+ All Categories
Home > Technology > Secure Embedded Systems

Secure Embedded Systems

Date post: 06-May-2015
Category:
Upload: informatik-forum-stuttgart-ev
View: 874 times
Download: 5 times
Share this document with a friend
Description:
Der Vortrag zeigt anhand von Beispielen für Angriffe auf eingebettete Systeme, wie sie in vernetzten Systemen heute schon praktiziert werden, wie wichtig Security hier ist. Aus den Angriffen und einer Prognose über die Weiterentwicklung der System-funktionen werden Sicherheitsanforderungen für eingebettete Systeme der Zukunft abgeleitet. Daraus ergibt sich dann eine Sicherheitsarchitektur für die Systeme mit wichtigen Standardkomponenten als Vertrauensanker. Dazu zählen sogenannte Secure Elements, sichere Identitäten und separierende Betriebssysteme. Hierzu werden aktuelle Forschungsarbeiten zum Einsatz von Secure Elements im Automobil, Smart Grid und mobilen Endgeräten vorgestellt. Es wird gezeigt, wie sichere Identitäten aus Materialeigenschaften mit Physical Unclonable Functions abgeleitet werden können und wie Betriebssysteme, die Secure Elements und Separierung nutzen, die Sicherheit erhöhen. Kolloquiumsvortrag von Prof. Georg Sigl, Technische Universität München Dienstag, 17.12.2013, 16:00 Uhr, Hörsaal 47.03 (Elektrotechnikgebäude, Pfaffenwaldring 47) Informatik-Forum Stuttgart e.V.
36
Technische Universität München Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge Kolloquium der Fakultät 5 der Universität Stuttgart 17. Dezember 2013 Prof. Dr.-Ing. Georg Sigl Lehrstuhl für Sicherheit in der Informationstechnik Technische Universität München Fraunhofer Institut für Angewandte und Integrierte Sicherheit AISEC
Transcript
Page 1: Secure Embedded Systems

Technische Universität München

Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge

Kolloquium der Fakultät 5 der Universität Stuttgart

17. Dezember 2013

Prof. Dr.-Ing. Georg Sigl

Lehrstuhl für Sicherheit in der Informationstechnik

Technische Universität München

Fraunhofer Institut für Angewandte und Integrierte Sicherheit AISEC

Page 2: Secure Embedded Systems

Technische Universität München

Content

• Attack examples on embedded systems

• Future secure embedded systems

2

Page 3: Secure Embedded Systems

Technische Universität München

ATTACKS ON EMBEDDED

SYSTEMS

3

Page 4: Secure Embedded Systems

Technische Universität München

Attacks on modern cars

Comprehensive Experimental Analyses of Automotive Attack Surfaces

S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K.

Koscher, A. Czeskis, F. Roesner, T. Kohno. USENIX Security, August 10–12, 2011.

4

Page 5: Secure Embedded Systems

Technische Universität München

Attacks on industrial control systems: Stuxnet

http://www.faz.net/aktuell/feuilleton/debatten/digitales-denken/trojaner-stuxnet-der-digitale-

erstschlag-ist-erfolgt-1578889.html

5

Page 6: Secure Embedded Systems

Technische Universität München

Attacks on industrial control systems

6 Source: http://www.bhkw-infothek.de/nachrichten/18555/2013-04-15-kritische-sicherheitslucke-

ermoglicht-fremdzugriff-auf-systemregler-des-vaillant-ecopower-1-0/

Page 7: Secure Embedded Systems

Technische Universität München

Attacks on smart grid through smart meter

7

Page 8: Secure Embedded Systems

Technische Universität München

Attacks on medical devices

8

Source: http://media.blackhat.com/bh-us-11/Radcliffe/BH_US_11_Radcliffe_Hacking_Medical_Devices_Slides.pdf

Page 9: Secure Embedded Systems

Technische Universität München

Product Piracy

• Estimated damage in machine

construction industry (source VDMA)

– 7.9 Billon Euro (~4% of revenue)

• Steps of pirates

– HW Component identification

– Software extraction

– Rebuilding hardware

– Cloning software

9

Page 10: Secure Embedded Systems

Technische Universität München

Trends increasing the security risks

10

• Network connection

– ES can be attacked through network remote attacks

– Insecure system attacked through

unprotected ES

• Standardization in software malware

– Operating systems (e.g. Linux)

– Web browsers

• Platform design with software configurability jail break, tuning

• Concentration of multiple functions (multicore) separation risk

• Significant Know-How in ES product piracy

• Hacker = product owner hardware attacks

Page 11: Secure Embedded Systems

Technische Universität München

Threads in Cyber Physical Systems

BMBF-FKZ: 01IS13020 11

Network and

Backgroud Systems

Embedded System

Attacks out of Cyberspace Attacks through

broken embedded systems

Page 12: Secure Embedded Systems

Technische Universität München

FUTURE SECURE

EMBEDDED SYSTEMS

12

Page 13: Secure Embedded Systems

Technische Universität München

Requirements for future secure embedded systems

1. Security for more than 10 years (target 30 years)

2. Secure machine to machine communication (M2M)

3. Protection of embedded systems against manipulation and misuse

4. Fulfillment of typical non functional requirements, i.e.:

– Real time behavior

– Resource limitations (cost, power)

5. Maintain security despite of increasing complexity

6. Protection of intellectual property

7. Secure software update during operation

13

Page 14: Secure Embedded Systems

Technische Universität München

Secure embedded system

Core 1 Core 2

Core i Core n RAM Flash

IO-interfaces Peripherals

Hardware

Security

Module

ID ID

Sensor Actuator

SIM

GSM

other System on Chip

System on Chip

M2M

Trust

OS

14

Page 15: Secure Embedded Systems

Technische Universität München

Secure embedded system: Chip Identities

Core 1 Core 2

Core i Core n RAM Flash

IO-interfaces Peripherals

Hardware

Security

Module

ID ID

Sensor Actuator

SIM

GSM

other System on Chip

System on Chip

M2M

Trust

OS

15

Page 16: Secure Embedded Systems

Technische Universität München

IDs for Hardware

• Binding of components

– Authentication

– Integrity checking

• Piracy protection

– Encryption with derived keys

• Methods

– Physical Unclonable Functions

(PUF) : fingerprint of a chip

– Fuses (electric or laser)

– Flash memory

16

Page 18: Secure Embedded Systems

Technische Universität München

Ring Oscillator PUF (Suh and Devadas, 2007) *

• Ring oscillator frequencies depend on manufacturing variations

• Two ROs are compared to obtain a response bit

18 * G. E. Suh and S. Devadas. Physical unclonable functions for device authentication and secret key

generation. Design Automation Conference, 2007. DAC ’07. 44th ACM/IEEE, pages 9–14, 2007.

Page 19: Secure Embedded Systems

Technische Universität München

SRAM PUF (Guajardo et al., 2007) *

• Symmetric circuit balance influenced by manufacturing variations

• SRAM cells show a random, but stable value after power-up

19 * J. Guajardo, S. S. Kumar, G. J. Schrijen, and P. Tuyls. FPGA intrinsic PUFs and their use for IP

protection. In CHES 2007, volume 4727 of LNCS, pages 63–80. Springer, 2007

Page 20: Secure Embedded Systems

Technische Universität München

Microcontroller

PUF

Automotive ECUs today and in future

Microcontroller

NVM

key application

Code CPU

Embedded Flash

65nm √

40nm √

28nm ?

???

RAM

key application

Code CPU

Flash

Encrypted Code/Data

Logic Process + external Flash

+ Shrinkable

+ Lower Cost

+ Higher Performance

20

Page 21: Secure Embedded Systems

Technische Universität München

Alternatives to PUF based key generation

• Fuses

– Electrical

• Reliability: weak

– Laser

• Size: very large

• Security: Easy to identify and modify

• OTP (one time programmable memory)

– Cost: comparison with PUF technology open

– Security: memory cells easier to detect, extract and modify

– Programming of key during test increases test complexity

Microcontroller

RAM

key application

Code CPU

Flash

Encrypted Code/Data

21

Page 22: Secure Embedded Systems

Technische Universität München

Reliability of PUFs

• Critical parameters:

– Temperature

– Voltage

– Ageing

• Countermeasures:

– Differential measurement

– Redundancy: Selection of reliable bits (1000 PUF Bits 100

Key Bits)

– Proper design: Design and design parameters must consider

the behavior of temperature and voltage variations as well as

ageing (as for any other circuit design)

22

Page 23: Secure Embedded Systems

Technische Universität München

Frequency behavior of an oscillator PUF

-40°C 150°C 25°C

Osc 1 Osc 2

Osc 3

Osc 4

f

Osc 5

Osc 6

good

instable

Critical:

uniqueness may

be compromised

f

f

23

Page 24: Secure Embedded Systems

Technische Universität München

24

State of the Art in error correction

• All error correctors work on fixed block structure:

e.g. IBS (Yu and Devadas, 2010 *)

• Goal: find one white and one black square in each block of four

• Helper data store the indices of selected bits

PUF Bits:

- Reliable 1

- Reliable 0

- Unreliable

PUF Response

Block Borders

Helper Data

index of selected bit u1=1 u2=? u3=3

Encoded Key Bits

* M.-D. Yu and S. Devadas, Secure and robust error correction for physical unclonable functions,

IEEE Design & Test of Computers, vol. 27, no. 1, pp. 48-65, 2010

Page 25: Secure Embedded Systems

Technische Universität München

Differential Sequence Coding *

• No fixed block borders

• Helper data store distance to next bit and an inversion indicator

• Larger blocks of unreliable bits can be skipped

• Most efficient error corrector scheme known to date

Encoded Key Bits

Helper Data

- distance

- inversion

PUF Response

25 * M. Hiller, M. Weiner, L. Rodrigues Lima, M- Birkner and G. Sigl. Breaking through Fixed PUF

Block Limitations with Differential Sequence Coding and Convolutional Codes, TrustED, 2013

Page 26: Secure Embedded Systems

Technische Universität München

Components of a PUF key store

• Challenge: Power-On for SRAM, Ring-Oscillator selection

• Physical System: SRAM, Ring-Oscillators

• Response: Stream of Bits

• Error Correction: Using public helper data to increase reliability

• Hash Function: Removes bias in the key bit distribution

Physical System

S

Challenge

Ci

Response

RCi

Error Correction

E

Hash Function

H Helper Data

(Public)

Key

K

26

Page 27: Secure Embedded Systems

Technische Universität München

Secure embedded system: Secure Elements

Core 1 Core 2

Core i Core n RAM Flash

IO-interfaces Peripherals

Hardware

Security

Module

ID ID

Sensor Actuator

SIM

GSM

other System on Chip

System on Chip

M2M

Trust

OS

27

Page 28: Secure Embedded Systems

Technische Universität München

Tasks of Secure Elements

• Key storage

• Asymmetric cryptography (signing and encryption)

• Session key generation

• Random number generation

• Access right check

• Integrity check

• Attestation

• Secure data storage

• Resistance against Hardware attacks!

28

Page 29: Secure Embedded Systems

Technische Universität München

Secure Element in a vehicle

• In BMBF Project SEIS (Sicherheit in eingebetteten IP-basierten

Systemen) AISEC integrated a Secure Element in a car.

OEM

Server

Internet

Gateway

Secure Element

29

Page 30: Secure Embedded Systems

Technische Universität München

Secure Element in Smart Meter

Source: Protection Profile für das Gateway eines Smart Metering Systems; http://www.bsi.bund.de

The BSI Protection Profile

requests a Secure Element in the

Smart Meter Gateway.

Secure

Element

30

Page 31: Secure Embedded Systems

Technische Universität München

Secure Smart Meter

• Java 3.0 Secure Element in Smart Meter

– All security functions enclosed

– Communication end point

• Gateway

– Memory (encrypted)

– Display

– Communication channels

• Advantages:

– High Security through Hardware

Secure Element

– Easier certification

31

Page 32: Secure Embedded Systems

Technische Universität München

Secure Elements in mobile phones

• SIM

• Security Chip

• Secure SD Card

3 Secure Elements

32

Page 33: Secure Embedded Systems

Technische Universität München

Secure embedded system: Secure Software

Core 1 Core 2

Core i Core n RAM Flash

IO-interfaces Peripherals

Hardware

Security

Module

ID ID

Sensor Actuator

SIM

GSM

other System on Chip

System on Chip

M2M

Trust

OS

33

Page 34: Secure Embedded Systems

Technische Universität München

Trusted OS

• Trusted execution environment in the system controller

• Virtualisiation for application separation

• Integration of a hardware secure elements as trust anchor

34

Page 35: Secure Embedded Systems

Technische Universität München

Trusted OS: Linux Containers (Trust|Me)

Idea: Sandboxed Android using container-based isolation

– Remote device administration

– Remote access using ssh and other Linux utilities

– Storage

– Filesystem snapshots and recovery

– Transparent file encryption (device or file based)

– File integrity protection using Linux Security Modules (LSM)

– Network

– Transparent tunneling using Virtual Private Networks (VPN)

– Graphical User Interface (GUI)

– Secure display (indicated by LED) and secure input (hardware buttons)

– Secure PIN entry used to unlock SE in microSD card (key storage)

35

Page 36: Secure Embedded Systems

Technische Universität München

[email protected]

[email protected]

36

Thank You


Recommended