Embedded Security and the IoT

Embedded Security and the IoT ̶Challenges, Trends and Solutions

Marcellus BuchheitPresident and CEOmabu@wibu.com

Page 1/14

Security Challenge: Internet

Security Challenge: Open System Architecture

Solution: Code Integrity

Technical Implementation Details

Contact

Page 2/14

Agenda

Embedded Security and the IoT

Embedded Security and the IoT

┐ Embedded System can be directly attacked via Internet Principle protection: Firewalls etc.

┐ Execution Code updates can be polluted Redirected code source:

Hacker’s malicious code looks like new code update Execution Code modified during download process Firewalls can protect but are difficult

to manage by operation people┐ Weakness in code can be used to infiltrate malicious code

Example: Weak Internet access parameter validation Buffer Overruns

Security Challenge “Internet Connection”

Page 3/14

Embedded Security and the IoT

┐ Hacker has same information available as developer┐ Hacker can use powerful development/analysis tools

Debugger, Disassembler, Source-Reverser etc.┐ Hacker knows execution code binary structure

Direct modification on the executable file: Static Attack┐ Hacker knows memory and process architecture

Inserting of malicious code into the process space: Dynamic Attack

Security Challenge “Open Systems”

Page 4/14

Embedded Security and the IoT

Embedded System

Page 5/14

Code Integrity: The Principle

Development

Encrypt Code

EXE0000TEXT11DATA022CODE3355RES44ASM0000PICT1111DATA8844CODE77DATA33TEXT9999TEXT88RES66ASM

Application x

EXE3A9C21C8DF31E734933D2818D875CF66045D814A56C29148A3981C369A1793F175E3979235F165B84C841B8

Application x

PrivateKey

PublicKey

Certificate

CodeSignature

Decrypt Code

LicenseKey

LicenseKey

CodeSignature

VerifyCode

Grant Code Execution

yes/no

Embedded Security and the IoT Page 6/14

┐ Execution Code is authenticated: Can only be created by developer, no other source possible Cannot be modified during delivery or on embedded system

┐ Execution Code is encrypted: Cannot be easily reverse engineered by hacker, competitor

etc.

Code Integrity: The Results

Embedded Security and the IoT Page 7/14

Code Integrity: New Challenges

┐ Who verifies the Verifier? Hacker could remove the Code Verifier and force Code Execution Grant Hacker can then start his own malicious code

Embedded System

EXE3A9C21C8DF31E734933D2818D875CF66045D814A56C29148A3981C369A1793F175E3979235F165B84C841B8

Application x

Certificate Decrypt Code

LicenseKey

CodeSignature

VerifyCode

Grant Code Execution

yes/no

┐ Solution: Code Verifier in the loader must be verified as well ┐ Finally the whole boot process including OS must be verified

Embedded Security and the IoT

Page 8/14

ExProtector: Automatic Protection Process

Prot

ecte

d Ex

ecut

able

/ Li

brar

y

Orig

inal

Exe

cuta

ble

/ Lib

rary

Header

Original Code

Header

Credentials(Hash, Signature, …)

ExProtector

Keys for EncryptionKeys for Code Signing

Typically no source modification necessary

Encrypted Code

Embedded Security and the IoT

Page 9/14

ExProtector: Keys and Credentials

Prot

ecte

d Ex

ecut

able

/ Li

brar

y

Orig

inal

Exe

cuta

ble

/ Lib

rary

Header

Original Code

Header

Credentials(Hash, Signature, …)

ExProtector

Keys for EncryptionKeys for Code Signing

Encrypted Code

AES Key (FSB)

ECC Private Key

Certificate(s)

Encrypted Random AES Key

Firm Code and Product Code

Hash

Signature

Certificate(s)

Embedded Security and the IoT

Page 10/14

ExProtector: Protection During ExecutionPr

otec

ted

Exec

utab

le /

Libr

ary Header

Credentials(Hash, Signature, …)

Encrypted Code ExEngine

Public Root KeyLicense with Firm Code and Product Code

Mem

ory

of E

mbe

dded

Dev

iceHeader

Decrypted Code(“Original Code”)

Credentials(Hash, Signature, …)

AdditionalSecurity:

Watchdog against

Memory modification

Embedded Security and the IoT

Page 11/14

ExProtector: Integration into Loader

Operating System(for ExProtector)

ExEngine(ExProtector

Runtime)

CodeMeter Embedded Driver

Operating System(without modification)

Engineering

Original Loader

Root Public Key

Modified Loader

Check

Embedded Security and the IoT

Page 12/14

Forward and Backward Check

ProtectedApplication

Loader Load

Credentials(Hash, Signature, …)

Credentials(Hash, Signature, …)

Time

Start

Check

ApplicationCertificate

LoaderCertificate

Embedded Security and the IoT

Page 13/14

Secure Boot: Cascaded Security Chain

Application / Driver etc.

Operating System (VxWorks, …)

Boot Loader (UEFI, …)

Hardware / Pre-Boot Loader

Check

Load

Load

Load

Check

Check Start

Start

Start Check

Check

Check

Embedded Security and the IoT

Company┐ Wibu-Systems USA Inc. www.wibuusa.com

┐ US subsidiary ofWibu-Systems AG in Germany www.wibu.com

Speaker┐ Marcellus Buchheit,

President and CEO

┐ mabu@wibu.com┐ www.linkedin.com/in/mabuus

More Information

Page 14/14