Pervasive Computing und. Informationssicherheit



Similar documents
Side Channel Analysis and Embedded Systems Impact and Countermeasures

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

Patterns for Secure Boot and Secure Storage in Computer Systems

CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS

Hardware Security Modules for Protecting Embedded Systems

Today. Important From Last Time. Old Joke. Computer Security. Embedded Security. Trusted Computing Base

PUF Physical Unclonable Functions

Secure USB Flash Drive. Biometric & Professional Drives

Embedded Java & Secure Element for high security in IoT systems

M-Shield mobile security technology

WHITE PAPER Security in M2M Communication What is secure enough?

Automotive and Industrial Data Security

Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge

Security in ST : From Company to Products

Embedding Trust into Cars Secure Software Delivery and Installation

Introduction to Information Security

What is Really Needed to Secure the Internet of Things?

Qiong Liu, Reihaneh Safavi Naini and Nicholas Paul Sheppard Australasian Information Security Workshop Presented by An In seok

Lightweight Cryptography From an Engineers Perspective

The Reduced Address Space (RAS) for Application Memory Authentication

Windows 7. Qing Liu Michael Stevens

End-to-End Security in Wireless Sensor Networks (WSNs) Talk by Claudio Anliker Supervised by Dr. Corinna Schmitt University of Zurich

ADVANCED IC REVERSE ENGINEERING TECHNIQUES: IN DEPTH ANALYSIS OF A MODERN SMART CARD. Olivier THOMAS Blackhat USA 2015

Working Together Managing and Securing Enterprise Mobility WHITE PAPER. Larry Klimczyk Digital Defence P:

Guidelines on use of encryption to protect person identifiable and sensitive information

MovieLabs Specification for Enhanced Content Protection Version 1.0

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Triathlon of Lightweight Block Ciphers for the Internet of Things

Chapter 1: Introduction

Embedded Security for Modern Building Automation Systems

Problems of Security in Ad Hoc Sensor Network

Industry 4.0: Cyber-Security Challenges on the Horizon

e-code Academy Information Security Diploma Training Discerption

Secure Data Exchange Solution

Risk Management in the Development Process A Progress Report

DIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES

Industrie 4.0. Towards a Holistic Approach for Cyber Safety and Security

Vehicular Security Hardware The Security for Vehicular Security Mechanisms

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

CryptoFirewall Technology Introduction

Hacking Risks for Satellites

Avira System Speedup Release Information

System Security Solutions for the connected world.

Security Characteristics of Cryptographic Mobility Solutions

CPSC 467b: Cryptography and Computer Security

Security in the Age of Nanocomputing. Hacking Devices

Embedded Software development Process and Tools: Lesson-3 Host and Target Machines

OMAP platform security features

Penetration Testing Windows Vista TM BitLocker TM

Loophole+ with Ethical Hacking and Penetration Testing

Wireless Sensor Network Security. Seth A. Hellbusch CMPE 257

SoC: Security-on-chip!

Horst Görtz Institute for IT-Security

TPM Key Backup and Recovery. For Trusted Platforms

Network Security in Building Networks

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

Reviving smart card analysis

Thanks, But No Thanks

RFID Security. April 10, Martin Dam Pedersen Department of Mathematics and Computer Science University Of Southern Denmark

ERserver. iseries. Secure Sockets Layer (SSL)

Software Piracy Overview of Anti-Tampering Technologies. Scott Baeder Sr. Architect Cadence Design Systems

Enforcing Regional DRM for Multimedia Broadcasts with and without Trusted Computing

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, Developed by: Smart Card Alliance Identity Council

Introducing etoken. What is etoken?

EECS 588: Computer and Network Security. Introduction

Enova X-Wall XO Frequently Asked Questions--FAQs

ACER ProShield. Table of Contents

Secure Hardware PV018 Masaryk University Faculty of Informatics

File System Encryption with Integrated User Management

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Right-Sizing M2M Security: The Best Security is Security Tailored to Your Application

EECS 588: Computer and Network Security. Introduction January 14, 2014

Excerpt of Cyber Security Policy/Standard S Information Security Standards

Introduction to BitLocker FVE

Microsemi Security Center of Excellence

Paradigmenw echsel in der IT-Sicherheit Sicherheit vor Malw are-angriffen und Datenspionage

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

Second year review WP2 overview SW-based Method. Trento - October 17th, 2008

Network Security - ISA 656 Security

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Security Principles. Related to. Handset Theft

Securing Host Operations with a Dedicated Cryptographic IC - CryptoCompanion

True Identity solution

Countering the Threat to the Digital Lifestyle

Threat Modeling. Frank Piessens ) KATHOLIEKE UNIVERSITEIT LEUVEN

Lecture 1. Introduction to Embedded Computer Systems

Frontiers in Cyber Security: Beyond the OS

Gnuk A Free Software USB Token Implementation Niibe Yutaka <gniibe@fsij.org>

USB Portable Storage Device: Security Problem Definition Summary

Service Broker based Interaction of Mobile Apps with Truck Scales for Biogas Plants

Digital Rights Management Demonstrator

PrivyLink Cryptographic Key Server *

OdysseyTM. removable hard disk storage system. secure. fast. expandable.

Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives

1. Fault Attacks for Virtual Machines in Embedded Platforms. Supervisor: Dr Konstantinos Markantonakis,

Multi-vendor Penetration Testing in the Advanced Metering Infrastructure: Future Challenges

CS 147: Computer Systems Performance Analysis

How To Secure Cloud Computing

Transcription:

Pervasive Computing und 11. Symposium on Privacy and Security Rüschlikon, 13. September 2006 Prof. Christof Paar European Competence Center for IT Security www.crypto.rub.de Contents 1. Pervasive Computing and Embedded Systems 2. Security in Pervasive Computing 3. Case Study 4. Technologies for Pervasive Security 5. Critical Infrastructures and Pervasive Computing 6. eurobits

Contents 1. Pervasive Computing and Embedded Systems 2. Security in Pervasive Computing 3. Case Study 4. Technologies for Pervasive Security 5. Critical Infrastructures and Pervasive Computing 6. eurobits Brave New Pervasive World

Pervasive Computing & Embedded Systems? Pervasive Computing is per definition based on embedded systems. main difference: PvCo deals mainly with networked embedded devices Embedded systems perspective helps us to understand 1. importance of PvCo and 2. security issues of PvCo WRT security: embedded security pervasive computing security What are Embedded Systems? + = Embedded System A computer that doesn t look like a computer, or Processor hidden in a product

Characteristics of Embedded Systems Single purpose device Not general purpose like PC! Interacts with the world No (or primitive) user interface Is this Really Important? CPU market 2000: 2 % PC & workstation CPUs embedded CPUs 98 % Remark: historically, most embedded applications did not have security issues

Contents 1. Pervasive Computing and Embedded Systems 2. Security in Pervasive Computing 3. Case Study 4. Technologies for Pervasive Security 5. Critical Infrastructures and Pervasive Computing 6. eurobits Security Concerns in Pervasive Computing Pervasive nature and safety-critical applications increase risk potential: Hard disk crash vs. car crash Often wireless channels vulnerable Contents protection in many applications: ipod, XBox, navigation systems, Secure SW download: cell phones, engine control, washing machine, Privacy issues: geolocation, medical sensors, monitoring of home activities, etc. Legislative requirements: passports, road toll, data event recorders in machines, Stealing of services: sensors, etc.

General Thoughts about the Economics of Pervasive Security One-user many-nodes paradigm (e.g. 10 2-10 3 processors per human) many new applications we don t know yet very high volume applications & very cost sensitive in some cases, the business model depends on security: ipod, XBox, software download, printer cartridges, people won t be willing to pay for security per se but: people won t buy products without security security must become natural part of product security market is OEM-centered as opposed to end-user centered Contents 1. Pervasive Computing and Embedded Systems 2. Security in Pervasive Computing 3. Case Study 4. Technologies for Pervasive Security 5. Critical Infrastructures and Pervasive Computing 6. eurobits

Examples of Security Needs in Pervasive Computing Smart Cards (phone, banking, ): Physical Attacks can cause huge financial damages Pay-TV (Premiere and such): Weakness in encryption create major financial damage Portable entertainment (ipod and such): hacking of DRM damages content provider usage as slurping device damages owner Game consoles (XBox and such): Copy Protection / DRM violations Many, many other industries & applications (household appliances, automation, medical, ) Let s look at cars as a case study Basic Facts about IT and Cars up to 80 μp in high-end cars (talking about pervasive ) 50% of manufacturing costs related to electronics & software (5 year forecast) 90% of car innovations based on embedded IT > 100MB software in high-end cars

IT Security and Cars Case Study early theft controls: unique code (password) code eavesdropper duplicates ( clones ) key but the industry learned IT Security and Cars Case Study advanced theft control: time-varying code code = f k (T i ) f k () is a cryptographic one-way function Fact: dramatic reduction in car thefts in Germany since mid-1990s

Car Theft in Germany: 1990-2002 modified theft control Berlin wall 800 700 600 500 400 300 200 100 0 90 93 96 99 2002 Lesson learned: Sound security design can have major real-world benefits! financial damage [mdm] source: Gesamtverband Deutscher Versicherungsgesellschaften IT Security and Cars Case Study flashing of embedded software customization of cars new products (SW tuning kits) new business models ( 20 HP more for the weekend for 19.99 ) But: Unauthorized flashing poses major risk for safety and profits Lessons learned: Cryptographic protection (digital signatures of code) is enabling technology for new business models

IT Security and Cars Case Study Truck driver control via digital tachograph: sensor & meter Sophisticated manipulation device allows cheating Lessons learned: 1. Never underestimate the attacker 2. Be aware of interaction economics security 3. Standard crypto mechanisms can prevent attack from: R. Anderson Security Engineering, Wiley, 2001 Contents 1. Pervasive Computing and Embedded Systems 2. Security in Pervasive Computing 3. Case Study 4. Technologies for Pervasive Security 5. Critical Infrastructures and Pervasive Computing 6. eurobits

Pervasive Security Technologies 1. Efficient cryptography 2. Side channel resistance 3. Tamper resistance 4. Trusted Computing 5. System security Remark: Generally speaking, embedded security deals with the interaction of security and engineering issues. Pervasive Security Technologies (1): Efficient Cryptography Facts: 1. Cryptography is a key tool for security 2. Crypto algorithms tend to be computationally expensive Embedded realities (in contrast to PC-ish applications) 1. Wide variety of CPUs: 32bit @ 400MHz 8bit @ 3 MHz 2. Memory is often the most costly resource 3. Common problems: Digital signature in less than 100msec with 25MHz CPU AES with less than 2kB of ROM Block ciphers with 1000 gates

Pervasive Security Technologies (2): Side Channel Resistance Classical security assumption 1. Attacker knows x, F k (x) 2. Attacker deduces k (Enigma break etc.) side channel X secret key k Embedded realities Adversary has access to security module Physics often provide side channel to algorithm Timing behavior Power trace, EM trace Cache access F k (x) Pervasive Security Technologies (3): Tamper Resistance Underlying embedded problem: Adversary has access and full physical control over target device Security hinges on secure storage of key (+ other parameters) Desirables Security design that is robust against tamper attacks or prevent reading of internal & external Flash, ROM, Central (annoying) side condition: In almost all cases there is no money for secure hardware!

Pervasive Security Technologies (4): Trusted Computing Many embedded applications require 1. TC for DRM applications 2. TC for high assurance applications 3. TPM for physical security reasons Integration of TPM and secure OS (e.g., micro kernel) in embedded systems is highly attractive Pervasive Security Technologies (5): System Design In summary: - Adversary has physical access (bad) - Computation/memory/power constraints (bad) - No money for secure hardware (bad) + Reverse engineering often difficult (good) + Security requirements greatly vary (good at times) Hence, a careful system design, including threat analysis, and cost/security trade-offs is of central importance.

Contents 1. Pervasive Computing and Embedded Systems 2. Security in Pervasive Computing 3. Case Study 4. Technologies for Pervasive Security 5. Critical Infrastructure Perspective 6. eurobits Critical Infrastructure Perspective Security in PvCo: Attacks against single/few devices: User problem Attacks against domain of devices: Infrastructure problem Not so desirable scenarios: Emergency break signal sent to 1% of cars (i.e.,1.5 tons of steal all over German autobahns ) Internet-connected sensors in chemical/pharma/petro/ plants are attacked GPS signals are corrupted logistics, agriculture etc. are affected

Contents 1. Pervasive Computing and Embedded Systems 2. Security in Pervasive Computing 3. Case Study 4. Technologies for Pervasive Security 5. Critical Infrastructures and Pervasive Computing 6. eurobits eurobits Pervasive Computing Research & Applications eurobits Europäisches Kompetenzzentrum für IT- Sicherheit Horst Görtz Institut für IT-Sicherheit gits AG Weiterbildung escrypt GmbH Embedded Security Sirrix AG Netz- & PC Sicherheit Institut für Sicherheit im ebusiness GITS Projekt GmbH Haus für IT Sicherheit

Upcoming Workshops CHES Cryptographic Hardware and Embedded Systems October, 2006, Yokohama escar Embedded Security in Cars November, 2006, Berlin escar 2006 Berlin - Germany SHARCS (Special-purpose Hardware for Attacking Cryptographic Systems) April, 2006, Köln and a related book Embedded technologies in general Security issues in cars

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information