Embedded System Security Professor Patrick McDaniel Charles Sestito - - PowerPoint PPT Presentation

embedded system security
SMART_READER_LITE
LIVE PREVIEW

Embedded System Security Professor Patrick McDaniel Charles Sestito - - PowerPoint PPT Presentation

Aug 01, 2023 240 likes •561 views

Embedded System Security Professor Patrick McDaniel Charles Sestito Fall 2015 Embedded System Microprocessor used as a component in a device and is designed for a specific control function within a device Used In: Cell Phones

slide-1
SLIDE 1

Embedded System Security

Professor Patrick McDaniel Charles Sestito Fall 2015

slide-2
SLIDE 2

Page

Embedded System

  • Microprocessor used as a component in a device

and is designed for a specific control function within a device

  • Used In:
  • Cell Phones
  • Household appliances
  • Camera
  • And more
slide-3
SLIDE 3

Page

Requirements

  • Low cost
  • Fast
  • Fit within hardware and software constraints
  • Size (must be small)
  • Reliable
  • Reactive
  • Real-time
slide-4
SLIDE 4

Page

Attacks on systems

  • Many different types of attacks
  • Embedded Software Attacks
  • Physical Attacks
  • Logical Attacks
  • Timing Analysis
  • Power Analysis
  • Fault Induction
  • Electromagnetic Analysis
slide-5
SLIDE 5

Page

Embedded Software Attack

  • Three factors that contribute to security risks in

embedded software

  • Complexity
  • Extensibility
  • Connectivity
slide-6
SLIDE 6

Page

Complexity

  • Software is complicated
  • The more complex the code, the more possibly

bugs and vulnerabilities

  • Unsafe programming language
  • C++ is very common
slide-7
SLIDE 7

Page

Extensibility

  • Modern systems are designed to be extended
  • Updates
  • Extensions
  • Loadable device driver and modules must be

accounted for

slide-8
SLIDE 8

Page

Connectivity

  • Some embedded systems are being connected to

the internet

  • Even more so with IoT
  • Possible small failures could lead to security

breaches

  • Attacker can use series of automated attacks
slide-9
SLIDE 9

Page

Physical Attack

  • Eavesdropping
  • Probes listen in on inter-component communications
  • Micro-probing
  • Use normal communication interface and abuse security

vulnerabilities

  • De-packaging
slide-10
SLIDE 10

Page

De-Packaging

  • Use fuming acid to dissolve resin covering silicon
  • f a chip package
  • Recontruct the layout using a systematic

combination of microscopy and invasive removal

  • f covering layers
  • Internals of the chip can be inferred
  • Can obtain ALU, ROM cells, instruction decode, and

more in detailed view with this technique

  • Microprobe to observe interfaces between

components

slide-11
SLIDE 11

Page

Logical Attack

  • Send messages to device, observe response
  • Trick device into revealing the key
  • Exploits design flaws
slide-12
SLIDE 12

Page

Timing Analysis

  • Keys can be determined by analyzing small

variations in the time required to perform cryptographic computations

slide-13
SLIDE 13

Page

Power Analysis

  • Operating current drawn by hardware is correlated

to computations being performed

  • In most IC’s, logic gates and losses due to

parasitic capacitance are major contributors to power consumption

  • Two types
  • Single power analysis
  • Differential Power analysis
slide-14
SLIDE 14

Page

Fault Induction

  • Security isn’t only software dependant
  • Hardware failing to make proper computations is a

security vulnerability

  • RSA implementation can be compromised if any

computation errors

slide-15
SLIDE 15

Page

Electromagnetic Analysis

  • Documented since the 80’s
  • Measures electromagnetic radiation emitted by

device to reveal sensitive information

  • Success deployment requires knowledge of chip

layour

  • Two types
  • Simpler EMA (SEMA)
  • Differential EMA (DEMA)
slide-16
SLIDE 16

Page

Design challenged

  • Processing Gap
  • Battery Gap
  • Flexibility
  • Tamper Resistance
  • Assurance Gap
  • Cost
slide-17
SLIDE 17

Page

Processing Gap

  • Some systems are not capable of keeping up with

computational demands of security processing

  • Increase data rates and complexity of security protocols
  • Processing gap is obvious in systems which need

to process high data rates

  • Network routers, firewalls, web servers
slide-18
SLIDE 18

Page

Battery Gap

  • Battery capacity increases at an average of 5-8%

per year

  • Security processing energy requirements outpace

the increase in battery capacitance

  • Leads to battery gap
slide-19
SLIDE 19

Page

Flexibility

  • Embedded systems often required to execute

multiple and diverse security protocols

  • Need to be able to support
  • Multiple security
  • Interoperability in different environments
  • Security processing in different layers of the network

protocol stack

slide-20
SLIDE 20

Page

Tamper Resistance

  • Attacks due to malicious software
  • Most common
  • Viruses
  • Trojan Horses
  • Can exploit OS vulnerabilites
  • Disrupt normal functioning
slide-21
SLIDE 21

Page

Assurance Gap

  • Truly reliable systems are much more difficult to

build

  • Reliable systems must be able to handle wide

range of situations

  • Secure systems should be able to operate despite

attacks

  • Increase in complexity makes it more difficult to

realize if something was overlooked

slide-22
SLIDE 22

Page

Cost

  • Fundamental factor that influences the security

architecture

  • Increase in security leads to increase in cost
  • Designer’s responsibility to balance security cost
slide-23
SLIDE 23

Page

Security Levels

  • Level 1
  • Requires minimal physical protections
  • Level 2
  • Requires addition of tamper-evident mechanisms
  • Seal or enclosure
  • Level 3
  • Stronger detection and response mechanisms
  • Level 4
  • Mandates environmental failure protection and testing
slide-24
SLIDE 24

Page

Countermeausres

slide-25
SLIDE 25

Page

Software Security

  • Best approach is to think about security early on
  • Software security should be applied at various

levels

  • Requirements level
  • Design level
  • Code level
slide-26
SLIDE 26

Page

Physical Attacks

  • Hard to use because of chip size, smaller = better
  • Expensive compared to other attacks
slide-27
SLIDE 27

Page

Logic Attacks

  • Logical attack countermeasures
  • Ensure privacy and integrity sensitive code and data
  • Determine that it is safe from a security standpoint to

execute a program

  • Identify and remove software bugs and design flaws
slide-28
SLIDE 28

Page

Timing Analysis

  • Obvious countermeasures don’t work
  • Quantizing total time
  • Adding random delays
  • Message blinding can be used with RSA
  • Make all computations the exact same time
  • Other public=ley cryptosystems
slide-29
SLIDE 29

Page

Power Analysis

  • Run other circuits simultaneously
  • Doesn’t prevent attack but attacker needs more samples
  • Effective countermeasures are mathematically

rigorous and non-intuitive

  • Effective countermeasure remain expensive and

challenging

slide-30
SLIDE 30

Page

Fault Induction

  • RSA implementations can check their answers by

performing a public-key operation

  • Many cryptographic devices include an assortment
  • f glitch sensors
  • Detect condition likely to cause computation errors
slide-31
SLIDE 31

Page

Work Cited

  • Adapted from Dr. Mohammad Tehranipoor slides