EMBEDDED SYSTEM SECURITY YIFAN HAO XIAOSHU LIU ZHIHONG LUO
advertisement
EMBEDDED SYSTEM SECURITY YIFAN HAO XIAOSHU LIU ZHIHONG LUO EMBEDDED SYSTEM SECURITY Like PC in 1990s Too many programs are developed Operation Worse A system is vulnerable than PC in 1990s variety of embedded systems Hardware hacking is easier Consequences are more severe https://www.schneier.com/blog/archives/2014/01/security_risks_9.html EMBEDDED SYSTEM SECURITY Sorts of embedded security issues Software security Hardware Network security security SOFTWARE SECURITY Link to Paper: https://jhalderm.com/pub/papers/dcvoting-fc12.pdf “We successfully changed every vote and revealed almost every secret ballot,” writes the researchers — Scott Wolchok , Eric Wustrow, Dawn Isabel and J. Alex Halderman Another paper in Indian voting machine: https://jhalderm.com/pub/papers/evm-ccs10.pdf SOFTWARE SECURITY Most attacks are via software Cryptographic Code attacks injection attacks Stack-based buffer overflows Heap-based buffer overflows Etc. SOFTWARE SECURITY Example - Stack-based buffer overflows http://www.drdobbs.com/security/anatomy--‐of--‐a--‐stack--‐smashing--‐attack--‐and--‐h/240001832 SOFTWARE SECURITY Example - Stack-based buffer overflows http://www.embedded.com/design/safety-and-security/4304104/Security-fundamentals-for-embedded-software SOFTWARE SECURITY Possible No security strategies unknown source program in execution space Non-executable stack Read-only memory Strong data privacy and encryption Hardware-assisted protection http://embedded-computing.com/articles/5-steps-secure-embedded-software/ NETWORK SECURITY What is network security Sources Ways of network attack to manage risk http://atlantatsinc.com/images/networksecurity.jpg NETWORK SECURITY Federal Aviation Administration warned Boeing that its new Dreamliner aircraft Boeing 787 had design problem. Hackers could hack the aircraft from passengers’ Wi-Fi network. Navigation system or control system could be hijacked http://www.foxnews.com/story/2008/02/20/how-to-hack-into-boeing-787.html NETWORK SECURITY Activities network designed to protect your Give reliability, usability, integrity and safety to network http://blog.legalsolutions.thomsonreuters.com/wp-content/uploads/2012/01/wiretap.png NETWORK SECURITY Attack categories: Passive attack Active attack Threat sources: Wiretapping: a third party monitoring your network Port scanner: probes the host to find the current service Idle scan: send garbage to the host to find available service DoS (Denial of Service Attack): service rejects the legal user Man in the middle: attacker cheat the server and client NETWORK SECURITY Man in the middle Third party relays or possibly alter the message Server and client believe they are talking directly to each other Secret message getting stolen might lead to severe outcome to the country https://upload.wikimedia.org/wikipedia/commons/thumb/e/e7/Man_in_the_middle_attack.svg/1280px-Man_in_the_middle_attack.svg.png?1457916082920 NETWORK SECURITY Method Anti to improve network security virus and anti spyware Firewall Intrusion Virtual Key prevention system private network authentication NETWORK SECURITY Key authentication Public key: A public key encrypts a message. Public key is publicly known. Private key: A private key decrypts a message. Private key is only known by owner. Needham-Schroeder protocol Public key encryption An encryption mechanism where two keys are used. A public key is used to encrypt the message and a secret private key to decrypt the message. Advanced encryption algorithm Diffi-Hellman key exchange Needham-Schroeder protocol http://oz.stern.nyu.edu/fall99/readings/security/ecc1_3.gif HARDWARE SECURITY Credit Card Skimmer Malicious card reader that grabs data off the magetic stripe. Create cloned cards, and steal money Credit Card Skimmer Credit Card Skimmer http://www.mlive.com/news/ann-arbor/index.ssf/2016/03/credit_card_skimmer_found_at_a.html HARDWARE SECURITY Credit Card Skimmer Malicious card reader that grabs data off the magetic stripe. Create cloned cards, and steal money Things can get worse .. Use the CAN bus in the car Take control of braking, acceleraion ... http://www.computerworld.com/article/2903714/60-diy-car-hacking-device-is-an-inexpensive-and-easy-way-to-hack-cars.html HARDWARE SECURITY Pyramid of Trust Each layer can rely on the effective security of its underlying layer without being able to verify it directly A perfect software security solution will be useless with a weak hardware protection Lots of Methods of Hardware Hacking ... https://diy.org/skills/hardwarehacker HARDWARE SECURITY Side-Channel Analysis Definition - any attack based on information gained from the physical implementation of a cryptosystem Types Timing Analysis - timing due to program branches Simple Power Analysis (SPA) Power supply currents Electromagnetic Analyses (EMA) - Electromagnetic Radiation HARDWARE SECURITY SPA analysis on RSA IC power consumption depends on activity of transistors Variations in power consumption occur as the device performs different operations RSA If a bit of the binary private key is di = 1, we square + multiply If the bit is 0, we just square Power consumption of Multiplication and Square are different Side channel attack http://www.nicolascourtois.com/papers/sc/sidech_attacks.pdf HARDWARE SECURITY Solution Hardware Security Modules (HSM) Payment Physical Etc. Card Industry (PCI) HSM Isolation EMBEDDED SYSEM SECURITY Reference: https://www.schneier.com/blog/archives/2014/01/security_risks_9.html https://jhalderm.com/pub/papers/evm-ccs10.pdf https://jhalderm.com/pub/papers/dcvoting-fc12.pdf http://embedded-computing.com/articles/5-steps-secure-embedded-software http://www.foxnews.com/story/2008/02/20/how-to-hack-into-boeing-787.html http://www.computerworld.com/article/2903714/60-diy-car-hacking-device-is-aninexpensive-and-easy-way-to-hack-cars.html http://www.mlive.com/news/annarbor/index.ssf/2016/03/credit_card_skimmer_found_at_a.html http://www.nicolascourtois.com/papers/sc/sidech_attacks.pdf EMBEDDED SYSEM SECURITY Q&A
