Today. Important From Last Time. Old Joke. Computer Security. Embedded Security. Trusted Computing Base



Similar documents
Side Channel Analysis and Embedded Systems Impact and Countermeasures

Secure Hardware PV018 Masaryk University Faculty of Informatics

Blaze Vault Online Backup. Whitepaper Data Security

PUF Physical Unclonable Functions

W.A.R.N. Passive Biometric ID Card Solution

Java Card. Smartcards. Demos. . p.1/30

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS

Secure Data Exchange Solution

Pervasive Computing und. Informationssicherheit

Advanced Authentication

Tufts University. COMP116 Introduction to Computer Security. Recovery After Losing the Physical Device

Secure USB Flash Drive. Biometric & Professional Drives

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions

Protected Cash Withdrawal in Atm Using Mobile Phone

Smart Card Technology Capabilities

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is

Lab 1: Security Audit

The Encryption Technology of Automatic Teller Machine Networks

Reviving smart card analysis

Multi-Factor Authentication

SAS Data Set Encryption Options

Computer Systems Structure Input/Output

More effective protection for your access control system with end-to-end security

Relay attacks on card payment: vulnerabilities and defences

ADVANCED VEHICLE TRACKING SYSTEM USING ARM7

Aegis Padlock for business

What is a Smart Card?

Sponsored by: Speaker: Brian Madden, Independent Industry Analyst and Blogger

CRYPTOGRAPHY AS A SERVICE

Policy for Protecting Customer Data

Commercially Proven Trusted Computing Solutions RSA 2010

VASCO Data Security International, Inc. DIGIPASS GO-7. FIPS Non-Proprietary Cryptographic Module Security Policy

CS 3530 Operating Systems. L02 OS Intro Part 1 Dr. Ken Hoganson

Problems of Security in Ad Hoc Sensor Network

PrivyLink Internet Application Security Environment *

YOUR GUIDE TO PANDORA 5OOO CAR SECURITY SYSTEM

KY3688. Metal Encryption Keypad User Manual

UNCLASSIFIED Version 1.0 May 2012

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES

Payment Transactions Security & Enforcement

Fall Lecture 1. Operating Systems: Configuration & Use CIS345. Introduction to Operating Systems. Mostafa Z. Ali. mzali@just.edu.

The Motherboard Chapter #5

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 7 Access Control Fundamentals

M-Shield mobile security technology

Keywords: GPS, GSM, AVR Microcontroller, SMS.

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

Cryptography & Digital Signatures

DataTrust Backup Software. Whitepaper Data Security. Version 6.8

Payment systems. Tuomas Aura T Information security technology. Aalto University, autumn 2012

Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust. Dan Griffin DefCon 2013

National Cyber Security Month 2015: Daily Security Awareness Tips

Introducing etoken. What is etoken?

Guide to Data Field Encryption

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

IT Networking and Security

PENN. Social Sciences Computing a division of SAS Computing. SAS Computing SSC. File Security. John Marcotte Director of SSC.

IoT Security Platform

Client Server Registration Protocol

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means

Ahsay Online Backup. Whitepaper Data Security

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Using BroadSAFE TM Technology 07/18/05

Penetration Testing Windows Vista TM BitLocker TM

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For

ENHANCING ATM SECURITY USING FINGERPRINT AND GSM TECHNOLOGY

WHITE PAPER Security in M2M Communication What is secure enough?

ADVANCE AUTHENTICATION TECHNIQUES

Getting a Secure Intranet

CONNECT PROTECT SECURE. Communication, Networking and Security Solutions for Defense

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 10 Authentication and Account Management

Fastboot Techniques for x86 Architectures. Marcus Bortel Field Application Engineer QNX Software Systems

Hardware Security Modules for Protecting Embedded Systems

2 Protocol Analysis, Composability and Computation

Obj: Sec 1.0, to describe the relationship between hardware and software HW: Read p.2 9. Do Now: Name 3 parts of the computer.

Network connectivity controllers

Payment systems. Tuomas Aura T Information security technology

What is Really Needed to Secure the Internet of Things?

WIND RIVER SECURE ANDROID CAPABILITY

WHITE PAPER AUGUST Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords

Ways to Use USB in Embedded Systems

Authentication. Computer Security. Authentication of People. High Quality Key. process of reliably verifying identity verification techniques

Internet Banking Two-Factor Authentication using Smartphones

SecureDoc Disk Encryption Cryptographic Engine

3M Cogent, Inc. White Paper. Beyond. Wiegand: Access Control. in the 21st Century. a 3M Company

CSC Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

PCI and EMV Compliance Checkup

T-BOXN12R. First steps with T-BOXN12R. You can make it wireless. Date: Version 1.0

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

A Security Survey of Strong Authentication Technologies

RFID Security. April 10, Martin Dam Pedersen Department of Mathematics and Computer Science University Of Southern Denmark

Transcription:

Important From Last Time A system is safety critical when its failure may result in injuries or deaths Verification and validation can dominate overall development effort Today Embedded system security General principles Examples Computer Security This is a huge area Prof Kasera teaches a good course on it Today we are not talking about Protocol design (another huge area) Password issues Access control Cryptography (huge area) Multilevel security Network security Old Joke Q: What does a secure computer system look like? A: It s buried in concrete, with the power turned off and the network cable cut Embedded Security Main difference with respect to network security: Attacker has access to the hardware Trusted Computing Base Any secure system has a trusted computing base (TCB) If the TCB operates properly, the system is secure By definition, attacks do not originate from the TCB Obviously a smaller TCB is better But almost always the compiler and OS are in the TCB Difficult to maintain integrity of TCB when attacker has access to the hardware Schneier: A 'trusted' computer does not mean a computer that is trustworthy. U.S. DoD: a system that you are forced to trust because you have no choice. 1

TCB Example From Ken Thompson s Turing Award lecture Reflections on Trusting Trust What if the compiler recognized that it was compiling the OS and inserted a trapdoor? Vulnerability not found anywhere in OS source code Compiler also has to recognize that it s compiling itself and add the attack code Problem not found in the compiler code either Not a theoretical attack this was implemented! Defenses against this? Diverse Double Compilation The question is: Does the source code for the compiler correspond to its executable? Here we assume that any attack code in the source would be detected through auditing Start with a compiler C1 that may be bad, and its source code CS Compile CS using C1 to generate C2 Compile CS using a totally different compiler to create C3 Compile CS using C3 to generate C4 If C2 and C4 are bit-for-bit identical then C1 cannot be inserting attack code Threat Models Makes no sense to discuss security without a threat model Components of a threat model: Who is the attacker? What are the attacker s goals? What are the attacker s capabilities? Example classification: Class 1 Casual user Class 2 Clever, motivated outsider Class 3 Knowledgeable insider Class 4 Funded organization or government System Questions How long must the system remain secure while under attack? Does the system need to be usable during the attack? Does the system need to be usable after the attack? Does the system require human intervention to remain secure? What sort of increase in cost decrease in performance decrease in usability is acceptable to achieve security? Threat Model Examples What are some potential threat models for: The door locks on your house? Most everyday physical security systems are like this Your laptop? Your home computer? A voting machine? Your bank s ATM? The GPS system? A military mobile communications system? Pacemaker Hacks Pacemakers have a magnetic switch: Under a magnetic field, they turn on a radio receiver When the radio is on, pacemaker can be queried and reprogrammed Researchers at UMass used a software radio to reverse-engineer the radio protocols It was possible to change device settings, change or disable therapies, and deliver shocks Attacks were just replays of known signals 2

ATM Security ATMs are a good case study In wide use for several decades Substantial rewards for successful attacks Fact: ATMs were the killer app for modern cryptography Earlier, crypto was a niche technology used by governments and militaries First: What are the threat models? Review: Private Key Crypto Given a private key and a block of data, a private-key algorithm encrypts the data so that it cannot be decrypted without the key Also called symmetric key cryptography This technology is simple and efficient to implement DES and AES (Rijndahl) are popular examples Of course attackers are free to try to: Guess the key Steal the key Gain access to the unencrypted data Etc. ATM Security Overview Each ATM has its own secret key Entered into ATM keyboard in two parts by two bank officials When you use the ATM Account number is read from the magnetic stripe on your card It s encrypted using the ATM s secret key Resulting encrypted value is checked against your PIN ATM has a security module Piece of trusted, tamper-proof hardware Unencrypted data never leaves this module What Goes Wrong in ATMs Processing errors on the bank mainframe side cause lots of problems Error rate between 1/10,000 and 1/100,000 Mail fraud gives attackers cards and PINs Fraud by bank staff in poorly-run banks E.g. what could happen if both parts of an ATM key are given to a single worker? Encryption is single-des Can be brute forced More ATM Problems Repairman installs computer inside an ATM that sniffs and records card and PIN data Criminal finds PINs by looking over people s shoulders, then account numbers from receipts One kind of ATM would give out 10 bills when a specific 14-digit number was entered False terminals are used to collect lots of PINs Physical Tamper Resistance Physical security is important Historically, naval code books were weighted so they could be thrown overboard in event of capture Russian one-time pads were printed on cellulose nitrate Bank servers are in a guarded computer room ATM is basically a PC in a safe with some fancy peripherals 3

Secure HW: IBM 4758 History: As computers got cheaper, location-based physical security became impractical PINs etc. cannot be trusted to standard HW/SW The IBM 4758 is a secure crypto-processor implemented on a highsecurity, programmable PCI board. Cryptoprocessor Goals Critical data (keys) never leaves the device Resist sniffing attacks Resist physical attacks attacker has a logic analyzer Resist software attacks Cryptoprocessor Features Robust metal enclosure Tamper-sensing mesh Key memory: Static RAM designed to be zeroed when the enclosure is opened Data is kept moving to avoid burn-in Freezing and radiation attacks difficult to foil Military systems have used self-destruct Trusted core is potted in epoxy Crypto processor Key memory Tamper sensors Alarm circuitry Forces attacks to involve cutting, drilling, etc. Smartcard: Microcontroller Serial interface Smartcards Packaged in a plastic card or a key-shaped device Tiny secure processors cannot use many features of the IBM 4758 However, bar is lower these aren t guarding an entire bank s resources Single most widespread use: GSM phones Why are smartcards attractive? Can validate that someone paid for something without contacting a central server Smartcard Attacks Protocol attacks sometimes it enough to listen to communication between the card and world Defense: Avoid stupid protocols Stop the card from programming EEPROM Vpp is higher than Vcc, requiring a voltage multiplier or external programming power Slow down the processor, then read voltages from the surface of the chip Defense: Detect low clock rates Probe wires on the chip probing the processor bus gives both code and data values Defense: Surface mesh At present: Probably not feasible to build a smartcard that is secure when attacked by an equipped expert Trusted Computing You need to trust Windows and Linux with any data on your computer However: Content providers cannot trust Windows and Linux Consider the distribution of encrypted movies with software decryption in the OS kernel Trusted computing: Create PCs that content providers can trust Said a different way: It s not really your PC Fundamentally tough problem: Give consumers the bits without giving them the bits 4

Trusted Computing Elements Endorsement key a key unique to your machine that you must not get Protected I/O paths data channels between processor and peripherals that cannot be altered or read Memory curtaining areas of RAM for trusted computing that even the OS does not have access to Remote attestation your computer can attest that it is your machine and has not been tampered with More TC Digital rights management Preventing cheating in online games Protection from identity theft So is it good? Conclusions Embedded security is hard because the hardware is out in the world Only security experts should connect embedded systems to networks Take a good security course if you re going to do this stuff Non-networked systems at least have a chance 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information