel John, Key J Avoid CA certificates, trust public keys directly (to varying degrees) ● Key store Web of trust; OpenPGP (GPG/PGP) ● Like a distributed CA ○ “I trust T & J, T & J trusts A, so I trust A” ○ Might be a better fit for one-to-many (e.g. clients w/ single server) ● Simpler, avoids the run-your-own-CA complexities ○ Limited use of certificates anyway here (sent just to client and server) ○

  21. Key management Some keys need to be exchanged ● All security breaks if secret keys are compromised ● The hardest part of implementing cryptography ● Some tips ● Don’t share secret keys between many devices ○ Use asymmetric cryptography ○ Store secret keys on non-removable media with strict file permissions ○ Ensure that keys can be decommissioned / rotated ○ Consider hardware-assistance (only operations are available to software, not keys) ○

  22. Implementing cryptography in embedded We need it to be efficient! ● Cryptography is based on advanced mathematical operations ○ Asymmetric cryptography is very expensive on CPU/memory ● Order of 1000x of symmetric counterparts typically ○ Use it sparingly ○ Use Elliptic Curve Cryptography (ECC) ○ Look for hardware support (crypto processor) ●

  23. Use Elliptic Curve Cryptography over RSA/DSA Typically aim for 128-bit security ● level or higher today (but it’s up to you) We are here: RSA/DSA requires 12x the key ● 3072 vs 256 bits size at this level TLS with ECC is 3-10x faster (CPU ● time) at this level* * Source: Performance Analysis of Elliptic Curve Cryptography for SSL, V. Gupta, S. Gupta, S. Chang Source: NIST 800-57, Table 2

  24. Cryptography basics that will improve your security Key management is hard ● At least you are aware ○ Consider trust-based key exchange ○ Avoid putting a single secret all over the place ○ Use industry standard libraries and high-level functions ● Never ever ever implement your own cryptographic algorithms! ○ Consider ECC over RSA for performance in asymmetric crypto ● Use SHA-256 (or higher) for secure hashing ●

  25. Is there a secret backdoor?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Embedded Device Cryptography in the Field Introduction Motivation State of Affairs Coping

Embedded Device Cryptography in the Field Introduction Motivation State of Affairs Coping

Embedded Device Cryptography in the Field Embedded Device Cryptography in the Field Introduction Motivation State of Affairs Coping Mechanisms Indefensible Alex Kropivny Local Attacks Trust Relationships Use Cases Factory Testing

699 views • 49 slides
Embedded PC The modular Industrial PC for mid-range control Embedded PC 1 Embedded OS

Embedded PC The modular Industrial PC for mid-range control Embedded PC 1 Embedded OS

Embedded PC The modular Industrial PC for mid-range control Embedded PC 1 Embedded OS Operating Systems Major differences Details XPE / CE Embedded PC 2 The Windows Embedded OS family The modular, real The modular, real- -time

611 views • 22 slides
EMSEC: Embedded Security and Cryptography Responsables: Gildas Avoine, Pierre-Alain Fouque

EMSEC: Embedded Security and Cryptography Responsables: Gildas Avoine, Pierre-Alain Fouque

EMSEC: Embedded Security and Cryptography Responsables: Gildas Avoine, Pierre-Alain Fouque Prsentation: Stphanie Delaune (CNRS) EMSEC team Embedded Security & Cryptography 7 permanent researchers, 12 PhD students, and 2 post-docs

308 views • 11 slides
A c c e l e r a t e y o u r d e v e l o p m e n t Real Embedded company; 150 employees

A c c e l e r a t e y o u r d e v e l o p m e n t Real Embedded company; 150 employees

A c c e l e r a t e y o u r d e v e l o p m e n t Real Embedded company; 150 employees 120+ embedded software developers 20+ FPGA designers 10+ board designers Founded in 1996, privately owned Dutch based company, with

140 views • 13 slides
Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil

Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil

Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil Institut de Math ematiques de Bordeaux Inside Secure June 13th, 2012 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 1

1.72k views • 143 slides
Tweaking Code-Based Cryptography for Embedded Systems DIMACS Workshop on The Mathematics of

Tweaking Code-Based Cryptography for Embedded Systems DIMACS Workshop on The Mathematics of

Tweaking Code-Based Cryptography for Embedded Systems DIMACS Workshop on The Mathematics of Post-Quantum Cryptography Tim Gneysu, Ingo von Maurich 1/12/2015 Horst Grtz Institute for IT-Security, Ruhr-Universitt Bochum, Germany Motivation

920 views • 70 slides
Embedded systems and the role of programmable logic devices in embedded systems Embedded system :

Embedded systems and the role of programmable logic devices in embedded systems Embedded system :

Embedded systems and the role of programmable logic devices in embedded systems Embedded system : a combination of computer hardware and software, and perhaps additional mechanical or other parts, designed to perform a dedicated function. In some

414 views • 20 slides
Cryptography for Embedded Devices Tobias Oder Ruhr-University Bochum Workshop on Cryptography

Cryptography for Embedded Devices Tobias Oder Ruhr-University Bochum Workshop on Cryptography

Efficient Implementation of Lattice-based Cryptography for Embedded Devices Tobias Oder Ruhr-University Bochum Workshop on Cryptography for the 09.11.2017 Internet of Things and Cloud 2017 Lattice-based Cryptography Set of vectors in n

601 views • 27 slides
Smaller Keys for Code based Cryptography: QC MDPC McEliece Implementations on Embedded

Smaller Keys for Code based Cryptography: QC MDPC McEliece Implementations on Embedded

Smaller Keys for Code based Cryptography: QC MDPC McEliece Implementations on Embedded Devices 4 th Code based Cryptography Workshop 2013, Rocquencourt, France Stefan Heyse, Ingo von Maurich and Tim Gneysu Horst Grtz Institute for

500 views • 39 slides
The Embedded Learning Library The Embedded Learning Library (ELL) Cross-compiler for AI

The Embedded Learning Library The Embedded Learning Library (ELL) Cross-compiler for AI

The Embedded Learning Library The Embedded Learning Library (ELL) Cross-compiler for AI pipelines, specialized for resource constrained target platforms T arget ELL AI Machine Pipeline Code https://github.com/Microsoft/ELL The Embedded

638 views • 36 slides
1 How are embedded systems different Timing and Concurrency than traditional software? Fire

1 How are embedded systems different Timing and Concurrency than traditional software? Fire

What is an Embedded System? Definition of an embedded computer system: Embedded Systems is a digital system. Introduction uses a microprocessor (usually). runs software for some or all of its functions. frequently used as a

158 views • 3 slides
Effective Scripting in Embedded Devices Steve Bennett 1 What is Embedded? ELC 2010 2

Effective Scripting in Embedded Devices Steve Bennett 1 What is Embedded? ELC 2010 2

ELC 2010 Effective Scripting in Embedded Devices Steve Bennett 1 What is Embedded? ELC 2010 2 Creating an Embedded Product Time to market Linux kernel Quality uClibc Features Busybox Cost Other open source

494 views • 35 slides
HW/SW Codesign w/ FPGAs Embedded Systems ECE 495/595 Overview (Slides from Embedded Systems

HW/SW Codesign w/ FPGAs Embedded Systems ECE 495/595 Overview (Slides from Embedded Systems

HW/SW Codesign w/ FPGAs Embedded Systems ECE 495/595 Overview (Slides from Embedded Systems Design, F. Vahid and T. Givargis) Embedded computing systems definition: Computing systems embedded within electronic devices. Hard to define

396 views • 26 slides
4TU MASTER EMBEDDED SYSTEMS Bert Molenkamp 19/03/2020 Master Embedded Systems 1 Table of

4TU MASTER EMBEDDED SYSTEMS Bert Molenkamp 19/03/2020 Master Embedded Systems 1 Table of

4TU MASTER EMBEDDED SYSTEMS Bert Molenkamp 19/03/2020 Master Embedded Systems 1 Table of contents What is an embedded system Examples of research topics Admission Overview of the programme Success rates Master Embedded

814 views • 31 slides
Roadmap for Section 9.3 Windows XP Embedded Design Goals Development Tool Support OS

Roadmap for Section 9.3 Windows XP Embedded Design Goals Development Tool Support OS

Unit OS9: Real-Time and Embedded Systems 9.3. Embedded Systems with Windows XP Embedded Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section 9.3 Windows XP Embedded Design Goals

336 views • 15 slides
Dominant Species Embedded Information Technology Embedded = most processors! Systems 300

Dominant Species Embedded Information Technology Embedded = most processors! Systems 300

Dominant Species Embedded Information Technology Embedded = most processors! Systems 300 million PC and server Jakob Engblom 9000 million embedded Adj. Lektor, IT-inst Business Development Manager, Virtutech

559 views • 10 slides
Protection and Security - I Tevfik Ko ar Louisiana State University April 15 th , 2008 1 The

Protection and Security - I Tevfik Ko ar Louisiana State University April 15 th , 2008 1 The

CSC 4103 - Operating Systems Spring 2008 Lecture - XX Protection and Security - I Tevfik Ko ar Louisiana State University April 15 th , 2008 1 The Security Problem Security must consider external environment of the system, and

236 views • 7 slides
Benefits of Cryptography Basic Cryptographic Scheme Improvement not a Solution! original

Benefits of Cryptography Basic Cryptographic Scheme Improvement not a Solution! original

Summary Substitution ciphers Permutations Making good ciphers Data Encryption Standard (DES)

454 views • 13 slides
Automatic Search of Attacks on round-reduced AES and Applications Charles Bouillaguet Patrick

Automatic Search of Attacks on round-reduced AES and Applications Charles Bouillaguet Patrick

Introduction Algebraic Structure Automated Tools Conclusion Automatic Search of Attacks on round-reduced AES and Applications Charles Bouillaguet Patrick Derbez Pierre-Alain Fouque ENS, CNRS, INRIA Cascade August 15, 2011 Introduction

576 views • 40 slides
Cache-Access Pattern Attack on Disaligned AES T-Tables Raphael Spreitzer and Thomas Plos

Cache-Access Pattern Attack on Disaligned AES T-Tables Raphael Spreitzer and Thomas Plos

Institute for Applied Information Processing and Communications (IAIK) Cache-Access Pattern Attack on Disaligned AES T-Tables Raphael Spreitzer and Thomas Plos Institute for Applied Information Processing and Communications (IAIK) Graz

433 views • 21 slides
Svetlin A. Manavski Presented by: Gareth Ferneyhough CS 791V UNR, Fall 2011 Outline

Svetlin A. Manavski Presented by: Gareth Ferneyhough CS 791V UNR, Fall 2011 Outline

CUDA COMPATIBLE GPU AS AN EFFICIENT HARDWARE ACCELERATOR FOR AES CRYPTOGRAPHY Svetlin A. Manavski Presented by: Gareth Ferneyhough CS 791V UNR, Fall 2011 Outline Cryptography and AES Overview Previous GPU implementation of AES

358 views • 22 slides
Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography Symmetric cryptography DES 3DES AES Asymmetric cryptography Diffie-Hellman key exchange 2 Modern cryptography Moving into

338 views • 16 slides
Introduction to Computer Security Session 1.2 Symmetric Key Encryption Prof. Nadim Kobeissi

Introduction to Computer Security Session 1.2 Symmetric Key Encryption Prof. Nadim Kobeissi

CSCI-UA.9480 Introduction to Computer Security Session 1.2 Symmetric Key Encryption Prof. Nadim Kobeissi 1.2a Cryptographic Security Information Theoretical Foundation for Security. 2 CSCI-UA.9480: Introduction to Computer Security

709 views • 53 slides
Announcements Homework 2 graded. Recitation tomorrow: Eigenvalues and SVD. HW

Announcements Homework 2 graded. Recitation tomorrow: Eigenvalues and SVD. HW

Announcements Homework 2 graded. Recitation tomorrow: Eigenvalues and SVD. HW solution discussion. No lecture next Tuesday (November 5 th ). Make-up lecture next Friday (November 8 th ). 15-853 Page 1 15-853:Algorithms

935 views • 47 slides

More recommend