Embedded Systems Security Device Attacks

Transcription

1 Embedded Systems Security Device Attacks Embedded Parallel Computing Seminar, SS12 Viktor Vasilev and Amirfarzad Azidhak Högskolan Halmstad March 2, 2012

2 Embedded systems trends Embedded systems are growing in popularity due to: Technology improvements and seamless integration. Quality of life benefits for example medical devices, mobile communication and entertainment. Cost cuts due to automation in buildings, factories, etc. Mobile appliances have evolved very fast in the last years. They capture the whole identity and purchasing power of the owner. Up until recently there has been relatively low attention to security except for security- or mission-critical systems. Security is much needed: Anti-theft protection, identification. Access control in banking, media. Protection of intellectual property.

3 Security concerns Complexity and availability has been on the rise, raising security concerns. Constant pressure to lower device costs influence design, implementation and testing times. Aside from technical challenges, the human factor also plays a big role in securing a system. In respect to security, embedded designs are different from general purpose systems: They are resource constraint. They are easily physically accessible to the attacker.

4 Security considerations Embedded systems involve many layers of complexity making it impossible to have a single security abstraction layer that shields the whole design from attacks. Hardware Software Algorithms Communication Interaction

5 Device attacks Device attacks aim at accessing control functions. Embedded devices are subject to many restrictions which together contribute to their vulnerability to attacks: Low power. Limited computational power. Limited memory. Limited connectivity and communication rate. Used in untrusted environment. The system balances between the required security level and the available resources ( good enough security ).

6 Attack types Invasive and non-invasive attacks. Software Physical Code injection Exploiting algorithm weaknesses Availability attacks Micro-probing and reverse engineering Eavesdropping Component replacement Side-channel Time/Power analysis Fault behavior analysis

7 Software attacks Exploit security weaknesses in the device s protocols, algorithms and software implementations. Code injection Caused by processing invalid data. Can lead to arbitrary code execution. Exploiting algorithm weaknesses Especially effective against cryptographic algorithms (for example RC4, MD5 collisions) Availability attacks Denial-of-service Response time

8 Software defense Must be integrated in the software design cycle. In a perfect world security is present at all software development levels: requirements, design, architecture, code. Figure: Software design cycle [KLMR04] There is a risk of overly focusing on functionality and ignoring security. Networking enabled systems are especially vulnerable.

9 Case study: availability attacks Especially important in mission-critical and medical devices. Military, social-safety and vehicular systems. Implantable medical devices (IMD) such as defibrillators. Security can also cause trouble: override protection by medical personnel. Zero-power authentication used in IMDs to prevent unauthorized access. Harvest RF energy from external source to power a crypto protocol to authenticate requests. Defends against power drain.

10 Physical attacks Also called invasive, they use physical intrusion and manipulation to interfere with normal device function. Micro-probing/reverse engineering Direct access to the chip surface. Communication monitoring, manipulation and interference. Eavesdropping Signal processing and machine learning classifiers to detect and decode signals. Useful for devices that use vibration or sound for communication. Component replacement Instrumentation or interfacing with attacker controlled hardware.

11 Physical defense Can be expensive to perform, very difficult for modern chips, leave tamper evidence. Hard to counter, as they offer almost unlimited access to the chips. Tamper resistant hardware: Metal layers with sensors. Memory access protection. ASICs, FPGAs and custom ICs. Asynchronous designs, internal clocks.

12 Introduction Device attacks Tamper protection levels Figure: Source [Sko] Conclusion

13 Tamper protection levels cont d

14 Tamper protection levels cont d 2

15 Case study: Reverse engineering Understanding the function of a particular device allows to change its output and for example bypass security checks. Difficult to perform on modern chips.

16 Introduction Device attacks Case study: Reverse engineering cont d Data can possibly be extracted directly from the memory chip. I I NOR ROMs directly visible after top metal layer removal. VTROM bits exposed through selective etching. Conclusion

17 Case study: eavesdropping attacks Intercepting the communication between an Implantable Cardioverter Defibrillator (ICD) and a commercial programmer [HHBR + 08]. Uses easily accessible off-the-shelf technology: Hardware: Recording osciloscope and Universal Software Radio Peripheral. Software: Matlab, Perl, Python, C++, GNU Radio. Reverse engineering of the communication protocol. Obtain private patient data and history, intercept telemetry (ECG) data.

18 Introduction Device attacks Case study: eavesdropping attacks cont d Off-the-shelf equipment used in the attack. Conclusion

19 Side-channel attacks Involves observation of external device parameters to obtain information. Monitoring of analog power supply, interface connections and EM radiation. Time/Power analysis Variation in time duration or power consumption of computations causes information leakage. Fault behavior analysis Attacks the implementation, not the algorithm. Especially relevant in cryptography calculations.

20 Side-channel defense Prevent input/output correlation. Software solutions don t always work: (Obvious) adding random delays or quantizing function execution time make harder, but don t prevent time analysis. (Non-obvious) using non-trivial mathematical approaches may require patent licensing, non-intuitive. Additional hardware and sensors may be used to detect computation glitches.

21 Case study: Power analysis Differential power analysis used to determine secret keys from complex noisy power consumption measurements. Figure: Power consumption traces during an attack [KLMR04]

22 Case study: Fault behavior analysis Optical fault injection attack. Uses a laser attached to a microscope to induce faults into device operation. Control board controls laser pulses. Doesn t scale down to individual transistors, but works with chips down to 90nm technology. Figure: Test board, setup and control board [KLMR04]

23 Take-away message and conclusion Absolute protection can not be achieved. Embedded systems have unique constraints: power, computation, memory, communication. Fundamental trade-off between security, usability and cost. Attacks are evolving and becoming more complicated and frequent; defense research and development must keep up.

24 The end Thank you!

25 Bibliography I Wolfgang Granzer, Fritz Praus, and Wolfgang Kastner. Security in Building Automation Systems. IEEE Transactions on Industrial Electronics, 57(11): , November D. Halperin, T.S. Heydt-Benjamin, B. Ransford, S.S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, and W.H. Maisel. Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses. In Security and Privacy, SP IEEE Symposium on, pages , may 2008.

26 Bibliography II Paul Kocher, Ruby Lee, Gary McGraw, and Anand Raghunathan. Security as a new dimension in embedded system design. In Proceedings of the 41st annual Design Automation Conference, DAC 04, pages , New York, NY, USA, ACM. Moderator-Ravi, Srivaths. Srivaths Ravi, Anand Raghunathan, Paul Kocher, and Sunil Hattangady. Security in embedded systems: Design challenges. ACM Trans. Embed. Comput. Syst., 3: , August Dr Sergei Skorobogato. Physical attacks on tamper resistance: Progress and lessons.

27 Bibliography III