Systems Security: Hardware, embedded system and IoT security Stjepan Picek s.picek@tudelft.nl Delft University of Technology, The Netherlands April 23, 2018
Outline 1 General Information 2 Lightweight Cryptography 3 Random Number Generators 4 Physically Unclonable Functions 5 Tamper Resistant Hardware 2 / 62
Prerequisites ❼ Language based Security (CS4105) or Software Security (UT201600051). ❼ Security and Cryptography (IN4191). ❼ Network Security (ET4397IN) or Internet Security (192654000). ❼ A bachelor level Operating Systems course. 3 / 62
Topics Covered in Lectures 8 weeks = 5EC = 140 hours of work for a nominal student 1 Hardware, embedded system, and IoT security. 2 Covert channels. 3 Secure systems engineering. 4 Countermeasures. 4 / 62
Learning Outcomes 1 An appreciation of the security architecture of computer systems. 2 Detailed knowledge of the security of a specific operating system. 3 Skills in exploiting vulnerabilities of computer systems. 4 Skills in developing counter measures against exploits. 5 / 62
Learning Outcomes There are more things in heaven and earth, Horatio, Than are dreamt of in your philosophy. - Hamlet (1.5.167-8), Hamlet to Horatio 6 / 62
Learning Outcomes There are more things in heaven and earth, Horatio, Than are dreamt of in your philosophy. - Hamlet (1.5.167-8), Hamlet to Horatio The same is true for security! 6 / 62
General Info 1 7 lectures – 2 hours per week. 2 4 lab exercises – 4 hours per exercise. 3 Weekly assignments. 4 Bonus assignments. 5 Exam. 7 / 62
Timetable Table: Timetable (not definitive). Date Lecture Lab 23.04.-27.04. Stjepan IoT – 30.04.-04.05. Erik IoT IoT Labs 07.05.-11.05. Stjepan Covert Channels – 14.05.-18.05. Erik Covert Channels Covert Channels Lab 21.05.-25.05. – – 28.05.-01.06. Stjepan Countermeasures – 04.06.-08.06. Stjepan Countermeasures Countermeasures Lab 11.06.-15.06. Erik Secure Systems Engi- Secure Systems Engineer- neering ing Lab 18.06.-22.06. Repetitions/Exam 25.06.-29.06. Exam 8 / 62
Exam, Grading, Correspondence, etc. ❼ 50% lab work and 50% written open book examination. ❼ After lab exercise → short examination and written report due until next lab. ❼ Extra points for additional assignments. ❼ 100 points for exam, 100 points for assignments (nt heory possible more than 100, but cap on 100s), final grade is average. ❼ Minimum 50 points in both category to pass the course. 9 / 62
Canvas System ❼ Canvas system from Twente. ❼ https://canvas.utwente.nl/courses/1430/discussion topics/1538 ❼ https://canvas.utwente.nl/courses/1430/pages/prerequisites 10 / 62
Consultations ❼ Stjepan, building 28, E6.100, consultations Tuesday 14:00–16:00. 11 / 62
Assignment 1 ❼ Ensure that by the end of week you have access to Canvas and Systems Security course. 12 / 62
Outline 1 General Information 2 Lightweight Cryptography 3 Random Number Generators 4 Physically Unclonable Functions 5 Tamper Resistant Hardware 13 / 62
Constrained Devices ❼ Internet of Things – broad term describing how Internet will be used to connect devices rather than people. ❼ Some of these devices use powerful processors and can use the same cryptographic algorithms as standard PCs. ❼ Many of them use extremely low power microcontrollers which can only afford to devote a small fraction of their computing power to security. ❼ Sensors, RFID chips, smart grids, etc. ❼ If current algorithms can be made to fit into the limited resources of constrained environments, their performance may not be acceptable. ❼ Internet of Everything – the networked connection of people, process, data, and things (Cisco). 14 / 62
IoT Figure: Source: https://www.forbes.com/sites/louiscolumbus/2017/12/10/2017- roundup-of-internet-of-things-forecasts/#c386d8e1480e. 15 / 62
IoT Figure: Source: https://www.forbes.com/sites/louiscolumbus/2017/12/10/2017- roundup-of-internet-of-things-forecasts/#c386d8e1480e. 16 / 62
Why We Need Security Figure: IMEC: NERF brain stimulant. 17 / 62
Why We Need Security ❼ Disabling wireless in pacemaker. ❼ https://nakedsecurity.sophos.com/2013/10/22/doctors- disabled-wireless-in-dick-cheneys-pacemaker-to-thwart- hacking/ ❼ Hacking cars. ❼ https://www.wired.com/story/car-hack-shut-down-safety- features/ 18 / 62
Lightweight Cryptography ❼ Cryptographic algorithms proposed for constrained devices/environments. ❼ We call lightweight algorithms a wide range of ciphers with different properties and designed for various scenarios. ❼ Sometimes lightweight cryptography is divided into ultra-lightweight cryptography and ubiquitous cryptography. ❼ The key concept is a trade-off between various aspects. 19 / 62
Lightweight Cryptography Figure: Trade-offs in lightweight cryptography. 20 / 62
Area ❼ ASIC – Application Specific Integrated Circuit, unit is NAND gate. ❼ GE (gate equivalence) – physical area of a single NAND (smallest logic gate with 2 inputs) gate. ❼ FPGA – Field Programmable Gate Area, unit is LUT, flip-flops. ❼ Embedded microcontrollers, unit is memory size (program size + data size). 21 / 62
NAND Gate Figure: CMOS NAND gate. 22 / 62
Time ❼ Throughput – amount of data processed per time unit (the higher the better). ❼ Latency – delay from input to output (the lower the better). ❼ High throughput and low latency do not go together. 23 / 62
Power and Energy Power ≠ Energy ❼ The total power consumption of a CMOS (Complementary Metal Oxide Semiconductor) device: P total = P static + P dynamic , P static = V ⋅ I , P dynamic = α ⋅ C ⋅ V 2 ⋅ f , where α is the switching factor (the probability of a bit switching from 0 to 1), C is the switched capacitance, V is the voltage, f is the clock frequency, and I is the current. 24 / 62
Power and Energy ❼ Power (= Watt). ❼ Energy E (= Joule). E = P ⋅ t . ❼ For power consideration, cooling is important (implanted device only ∆1deg C temperature). ❼ Anything that is battery powered has low energy requirements. 25 / 62
Examples of Lightweight Ciphers ❼ PRESENT ❼ Prince ❼ Klein ❼ Rectangle ❼ MIDORI ❼ Gift ❼ Piccolo ❼ KATAN ❼ Simon ❼ Speck ❼ LED ❼ ... 26 / 62
Assignment 2 ❼ Browse through one paper describing any lightweight cipher. ❼ Which lightweight ciphers are optimized for area and which for energy? ❼ How to design a lightweight cipher? 27 / 62
Outline 1 General Information 2 Lightweight Cryptography 3 Random Number Generators 4 Physically Unclonable Functions 5 Tamper Resistant Hardware 28 / 62
Two-way communication Figure: Two-way communication. 29 / 62
❼ ❼ Random Number Generators – RNGs ❼ Kerckhoff principle: A cryptosystem should be secure even if everything about the system, except the key, is public knowledge. 30 / 62
Random Number Generators – RNGs ❼ Kerckhoff principle: A cryptosystem should be secure even if everything about the system, except the key, is public knowledge. ❼ Extremely important in cryptography. ❼ Used for cryptographic keys, initialization vectors, nonces, padding, masks in side-channel attacks countermeasures, etc. 30 / 62
Security Requirements for RNGs ❼ Good statistical properties of output values. ❼ Output unpredictability. 31 / 62
Assessing Security ❼ Evaluate statistical parameters using statistical tests (FIPS140-2, NIST 800-22, DIEHARD, etc.). ❼ Evaluate entropy using entropy estimator (entropy cannot be measured, only estimated from a model). ❼ Test online the source of entropy using dedicated statistical tests. 32 / 62
Basic RNG Classes ❼ Deterministic (Pseudo) random number generators (PRNG). ❼ Physical (True) random number generators (TRNG). ❼ Hybrid random number generators (HRNG). 33 / 62
PRNG ❼ Algorithmic generators. ❼ Usually fast and with good statistical characteristics. ❼ Must have long period. ❼ Must be computationally secure (difficult to guess previous or next value). 34 / 62
TRNG ❼ Using physical source of randomness. ❼ Unpredictable and often with suboptimal statistical characteristics. ❼ Usually slower than PRNG. 35 / 62
Intels Hardware RNG Figure: When transistor 1 and transistor 2 are switched on, a coupled pair of inverters force Node A and Node B into the same state [left]. When the clock pulse rises [yellow, right], these transistors are turned off. Initially the output of both inverters falls into an indeterminate state, but random thermal noise within the inverters soon jostles one node into the logical 1 state and the other goes to logical 0. Source: https://spectrum.ieee.org/computing/hardware/behind-intels- new-randomnumber-generator 36 / 62
Transition Effect Ring Oscillator TERO Figure: TERO. 37 / 62
HRNG ❼ Combining PRNG and TRNG. ❼ PRNG seeded by a TRNG. ❼ TRNG with post-processing. 38 / 62
HRNG as per AIS31 Recommendations Figure: AIS setting for HRNG. 39 / 62
Recommend
More recommend
