Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge Mitgliederversammlung EIKON e.v. 26. Februar 2014 Prof. Dr.-Ing. Georg Sigl Lehrstuhl für Sicherheit in der Informationstechnik Technische Universität München Fraunhofer Institut für Angewandte und Integrierte Sicherheit AISEC
Content Attack examples on embedded systems Future secure embedded systems Testing embedded systems security Security research in Munich 2
ATTACKS ON EMBEDDED SYSTEMS 3
FUTURE SECURE EMBEDDED SYSTEMS 12
Requirements for future secure embedded systems 1. Security for more than 10 years (target 30 years) 2. Secure machine to machine communication (M2M) 3. Protection of embedded systems against manipulation and misuse 4. Fulfillment of typical non functional requirements, i.e.: Real time behavior Resource limitations (cost, power) 5. Maintain security despite increasing complexity 6. Protection of intellectual property 7. Secure software update during operation 13
Secure embedded system M2M SIM GSM other System on Chip ID Actuator ID Sensor Trust Core 1 OS Core 2 IO-interfaces Peripherals Core i Core n RAM Flash System on Chip Hardware Security Module 14
Secure embedded system: Chip Identities M2M SIM other System on Chip GSM ID Actuator ID Sensor Trust Core 1 OS Core 2 IO-interfaces Peripherals Core i Core n RAM Flash System on Chip Hardware Security Module 15
IDs for Hardware Binding of components Authentication Integrity checking Piracy protection Encryption with derived keys Methods Physical Unclonable Functions (PUF) : fingerprint of a chip Fuses (electric or laser) Flash memory 16
PUFs as security primitive Unique Physical Property + Measurement = Method Authentication, Key Generation + = PUF Physical Unclonable Function 17
Ring Oscillator PUF (Suh and Devadas, 2007) * Ring oscillator frequencies depend on manufacturing variations Two ROs are compared to obtain a response bit * G. E. Suh and S. Devadas. Physical unclonable functions for device authentication and secret key generation. Design Automation Conference, 2007. DAC 07. 44th ACM/IEEE, pages 9 14, 2007. 18
SRAM PUF (Guajardo et al., 2007) * Symmetric circuit balance influenced by manufacturing variations SRAM cells show a random, but stable value after power-up * J. Guajardo, S. S. Kumar, G. J. Schrijen, and P. Tuyls. FPGA intrinsic PUFs and their use for IP protection. In CHES 2007, volume 4727 of LNCS, pages 63 80. Springer, 2007 19
Automotive ECUs today and in future Microcontroller Microcontroller NVM Code CPU RAM Code CPU key application PUF key application Embedded Flash 65nm 40nm 28nm???? Flash Encrypted Code/Data Logic Process + external Flash + Shrinkable + Lower Cost + Higher Performance 20
Alternatives to PUF based key generation Fuses Electrical Reliability: weak key application Laser Size: very large Security: Easy to identify and modify OTP (one time programmable memory) Cost: comparison with PUF technology open Microcontroller RAM Code Security: memory cells easier to detect, extract and modify Programming of key during test increases test complexity CPU Flash Encrypted Code/Data 21
Reliability of PUFs Critical parameters: Temperature Voltage Ageing Countermeasures: Differential measurement Redundancy: Selection of reliable bits (1000 PUF Bits 100 Key Bits) Proper design: Design and design parameters must consider the behavior of temperature and voltage variations as well as ageing (as for any other circuit design) 22
Frequency behavior of an oscillator PUF f f Osc 3 Osc 4 instable f Osc 1 Osc 2 good -40 C 25 C 150 C Osc 5 Osc 6 Critical: uniqueness may be compromised 23
State of the Art in error correction Encoded Key Bits PUF Response Block Borders PUF Bits: - Reliable 1 - Reliable 0 - Unreliable Helper Data index of selected bit u 1=1 u 2 =? u 3 =3 All error correctors work on fixed block structure: e.g. IBS (Yu and Devadas, 2010 *) Goal: find one white and one black square in each block of four Helper data store the indices of selected bits * M.-D. Yu and S. Devadas, Secure and robust error correction for physical unclonable functions, IEEE Design & Test of Computers, vol. 27, no. 1, pp. 48-65, 2010 24
Differential Sequence Coding * Encoded Key Bits PUF Response Helper Data - distance - inversion No fixed block borders Helper data store distance to next bit and an inversion indicator Larger blocks of unreliable bits can be skipped Most efficient error corrector scheme known to date * M. Hiller, M. Weiner, L. Rodrigues Lima, M- Birkner and G. Sigl. Breaking through Fixed PUF Block Limitations with Differential Sequence Coding and Convolutional Codes, TrustED, 2013 25
Secure embedded system: Secure Elements M2M SIM other System on Chip GSM ID Actuator ID Sensor Trust Core 1 OS Core 2 IO-interfaces Peripherals Core i Core n RAM Flash System on Chip Hardware Security Module 27
Tasks of Secure Elements Key storage Asymmetric cryptography (signing and encryption) Session key generation Random number generation Access right check Integrity check Attestation Secure data storage Resistance against Hardware attacks! 28
Secure Element in a vehicle In BMBF Project SEIS (Sicherheit in eingebetteten IP-basierten Systemen) AISEC integrated a Secure Element in a car. Internet Gateway OEM Server Secure Element 29
Secure Element in Smart Meter The BSI Protection Profile requests a Secure Element in the Smart Meter Gateway. Secure Element Source: Protection Profile für das Gateway eines Smart Metering Systems; http://www.bsi.bund.de 30
Secure Elements in mobile phones 3 Secure Elements SIM Security Chip Secure SD Card 32
TESTING EMBEDDED SYSTEMS SECURITY 36
AISEC Labs to test security of systems! Hardware GSM Embedded NFC, Mobile App Test 37
Attacks on PUF based key generation All PUFs are vulnerable to HW attacks: Probing/Forcing Fault Attacks Side Channel Attacks Attacking the physical system (ring oscillators frequencies) D. Merli, J. Heyszl, B. Heinz, D. Schuster, F. Stumpf, and G. Sigl. Localized Electromagnetic Analysis of RO PUFs. In Proceedings of Int. Symposium on Hardware-Oriented Security and Trust (HOST), June 2013. IEEE. Attacking the key extraction process D. Merli, D. Schuster, F. Stumpf, and G. Sigl. Semi-invasive EM attack on FPGA RO PUFs and countermeasures. In 6th Workshop on Embedded Systems Security (WESS 2011), Taipei, Taiwan, October 2011. ACM. D. Merli, F. Stumpf, and G. Sigl. Protecting PUF error correction by codeword masking. Cryptology eprint Archive, Report 2013/334, 2013. 38
Ring Oscillator PUF (Suh and Devadas, 2007) * Ring oscillator frequencies depend on manufacturing variations Two ROs are compared to obtain a response bit * G. E. Suh and S. Devadas. Physical unclonable functions for device authentication and secret key generation. Design Automation Conference, 2007. DAC 07. 44th ACM/IEEE, pages 9 14, 2007. 39
RO PUF, EM Side-Channel Attack (Merli et al., 2011)* RO frequencies around 100 MHz Identification of RO PUF frequencies through EM side-channel * D. Merli, D. Schuster, F. Stumpf, and G. Sigl. Semi-invasive EM attack on FPGA RO PUFs and countermeasures. In 6th Workshop on Embedded Systems Security (WESS 2011), Taipei, Taiwan, October 2011. ACM. 40
RO PUF, EM Side-Channel Attack (Merli et al., 2011)* RO_1 RO_2 RO_2 RO_3 RO PUF modelling by EM side-channel of frequency comparisons * D. Merli, D. Schuster, F. Stumpf, and G. Sigl. Semi-invasive EM attack on FPGA RO PUFs and countermeasures. In 6th Workshop on Embedded Systems Security (WESS 2011), Taipei, Taiwan, October 2011. ACM. 41
Side Channel Analysis: Electromagnetic Analysis 42
RO PUF, Localized EM Analysis (Merli et al., 2013)* Separation of Ring Oscillator PUF measurement components possible by EM analysis RO frequency measurement can be observed step by step Full PUF model can be extracted * D. Merli, J. Heyszl, B. Heinz, D. Schuster, F. Stumpf, and G. Sigl. Localized Electromagnetic Analysis of RO PUFs. In Proceedings of Int. Symposium on Hardware-Oriented Security and Trust (HOST), June 2013. IEEE. 43
Security Research in Munich Industry Fraunhofer Institute for Applied and Integrated Security Claudia Eckert Georg Sigl Industry ~3000 Students TU München Electrical Engineering Georg Sigl TU München Computer Science Claudia Eckert ~3000 Students 46
AISEC KEY FIGURES Employees: 2013: current status: > 90 Plans for further growth 2014 > 110 2015 > 150 Financing (Fraunhofer Model) Up to 30% state directly, 70% 3 rd party research projects Fraunhofer
AISEC Fields of Expertise Embedded Security Trusted platforms (HW/SW-Co-Design) Hardware Security HSMs, Side-channel, EMA-, Fault-Analysis Product- and Know-How-Protection PUF-solutions, smart materials, Firmware-Protection Mobile Security Trusted BYOD, App-Analysis Tool, Automotive-Sec. IP-based Networks Cloud-Networking, Secure Multi-Party Computation Digital Identity Attribute based IDs, Object-IDs, Web-IDs Fraunhofer
Thank You georg.sigl@aisec.fraunhofer.de sigl@tum.de 51