Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
introduction to Embedded System Security
1. for know the ABC of a EmbeddedSystemSecurity
Adel Barkam
Mohammad BaqeriKashani 2015,October
Micro Processor Course / SRTTU
2. 1- M. Tehranipoor and C. Wang, Introduction to Hardware Security and Trust,
Springer, 2011
2- Alexander Biedermann and H. Gregor Molter (Eds.),Design Methodologies for
SecureEmbeddedSystems,springer,2010
3- catherine H.Gebotys ,security in embedded devices , springer 2011
4- david kleidermacher,Mike Kleider macher ,introduction to embedded system security,
ELSEVIER,2012
5- Hajimohseni Sadegh,A Study on HT design and detection methods,Shahed University,2013
6- Keith E. Mayes and Konstantinos Markantonakis , Smart Cards, Tokens, Security and
Applications , springer 2012
7- …
7/27/2016 Introduction to Embedded System Security 2
3. What is embedded system?
Examples of ES.
What is embedded system security?
Embedded System Security Vs.
Hardware Security
Why Embedded System Security ?
Attacks on embedded system
Embedded Software Attacks
Embedded software
Frimware Vs. OS
Embedded Hardware Attacks
Types of Hardware Attacks
PROBING Attacks
Side-Channel Attacks
7/27/2016 Introduction to Embedded System Security 3
Types of Side-Channel Attacks
Power Analayse
Simple Power Analayse (SPA)
Diffrential Power Analayse (DPA)
ElectroMagnetic Analyse
Timing Analyse
Fault induction
Methods of Fault induction
Any Question?
Case Study for interested
Our mission
The end.
4. An embedded system is an electronic product that
contains a microprocessor (one or more) and
software to perform some constituent function within a
larger entity.
7/27/2016 Introduction to Embedded System Security 4
5. Embeddedsystem examples are widesly from a RFID tag to satelite!
in aircraft: - traffic collision avoidance system(TCAS);
- communication, navigation, and surveillance system (CNS);
- electronic flight bag system (EFB)
in automobile: - infotainment “head-unit,”
- antilock breaking system,
- powertrain engine control unit,
- digital instrument cluster, and ...
network devices: Switch,Router,AccessPoint,...
Some devices: - WSN
- Cell Phones
- PDAs
- smart cards
- Household Appliances
- Digital Cameras , ....
7/27/2016 Introduction to Embedded System Security 5
6. Security:
Security is the ability of an entity to protect resources for which it
bears protection responsibility.
Embedded system security:
Embedded system Security is the ability of an embedded system to
protect resources for which it bears protection responsibility.
7/27/2016 Introduction to Embedded System Security 6
7. “September 2007, Israeli jets bombed a suspected nuclear installation in northeastern Syria.
Among the many mysteries still surrounding that strike was the failure of Syrian radar, supposedly
state of the art, to warn the Syrian military of the incoming assault. It wasn’t long before military
and technology bloggers concluded that this was an incident ofelectronic warfare and not just any
kind. Post after post speculated that the commercial offthe-shelf microprocessors in the Syrian
radar might have been purposely fabricated with a
hidden “backdoor” inside. By sending a preprogrammed code to those chips, an unknown
antagonist had disrupted the chips’ function and temporarily blocked the radar”
Source : IEEE spectrum, 2007.
7/27/2016 Introduction to Embedded System Security 7
8. A hidden 'back door' in a computer chip could allow cyber-criminals a way to
override and control computer systems on Boeing 787s
-- dailymail.co.uk , 30th May 2012
Computer Chip in a Commercial Jet Compromised
7/27/2016 Introduction to Embedded System Security 8
9. The Stuxnet worm is likely the first malware to directly target embedded
process control systems.
Stuxnet infiltrated Siemens process control systems
at nuclear plants by first subverting the
MicrosoftWindows workstations operators
use to configure and monitor the
embedded controlelectronics
SCADA networks are
controlled by common PCs
7/27/2016 Introduction to Embedded System Security 9
12. Embedded Software Attack
Embedded Hardware Attack
7/27/2016 Introduction to Embedded System Security 12
13. Embedded software is computer software, written to control
machines or devices.
Embedded Software Component :
Firmware
OS
Program or Script
7/27/2016 Introduction to Embedded System Security 13
14. Firmware:
For any device( printer, scanner, digital camera, etc.) to start running, It
should have an initial program to run when it is powered up/booted.
It is also called as bootstrap program, BIOS. It is mounted on ROM(a
non-volatile memory, whose contents are permanent). Firmware locates the
operating system's kernel and loads it into primary memory(RAM) at the
time of startup. assembly or C/C++.
Operating System:
A complete software stack that manages Embedded's hardware and sets up
an environment for the applications to run. In other words, an operating
system performs the designated task of the device. Kernel is at the bottom
of this software stack and keeps running as long as your device is up and
running. When I say Operating system managing the hardware, It is
actually Kernel that manages any requests to hardware
resources(CPU,memory,input,output).
7/27/2016 Introduction to Embedded System Security 14
15. There is a lot of embedded OS,
typically a real-time operating system(RTOS).
LynxOS, VxWorks, BeRTOS, ThreadX, to Windows CE or Linux
(with patched kernel).
Others OS: OpenWrt, PikeOS, eCos, Fusion RTOS, Nucleus RTOS,
RTEMS, INTEGRITY, uC/OS, QNX, FreeBSD ,Tiny OS , and OSE.
7/27/2016 Introduction to Embedded System Security 15
16. The software in an embedded system is a source of security
vulnerability.
Firmware or OS vulnerabilities.
Three factors which make security risks in software
Complexity
Extensibility
Connectivity
7/27/2016 Introduction to Embedded System Security 16
17. Complexity
Software is complicated
More lines of code
▪ Increases possibility of bugs and security vulnerabilities
Unsafe programming languages being used
C and C++ are most common
7/27/2016 Introduction to Embedded System Security 17
18. Extensibility
Modern software systems are designed to be
extended
Updates
Extensions
Loadable device drivers and modules
7/27/2016 Introduction to Embedded System Security 18
19. Connectivity
Embedded systems are being connected to the Internet
Possible for small failures to occur leading to security
breaches
Attacker no longer needs physically access to system
▪ Use a series of automated attacks
7/27/2016 Introduction to Embedded System Security 19
22. Eavesdropping
Use of probes to eavesdrop on inter-component communications
Micro-probing
Use normal communication interface and abuse security vulnerabilities
7/27/2016 Introduction to Embedded System Security 22
23. De-packaging is done by
using fuming acid
A Smart Card Chip Surface
with Readily Identifiable Features
7/27/2016 Introduction to Embedded System Security 23
24. Once de-packaged, the next step is layout
reconstruction
During reconstruction internals of chip and be
inferred
Micro-probing can be used to observe values on
buses
7/27/2016 Introduction to Embedded System Security 24
25. Reverse engineering can target the internal design.
An attacker can find potential weaknesses in the chip.
In modern smart cards, various features used to inhibit reverse
engineering are implemented using glue logic.
7/27/2016 Introduction to Embedded System Security 25
26. Classic cryptography views the secure problems with
mathematical abstractions
Recently, many of the security protocols have
been attacked through physical attacks
Exploit weaknesses in the cryptographic system hardware implementation aimed to
recover the secret parameters
Modern cryptography is based on Kerckhoffs's -> assumption
all of the data required to operate a chip is entirely hidden in
the key
7/27/2016 Introduction to Embedded System Security 26
27. A Side-Channel attack is any attack based on
information gained from the physical implementation
of a cryptosystem(embedded system).
7/27/2016 Introduction to Embedded System Security 27
28. Power Consumption:
Logic circuits typically consume differing amounts of power
based on their input data.
Electro-Magnetic:
EM emissions, particularly via near-field inductive and
capacitive coupling, can also modulate othe signals on the die.
Optical:
The optical properties of silicon can be modulated by
altering the voltage or current in the silicon.
Timing and Delay:
Timing attacks exploit data-dependent
differences in calculation time in cryptographic algorithms.
Acoustic :
The acoustic emissions are the result of the
piezoelectric properties of ceramic capacitors
7/27/2016 Introduction to Embedded System Security 28
29. Simple side-channel attacks
directly map the results from a small number of traces of the
side channel to the operation of DUA
Differential side-channel attacks
exploit the correlation between the data values being processed and the
side-channel leakage
Template side-channel attacks
7/27/2016 Introduction to Embedded System Security 29
30. attacker studies the power consumption of a cryptographic hardware
device (such as a smart card, tamper-resistant "black box", or integrated
circuit).
7/27/2016 Introduction to Embedded System Security 30
31. Variations in power consumption occur as the device
performs different operations.
different instructions performed by a microprocessor will have
differing power consumption. As a result, in a power trace
from a smart card performing a DES encryption, the sixteen
rounds can be seen clearly.
7/27/2016 Introduction to Embedded System Security 31
32. • Input: 64 bits (a block)
• Li/Ri– left/right half of the input block
for iteration i (32 bits) – subject to
substitution S and permutation P (cf. Fig 2-8–
text)
• K - user-supplied key
• Ki - round key:
– 56 bits used +8 unused
(unused for E but often used for error checking)
• Output: 64 bits (a block)
• Note: Ri becomes L(i+1)
• All basic op’s are simple logical ops
– Left shift / XOR
[Fig. – cf. J. Leiwo]
K1
K16
Input
Input Permutation
L0 R0
S
P
K
R1L1
L16 R16
Final Permutation
Output7/27/2016 Introduction to Embedded System Security 32
33. The upper trace – entire encryption, including the
initial phase, 16 DES rounds, and the initial
permutation
The lower trace – detailed view of the second and
third rounds
7/27/2016 Introduction to Embedded System Security 33
34. Similarly, squaring and multiplication operations in RSA
implementations can often be distinguished, enabling an adversary
to compute the secret key.
if the magnitude of the variations in power consumption are small,
standard digital oscilloscopes can easily show the data-induced variations.
This example of RSA in smart card, key is : 00 111
7/27/2016 Introduction to Embedded System Security 34
35. A side-channel attack which involves statistically
analyzing power consumption.
attack exploits biases varying power consumption of
microprocessors operations using secret keys.
DPA attacks have signal processing and error
correction properties which can extract secrets from
measurements.
7/27/2016 Introduction to Embedded System Security 35
44. Developers are great interest to reduce the time
implementation
Running time of a crypto processor can be used as an
information channel
The idea was proposed by Kocher
These kind of attacks generally require a large amount of
samples of timings.
7/27/2016 Introduction to Embedded System Security 44
45. Statistical analysis Time of encrypting data
processing
SNR will be effective in successfully
These probabilities are then used to guess a
key.
7/27/2016 Introduction to Embedded System Security 45
46. Ex. Of timing analysis for RSA decryption by kocher’s
observation
7/27/2016 Introduction to Embedded System Security 46
47. Mess with environmental conditions to induce fault in
execution; e.g.,
clock frequency
voltage
temperature
May require de-packaging, but is not always tamper-
evident
7/27/2016 Introduction to Embedded System Security 47
48. Card Tears
Physical
putting a 0 or 1 on a databus line
Glitching (late 1990s)
causing one or more flipflops or instruction jumps
affect EEPROM & ROM
7/27/2016 Introduction to Embedded System Security 48
49. Insert computational fault
Null key (exploiting two keys being combined in the
wrong way)
Wrong crypto result (Differential Fault Analysis –
DFA)
7/27/2016 Introduction to Embedded System Security 49
51. Fpga security
IP protection
BBP security
Jtag security ,USB security
Hardware trojan
IC security & Trust
…
7/27/2016 Introduction to Embedded System Security 51
52. Research About this subjects
Training this subjects
Formation of a embedded security team in srttu
>> See Hacking with Heat!!!
7/27/2016 Introduction to Embedded System Security 52