Secure Embedded Systems

Technische Universität München

Secure Embedded Systems
eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge

Kolloquium der Fakultät 5 der Universität Stuttgart
17. Dezember 2013
Prof. Dr.-Ing. Georg Sigl
Lehrstuhl für Sicherheit in der Informationstechnik
Fraunhofer Institut für Angewandte und Integrierte Sicherheit AISEC


Content

• Attack examples on embedded systems
• Future secure embedded systems

2


ATTACKS ON EMBEDDED
SYSTEMS
3


Attacks on modern cars

Comprehensive Experimental Analyses of Automotive Attack Surfaces
S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K.
Koscher, A. Czeskis, F. Roesner, T. Kohno. USENIX Security, August 10–12, 2011.
4


Attacks on industrial control systems: Stuxnet

http://www.faz.net/aktuell/feuilleton/debatten/digitales-denken/trojaner-stuxnet-der-digitaleerstschlag-ist-erfolgt-1578889.html
5


Attacks on industrial control systems

Source: http://www.bhkw-infothek.de/nachrichten/18555/2013-04-15-kritische-sicherheitsluckeermoglicht-fremdzugriff-auf-systemregler-des-vaillant-ecopower-1-0/

6


Attacks on smart grid through smart meter

7


Attacks on medical devices

Source: http://media.blackhat.com/bh-us-11/Radcliffe/BH_US_11_Radcliffe_Hacking_Medical_Devices_Slides.pdf
8


Product Piracy
• Estimated damage in machine
construction industry (source VDMA)
– 7.9 Billon Euro (~4% of revenue)
• Steps of pirates
– HW Component identification
– Software extraction
– Rebuilding hardware
– Cloning software

9


Trends increasing the security risks
• Network connection
– ES can be attacked through network
– Insecure system

 remote attacks
 attacked through
unprotected ES
 malware

• Standardization in software
– Operating systems (e.g. Linux)
– Web browsers
• Platform design with software configurability  jail break, tuning
• Concentration of multiple functions (multicore)  separation risk
• Significant Know-How in ES
 product piracy
• Hacker = product owner
 hardware attacks

10


Threads in Cyber Physical Systems

Network and
Backgroud Systems

Attacks through
broken embedded systems

Attacks out of Cyberspace

Embedded System

BMBF-FKZ: 01IS13020

11


FUTURE SECURE
EMBEDDED SYSTEMS
12


Requirements for future secure embedded systems
1.
2.
3.
4.

Security for more than 10 years (target 30 years)
Secure machine to machine communication (M2M)
Protection of embedded systems against manipulation and misuse
Fulfillment of typical non functional requirements, i.e.:
– Real time behavior
– Resource limitations (cost, power)
5. Maintain security despite of increasing complexity
6. Protection of intellectual property
7. Secure software update during operation

13


Secure embedded system
M2M

other System on Chip

SIM
ID
Actuator

GSM
Trust
Core 1 OS Core 2

Core i
System on Chip

Core n

IO-interfaces

RAM

Flash

ID
Sensor

Peripherals

Hardware
Security
Module
14


Secure embedded system: Chip Identities
M2M


SIM
ID
Actuator

GSM
Trust
Core 1 OS Core 2

Core i
System on Chip

Core n

IO-interfaces

RAM

Flash

ID
Sensor

Peripherals

Hardware
Security
Module
15


IDs for Hardware
• Binding of components
– Authentication
– Integrity checking
• Piracy protection
– Encryption with derived keys
• Methods
– Physical Unclonable Functions
(PUF) : fingerprint of a chip
– Fuses (electric or laser)
– Flash memory

16


PUFs as security primitive

„Unique“
Physical Property

+

Measurement
Method

=

Authentication,
Key Generation

PUF
+

=

Physical
Unclonable
Function
17


Ring Oscillator PUF (Suh and Devadas, 2007) *

• Ring oscillator frequencies depend on manufacturing variations
• Two ROs are compared to obtain a response bit
* G. E. Suh and S. Devadas. Physical unclonable functions for device authentication and secret key
generation. Design Automation Conference, 2007. DAC ’07. 44th ACM/IEEE, pages 9–14, 2007.

18


SRAM PUF (Guajardo et al., 2007) *

• Symmetric circuit balance influenced by manufacturing variations
• SRAM cells show a random, but stable value after power-up
* J. Guajardo, S. S. Kumar, G. J. Schrijen, and P. Tuyls. FPGA intrinsic PUFs and their use for IP
protection. In CHES 2007, volume 4727 of LNCS, pages 63–80. Springer, 2007

19


Automotive ECUs today and in future
Microcontroller

Microcontroller

NVM

RAM

Code
key

CPU

Code

application

PUF
key

Embedded Flash
65nm √
40nm √
28nm ?
???

CPU

application

Flash
Encrypted Code/Data

Logic Process + external Flash
+ Shrinkable
+ Lower Cost
+ Higher Performance
20


Alternatives to PUF based key generation
Microcontroller
RAM

• Fuses
– Electrical
• Reliability: weak

Code

key

CPU

application

– Laser
• Size: very large
• Security: Easy to identify and modify

Flash
Encrypted Code/Data

• OTP (one time programmable memory)
– Cost: comparison with PUF technology open
– Security: memory cells easier to detect, extract and modify
– Programming of key during test increases test complexity

21


Reliability of PUFs
• Critical parameters:
– Temperature
– Voltage
– Ageing
• Countermeasures:
– Differential measurement
– Redundancy: Selection of reliable bits (1000 PUF Bits  100
Key Bits)
– Proper design: Design and design parameters must consider
the behavior of temperature and voltage variations as well as
ageing (as for any other circuit design)
22


Frequency behavior of an oscillator PUF
f

Osc 3
instable
Osc 4

f

Osc 1 good
Osc 2

f

Osc 5
Osc 6
-40°C

25°C

Critical:
uniqueness may
be compromised

150°C
23


State of the Art in error correction
Encoded Key Bits

PUF Bits:
- Reliable 1
- Reliable 0
- Unreliable

PUF Response
Block Borders
Helper Data
u =1
index of selected bit 1

u2=?

u3=3

• All error correctors work on fixed block structure:
e.g. IBS (Yu and Devadas, 2010 *)
• Goal: find one white and one black square in each block of four
• Helper data store the indices of selected bits
* M.-D. Yu and S. Devadas, Secure and robust error correction for physical unclonable functions,
IEEE Design & Test of Computers, vol. 27, no. 1, pp. 48-65, 2010

24


Differential Sequence Coding *
Encoded Key Bits
PUF Response
Helper Data
- distance
- inversion
•
•
•
•

No fixed block borders
Helper data store distance to next bit and an inversion indicator
Larger blocks of unreliable bits can be skipped
Most efficient error corrector scheme known to date

* M. Hiller, M. Weiner, L. Rodrigues Lima, M- Birkner and G. Sigl. Breaking through Fixed PUF
Block Limitations with Differential Sequence Coding and Convolutional Codes, TrustED, 2013

25


Components of a PUF key store
Challenge

Ci
•
•
•
•
•

Physical
System

Response

Error
Correction

S RCi E

Challenge:
Physical System:
Response:
Error Correction:
Hash Function:

Hash
Function

Helper Data
(Public)

Key

H K

Power-On for SRAM, Ring-Oscillator selection
SRAM, Ring-Oscillators
Stream of Bits
Using public helper data to increase reliability
Removes bias in the key bit distribution
26


Secure embedded system: Secure Elements
M2M


SIM
ID
Actuator

GSM
Trust
Core 1 OS Core 2

Core i
System on Chip

Core n

IO-interfaces

RAM

Flash

ID
Sensor

Peripherals

Hardware
Security
Module
27


Tasks of Secure Elements
•
•
•
•
•
•
•
•

Key storage
Asymmetric cryptography (signing and encryption)
Session key generation
Random number generation
Access right check
Integrity check
Attestation
Secure data storage

• Resistance against Hardware attacks!

28


Secure Element in a vehicle
• In BMBF Project SEIS (Sicherheit in eingebetteten IP-basierten
Systemen) AISEC integrated a Secure Element in a car.
Internet
Gateway

OEM
Server

Secure Element
29


Secure Element in Smart Meter
The BSI Protection Profile
requests a Secure Element in the
Smart Meter Gateway.

Secure
Element

Source: Protection Profile für das Gateway eines Smart Metering Systems; http://www.bsi.bund.de
30


Secure Smart Meter
• Java 3.0 Secure Element in Smart Meter
– All security functions enclosed
– Communication end point
• Gateway
– Memory (encrypted)
– Display
– Communication channels
• Advantages:
– High Security through Hardware
Secure Element
– Easier certification

31


Secure Elements in mobile phones
3 Secure Elements

• SIM

• Security Chip

• Secure SD Card

32


Secure embedded system: Secure Software
M2M


SIM
ID
Actuator

GSM
Trust
Core 1 OS Core 2

Core i
System on Chip

Core n

IO-interfaces

RAM

Flash

ID
Sensor

Peripherals

Hardware
Security
Module
33


Trusted OS

• Trusted execution environment in the system controller
• Virtualisiation for application separation
• Integration of a hardware secure elements as trust anchor
34


Trusted OS: Linux Containers (Trust|Me)
Idea: Sandboxed Android using container-based isolation
–

Remote device administration
–

–

Remote access using ssh and other Linux utilities

Storage
–
–

Transparent file encryption (device or file based)

–
–

Filesystem snapshots and recovery
File integrity protection using Linux Security Modules (LSM)

Network
–

–

Transparent tunneling using Virtual Private Networks (VPN)

Graphical User Interface (GUI)
–

Secure display (indicated by LED) and secure input (hardware buttons)

–

Secure PIN entry used to unlock SE in microSD card (key storage)
35


Thank You
georg.sigl@aisec.fraunhofer.de
sigl@tum.de

36

Secure Embedded Systems

More Related Content

What's hot

Viewers also liked

Similar to Secure Embedded Systems

Recently uploaded

Secure Embedded Systems