SlideShare a Scribd company logo

Defense-in-depth for embedded devices

Download as PPTX, PDF
Jiggyasu Sharma
Jiggyasu Sharma

This presentation discusses defense-in-depth strategies for embedded devices. It outlines various attack vectors at different levels of an embedded device stack, from hardware components to firmware to applications. It then describes corresponding countermeasures to protect against each attack vector. The attack vectors include device reconnaissance, tampering with hardware components, exploiting debug interfaces, firmware reverse engineering, software flaws, and application vulnerabilities. The countermeasures center around techniques like obfuscation, encryption, authentication, exception handling, updates, and using secure protocols. The presentation aims to help secure embedded devices against hacks and protect their integrity.

1 of 13
Defense-in-Depth for Embedded Devices Jiggyasu Sharma
DISCLAIMER The opinions and thoughts presented during the course of this presentation are my own and do not reflect the views or positions of my employer. 2
#whoami • A security evangelist • Working with Resideo (Honeywell Homes) – Product Security • Contributor towards security communities; IS-RA, null, CysInfo, h1hakz, ISC2. • Speaker at security conferences RSA, c0c0n, IoT day etc. • Having security certifications from Offensive Security, SANS and EC- Council • Interested in IoT, ICS and SCADA Security 3
Agenda • To know about embedded devices attack surface • And to protect them against hack
How is Embedded Device look like?
Embedded Device Stack • Attack Vectors • Device reconnaissance • Web Search Engines • FCCID • Open Source Libraries • Tempering the Device • Chip/components Identification • Datasheets • Pin-out Probes Hardware Components Hardware Protocols Boot/RootFS Application/Platform Kernel Bootloader / Firmware • Countermeasures • To protect the device IP • Service/User Manuals • Test Documents on FCCID • Securing Open source Libraries • Chip morphing • Temper Protection
Embedded Device Stack • Attack Vectors • JTAG • UART • SPI • I2C • CANBUS • BDS Hardware Components Hardware Protocols Boot/RootFS Kernel Bootloader / Firmware Application/Platform • Countermeasures • Obfuscation of pin-outs • Remove the Traces • Blow Fuse in Pin-Outs • Encryption/Authentication • Key Token • Power Toggle • Read out Protections • Randomizing Probes • Set option Bits • Validating Assembly • CRC/ HASH • Custom Baud Rate
Embedded Device Stack • Attack Vectors • U-Boot • RootFS • Firmware Signature • Root Certificates Hardware Components Hardware Protocols Boot/RootFS Kernel Bootloader / Firmware Application/Platform • Countermeasures • Run Time key Generation • Safe Zones • Using Secondary memory • Secure Boot enable • Authenticated RootFS • Obfuscated Signatures
Embedded Device Stack • Attack Vectors • Memory Leakage • Stack overflow • Buffer Overflow • Unmanaged code • Kernel Crash • Unhandled exception • Side Channels Faults • Power glitching • NAND/Clock glitching • ThermalHardware Components Hardware Protocols Boot/RootFS Kernel Bootloader / Firmware Application/Platform • Countermeasures • Memory management • Exception handling • Fixing Zero days • Crash reporting/Self Healing • Circuit Power Handling • Glitch detectors • Brownout detectors • Lockstep cores • Asynchronous internal clock with dummy cycles • Internal Oscillators • Halt on invalid instruction execution • Lock down unnecessary diagnostic signals • Mutable codes
Embedded Device Stack • Attack Vectors • Firmware Emulation • Reverse Engineering • Compression/Encryption • Hardcoded Credentials/Keys/Certificates • PII • Key Generation Algo • Backdoors Hardware Components Hardware Protocols Boot/RootFS Kernel Bootloader / Firmware Application/Platform • Countermeasures • Encryption • Compression • Obfuscation • Encoding • Certificates • Signatures • Run time Keys • Run time protection • Remove Backdoors • Randomized functions • Secure APIs/Libraries • Integral Updates • Complex key generations • Root of trust / Chain of Trust • Avoid Secondary memory
Embedded Device Stack • Attack Vectors • Application Flaws • COAP • MQTT Hardware Components Hardware Protocols Boot/RootFS Kernel Bootloader / Firmware Application/Platform • Countermeasures • Secure API implementation • Auth Mechanism • Reliable node detection • Active search engine scans • Secure 3rd party libraries • TLS
Take Away
Questions??? Connect to me: /jiggyasu-sharma /jiggyasu.sharma /jiggyasu_sharma jiggyasu.sharma@gmail.com 13 Thank you धन्यवाद्

Recommended

Firmware analysis 101
Firmware analysis 101Firmware analysis 101
Firmware analysis 101
veerababu penugonda(Mr-IoT)
 
Beginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd sessionBeginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd session
veerababu penugonda(Mr-IoT)
 
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st SessionBeginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
veerababu penugonda(Mr-IoT)
 
Maemo 6 Platform Security
Maemo 6 Platform SecurityMaemo 6 Platform Security
Maemo 6 Platform Security
Peter Schneider
 
Hardware Security Training By TONEX
Hardware Security Training By TONEXHardware Security Training By TONEX
Hardware Security Training By TONEX
Bryan Len
 
Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems
Ollie Whitehouse
 
Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23
Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23
Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23
Chase Schultz
 
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
Aditya K Sood
 

Recommended

Firmware analysis 101
Firmware analysis 101Firmware analysis 101
Firmware analysis 101
veerababu penugonda(Mr-IoT)
 
Beginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd sessionBeginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd session
veerababu penugonda(Mr-IoT)
 
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st SessionBeginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
veerababu penugonda(Mr-IoT)
 
Maemo 6 Platform Security
Maemo 6 Platform SecurityMaemo 6 Platform Security
Maemo 6 Platform Security
Peter Schneider
 
Hardware Security Training By TONEX
Hardware Security Training By TONEXHardware Security Training By TONEX
Hardware Security Training By TONEX
Bryan Len
 
Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems
Ollie Whitehouse
 
Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23
Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23
Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23
Chase Schultz
 
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
Aditya K Sood
 
Malware cryptomining uploadv3
Malware cryptomining uploadv3Malware cryptomining uploadv3
Malware cryptomining uploadv3
Setia Juli Irzal Ismail
 
Security Consideration for Set-top box SoC
Security Consideration for Set-top box SoCSecurity Consideration for Set-top box SoC
Security Consideration for Set-top box SoC
Wesley Li
 
Pa or die
Pa or diePa or die
Pa or die
Setia Juli Irzal Ismail
 
Aes jul-upload
Aes jul-uploadAes jul-upload
Aes jul-upload
Setia Juli Irzal Ismail
 
Using fault injection attacks for digital forensics
Using fault injection attacks for digital forensics Using fault injection attacks for digital forensics
Using fault injection attacks for digital forensics
Justin Black
 
Practical hardware attacks against SOHO Routers & the Internet of Things
Practical hardware attacks against SOHO Routers & the Internet of ThingsPractical hardware attacks against SOHO Routers & the Internet of Things
Practical hardware attacks against SOHO Routers & the Internet of Things
Chase Schultz
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangalore
veerababu penugonda(Mr-IoT)
 
FIWARE Tech Summit - TST Connected Solutions Using FIWARE
FIWARE Tech Summit - TST Connected Solutions Using FIWAREFIWARE Tech Summit - TST Connected Solutions Using FIWARE
FIWARE Tech Summit - TST Connected Solutions Using FIWARE
FIWARE
 
kali linix
kali linixkali linix
kali linix
Mirza Baig
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
n|u - The Open Security Community
 
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
DefconRussia
 
Introduction to epid
Introduction to epidIntroduction to epid
Introduction to epid
BeMyApp
 
Top 10 secure boot mistakes
Top 10 secure boot mistakesTop 10 secure boot mistakes
Top 10 secure boot mistakes
Justin Black
 
Implementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile WorldImplementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile World
LINE Corporation
 
Null mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNull mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmware
Nitesh Malviya
 
Making and breaking security in embedded devices
Making and breaking security in embedded devicesMaking and breaking security in embedded devices
Making and breaking security in embedded devices
Yashin Mehaboobe
 
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Qualcomm Developer Network
 
Zephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfZephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdf
ibramax
 
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)
Security Weekly
 
Windy City Rails - Layered Security
Windy City Rails - Layered SecurityWindy City Rails - Layered Security
Windy City Rails - Layered Security
Aaron Bedra
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
Joff Thyer
 
How to create a secure IoT device
How to create a secure IoT deviceHow to create a secure IoT device
How to create a secure IoT device
Abhijeet Rane
 

More Related Content

What's hot

Malware cryptomining uploadv3
Malware cryptomining uploadv3Malware cryptomining uploadv3
Malware cryptomining uploadv3
Setia Juli Irzal Ismail
 
Security Consideration for Set-top box SoC
Security Consideration for Set-top box SoCSecurity Consideration for Set-top box SoC
Security Consideration for Set-top box SoC
Wesley Li
 
Pa or die
Pa or diePa or die
Pa or die
Setia Juli Irzal Ismail
 
Aes jul-upload
Aes jul-uploadAes jul-upload
Aes jul-upload
Setia Juli Irzal Ismail
 
Using fault injection attacks for digital forensics
Using fault injection attacks for digital forensics Using fault injection attacks for digital forensics
Using fault injection attacks for digital forensics
Justin Black
 
Practical hardware attacks against SOHO Routers & the Internet of Things
Practical hardware attacks against SOHO Routers & the Internet of ThingsPractical hardware attacks against SOHO Routers & the Internet of Things
Practical hardware attacks against SOHO Routers & the Internet of Things
Chase Schultz
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangalore
veerababu penugonda(Mr-IoT)
 
FIWARE Tech Summit - TST Connected Solutions Using FIWARE
FIWARE Tech Summit - TST Connected Solutions Using FIWAREFIWARE Tech Summit - TST Connected Solutions Using FIWARE
FIWARE Tech Summit - TST Connected Solutions Using FIWARE
FIWARE
 
kali linix
kali linixkali linix
kali linix
Mirza Baig
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
n|u - The Open Security Community
 
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
DefconRussia
 
Introduction to epid
Introduction to epidIntroduction to epid
Introduction to epid
BeMyApp
 
Top 10 secure boot mistakes
Top 10 secure boot mistakesTop 10 secure boot mistakes
Top 10 secure boot mistakes
Justin Black
 

What's hot (13)

Malware cryptomining uploadv3
Malware cryptomining uploadv3Malware cryptomining uploadv3
Malware cryptomining uploadv3
 
Security Consideration for Set-top box SoC
Security Consideration for Set-top box SoCSecurity Consideration for Set-top box SoC
Security Consideration for Set-top box SoC
 
Pa or die
Pa or diePa or die
Pa or die
 
Aes jul-upload
Aes jul-uploadAes jul-upload
Aes jul-upload
 
Using fault injection attacks for digital forensics
Using fault injection attacks for digital forensics Using fault injection attacks for digital forensics
Using fault injection attacks for digital forensics
 
Practical hardware attacks against SOHO Routers & the Internet of Things
Practical hardware attacks against SOHO Routers & the Internet of ThingsPractical hardware attacks against SOHO Routers & the Internet of Things
Practical hardware attacks against SOHO Routers & the Internet of Things
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangalore
 
FIWARE Tech Summit - TST Connected Solutions Using FIWARE
FIWARE Tech Summit - TST Connected Solutions Using FIWAREFIWARE Tech Summit - TST Connected Solutions Using FIWARE
FIWARE Tech Summit - TST Connected Solutions Using FIWARE
 
kali linix
kali linixkali linix
kali linix
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
 
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
 
Introduction to epid
Introduction to epidIntroduction to epid
Introduction to epid
 
Top 10 secure boot mistakes
Top 10 secure boot mistakesTop 10 secure boot mistakes
Top 10 secure boot mistakes
 

Similar to Defense-in-depth for embedded devices

Implementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile WorldImplementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile World
LINE Corporation
 
Null mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNull mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmware
Nitesh Malviya
 
Making and breaking security in embedded devices
Making and breaking security in embedded devicesMaking and breaking security in embedded devices
Making and breaking security in embedded devices
Yashin Mehaboobe
 
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Qualcomm Developer Network
 
Zephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfZephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdf
ibramax
 
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)
Security Weekly
 
Windy City Rails - Layered Security
Windy City Rails - Layered SecurityWindy City Rails - Layered Security
Windy City Rails - Layered Security
Aaron Bedra
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
Joff Thyer
 
How to create a secure IoT device
How to create a secure IoT deviceHow to create a secure IoT device
How to create a secure IoT device
Abhijeet Rane
 
"Mobile security: iOS", Yaroslav Vorontsov, DataArt
"Mobile security: iOS", Yaroslav Vorontsov, DataArt"Mobile security: iOS", Yaroslav Vorontsov, DataArt
"Mobile security: iOS", Yaroslav Vorontsov, DataArt
DataArt
 
Reverse Engineering.pptx
Reverse Engineering.pptxReverse Engineering.pptx
Reverse Engineering.pptxSameer Sapra
 
Pci Req
Pci ReqPci Req
Pci Req
Namrata Arora
 
How to Build Your Own Physical Pentesting Go-bag
How to Build Your Own Physical Pentesting Go-bagHow to Build Your Own Physical Pentesting Go-bag
How to Build Your Own Physical Pentesting Go-bag
Beau Bullock
 
LAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrLAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT Zephyr
Shovan Sargunam
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
ST_World
 
Hacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingHacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical Hacking
Ravi Sankar
 
Mobile security chess board - attacks & defense
Mobile security chess board - attacks & defenseMobile security chess board - attacks & defense
Mobile security chess board - attacks & defense
Blueinfy Solutions
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?
Precisely
 
Power Grid Communications & Control Systems
Power Grid Communications & Control SystemsPower Grid Communications & Control Systems
Power Grid Communications & Control Systems
fajjarrehman
 
7. Security Operations
7. Security Operations7. Security Operations
7. Security Operations
Sam Bowne
 

Similar to Defense-in-depth for embedded devices (20)

Implementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile WorldImplementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile World
 
Null mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNull mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmware
 
Making and breaking security in embedded devices
Making and breaking security in embedded devicesMaking and breaking security in embedded devices
Making and breaking security in embedded devices
 
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
 
Zephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfZephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdf
 
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)
 
Windy City Rails - Layered Security
Windy City Rails - Layered SecurityWindy City Rails - Layered Security
Windy City Rails - Layered Security
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
 
How to create a secure IoT device
How to create a secure IoT deviceHow to create a secure IoT device
How to create a secure IoT device
 
"Mobile security: iOS", Yaroslav Vorontsov, DataArt
"Mobile security: iOS", Yaroslav Vorontsov, DataArt"Mobile security: iOS", Yaroslav Vorontsov, DataArt
"Mobile security: iOS", Yaroslav Vorontsov, DataArt
 
Reverse Engineering.pptx
Reverse Engineering.pptxReverse Engineering.pptx
Reverse Engineering.pptx
 
Pci Req
Pci ReqPci Req
Pci Req
 
How to Build Your Own Physical Pentesting Go-bag
How to Build Your Own Physical Pentesting Go-bagHow to Build Your Own Physical Pentesting Go-bag
How to Build Your Own Physical Pentesting Go-bag
 
LAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrLAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT Zephyr
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
 
Hacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingHacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical Hacking
 
Mobile security chess board - attacks & defense
Mobile security chess board - attacks & defenseMobile security chess board - attacks & defense
Mobile security chess board - attacks & defense
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?
 
Power Grid Communications & Control Systems
Power Grid Communications & Control SystemsPower Grid Communications & Control Systems
Power Grid Communications & Control Systems
 
7. Security Operations
7. Security Operations7. Security Operations
7. Security Operations
 

Recently uploaded

Internet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptxInternet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
VivekSinghShekhawat2
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
Gal Baras
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
eutxy
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
Arif0071
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Sanjeev Rampal
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
laozhuseo02
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
nirahealhty
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
keoku
 
Comptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guideComptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guide
GTProductions1
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
natyesu
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
JeyaPerumal1
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
ufdana
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Brad Spiegel Macon GA
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
Javier Lasa
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
JungkooksNonexistent
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
laozhuseo02
 

Recently uploaded (20)

Internet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptxInternet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
 
Comptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guideComptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guide
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
 

Defense-in-depth for embedded devices

  • 2. DISCLAIMER The opinions and thoughts presented during the course of this presentation are my own and do not reflect the views or positions of my employer. 2
  • 3. #whoami • A security evangelist • Working with Resideo (Honeywell Homes) – Product Security • Contributor towards security communities; IS-RA, null, CysInfo, h1hakz, ISC2. • Speaker at security conferences RSA, c0c0n, IoT day etc. • Having security certifications from Offensive Security, SANS and EC- Council • Interested in IoT, ICS and SCADA Security 3
  • 4. Agenda • To know about embedded devices attack surface • And to protect them against hack
  • 5. How is Embedded Device look like?
  • 6. Embedded Device Stack • Attack Vectors • Device reconnaissance • Web Search Engines • FCCID • Open Source Libraries • Tempering the Device • Chip/components Identification • Datasheets • Pin-out Probes Hardware Components Hardware Protocols Boot/RootFS Application/Platform Kernel Bootloader / Firmware • Countermeasures • To protect the device IP • Service/User Manuals • Test Documents on FCCID • Securing Open source Libraries • Chip morphing • Temper Protection
  • 7. Embedded Device Stack • Attack Vectors • JTAG • UART • SPI • I2C • CANBUS • BDS Hardware Components Hardware Protocols Boot/RootFS Kernel Bootloader / Firmware Application/Platform • Countermeasures • Obfuscation of pin-outs • Remove the Traces • Blow Fuse in Pin-Outs • Encryption/Authentication • Key Token • Power Toggle • Read out Protections • Randomizing Probes • Set option Bits • Validating Assembly • CRC/ HASH • Custom Baud Rate
  • 8. Embedded Device Stack • Attack Vectors • U-Boot • RootFS • Firmware Signature • Root Certificates Hardware Components Hardware Protocols Boot/RootFS Kernel Bootloader / Firmware Application/Platform • Countermeasures • Run Time key Generation • Safe Zones • Using Secondary memory • Secure Boot enable • Authenticated RootFS • Obfuscated Signatures
  • 9. Embedded Device Stack • Attack Vectors • Memory Leakage • Stack overflow • Buffer Overflow • Unmanaged code • Kernel Crash • Unhandled exception • Side Channels Faults • Power glitching • NAND/Clock glitching • ThermalHardware Components Hardware Protocols Boot/RootFS Kernel Bootloader / Firmware Application/Platform • Countermeasures • Memory management • Exception handling • Fixing Zero days • Crash reporting/Self Healing • Circuit Power Handling • Glitch detectors • Brownout detectors • Lockstep cores • Asynchronous internal clock with dummy cycles • Internal Oscillators • Halt on invalid instruction execution • Lock down unnecessary diagnostic signals • Mutable codes
  • 10. Embedded Device Stack • Attack Vectors • Firmware Emulation • Reverse Engineering • Compression/Encryption • Hardcoded Credentials/Keys/Certificates • PII • Key Generation Algo • Backdoors Hardware Components Hardware Protocols Boot/RootFS Kernel Bootloader / Firmware Application/Platform • Countermeasures • Encryption • Compression • Obfuscation • Encoding • Certificates • Signatures • Run time Keys • Run time protection • Remove Backdoors • Randomized functions • Secure APIs/Libraries • Integral Updates • Complex key generations • Root of trust / Chain of Trust • Avoid Secondary memory
  • 11. Embedded Device Stack • Attack Vectors • Application Flaws • COAP • MQTT Hardware Components Hardware Protocols Boot/RootFS Kernel Bootloader / Firmware Application/Platform • Countermeasures • Secure API implementation • Auth Mechanism • Reliable node detection • Active search engine scans • Secure 3rd party libraries • TLS