embedded systems security
play

Embedded Systems Security Guy GOGNIAT guy.gogniat@univ-ubs.fr - PowerPoint PPT Presentation

Nov 01, 2023 •426 likes •1.01k views

Session Scurit Informatique - Mercredi 28 mars 2007 Embedded Systems Security Guy GOGNIAT guy.gogniat@univ-ubs.fr Journe 2007 de la section lectronique du club EEA SiP et SoC : nouvelles perspectives, nouveaux dfis Session

  1. Session Sécurité Informatique - Mercredi 28 mars 2007 Embedded Systems Security Guy GOGNIAT guy.gogniat@univ-ubs.fr Journée 2007 de la section électronique du club EEA SiP et SoC : nouvelles perspectives, nouveaux défis Session Sécurité Informatique Mercredi 28 mars 2007 Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  2. Session Sécurité Informatique - Mercredi 28 mars 2007 Outline Cryptography principles  Attacks on embedded systems  Countermeasures  Hardware Mechanisms for Secured Processor-Memory Transactions • for Embedded Systems • PE-ICE/Extended OTP Preventing Piracy and Reverse Engineering of SRAM FPGAs Bitstream • Security Architecture for Embedded Systems: SANES • • Security primitive: AES case study on Virtex-II Pro Existing solutions: Secure Coprocessor/Microcontroller • Conclusion  Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  3. Session Sécurité Informatique - Mercredi 28 mars 2007 Outline  Cryptography principles Attacks on embedded systems  Countermeasures  Hardware Mechanisms for Secured Processor-Memory Transactions • for Embedded Systems • PE-ICE/Extended OTP Preventing Piracy and Reverse Engineering of SRAM FPGAs Bitstream • Security Architecture for Embedded Systems: SANES • • Security primitive: AES case study on Virtex-II Pro Existing solutions: Secure Coprocessor/Microcontroller • Conclusion  Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  4. Session Sécurité Informatique - Mercredi 28 mars 2007 Cryptography primitives Symmetric cryptography Confidentiality   AES, DES/3DES, RC5 Data and messages • • Hashing function Integrity   MD5, SHA-1, SHA-2 Data and messages • • Asymmetric cryptography  Authentication  RSA, ECC Users and hosts • • Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  5. Session Sécurité Informatique - Mercredi 28 mars 2007 Symmetric encryption Block cipher  K e Encryption (E) n n Ciphertext C=E Ke (P ) Plaintext P n-bit Decryption (D) n n P=D Kd (C) K e Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  6. Session Sécurité Informatique - Mercredi 28 mars 2007 Asymmetric algorithm Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  7. Session Sécurité Informatique - Mercredi 28 mars 2007 RSA Three researchers from MIT, Ron 1. Public key (size 1024 or 2048 bits) R ivest, Adi S hamir and Len A dleman have patented in 1983 the RSA n p q = � algorithm Compute e as “PGDC(n,e) = 1” 2. Private key 1 � ( ( ) ( ) ) d e mod p 1 q 1 = � � � Rivest Adleman Shamir 3. Ciphering requires e and n e mod c m n = 4. Deciphering requires d and n d mod m c n = Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  8. Session Sécurité Informatique - Mercredi 28 mars 2007 Hashing function Initial message Digest of the initial message Prof. Robert this message to 215e781c0c3f7d1353518bd5f649805b confirm our meeting tomorrow at 1 pm at my office Received message Digest of the received message Prof. Robert this message to 0601e38b93c1cc1c1a4b87dd8771b452 confirm our meeting tomorrow at 9 pm at my office Both digests are different  Someone has modified the message • There been an error during the communication • Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  9. Session Sécurité Informatique - Mercredi 28 mars 2007 Integrity Checking Principle:  Tag T H(M) (M; T) Message M Meeting at 7h00 am in … Unsecured Alice channel T Integrity Flag (M; T) M COMP H(M) T’ K Tag reference Bob Meeting at 7h00 am in … K message digest Hash functions:  Message M i Hash MAC h i = f(M i , h i-1 ) Compression function  function function h i-1 One-way function  gives a compact representative image of the input  MAC ( * ) functions: take a secret key as additional input to authenticate the source of the message.  Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734 (*) Message Authentication Code

  10. Session Sécurité Informatique - Mercredi 28 mars 2007 Outline Cryptography principles   Attacks on embedded systems Countermeasures  Hardware Mechanisms for Secured Processor-Memory Transactions • for Embedded Systems • PE-ICE/Extended OTP Preventing Piracy and Reverse Engineering of SRAM FPGAs Bitstream • Security Architecture for Embedded Systems: SANES • • Security primitive: AES case study on Virtex-II Pro Existing solutions: Secure Coprocessor/Microcontroller • Conclusion  Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  11. Session Sécurité Informatique - Mercredi 28 mars 2007 Many sensitive data will be embedded Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  12. Session Sécurité Informatique - Mercredi 28 mars 2007 Classification of attacks Hardware attacks Software attacks Glitch attack Timing analysis Chip cutting (power, clock) Trojan horse Power consumption Chemical attack Variation of Vdd or T° of the chip Analysis Logic bomb Physical Electromagnetic Irreversible Black Box emission analysis (invasive) Virus Side-channel Physical (non-invasive) Reversible Worm (non-invasive) Active attacks Passive attacks Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  13. Session Sécurité Informatique - Mercredi 28 mars 2007 Processor-Memory Transactions Vulnerabilities Most embedded systems use off-chip memories  Data and instructions are exchanged in clear over the processor-memory • bus Trusted Area Threats:  Unauthorized data reads  Address bus SoC External Code injection or data alteration  (Trusted) Memory Memory tampering  Data bus Objectives: Ensure the confidentiality and the integrity of data stored in  off-chip memories and transferred on SoC memory interfaces Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  14. Session Sécurité Informatique - Mercredi 28 mars 2007 Passive Attacks Bus probing – eavesdropping [1]  Data / Instruction Add 0x080ff0fa 0x00000010 Address bus External 0101000100010000011100100 0101000100010000011100100 SoC 1 Memory 1 (Trusted) 0111010101010001011100100 0111010101010001011100100 Data bus 1 1 [1] M. G. Kuhn, “Cipher Instruction Search Attack on the Bus-Encryption Security Microcontroller DS5002FP” IEEE Trans. Comput., vol. 47, pp. 1153–1157, October. 1998. Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  15. Session Sécurité Informatique - Mercredi 28 mars 2007 Passive Attacks Bus probing – eavesdropping [1]  Data / Instruction Add 0x00000010 0x080ff0fa Address bus External 0x0ab820ff 0x00000014 0101000100010000011100100 SoC Memory 1 0x00000018 0x080112f4 (Trusted) 0111010101010001011100100 0x0000001C 0x102bcd0f Data bus 1 0x00000020 0x11ff11ab Attacker motivation:  Off-line analysis:  Key recovery • Message recovery • Raw materials for active attacks…  [1] M. G. Kuhn, “Cipher Instruction Search Attack on the Bus-Encryption Security Microcontroller DS5002FP” IEEE Trans. Comput., vol. 47, pp. 1153–1157, October. 1998. Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  16. Session Sécurité Informatique - Mercredi 28 mars 2007 Active Attacks Code and data injection  Address bus External SoC Memory (Trusted) Data bus Malicious Memory Three kinds of active attacks are defined depending on the choice made by the  adversary on the data to insert: Memory Spoofing: Random data injection  Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  17. Session Sécurité Informatique - Mercredi 28 mars 2007 Active Attacks Code and data injection  Address bus External SoC Memory (Trusted) Data bus Malicious Memory Three kinds of active attacks are defined depending on the choice made by the  adversary on the data to insert: Memory Data(@1) Spoofing: Random data injection  Data(@2) Splicing: Spatial permutation  Data(@3) Data(@4) Data(@7) Data(@5) Data(@6) Data(@7) Data(@7) Data(@8) Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  18. Session Sécurité Informatique - Mercredi 28 mars 2007 Active Attacks Code and data injection  Address bus External SoC Memory (Trusted) Data bus Malicious Memory Three kinds of active attacks are defined depending on the choice made by the  adversary on the data to insert: Memory Data(@1, t1) Data(@1, t4) Spoofing: Random data injection  Data(@2, t9) Data(@2, t1) Splicing: Spatial permutation  Data(@3, t1) Data(@3, t8) Replay: Temporal permutation  Data(@4, t1) Data(@4, t1) Data(@4, t7) Data(@4, t1) Data(@4, t1) Data(@5, t1) Data(@6, t6) Data(@6, t1) Data(@7, t4) Data(@7, t1) Data(@8, t1) Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  19. Session Sécurité Informatique - Mercredi 28 mars 2007 Active Attacks Code and data injection  Address bus External SoC Memory (Trusted) Data bus Malicious Memory Three kinds of active attacks are defined depending on the choice made by the  adversary on the data to insert: Spoofing: Random data injection  Splicing: Spatial permutation  Replay: Temporal permutation  Attacker motivation:  Hijack the software execution  Reduce the search space for key recovery or message recovery  Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Systems Security: Hardware, embedded system and IoT security Stjepan Picek s.picek@tudelft.nl

Systems Security: Hardware, embedded system and IoT security Stjepan Picek s.picek@tudelft.nl

Systems Security: Hardware, embedded system and IoT security Stjepan Picek s.picek@tudelft.nl Delft University of Technology, The Netherlands April 23, 2018 Outline 1 General Information 2 Lightweight Cryptography 3 Random Number Generators 4

1.35k views • 64 slides
ELC 2013 Security: Best Practices for Embedded Systems John Mehaffey Senior System Architect

ELC 2013 Security: Best Practices for Embedded Systems John Mehaffey Senior System Architect

ELC 2013 Security: Best Practices for Embedded Systems John Mehaffey Senior System Architect Embedded Systems Division mentor.com/embedded Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions. Linux

544 views • 17 slides
HW/SW Codesign w/ FPGAs Embedded Systems ECE 495/595 Overview (Slides from Embedded Systems

HW/SW Codesign w/ FPGAs Embedded Systems ECE 495/595 Overview (Slides from Embedded Systems

HW/SW Codesign w/ FPGAs Embedded Systems ECE 495/595 Overview (Slides from Embedded Systems Design, F. Vahid and T. Givargis) Embedded computing systems definition: Computing systems embedded within electronic devices. Hard to define

396 views • 26 slides
Embedded systems and the role of programmable logic devices in embedded systems Embedded system :

Embedded systems and the role of programmable logic devices in embedded systems Embedded system :

Embedded systems and the role of programmable logic devices in embedded systems Embedded system : a combination of computer hardware and software, and perhaps additional mechanical or other parts, designed to perform a dedicated function. In some

414 views • 20 slides
Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth

Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth

Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth workshop Introduction to the workshop PROOFS: Security Proofs for Embedded Systems UCSB August 20, 2016 5th edition of PROOFS PROOFS 2012:

311 views • 7 slides
A Large Scale Analysis of the Security of Embedded Firmwares A. Costin , J. Zaddach, A.

A Large Scale Analysis of the Security of Embedded Firmwares A. Costin , J. Zaddach, A.

A Large Scale Analysis of the Security of Embedded Firmwares A. Costin , J. Zaddach, A. Francillon, D. Balzarotti EURECOM, France 20th August 2014 USENIX Security '14 San Diego, USA Embedded Systems Are Everywhere Andrei Costin 2 By

1.03k views • 72 slides
Inception: System-Wide Security Testing of Real- World Embedded Systems Software Nassim

Inception: System-Wide Security Testing of Real- World Embedded Systems Software Nassim

Inception: System-Wide Security Testing of Real- World Embedded Systems Software Nassim Corteggiani (Maxim Integrated / EURECOM) Giovanni Camurati (EURECOM) Aurlien Francillon (EURECOM) 08/15/18 Embedded Systems Are Everywhere [1]

911 views • 65 slides
embedded security October 2015 The Old Model (simplified view) Embedded Security Benedikt

embedded security October 2015 The Old Model (simplified view) Embedded Security Benedikt

embedded security October 2015 The Old Model (simplified view) Embedded Security Benedikt Gierlichs KU Leuven, COSIC IACR Summer school 2015 Chia Laguna, Italy Attack on channel between communicating parties Encryption and

412 views • 6 slides
4TU MASTER EMBEDDED SYSTEMS Bert Molenkamp 19/03/2020 Master Embedded Systems 1 Table of

4TU MASTER EMBEDDED SYSTEMS Bert Molenkamp 19/03/2020 Master Embedded Systems 1 Table of

4TU MASTER EMBEDDED SYSTEMS Bert Molenkamp 19/03/2020 Master Embedded Systems 1 Table of contents What is an embedded system Examples of research topics Admission Overview of the programme Success rates Master Embedded

814 views • 31 slides
Embedded Systems (ESII) Prof. Dr. J. Henkel, Dr. M. Shafique CES - Chair for Embedded Systems

Embedded Systems (ESII) Prof. Dr. J. Henkel, Dr. M. Shafique CES - Chair for Embedded Systems

1 ESII: ASIPs_ISEs Design and Architectures for Embedded Systems (ESII) Prof. Dr. J. Henkel, Dr. M. Shafique CES - Chair for Embedded Systems Karlsruhe Institute of Technology, Germany Today: Embedded Processor Platforms ASIPs and Extensible

1.5k views • 89 slides
Software Engineering for Embedded Systems Software Engineering for Embedded Systems Dr.-Ing.

Software Engineering for Embedded Systems Software Engineering for Embedded Systems Dr.-Ing.

Software Engineering for Embedded Systems Software Engineering for Embedded Systems Dr.-Ing. Mohammad. Abdullah Al Faruque Dipl.-Inform. Sebastian Kobbe CES - C hair for E mbedded S ystems (Prof. Dr. Jrg Henkel) Department of Computer Science

847 views • 72 slides
Embedded Systems Programming Trends of Embedded Systems (Module 2) Yann-Hang Lee Arizona State

Embedded Systems Programming Trends of Embedded Systems (Module 2) Yann-Hang Lee Arizona State

Embedded Systems Programming Trends of Embedded Systems (Module 2) Yann-Hang Lee Arizona State University yhlee@asu.edu (480) 727-7507 Summer 2014 Real-time Systems Lab, Computer Science and Engineering, ASU Trends of RT Embedded Systems

332 views • 10 slides
Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat DC

Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat DC

Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat DC February 21, 2008 Black Hat USA 2007 Agenda Advances in Embedded Systems Security From USB stick to game console Current

673 views • 42 slides
Networked Embedded Systems Ezio Bartocci Overview Networked Embedded Systems (182.717): 6 weeks

Networked Embedded Systems Ezio Bartocci Overview Networked Embedded Systems (182.717): 6 weeks

Networked Embedded Systems Ezio Bartocci Overview Networked Embedded Systems (182.717): 6 weeks for semester ECTS: 6.0 Web: http://ti.tuwien.ac.at/rts/teaching/courses/networked-embedded-systems Type: Lessons (VU Vorlesung) with

700 views • 20 slides
Embedded Systems Engineering VO + LU Overview The module Embedded Systems Engineering is split

Embedded Systems Engineering VO + LU Overview The module Embedded Systems Engineering is split

Embedded Systems Engineering VO + LU Overview The module Embedded Systems Engineering is split in 2 parts: Lectures: ESE VO (182.721) ECTS: 3.0 Web: http://ti.tuwien.ac.at/rts/teaching/courses/esevo Staff: Prof. Radu Grosu,

859 views • 7 slides
When Embedded Systems Attack Embedded systems can fail for a variety of reasons

When Embedded Systems Attack Embedded systems can fail for a variety of reasons

22.1 22.2 When Embedded Systems Attack Embedded systems can fail for a variety of reasons Electrical problems Unit 22 Mechanical problems Errors in the programming Incorrectly specified Errors caused by users Embedded

201 views • 5 slides
Temporal Partioning Temporal

Temporal Partioning Temporal

Temporal Partioning Temporal Partioning with Partial Mikael Olausson Reconfiguration Embedded Reconfigurable Computer Engineering Architectures Department of Electrical

195 views • 8 slides
IN1146 full featured Mobile Projector IN1146 full featured Mobile Projector 38% Lighter and 42%

IN1146 full featured Mobile Projector IN1146 full featured Mobile Projector 38% Lighter and 42%

IN1146 full featured Mobile Projector IN1146 full featured Mobile Projector 38% Lighter and 42% smaller than the closest competition Brand Model W (cm) D (cm) H (cm) Cubic CM Weight (Kg) Lumens Resolution InFocus IN1146 17.50 13.80

623 views • 11 slides
Bornes infrieures et suprieures pour lordonnancement modulo sous contraintes de ressources

Bornes infrieures et suprieures pour lordonnancement modulo sous contraintes de ressources

Bornes infrieures et suprieures pour lordonnancement modulo sous contraintes de ressources Christian Artigues 1 Maria Alejandra Ayala 2 Abir Benabid 3 Claire Hanen 4 1 LAAS - CNRS & Universit de Toulouse, France 2 Universidad de los

439 views • 40 slides
Design and implementation of a DECT stack for Linux Patrick McHardy <kaber@trash.net>

Design and implementation of a DECT stack for Linux Patrick McHardy <kaber@trash.net>

Design and implementation of a DECT stack for Linux Patrick McHardy <kaber@trash.net> Linux Kongress 2010, Nrnberg http://dect.osmocom.org/ About This presentation will present a DECT stack for Linux, containing all components

1.31k views • 94 slides
Tag-Protector: An Effective and Dynamic Detection of Out-of-bound Memory Accesses Ahmed Saeed,

Tag-Protector: An Effective and Dynamic Detection of Out-of-bound Memory Accesses Ahmed Saeed,

Tag-Protector: An Effective and Dynamic Detection of Out-of-bound Memory Accesses Ahmed Saeed, Ali Ahmadinia Mike Just School of Engineering and Built Environment School of Mathematics and Glasgow Caledonian University, United Kingdom

310 views • 15 slides
Ad Serving at Spotify Scale A journey of incremental full stack overhaul Kinshuk Mishra, Director

Ad Serving at Spotify Scale A journey of incremental full stack overhaul Kinshuk Mishra, Director

Ad Serving at Spotify Scale A journey of incremental full stack overhaul Kinshuk Mishra, Director of Engineering kinshuk@spotify.com @_kinshukmishra A lucky mistake Expected consequences Sarcastic empathy Some valuable feedback The

1.06k views • 88 slides
POWERING DIGITAL ADVERTISING German Equity Forum Fyber N.V. 28 November 2017 THE FYBER GROUP

POWERING DIGITAL ADVERTISING German Equity Forum Fyber N.V. 28 November 2017 THE FYBER GROUP

POWERING DIGITAL ADVERTISING German Equity Forum Fyber N.V. 28 November 2017 THE FYBER GROUP 15 140 15 LONDON Publicly Traded BERLIN BEIJING 25 45 FBEN Frankfurt 80 SAN NEW YORK FRANCISCO TEL AVIV 6 Offices Tel Aviv | New York

325 views • 29 slides
Capital Market Presentation Segments of operations, results for 2018 and Q4 2018. April 2019

Capital Market Presentation Segments of operations, results for 2018 and Q4 2018. April 2019

Capital Market Presentation Segments of operations, results for 2018 and Q4 2018. April 2019 website e-mail www.somoto.com investors@somoto.net The presentation contains data, including results, estimates, forecasts, including forecasts

216 views • 21 slides

More recommend