Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge

Transcription

1 Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge Mitgliederversammlung EIKON e.v. 26. Februar 2014 Prof. Dr.-Ing. Georg Sigl Lehrstuhl für Sicherheit in der Informationstechnik Technische Universität München Fraunhofer Institut für Angewandte und Integrierte Sicherheit AISEC

2 Content Attack examples on embedded systems Future secure embedded systems Testing embedded systems security Security research in Munich 2

3 ATTACKS ON EMBEDDED SYSTEMS 3

4 FUTURE SECURE EMBEDDED SYSTEMS 12

5 Requirements for future secure embedded systems 1. Security for more than 10 years (target 30 years) 2. Secure machine to machine communication (M2M) 3. Protection of embedded systems against manipulation and misuse 4. Fulfillment of typical non functional requirements, i.e.: Real time behavior Resource limitations (cost, power) 5. Maintain security despite increasing complexity 6. Protection of intellectual property 7. Secure software update during operation 13

6 Secure embedded system M2M SIM GSM other System on Chip ID Actuator ID Sensor Trust Core 1 OS Core 2 IO-interfaces Peripherals Core i Core n RAM Flash System on Chip Hardware Security Module 14

7 Secure embedded system: Chip Identities M2M SIM other System on Chip GSM ID Actuator ID Sensor Trust Core 1 OS Core 2 IO-interfaces Peripherals Core i Core n RAM Flash System on Chip Hardware Security Module 15

8 IDs for Hardware Binding of components Authentication Integrity checking Piracy protection Encryption with derived keys Methods Physical Unclonable Functions (PUF) : fingerprint of a chip Fuses (electric or laser) Flash memory 16

9 PUFs as security primitive Unique Physical Property + Measurement = Method Authentication, Key Generation + = PUF Physical Unclonable Function 17

10 Ring Oscillator PUF (Suh and Devadas, 2007) * Ring oscillator frequencies depend on manufacturing variations Two ROs are compared to obtain a response bit * G. E. Suh and S. Devadas. Physical unclonable functions for device authentication and secret key generation. Design Automation Conference, DAC th ACM/IEEE, pages 9 14,

11 SRAM PUF (Guajardo et al., 2007) * Symmetric circuit balance influenced by manufacturing variations SRAM cells show a random, but stable value after power-up * J. Guajardo, S. S. Kumar, G. J. Schrijen, and P. Tuyls. FPGA intrinsic PUFs and their use for IP protection. In CHES 2007, volume 4727 of LNCS, pages Springer,

12 Automotive ECUs today and in future Microcontroller Microcontroller NVM Code CPU RAM Code CPU key application PUF key application Embedded Flash 65nm 40nm 28nm???? Flash Encrypted Code/Data Logic Process + external Flash + Shrinkable + Lower Cost + Higher Performance 20

13 Alternatives to PUF based key generation Fuses Electrical Reliability: weak key application Laser Size: very large Security: Easy to identify and modify OTP (one time programmable memory) Cost: comparison with PUF technology open Microcontroller RAM Code Security: memory cells easier to detect, extract and modify Programming of key during test increases test complexity CPU Flash Encrypted Code/Data 21

14 Reliability of PUFs Critical parameters: Temperature Voltage Ageing Countermeasures: Differential measurement Redundancy: Selection of reliable bits (1000 PUF Bits 100 Key Bits) Proper design: Design and design parameters must consider the behavior of temperature and voltage variations as well as ageing (as for any other circuit design) 22

15 Frequency behavior of an oscillator PUF f f Osc 3 Osc 4 instable f Osc 1 Osc 2 good -40 C 25 C 150 C Osc 5 Osc 6 Critical: uniqueness may be compromised 23

16 State of the Art in error correction Encoded Key Bits PUF Response Block Borders PUF Bits: - Reliable 1 - Reliable 0 - Unreliable Helper Data index of selected bit u 1=1 u 2 =? u 3 =3 All error correctors work on fixed block structure: e.g. IBS (Yu and Devadas, 2010 *) Goal: find one white and one black square in each block of four Helper data store the indices of selected bits * M.-D. Yu and S. Devadas, Secure and robust error correction for physical unclonable functions, IEEE Design & Test of Computers, vol. 27, no. 1, pp ,

17 Differential Sequence Coding * Encoded Key Bits PUF Response Helper Data - distance - inversion No fixed block borders Helper data store distance to next bit and an inversion indicator Larger blocks of unreliable bits can be skipped Most efficient error corrector scheme known to date * M. Hiller, M. Weiner, L. Rodrigues Lima, M- Birkner and G. Sigl. Breaking through Fixed PUF Block Limitations with Differential Sequence Coding and Convolutional Codes, TrustED,

18 Secure embedded system: Secure Elements M2M SIM other System on Chip GSM ID Actuator ID Sensor Trust Core 1 OS Core 2 IO-interfaces Peripherals Core i Core n RAM Flash System on Chip Hardware Security Module 27

19 Tasks of Secure Elements Key storage Asymmetric cryptography (signing and encryption) Session key generation Random number generation Access right check Integrity check Attestation Secure data storage Resistance against Hardware attacks! 28

20 Secure Element in a vehicle In BMBF Project SEIS (Sicherheit in eingebetteten IP-basierten Systemen) AISEC integrated a Secure Element in a car. Internet Gateway OEM Server Secure Element 29

21 Secure Element in Smart Meter The BSI Protection Profile requests a Secure Element in the Smart Meter Gateway. Secure Element Source: Protection Profile für das Gateway eines Smart Metering Systems; 30

22 Secure Elements in mobile phones 3 Secure Elements SIM Security Chip Secure SD Card 32

23 TESTING EMBEDDED SYSTEMS SECURITY 36

24 AISEC Labs to test security of systems! Hardware GSM Embedded NFC, Mobile App Test 37

25 Attacks on PUF based key generation All PUFs are vulnerable to HW attacks: Probing/Forcing Fault Attacks Side Channel Attacks Attacking the physical system (ring oscillators frequencies) D. Merli, J. Heyszl, B. Heinz, D. Schuster, F. Stumpf, and G. Sigl. Localized Electromagnetic Analysis of RO PUFs. In Proceedings of Int. Symposium on Hardware-Oriented Security and Trust (HOST), June IEEE. Attacking the key extraction process D. Merli, D. Schuster, F. Stumpf, and G. Sigl. Semi-invasive EM attack on FPGA RO PUFs and countermeasures. In 6th Workshop on Embedded Systems Security (WESS 2011), Taipei, Taiwan, October ACM. D. Merli, F. Stumpf, and G. Sigl. Protecting PUF error correction by codeword masking. Cryptology eprint Archive, Report 2013/334,

26 Ring Oscillator PUF (Suh and Devadas, 2007) * Ring oscillator frequencies depend on manufacturing variations Two ROs are compared to obtain a response bit * G. E. Suh and S. Devadas. Physical unclonable functions for device authentication and secret key generation. Design Automation Conference, DAC th ACM/IEEE, pages 9 14,

27 RO PUF, EM Side-Channel Attack (Merli et al., 2011)* RO frequencies around 100 MHz Identification of RO PUF frequencies through EM side-channel * D. Merli, D. Schuster, F. Stumpf, and G. Sigl. Semi-invasive EM attack on FPGA RO PUFs and countermeasures. In 6th Workshop on Embedded Systems Security (WESS 2011), Taipei, Taiwan, October ACM. 40

28 RO PUF, EM Side-Channel Attack (Merli et al., 2011)* RO_1 RO_2 RO_2 RO_3 RO PUF modelling by EM side-channel of frequency comparisons * D. Merli, D. Schuster, F. Stumpf, and G. Sigl. Semi-invasive EM attack on FPGA RO PUFs and countermeasures. In 6th Workshop on Embedded Systems Security (WESS 2011), Taipei, Taiwan, October ACM. 41

29 Side Channel Analysis: Electromagnetic Analysis 42

30 RO PUF, Localized EM Analysis (Merli et al., 2013)* Separation of Ring Oscillator PUF measurement components possible by EM analysis RO frequency measurement can be observed step by step Full PUF model can be extracted * D. Merli, J. Heyszl, B. Heinz, D. Schuster, F. Stumpf, and G. Sigl. Localized Electromagnetic Analysis of RO PUFs. In Proceedings of Int. Symposium on Hardware-Oriented Security and Trust (HOST), June IEEE. 43

31 Security Research in Munich Industry Fraunhofer Institute for Applied and Integrated Security Claudia Eckert Georg Sigl Industry ~3000 Students TU München Electrical Engineering Georg Sigl TU München Computer Science Claudia Eckert ~3000 Students 46

32 AISEC KEY FIGURES Employees: 2013: current status: > 90 Plans for further growth 2014 > > 150 Financing (Fraunhofer Model) Up to 30% state directly, 70% 3 rd party research projects Fraunhofer

33 AISEC Fields of Expertise Embedded Security Trusted platforms (HW/SW-Co-Design) Hardware Security HSMs, Side-channel, EMA-, Fault-Analysis Product- and Know-How-Protection PUF-solutions, smart materials, Firmware-Protection Mobile Security Trusted BYOD, App-Analysis Tool, Automotive-Sec. IP-based Networks Cloud-Networking, Secure Multi-Party Computation Digital Identity Attribute based IDs, Object-IDs, Web-IDs Fraunhofer

34 Thank You 51