embedded systems security
play

Embedded Systems Security Guy GOGNIAT guy.gogniat@univ-ubs.fr - PowerPoint PPT Presentation

Nov 01, 2023 •426 likes •1.01k views

Session Scurit Informatique - Mercredi 28 mars 2007 Embedded Systems Security Guy GOGNIAT guy.gogniat@univ-ubs.fr Journe 2007 de la section lectronique du club EEA SiP et SoC : nouvelles perspectives, nouveaux dfis Session

  1. Session Sécurité Informatique - Mercredi 28 mars 2007 Embedded Systems Security Guy GOGNIAT guy.gogniat@univ-ubs.fr Journée 2007 de la section électronique du club EEA SiP et SoC : nouvelles perspectives, nouveaux défis Session Sécurité Informatique Mercredi 28 mars 2007 Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  2. Session Sécurité Informatique - Mercredi 28 mars 2007 Outline Cryptography principles  Attacks on embedded systems  Countermeasures  Hardware Mechanisms for Secured Processor-Memory Transactions • for Embedded Systems • PE-ICE/Extended OTP Preventing Piracy and Reverse Engineering of SRAM FPGAs Bitstream • Security Architecture for Embedded Systems: SANES • • Security primitive: AES case study on Virtex-II Pro Existing solutions: Secure Coprocessor/Microcontroller • Conclusion  Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  3. Session Sécurité Informatique - Mercredi 28 mars 2007 Outline  Cryptography principles Attacks on embedded systems  Countermeasures  Hardware Mechanisms for Secured Processor-Memory Transactions • for Embedded Systems • PE-ICE/Extended OTP Preventing Piracy and Reverse Engineering of SRAM FPGAs Bitstream • Security Architecture for Embedded Systems: SANES • • Security primitive: AES case study on Virtex-II Pro Existing solutions: Secure Coprocessor/Microcontroller • Conclusion  Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  4. Session Sécurité Informatique - Mercredi 28 mars 2007 Cryptography primitives Symmetric cryptography Confidentiality   AES, DES/3DES, RC5 Data and messages • • Hashing function Integrity   MD5, SHA-1, SHA-2 Data and messages • • Asymmetric cryptography  Authentication  RSA, ECC Users and hosts • • Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  5. Session Sécurité Informatique - Mercredi 28 mars 2007 Symmetric encryption Block cipher  K e Encryption (E) n n Ciphertext C=E Ke (P ) Plaintext P n-bit Decryption (D) n n P=D Kd (C) K e Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  6. Session Sécurité Informatique - Mercredi 28 mars 2007 Asymmetric algorithm Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  7. Session Sécurité Informatique - Mercredi 28 mars 2007 RSA Three researchers from MIT, Ron 1. Public key (size 1024 or 2048 bits) R ivest, Adi S hamir and Len A dleman have patented in 1983 the RSA n p q = � algorithm Compute e as “PGDC(n,e) = 1” 2. Private key 1 � ( ( ) ( ) ) d e mod p 1 q 1 = � � � Rivest Adleman Shamir 3. Ciphering requires e and n e mod c m n = 4. Deciphering requires d and n d mod m c n = Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  8. Session Sécurité Informatique - Mercredi 28 mars 2007 Hashing function Initial message Digest of the initial message Prof. Robert this message to 215e781c0c3f7d1353518bd5f649805b confirm our meeting tomorrow at 1 pm at my office Received message Digest of the received message Prof. Robert this message to 0601e38b93c1cc1c1a4b87dd8771b452 confirm our meeting tomorrow at 9 pm at my office Both digests are different  Someone has modified the message • There been an error during the communication • Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  9. Session Sécurité Informatique - Mercredi 28 mars 2007 Integrity Checking Principle:  Tag T H(M) (M; T) Message M Meeting at 7h00 am in … Unsecured Alice channel T Integrity Flag (M; T) M COMP H(M) T’ K Tag reference Bob Meeting at 7h00 am in … K message digest Hash functions:  Message M i Hash MAC h i = f(M i , h i-1 ) Compression function  function function h i-1 One-way function  gives a compact representative image of the input  MAC ( * ) functions: take a secret key as additional input to authenticate the source of the message.  Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734 (*) Message Authentication Code

  10. Session Sécurité Informatique - Mercredi 28 mars 2007 Outline Cryptography principles   Attacks on embedded systems Countermeasures  Hardware Mechanisms for Secured Processor-Memory Transactions • for Embedded Systems • PE-ICE/Extended OTP Preventing Piracy and Reverse Engineering of SRAM FPGAs Bitstream • Security Architecture for Embedded Systems: SANES • • Security primitive: AES case study on Virtex-II Pro Existing solutions: Secure Coprocessor/Microcontroller • Conclusion  Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  11. Session Sécurité Informatique - Mercredi 28 mars 2007 Many sensitive data will be embedded Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  12. Session Sécurité Informatique - Mercredi 28 mars 2007 Classification of attacks Hardware attacks Software attacks Glitch attack Timing analysis Chip cutting (power, clock) Trojan horse Power consumption Chemical attack Variation of Vdd or T° of the chip Analysis Logic bomb Physical Electromagnetic Irreversible Black Box emission analysis (invasive) Virus Side-channel Physical (non-invasive) Reversible Worm (non-invasive) Active attacks Passive attacks Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  13. Session Sécurité Informatique - Mercredi 28 mars 2007 Processor-Memory Transactions Vulnerabilities Most embedded systems use off-chip memories  Data and instructions are exchanged in clear over the processor-memory • bus Trusted Area Threats:  Unauthorized data reads  Address bus SoC External Code injection or data alteration  (Trusted) Memory Memory tampering  Data bus Objectives: Ensure the confidentiality and the integrity of data stored in  off-chip memories and transferred on SoC memory interfaces Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  14. Session Sécurité Informatique - Mercredi 28 mars 2007 Passive Attacks Bus probing – eavesdropping [1]  Data / Instruction Add 0x080ff0fa 0x00000010 Address bus External 0101000100010000011100100 0101000100010000011100100 SoC 1 Memory 1 (Trusted) 0111010101010001011100100 0111010101010001011100100 Data bus 1 1 [1] M. G. Kuhn, “Cipher Instruction Search Attack on the Bus-Encryption Security Microcontroller DS5002FP” IEEE Trans. Comput., vol. 47, pp. 1153–1157, October. 1998. Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  15. Session Sécurité Informatique - Mercredi 28 mars 2007 Passive Attacks Bus probing – eavesdropping [1]  Data / Instruction Add 0x00000010 0x080ff0fa Address bus External 0x0ab820ff 0x00000014 0101000100010000011100100 SoC Memory 1 0x00000018 0x080112f4 (Trusted) 0111010101010001011100100 0x0000001C 0x102bcd0f Data bus 1 0x00000020 0x11ff11ab Attacker motivation:  Off-line analysis:  Key recovery • Message recovery • Raw materials for active attacks…  [1] M. G. Kuhn, “Cipher Instruction Search Attack on the Bus-Encryption Security Microcontroller DS5002FP” IEEE Trans. Comput., vol. 47, pp. 1153–1157, October. 1998. Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  16. Session Sécurité Informatique - Mercredi 28 mars 2007 Active Attacks Code and data injection  Address bus External SoC Memory (Trusted) Data bus Malicious Memory Three kinds of active attacks are defined depending on the choice made by the  adversary on the data to insert: Memory Spoofing: Random data injection  Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  17. Session Sécurité Informatique - Mercredi 28 mars 2007 Active Attacks Code and data injection  Address bus External SoC Memory (Trusted) Data bus Malicious Memory Three kinds of active attacks are defined depending on the choice made by the  adversary on the data to insert: Memory Data(@1) Spoofing: Random data injection  Data(@2) Splicing: Spatial permutation  Data(@3) Data(@4) Data(@7) Data(@5) Data(@6) Data(@7) Data(@7) Data(@8) Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  18. Session Sécurité Informatique - Mercredi 28 mars 2007 Active Attacks Code and data injection  Address bus External SoC Memory (Trusted) Data bus Malicious Memory Three kinds of active attacks are defined depending on the choice made by the  adversary on the data to insert: Memory Data(@1, t1) Data(@1, t4) Spoofing: Random data injection  Data(@2, t9) Data(@2, t1) Splicing: Spatial permutation  Data(@3, t1) Data(@3, t8) Replay: Temporal permutation  Data(@4, t1) Data(@4, t1) Data(@4, t7) Data(@4, t1) Data(@4, t1) Data(@5, t1) Data(@6, t6) Data(@6, t1) Data(@7, t4) Data(@7, t1) Data(@8, t1) Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

  19. Session Sécurité Informatique - Mercredi 28 mars 2007 Active Attacks Code and data injection  Address bus External SoC Memory (Trusted) Data bus Malicious Memory Three kinds of active attacks are defined depending on the choice made by the  adversary on the data to insert: Spoofing: Random data injection  Splicing: Spatial permutation  Replay: Temporal permutation  Attacker motivation:  Hijack the software execution  Reduce the search space for key recovery or message recovery  Laboratoire LESTER - Université de Bretagne Sud/CNRS FRE 2734

Recommend

Systems Security: Hardware, embedded system and IoT security Stjepan Picek s.picek@tudelft.nl

Systems Security: Hardware, embedded system and IoT security Stjepan Picek s.picek@tudelft.nl

Systems Security: Hardware, embedded system and IoT security Stjepan Picek s.picek@tudelft.nl Delft University of Technology, The Netherlands April 23, 2018 Outline 1 General Information 2 Lightweight Cryptography 3 Random Number Generators 4

1.35k views • 64 slides
ELC 2013 Security: Best Practices for Embedded Systems John Mehaffey Senior System Architect

ELC 2013 Security: Best Practices for Embedded Systems John Mehaffey Senior System Architect

ELC 2013 Security: Best Practices for Embedded Systems John Mehaffey Senior System Architect Embedded Systems Division mentor.com/embedded Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions. Linux

544 views • 17 slides
HW/SW Codesign w/ FPGAs Embedded Systems ECE 495/595 Overview (Slides from Embedded Systems

HW/SW Codesign w/ FPGAs Embedded Systems ECE 495/595 Overview (Slides from Embedded Systems

HW/SW Codesign w/ FPGAs Embedded Systems ECE 495/595 Overview (Slides from Embedded Systems Design, F. Vahid and T. Givargis) Embedded computing systems definition: Computing systems embedded within electronic devices. Hard to define

396 views • 26 slides
Embedded systems and the role of programmable logic devices in embedded systems Embedded system :

Embedded systems and the role of programmable logic devices in embedded systems Embedded system :

Embedded systems and the role of programmable logic devices in embedded systems Embedded system : a combination of computer hardware and software, and perhaps additional mechanical or other parts, designed to perform a dedicated function. In some

414 views • 20 slides
Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth

Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth

Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth workshop Introduction to the workshop PROOFS: Security Proofs for Embedded Systems UCSB August 20, 2016 5th edition of PROOFS PROOFS 2012:

311 views • 7 slides
A Large Scale Analysis of the Security of Embedded Firmwares A. Costin , J. Zaddach, A.

A Large Scale Analysis of the Security of Embedded Firmwares A. Costin , J. Zaddach, A.

A Large Scale Analysis of the Security of Embedded Firmwares A. Costin , J. Zaddach, A. Francillon, D. Balzarotti EURECOM, France 20th August 2014 USENIX Security '14 San Diego, USA Embedded Systems Are Everywhere Andrei Costin 2 By

1.03k views • 72 slides
Inception: System-Wide Security Testing of Real- World Embedded Systems Software Nassim

Inception: System-Wide Security Testing of Real- World Embedded Systems Software Nassim

Inception: System-Wide Security Testing of Real- World Embedded Systems Software Nassim Corteggiani (Maxim Integrated / EURECOM) Giovanni Camurati (EURECOM) Aurlien Francillon (EURECOM) 08/15/18 Embedded Systems Are Everywhere [1]

911 views • 65 slides
embedded security October 2015 The Old Model (simplified view) Embedded Security Benedikt

embedded security October 2015 The Old Model (simplified view) Embedded Security Benedikt

embedded security October 2015 The Old Model (simplified view) Embedded Security Benedikt Gierlichs KU Leuven, COSIC IACR Summer school 2015 Chia Laguna, Italy Attack on channel between communicating parties Encryption and

412 views • 6 slides
4TU MASTER EMBEDDED SYSTEMS Bert Molenkamp 19/03/2020 Master Embedded Systems 1 Table of

4TU MASTER EMBEDDED SYSTEMS Bert Molenkamp 19/03/2020 Master Embedded Systems 1 Table of

4TU MASTER EMBEDDED SYSTEMS Bert Molenkamp 19/03/2020 Master Embedded Systems 1 Table of contents What is an embedded system Examples of research topics Admission Overview of the programme Success rates Master Embedded

814 views • 31 slides
Embedded Systems (ESII) Prof. Dr. J. Henkel, Dr. M. Shafique CES - Chair for Embedded Systems

Embedded Systems (ESII) Prof. Dr. J. Henkel, Dr. M. Shafique CES - Chair for Embedded Systems

1 ESII: ASIPs_ISEs Design and Architectures for Embedded Systems (ESII) Prof. Dr. J. Henkel, Dr. M. Shafique CES - Chair for Embedded Systems Karlsruhe Institute of Technology, Germany Today: Embedded Processor Platforms ASIPs and Extensible

1.5k views • 89 slides
Software Engineering for Embedded Systems Software Engineering for Embedded Systems Dr.-Ing.

Software Engineering for Embedded Systems Software Engineering for Embedded Systems Dr.-Ing.

Software Engineering for Embedded Systems Software Engineering for Embedded Systems Dr.-Ing. Mohammad. Abdullah Al Faruque Dipl.-Inform. Sebastian Kobbe CES - C hair for E mbedded S ystems (Prof. Dr. Jrg Henkel) Department of Computer Science

847 views • 72 slides
Embedded Systems Programming Trends of Embedded Systems (Module 2) Yann-Hang Lee Arizona State

Embedded Systems Programming Trends of Embedded Systems (Module 2) Yann-Hang Lee Arizona State

Embedded Systems Programming Trends of Embedded Systems (Module 2) Yann-Hang Lee Arizona State University yhlee@asu.edu (480) 727-7507 Summer 2014 Real-time Systems Lab, Computer Science and Engineering, ASU Trends of RT Embedded Systems

332 views • 10 slides
Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat DC

Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat DC

Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat DC February 21, 2008 Black Hat USA 2007 Agenda Advances in Embedded Systems Security From USB stick to game console Current

673 views • 42 slides
Networked Embedded Systems Ezio Bartocci Overview Networked Embedded Systems (182.717): 6 weeks

Networked Embedded Systems Ezio Bartocci Overview Networked Embedded Systems (182.717): 6 weeks

Networked Embedded Systems Ezio Bartocci Overview Networked Embedded Systems (182.717): 6 weeks for semester ECTS: 6.0 Web: http://ti.tuwien.ac.at/rts/teaching/courses/networked-embedded-systems Type: Lessons (VU Vorlesung) with

700 views • 20 slides
Embedded Systems Engineering VO + LU Overview The module Embedded Systems Engineering is split

Embedded Systems Engineering VO + LU Overview The module Embedded Systems Engineering is split

Embedded Systems Engineering VO + LU Overview The module Embedded Systems Engineering is split in 2 parts: Lectures: ESE VO (182.721) ECTS: 3.0 Web: http://ti.tuwien.ac.at/rts/teaching/courses/esevo Staff: Prof. Radu Grosu,

859 views • 7 slides
When Embedded Systems Attack Embedded systems can fail for a variety of reasons

When Embedded Systems Attack Embedded systems can fail for a variety of reasons

22.1 22.2 When Embedded Systems Attack Embedded systems can fail for a variety of reasons Electrical problems Unit 22 Mechanical problems Errors in the programming Incorrectly specified Errors caused by users Embedded

201 views • 5 slides
1 How are embedded systems different Timing and Concurrency than traditional software? Fire

1 How are embedded systems different Timing and Concurrency than traditional software? Fire

What is an Embedded System? Definition of an embedded computer system: Embedded Systems is a digital system. Introduction uses a microprocessor (usually). runs software for some or all of its functions. frequently used as a

158 views • 3 slides
Side Channel Attacks and Countermeasures for Embedded Systems Job de Haas Black Hat USA

Side Channel Attacks and Countermeasures for Embedded Systems Job de Haas Black Hat USA

Side Channel Attacks and Countermeasures for Embedded Systems Job de Haas Black Hat USA August 2, 2007 Black Hat USA 2007 Agenda Advances in Embedded Systems Security From USB stick to game console Current attacks

533 views • 41 slides
Formal Security Analysis of Smart Embedded Systems Farid Molazem, Farid Molazem,

Formal Security Analysis of Smart Embedded Systems Farid Molazem, Farid Molazem,

Formal Security Analysis of Smart Embedded Systems Farid Molazem, Farid Molazem, Karthik Karthik Pattabiraman Pattabiraman Dependable Systems Lab University of British Columbia Internet of Things Real attacks against

344 views • 22 slides
Introduction to Embedded Systems Introduction to Embedded Systems CS/ECE 6780/5780 CS/ECE

Introduction to Embedded Systems Introduction to Embedded Systems CS/ECE 6780/5780 CS/ECE

Introduction to Embedded Systems Introduction to Embedded Systems CS/ECE 6780/5780 CS/ECE 6780/5780 Al Davis Al Davis Todays topics: logistics - minor synopsis of last lecture software desig finite state machine based

466 views • 19 slides
Last Time Embedded systems introduction u Definition of embedded system Common

Last Time Embedded systems introduction u Definition of embedded system Common

Last Time Embedded systems introduction u Definition of embedded system Common characteristics Kinds of embedded systems Crosscutting issues Software architectures Choosing a processor Choosing a

931 views • 39 slides
Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat

Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat

Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat Europe 2008 Black Hat Europe 2008 Agenda Advances in Embedded Systems Security From USB stick to game console Current attacks

653 views • 42 slides
Security model for embedded systems using Smack * Simple but secure * S implified M andatory A

Security model for embedded systems using Smack * Simple but secure * S implified M andatory A

Security model for embedded systems using Smack * Simple but secure * S implified M andatory A ccess C ontrol K ernel - Jos Bollo - - Jos Bollo - Con Contex text Jos Bollo Intel Eurogiciel Tizen Smack Linux 2

376 views • 20 slides
demystifying systemd for embedded systems OpenIoT & ELC Europe 2016 Agenda - Who am I? -

demystifying systemd for embedded systems OpenIoT & ELC Europe 2016 Agenda - Who am I? -

demystifying systemd for embedded systems OpenIoT & ELC Europe 2016 Agenda - Who am I? - Embedded Systems? - Background - Systemd for Embedded Systems Myths - Baseline - Scaling Up - Super-tiny Systems - Brazilian - Software

446 views • 32 slides

More recommend