View
877
Download
5
Embed Size (px)
DESCRIPTION
Der Vortrag zeigt anhand von Beispielen für Angriffe auf eingebettete Systeme, wie sie in vernetzten Systemen heute schon praktiziert werden, wie wichtig Security hier ist. Aus den Angriffen und einer Prognose über die Weiterentwicklung der System-funktionen werden Sicherheitsanforderungen für eingebettete Systeme der Zukunft abgeleitet. Daraus ergibt sich dann eine Sicherheitsarchitektur für die Systeme mit wichtigen Standardkomponenten als Vertrauensanker. Dazu zählen sogenannte Secure Elements, sichere Identitäten und separierende Betriebssysteme. Hierzu werden aktuelle Forschungsarbeiten zum Einsatz von Secure Elements im Automobil, Smart Grid und mobilen Endgeräten vorgestellt. Es wird gezeigt, wie sichere Identitäten aus Materialeigenschaften mit Physical Unclonable Functions abgeleitet werden können und wie Betriebssysteme, die Secure Elements und Separierung nutzen, die Sicherheit erhöhen. Kolloquiumsvortrag von Prof. Georg Sigl, Technische Universität München Dienstag, 17.12.2013, 16:00 Uhr, Hörsaal 47.03 (Elektrotechnikgebäude, Pfaffenwaldring 47) Informatik-Forum Stuttgart e.V.
Citation preview
Technische Universität München
Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge
Kolloquium der Fakultät 5 der Universität Stuttgart
17. Dezember 2013
Prof. Dr.-Ing. Georg Sigl
Lehrstuhl für Sicherheit in der Informationstechnik
Technische Universität München
Fraunhofer Institut für Angewandte und Integrierte Sicherheit AISEC
Technische Universität München
Content
• Attack examples on embedded systems
• Future secure embedded systems
2
Technische Universität München
ATTACKS ON EMBEDDED
SYSTEMS
3
Technische Universität München
Attacks on modern cars
Comprehensive Experimental Analyses of Automotive Attack Surfaces
S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K.
Koscher, A. Czeskis, F. Roesner, T. Kohno. USENIX Security, August 10–12, 2011.
4
Technische Universität München
Attacks on industrial control systems: Stuxnet
http://www.faz.net/aktuell/feuilleton/debatten/digitales-denken/trojaner-stuxnet-der-digitale-
erstschlag-ist-erfolgt-1578889.html
5
Technische Universität München
Attacks on industrial control systems
6 Source: http://www.bhkw-infothek.de/nachrichten/18555/2013-04-15-kritische-sicherheitslucke-
ermoglicht-fremdzugriff-auf-systemregler-des-vaillant-ecopower-1-0/
Technische Universität München
Attacks on smart grid through smart meter
7
Technische Universität München
Attacks on medical devices
8
Source: http://media.blackhat.com/bh-us-11/Radcliffe/BH_US_11_Radcliffe_Hacking_Medical_Devices_Slides.pdf
Technische Universität München
Product Piracy
• Estimated damage in machine
construction industry (source VDMA)
– 7.9 Billon Euro (~4% of revenue)
• Steps of pirates
– HW Component identification
– Software extraction
– Rebuilding hardware
– Cloning software
9
Technische Universität München
Trends increasing the security risks
10
• Network connection
– ES can be attacked through network remote attacks
– Insecure system attacked through
unprotected ES
• Standardization in software malware
– Operating systems (e.g. Linux)
– Web browsers
• Platform design with software configurability jail break, tuning
• Concentration of multiple functions (multicore) separation risk
• Significant Know-How in ES product piracy
• Hacker = product owner hardware attacks
Technische Universität München
Threads in Cyber Physical Systems
BMBF-FKZ: 01IS13020 11
Network and
Backgroud Systems
Embedded System
Attacks out of Cyberspace Attacks through
broken embedded systems
Technische Universität München
FUTURE SECURE
EMBEDDED SYSTEMS
12
Technische Universität München
Requirements for future secure embedded systems
1. Security for more than 10 years (target 30 years)
2. Secure machine to machine communication (M2M)
3. Protection of embedded systems against manipulation and misuse
4. Fulfillment of typical non functional requirements, i.e.:
– Real time behavior
– Resource limitations (cost, power)
5. Maintain security despite of increasing complexity
6. Protection of intellectual property
7. Secure software update during operation
13
Technische Universität München
Secure embedded system
Core 1 Core 2
Core i Core n RAM Flash
IO-interfaces Peripherals
Hardware
Security
Module
ID ID
Sensor Actuator
SIM
GSM
other System on Chip
System on Chip
M2M
Trust
OS
14
Technische Universität München
Secure embedded system: Chip Identities
Core 1 Core 2
Core i Core n RAM Flash
IO-interfaces Peripherals
Hardware
Security
Module
ID ID
Sensor Actuator
SIM
GSM
other System on Chip
System on Chip
M2M
Trust
OS
15
Technische Universität München
IDs for Hardware
• Binding of components
– Authentication
– Integrity checking
• Piracy protection
– Encryption with derived keys
• Methods
– Physical Unclonable Functions
(PUF) : fingerprint of a chip
– Fuses (electric or laser)
– Flash memory
16
Technische Universität München
PUFs as security primitive
„Unique“
Physical Property Measurement
Method
Authentication,
Key Generation + =
+ =
PUF Physical
Unclonable
Function
17
Technische Universität München
Ring Oscillator PUF (Suh and Devadas, 2007) *
• Ring oscillator frequencies depend on manufacturing variations
• Two ROs are compared to obtain a response bit
18 * G. E. Suh and S. Devadas. Physical unclonable functions for device authentication and secret key
generation. Design Automation Conference, 2007. DAC ’07. 44th ACM/IEEE, pages 9–14, 2007.
Technische Universität München
SRAM PUF (Guajardo et al., 2007) *
• Symmetric circuit balance influenced by manufacturing variations
• SRAM cells show a random, but stable value after power-up
19 * J. Guajardo, S. S. Kumar, G. J. Schrijen, and P. Tuyls. FPGA intrinsic PUFs and their use for IP
protection. In CHES 2007, volume 4727 of LNCS, pages 63–80. Springer, 2007
Technische Universität München
Microcontroller
PUF
Automotive ECUs today and in future
Microcontroller
NVM
key application
Code CPU
Embedded Flash
65nm √
40nm √
28nm ?
???
RAM
key application
Code CPU
Flash
Encrypted Code/Data
Logic Process + external Flash
+ Shrinkable
+ Lower Cost
+ Higher Performance
20
Technische Universität München
Alternatives to PUF based key generation
• Fuses
– Electrical
• Reliability: weak
– Laser
• Size: very large
• Security: Easy to identify and modify
• OTP (one time programmable memory)
– Cost: comparison with PUF technology open
– Security: memory cells easier to detect, extract and modify
– Programming of key during test increases test complexity
Microcontroller
RAM
key application
Code CPU
Flash
Encrypted Code/Data
21
Technische Universität München
Reliability of PUFs
• Critical parameters:
– Temperature
– Voltage
– Ageing
• Countermeasures:
– Differential measurement
– Redundancy: Selection of reliable bits (1000 PUF Bits 100
Key Bits)
– Proper design: Design and design parameters must consider
the behavior of temperature and voltage variations as well as
ageing (as for any other circuit design)
22
Technische Universität München
Frequency behavior of an oscillator PUF
-40°C 150°C 25°C
Osc 1 Osc 2
Osc 3
Osc 4
f
Osc 5
Osc 6
good
instable
Critical:
uniqueness may
be compromised
f
f
23
Technische Universität München
24
State of the Art in error correction
• All error correctors work on fixed block structure:
e.g. IBS (Yu and Devadas, 2010 *)
• Goal: find one white and one black square in each block of four
• Helper data store the indices of selected bits
PUF Bits:
- Reliable 1
- Reliable 0
- Unreliable
PUF Response
Block Borders
Helper Data
index of selected bit u1=1 u2=? u3=3
Encoded Key Bits
* M.-D. Yu and S. Devadas, Secure and robust error correction for physical unclonable functions,
IEEE Design & Test of Computers, vol. 27, no. 1, pp. 48-65, 2010
Technische Universität München
Differential Sequence Coding *
• No fixed block borders
• Helper data store distance to next bit and an inversion indicator
• Larger blocks of unreliable bits can be skipped
• Most efficient error corrector scheme known to date
Encoded Key Bits
Helper Data
- distance
- inversion
PUF Response
25 * M. Hiller, M. Weiner, L. Rodrigues Lima, M- Birkner and G. Sigl. Breaking through Fixed PUF
Block Limitations with Differential Sequence Coding and Convolutional Codes, TrustED, 2013
Technische Universität München
Components of a PUF key store
• Challenge: Power-On for SRAM, Ring-Oscillator selection
• Physical System: SRAM, Ring-Oscillators
• Response: Stream of Bits
• Error Correction: Using public helper data to increase reliability
• Hash Function: Removes bias in the key bit distribution
Physical System
S
Challenge
Ci
Response
RCi
Error Correction
E
Hash Function
H Helper Data
(Public)
Key
K
26
Technische Universität München
Secure embedded system: Secure Elements
Core 1 Core 2
Core i Core n RAM Flash
IO-interfaces Peripherals
Hardware
Security
Module
ID ID
Sensor Actuator
SIM
GSM
other System on Chip
System on Chip
M2M
Trust
OS
27
Technische Universität München
Tasks of Secure Elements
• Key storage
• Asymmetric cryptography (signing and encryption)
• Session key generation
• Random number generation
• Access right check
• Integrity check
• Attestation
• Secure data storage
• Resistance against Hardware attacks!
28
Technische Universität München
Secure Element in a vehicle
• In BMBF Project SEIS (Sicherheit in eingebetteten IP-basierten
Systemen) AISEC integrated a Secure Element in a car.
OEM
Server
Internet
Gateway
Secure Element
29
Technische Universität München
Secure Element in Smart Meter
Source: Protection Profile für das Gateway eines Smart Metering Systems; http://www.bsi.bund.de
The BSI Protection Profile
requests a Secure Element in the
Smart Meter Gateway.
Secure
Element
30
Technische Universität München
Secure Smart Meter
• Java 3.0 Secure Element in Smart Meter
– All security functions enclosed
– Communication end point
• Gateway
– Memory (encrypted)
– Display
– Communication channels
• Advantages:
– High Security through Hardware
Secure Element
– Easier certification
31
Technische Universität München
Secure Elements in mobile phones
• SIM
• Security Chip
• Secure SD Card
3 Secure Elements
32
Technische Universität München
Secure embedded system: Secure Software
Core 1 Core 2
Core i Core n RAM Flash
IO-interfaces Peripherals
Hardware
Security
Module
ID ID
Sensor Actuator
SIM
GSM
other System on Chip
System on Chip
M2M
Trust
OS
33
Technische Universität München
Trusted OS
• Trusted execution environment in the system controller
• Virtualisiation for application separation
• Integration of a hardware secure elements as trust anchor
34
Technische Universität München
Trusted OS: Linux Containers (Trust|Me)
Idea: Sandboxed Android using container-based isolation
– Remote device administration
– Remote access using ssh and other Linux utilities
– Storage
– Filesystem snapshots and recovery
– Transparent file encryption (device or file based)
– File integrity protection using Linux Security Modules (LSM)
– Network
– Transparent tunneling using Virtual Private Networks (VPN)
– Graphical User Interface (GUI)
– Secure display (indicated by LED) and secure input (hardware buttons)
– Secure PIN entry used to unlock SE in microSD card (key storage)
35