embedded device cryptography in the field
play

Embedded Device Cryptography in the Field Introduction Motivation - PowerPoint PPT Presentation

Embedded Device Cryptography in the Field Embedded Device Cryptography in the Field Introduction Motivation State of Affairs Coping Mechanisms Indefensible Alex Kropivny Local Attacks Trust Relationships Use Cases Factory Testing


  1. Embedded Device Cryptography in the Field Embedded Device Cryptography in the Field Introduction Motivation State of Affairs Coping Mechanisms Indefensible Alex Kropivny Local Attacks Trust Relationships Use Cases Factory Testing Firmware Upgrades Wireless Protocols Other January 5, 2015 Conclusions

  2. Embedded Device Cryptography in the Field Introduction Motivation State of Affairs Coping Mechanisms Indefensible Local Attacks Trust Relationships Introduction Use Cases Factory Testing Firmware Upgrades Wireless Protocols Other Conclusions

  3. Embedded Device Cryptography in the Field Introduction Motivation State of Affairs Coping Mechanisms Indefensible Local Attacks Trust Relationships Motivation Use Cases Factory Testing Firmware Upgrades Wireless Protocols Other Conclusions

  4. Who am I? Embedded Device Cryptography in the Field Introduction Senior security analyst at a device assessment team. Motivation State of Affairs Coping Mechanisms [ ] cryptographer Indefensible Local Attacks [x] reverse engineer Trust Relationships [ ] hat owner Use Cases Factory Testing Firmware Upgrades Want to one day become a full stack developer. Still not done Wireless Protocols Other counting all the layers. Conclusions

  5. Device Assessment Team? Embedded Device Cryptography in the Field Security assessments of embedded devices 1 and software Introduction systems 2 that use them. Motivation State of Affairs Coping Mechanisms Design reviews and source code audits for manufacturers. Indefensible Local Attacks Black box reverse engineering for major end users. Trust Relationships Use Cases Factory Testing Automation, smart grid, medical industries - disclosure left up to Firmware Upgrades Wireless Protocols clients. 3 Other Conclusions 1 Catch-all term for magic black boxes that do stuff. 2 Heterogeneous networks that make security fun . 3 Any vulnerabilities shown in these slides aren’t theirs.

  6. Talk Scope Embedded Device Cryptography in the Field For simplicity, let “embedded devices” be: Introduction 1 kB - 1 MB program memory. Motivation 1 MHz - 100 MHz clock frequency. State of Affairs Coping Mechanisms No money spent on tamper resistance or DRM. Indefensible Local Attacks No Linux/Windows/. . . Trust Relationships No OpenSSL/GnuPG/Bouncy Castle/. . . Use Cases Factory Testing Firmware Upgrades Not all bad news: Wireless Protocols Other Conclusions Small attack surface! Single purpose! Analysis is easy!

  7. What Qualifies as a Break? Embedded Device Cryptography in the Field Our team has to be pragmatic. If it’s not exploitable against a real-world system, it’s not a result. Introduction Motivation State of Affairs Coping Mechanisms Attack Valid Indefensible Local Attacks Remote code execution Always Trust Relationships Use Cases Factory Testing Control or reconfiguration Often Firmware Upgrades Wireless Protocols Denial of service Rarely Other Conclusions Privacy Very Rarely

  8. Pop Quiz Embedded Device Cryptography in the Field Introduction Motivation State of Affairs Coping Mechanisms Indefensible Q: What fraction of cryptographic constructions do we find valid Local Attacks Trust Relationships “results” in? Use Cases Factory Testing Firmware Upgrades Wireless Protocols Other Conclusions

  9. Embedded Device Cryptography in the Field Introduction Motivation State of Affairs Coping Mechanisms Indefensible Local Attacks Trust Relationships State of Affairs Use Cases Factory Testing Firmware Upgrades Wireless Protocols Other Conclusions

  10. Hollywood SCADA Hacking Embedded Device Cryptography in the Field Introduction Motivation State of Affairs Coping Mechanisms Indefensible Local Attacks Trust Relationships Use Cases Factory Testing Firmware Upgrades Wireless Protocols Other Conclusions

  11. Actual SCADA Hacking Embedded Device Cryptography in the Field Introduction Motivation State of Affairs Coping Mechanisms Indefensible Local Attacks Trust Relationships Use Cases Factory Testing Firmware Upgrades Wireless Protocols Other Conclusions

  12. Vulnerabilities Surprise Features Embedded Device Cryptography in the Field Introduction Motivation State of Affairs Coping Mechanisms Indefensible System with no threat model can’t be insecure, only Local Attacks surprising. Trust Relationships Use Cases Factory Testing Firmware Upgrades Wireless Protocols Other Conclusions

  13. Embedded Device Cryptanalysis Embedded Device Cryptography in the Field Introduction Motivation State of Affairs Coping Mechanisms Indefensible Local Attacks Trust Relationships Use Cases Factory Testing Firmware Upgrades Wireless Protocols Other Conclusions

  14. Embedded Device Cryptanalysis Embedded Device Cryptography in the Field Introduction Motivation State of Affairs Coping Mechanisms Indefensible Local Attacks Trust Relationships Use Cases Factory Testing Firmware Upgrades Wireless Protocols Other Conclusions

  15. Embedded Device Cryptography in the Field Introduction Motivation State of Affairs Coping Mechanisms Indefensible Local Attacks Trust Relationships Coping Mechanisms Use Cases Factory Testing Firmware Upgrades Wireless Protocols Other Conclusions

  16. Approach Embedded Device Cryptography in the Field Introduction Motivation If it’s stupid and it works, it’s not stupid. State of Affairs Coping Mechanisms Indefensible Blame is the enemy of safety. Focus should be on Local Attacks Trust Relationships understanding how the system behavior as a whole Use Cases contributed to the loss and not on who or what to Factory Testing Firmware Upgrades blame for it. 4 Wireless Protocols Other Conclusions 4 Engineering a Safer World: Systems Thinking Applied to Safety

  17. Talk Outline Embedded Device Cryptography in the Field Introduction Motivation State of Affairs Coping Mechanisms What are major uses and threat models we’ve seen? Indefensible How do their implementations fail? (Vulnerabilities rated Local Attacks Trust Relationships from ⋆ to ⋆ ⋆ ⋆ ⋆ ⋆ based on frequency seen.) Use Cases If possible, why does the failure occur? Factory Testing Firmware Upgrades Wireless Protocols Other Conclusions

  18. Embedded Device Cryptography in the Field Introduction Motivation State of Affairs Coping Mechanisms Indefensible Local Attacks Trust Relationships Indefensible Use Cases Factory Testing Firmware Upgrades Wireless Protocols Other Conclusions

  19. Embedded Device Cryptography in the Field Introduction Motivation State of Affairs Coping Mechanisms Indefensible Local Attacks Trust Relationships Local Attacks Use Cases Factory Testing Firmware Upgrades Wireless Protocols Other Conclusions

  20. Local Attacks Embedded Device Cryptography Against low-cost devices not hardened against them, attacks in the Field range from easy to doable: Introduction Side channels Motivation State of Affairs Coping Mechanisms Fault injection Indefensible Decapping and probing + fault injection Local Attacks Trust Relationships Use Cases Deleting keys on tamper would be nice, but: Factory Testing Firmware Upgrades Wireless Protocols One-way operations that brick the device are scary to Other deploy. Conclusions Requires an internal power supply, which adds cost . Tamper detection for one device is easy; for two or more, extremely hard.

  21. Local Attacks Embedded Device Cryptography in the Field If a device is widely available to attackers, hardware compromise Introduction in the large can be assumed. Motivation State of Affairs Coping Mechanisms On widely deployed devices, shared secrets are massive Indefensible Local Attacks central points of failure. Trust Relationships In an ideal world, compromise via local access does not give Use Cases Factory Testing attacker any more capabilities than they already have. Firmware Upgrades Wireless Protocols Good bang-for-buck measures exist to make local attacks Other harder do exist. (Disabling read access to internal memory, Conclusions burning fuses.)

  22. User As Threat (DRM) Embedded Device Cryptography in the Field Introduction DRM/smart card technologies make well-funded attempts to Motivation defend against some local attacks. State of Affairs Coping Mechanisms Indefensible Higher cost per chip! Local Attacks Trust Relationships Cost of comparing security of different vendors/models Use Cases high. Factory Testing Firmware Upgrades Wireless Protocols Better off spending resourses on system architecture that avoids Other Conclusions shared secrets and distrusting the user, if possible.

  23. Embedded Device Cryptography in the Field Introduction Motivation State of Affairs Coping Mechanisms Indefensible Local Attacks Trust Relationships Trust Relationships Use Cases Factory Testing Firmware Upgrades Wireless Protocols Other Conclusions

  24. Trust Relationships Embedded Device Cryptography in the Field Introduction The following will still be trusted: Motivation State of Affairs Coping Mechanisms Manufacturer signing keys. Indefensible Local Attacks Development infrastructure. Trust Relationships Hardware and initial firmware bringup supply chain. Use Cases Factory Testing Firmware Upgrades Often, use of cryptography merely shuffles trust around the Wireless Protocols Other system, but does not eradicate it. Conclusions

Recommend


More recommend