Comprehensive Security for Internet-of-Things Devices With ARM TrustZone Howard Williams mentor.com/embedded
Internet-of-Things Trends The world is more connected IoT devices are smarter and more complex Widespread use of Open Source Software Exposure via many connectivity options increases attack surfaces and jeopardizes reliable system function. Highly integrated systems need separation and protection of the sensitive data. Ecosystems of applications offer consumer demanded experiences. Open standards increase adoption of technology. Separation, Security and Performance are increasingly important for the embedded devices driven to a large extent by the Intelligent and Open Devices in the Internet of Things world
Defining Internet-of-Things Devices Standalone For purpose built device without network connection Connected Networked device with limited capabilities and one way access Managed Monitor Configure Update
Securing Internet-of-Things Devices Data at Rest: when device is off, how is it protected Anti-tampering, encrypted files and databases, trusted boot Data in Use: while generated or processed Obfuscation, chain of trust, attestation, ADRNG, TrustZone, MMU based protection methods, user privileges and secure file systems Data in transit: as it leaves the device Encryption, tunneling protocols, VPN, SSL, IKE/IPSEC, denial of service, firewall
How much security is enough? Economic Security: approach to allow for a cost effective security enhancement Identify level of protection Define adequate level of security Describe countermeasures against weakness Focus on cost-efficient realization Build upon existing processes Engineering Leadership and Business Managers could be confused about the technology and standards, but they care about: Optimal security level at affordable cost!
When to address device security? Securing IoT device is not just a matter of selecting the right processor and software, one has to be concerned with many aspects of device lifecycle! Design Destruction or disposal Production Operation & Maintenance Deployment
When to address device security? Data needs to be protected at rest, use and transit during all phases! Cryptography Security! Design Destruction or disposal Production Operation & Maintenance Deployment
Important Security Terms Secure by Default is one of the principles of CLASP (Comprehensive, Lightweight Application Security Process) which provides a well-organized and structured approach for moving security concerns into the early stages of the software development lifecycle, whenever possible. CVE International in scope and free for public use, CVE is a dictionary of publicly known information security vulnerabilities and exposures. CVE s common identifiers enable data exchange between security products and provide a baseline index point for evaluating coverage of tools and services. US-CERT is part of DHS' National Cyber-security and Communications Integration Center (NCCIC). Computer Emergency Readiness Team (US-CERT) leads efforts to improve the nation's cyber-security posture, coordinate cyber information sharing, and proactively manage cyber risks while protecting the constitutional rights of Americans.
Important Security Terms Security Development Lifecycle (SDL) is a software development process that helps developers build more secure software and address security compliance requirements while reducing development cost.
Identifying vulnerabilities Categories of Attacks 1 Account lockout attack 36 Inyección SQL 2 Asymmetric resource consumption (amplification) 37 LDAP injection 3 Binary planting 38 Man-in-the-browser attack 1 7 Abuse of Functionality 4 Blind SQL Injection Types 39 Man-in-the-middle of Attacks attack 2 5 3Data Blind XPath Structure Injection Attacks 40 Mobile code: invoking untrusted mobile code 6 Brute force attack 41 Mobile code: non-final public field 3 4Embedded Malicious Code 1 Access Attacks 7 Buffer overflow attack 42 Mobile code: object hijack 4 8 9Exploitation Cache Poisoning of Authentication 43 One-Click Attack 2 Modification Attacks 9 Cash Overflow 44 Overflow Binary Resource File 5 26Injection 10 Code Injection 45 Page Hijacking 3 Repudiation Attacks 6 11 1Command Path Injection Traversal Attack 46 Parameter Delimiter 12 Comment Injection Attack 47 Path Manipulation 7 4 Probabilistic Techniques 4 Denial of Service Attacks 13 Content Security Policy 48 Path Traversal 8 14 3Content Protocol SpoofingManipulation 49 Reflected DOM Injection 5 Information Theft 15 CORS OriginHeaderScrutiny 50 Regular expression Denial of Service - ReDoS 9 3 Resource Depletion 16 CORS RequestPreflighScrutiny 51 Relative Path Traversal 10 1710Resource Cross Frame Scripting Manipulation 52 Repudiation Attack Embedded Device Attack Vectors 18 Cross Site History Manipulation (XSHM) 53 Resource Injection 11 Sniffing Attacks 19 Cross Site Tracing 54 Server-Side Includes (SSI) Injection Loading valid software on unauthorized device 12 20 4Cross-Site Spoofing Request Forgery (CSRF) 55 Session fixation 21 Cross-site Scripting (XSS) Hacking the boot process 56 Session to load hijacking unauthorized attack OS + App 22 Cross-User Defacement 57 Session Prediction Hacking the device by 23 Cryptanalysis 58 loading Setting Manipulation unautharised App 24 CSRF 59 Special Element Injection Taking over the device to access data at rest 25 Custom Special Character Injection 60 Spyware 26 Denial of Service Intercepting communications 61 SQL Injection to access data in transit 27 Direct Dynamic Code Evaluation ('Eval Injection') 62 Traffic flood 28 Direct Static Code Injection Uploading malware to 63 prevent Trojan Horse device from operating 29 Double Encoding 64 Unicode Encoding 30 Execution After Redirect (EAR) 65 Web Parameter Tampering 31 Forced browsing Preventing user, device 66 Windows or service ::DATA authentication alternate data stream 32 Format string attack 67 XPATH Injection 33 Full Path Disclosure 68 XPATH Injection Java 34 HTTP Request Smuggling 69 XSRF 35 HTTP Response Splitting total 74 Subjecting device to denial of service attacks to affect its operation
Root of Trust Device Hardware to Boot Boot to OS OS to Application Execution Authorized Access Prevent untrusted boot Prevent untrusted OS from launching Prevent untrusted Application from executing Prevent attacks Establishing Hardware and Software Chain of Trust from the root HARDWARE! Before loading any software, ask: Did it come from the OEM? Has it been tampered with? Hardware should be used for: Crypto Key Storage Signature Generation, Comparison Signature Storage Loading OS and
Security via ARM TrustZone ARM TrustZone can be thought of as a hardware-based solution that can be used to define a subset of the SoC for access by software. Software that is designated as Secure World software has access to ALL of the SoC, while software that is designated as Normal World can access only those HW elements that are defined as Non-Secure.
Security via ARM TrustZone ARM TrustZone can be thought of as a hardware-based solution that can be used to define a subset of the SoC for access by software. Software that is designated as Secure World software has access to ALL of the SoC, while software that is designated as Normal World can access only those HW elements that are defined as Non-Secure. S S
Security via ARM TrustZone ARM TrustZone can be thought of as a hardware-based solution that can be used to define a subset of the SoC for access by software. Software that is designated as Secure World software has access to ALL of the SoC, while software that is designated as Normal World can access only those HW elements that are defined as Non-Secure. S S
Security via ARM TrustZone ARM TrustZone can be thought of as a hardware-based solution that can be used to define a subset of the SoC for access by software. Software that is designated as Secure World software has access to ALL of the SoC, while software that is designated as Normal World can access only those HW elements that are defined as Non-Secure. S S
ARM TrustZone worlds ARM TrustZone can be thought of as a hardware-based solution that can be used to define a subset of the SoC for access by software. Software that is designated as Secure World software has access to ALL of the SoC, while software that is designated as Normal World can access only those HW elements that are defined as Non-Secure. Normal World applications is assumed to be flawed from a safety and security perspective. This software is expected to contain bugs, exploits, hacks, faults, or irregularities that could expose sensitive information or functions. Secure World applications have complete access to the hardware and resources that are associated with both worlds. TrustZone does nothing to improve the safety or security of the Trusted software itself which must be explicitly tested and independently validated.
ARM TrustZone & Multicore ARM TrustZone can be thought of as a hardware-based solution that can be used to define a subset of the SoC for access by software. Software that is designated as Secure World software has access to ALL of the SoC, while software that is designated as Normal World can access only those HW elements that are defined as Non-Secure. TrustZone without Virtualization can not separate and secure multiple operating systems running on multicore silicon! Secure World run on each core Secure World run on dedicated core
Security via Virtualization Embedded hypervisors High performance, e.g. runtime and boot time App App Strong isolation Linux RTOS BME Highly robust Mem vcpu vdev vcpu Mem Dev vcpu Mem Dev vcpu Hypervisor Security Hypervisor Strong isolation and containment of guests CPU CPU Secure critical information and software Devices Memory Consolidation and Widespread use of open source software Embedded Linux gaining widespread adoption System robustness allowed by separation IP protection provided through system partitioning
Virtualization benefits Security and Robustness Isolation of critical software from the rest of the code and reducing the burden of testing and re-certification Licensing and IP Separation Partitioning of the software with incompatible licensing terms and protecting of proprietary IP from open source licensing terms Software Reuse Upgrade path from an RTOS based device to the one that incorporate Linux, allowing to leverage Linux software ecosystem while preserving legacy investment Real Time Performance Devices that take advantage of Linux ecosystem and wealth of existing functionality could benefit from real time responsiveness of BM guest Fast Startup Starting VMs in a particular order would help with staged boot process
Virtualization and ARM TrustZone User Mode Kernel Mode Normal World Guest kernel & drivers Guest kernel & drivers Hypervisor Cortex-A9 core(s) Secure World Secure TEE Combining Virtualization with ARM TrustZone hardware enabled capabilities present in Cortex -A9 and Cortex -A15 cores creates secure and robust application environment. Normal World Secure World Normal World Secure World User Mode Guest kernel & drivers Guest kernel & drivers Secure User Mode Kernel Mode Guest kernel & drivers Guest kernel & drivers Secure Kernel Mode Hypervisor TEE HYP Mode Hypervisor TEE Cortex-A9 core(s) Cortex-A15 core(s)
Virtualization and ARM TrustZone User Mode Kernel Mode Normal World Guest kernel & drivers Guest kernel & drivers Secure World Secure TEE SEL0 SEL1 Combining Virtualization with ARM TrustZone hardware enabled capabilities present in Cortex -A9 and Cortex -A15 cores creates secure and robust application environment. HYP Mode Hypervisor ARM Trusted Firmware Cortex-A53 core(s) SEL3 When using ARMv8-A devices such as A53 or A57, a starting point should be ARM Trusted Firmware. It runs in the new Secure EL3 mode and provides low level 64-bit Secure World code such as SMC Calling convention, Power State Coordination Interface and other low level functions.
Virtualization and ARM TrustZone App App DRM App App DRM Linux RTOS Encryption Linux RTOS Encryption Mem Dev Mem Dev Secure Boot Mem Dev Mem Dev Secure Boot vcpu vcpu Key Mgmt vcpu vcpu Key Mgmt Hypervisor Hypervisor CPU CPU CPU CPU CPU CPU CPU CPU Devices Memory Devices Memory Device A Device B Memory Memory Device A Device B Memory Memory Normal World Secure World
Normal and Secure World interaction Normal World Shared Memory Secure World Guest 0 Guest 1 Linux App Linux App Requiring Secure World Support Linux App Linux App Requiring Secure World Support Secure App 1 Secure App 2 Secure App 3 TEE Client API TEE Client API Linux Kernel TrustZone Kernel Module Linux Kernel TrustZone Kernel Module Dispatcher TEE Internal API Scheduler IRQ FIQ Monitor FIQ IRQ Hypervisor Multicore ARM SOC with TrustZone Technology Devices Cores Memory Device A Device B Memory Memory User Space Kernel Space Hypervisor Space
The World of IoT
The World of IoT The is no silver bullet or one single button to push to adequately protect an embedded device! Consider using ARM TrustZone and Embedded Virtualization to make your design reliable and secure!