Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
ECE 424 Embedded Systems Design Embedded System Security Chapter 14 Ning Weng Is your System Secure 2 Security Requirements from User prospective From: Security as a New Dimension in embedded system Design By Paul Kocher, Ruby Lee, Gary McGraw, Anand Ragunathan and Srivaths Ravi 3 Basic Security Function o Confidentiality • Only authorized user can access o Integrity • Information should not be altered in any unintended way. o Authentication • Data sent and received by appropriate parties rather than masqueraders User Identification o embedded system should be restricted to a selected set of authorized users Secure Network Access o Access to a network or a service has to be provided only if the device is authorized. 4 Availability o protection against disruption of service Secure Storage o Securing information in the embedded system’s storage devices, external or internal to the system Content Security o Protect the rights of the digital content used in the system. Tamper Resistance o It should maintain the security requirements when the device falls into the hands of malicious parties, and can be physically or logically probed 5 Consequence of People, Process and Technology Factors People Process Technology Security Measures Training users security risks common pitfalls Make rules procedure complicated about and Attack Phishing attack Attacker tries to lock out and user accounts and send more phishing messages with false instruction to reenable accounts. Regular update and apply Software with an of security-related exploitable weakness is patches targeted and attacked 6 Outline Introduction Security Concepts and Building Blocks Major Security Attacks Conclusion 7 Encryption and Cryptography o Encryption: process of transforming information (referred to as plaintext) using an algorithm (called a cipher) to make it unreadable to anyone except those possessing a private key. • Ex: Single-Key encryption • • Generate a Key that only user knows. Crypto algorithm like GPG translates the key into numerical form that is used to randomize the bits in the file, that needs to be encrypted and makes the file inaccessible to user without password. 8 Asymmetric-Key Cryptography (RSA) User generates key pair, consists of Private key and Public Key. Private key is a secret and known only to owner Public key is for anyone who wants to send message to the owner, they encrypt with public key and user can open it using private key. Private key and public key are mathematically related. RSA features to put signature along with encryption, so that user can authenticate the sender by decrypting using public key of sender. Problem with RSA is exchange of Public key. Certificate Authorities solves the problem of exchange of keys. 9 Transport Layer Security (TLS) • Also known Secure Sockets Layer (SSL) • It is an application-level security protocol, built in web browsers. • TLS enables web security with following rules o Public- Key encryption is used to authenticate clients and server. o Single-Key encryption is used to secure communication between two applications. o Cryptographic signatures are used to ensure message integrity. o Certificates and Certificate authorities are used to associate names with public keys in trusted manner. • TLS works with handshake and concludes by creating a secure communication channel. • Lets go through the example how handshake works and creates the secure channel with http://mail.google.com 10 11 Secure Shell(SSH) It is a network protocol for secure data communication, remote shell services or command execution in Linux or Unix systems. It is primarily used to enable secure remote connections. Once SSH is installed private and public keys are created. First time when user establishing connection, the public key for the remote mechine will be appended to ~/.ssh/known_host file. Once the client machine has authenticated and gotten public key, it can use it to encrypt communication. SSH also allows to log in with public key but user must create their key pair by executing o ssh-keygen –t rsa 12 Ex: Connecting to Remote Server 13 Key generation: 14 Private Key and Public Key 15 Security Architecture for IP: IPSec Internet Protocol Security (IPSec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. All protocols based on TCP and UDP inherit the security benefits of IPSec. Can access server securely within company’s network. Also provides secure access to remote employees and machines. Two operating mode supported by IPSec o Transport Mode Only the payload of the IP packet is usually encrypted. Used for host-tohost communications. o Tunnel Mode The entire IP packet is encrypted and/or authenticated. It is then encapsulated into a new IP packet with a new IP header. Used to create virtual private networks for network-to-network communications 16 Two factor Authentication Two-factor authentication is an approach to authentication which requires the presentation of "two or more" of the three authentication "factors" ("something the user knows like password", "something the user has private keys paired with public keys", and "something the user is, like finger prints, iris pattern"). It is an attempt to increase the difficulty involved with defrauding authentication schemes. 17 Outline Introduction Security Concepts and Building Blocks Major Security Attacks Conclusion 18 Buffer Overflow It is a stack based buffer overflow, or buffer over-run, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This is a special case of violation of memory safety. o Ex: o Trouble with this code is it takes no steps to determine buffer destination. o Attacker may take advantage in one of several ways: • By overwriting a local variable that is near the buffer in memory on the stack to change the behavior of the program which may benefit the attacker. • By overwriting the return address in a stack frame. Once the function returns, execution will resume at the return address as specified by the attacker, usually a user input filled buffer. • By overwriting a function pointer, or exception handler, which is subsequently executed. 19 SQL Injection o SQL is the language for relational database, where information is represented by tables with columns that refer to one another in order to express relationships between the data. o Websites and web applications uses database to store user logins and associated data. o Ex: Web applications retrieve user information from database as shown below o Resulting SQL statement destroys information and also may insert new user, write new files to web directories or modify user information. 20 Denial of Service (DOS) o It attacks availability of resource. o 3 categories of DOS • Resource Exhaustion • Resource interruption • Active interference o Resource Exhaustion would prevent valid users from accessing the software, and it could potentially have an impact on the surrounding environment. o Resource interruption , a target is rendered ineffective by interrupting access to a key resources or service. Ex: If DNS service is interrupted, many remote systems become unreachable. o Active interference is if a attacker knows destination IP address and ports used by target machine and forge illegitimate packets that appear to come from Dest IP address, attacker can shut down TCP connections by sending TCP/RESET packet. Social Engineering and Phishing o It is the context of security, is understood to mean the art of manipulating people into performing actions or divulging confidential information. 21 Counter Measures against Software attacks Software in embedded systems is a major source of security vulnerabilities. The requirements level: Security requirements must cover both overt functional security (e.g., the use of applied cryptography) and emergent characteristics. The design and architecture level: A system must be coherent and present a unified security architecture that takes into account security principles (such as the principle of least privilege) The code level: Static analysis tools — tools that scan source code for common vulnerabilities — can discover implementation bugs at the code level. 22 From: Security as a New Dimension in embedded system Design By Paul Kocher, Ruby Lee, Gary McGraw, Anand Ragunathan and Srivaths Ravi 23 Firewalls Firewall is a device or software layer that filters out packet based on a set of rules that define which packet can be allowed through and which should be dropped. Firewalls operate beneath the operating system networking stack. It is low enough in packet processing sequence that drops decision can be made before assigning the system resource and avoid SYN flood attacks. Firewall operates with chain of sequence of rules. If the packet matches rules defined above it is accepted. Else it is evaluated against the next rule. 24 Firewalls Five default chains INPUT, OUTPUT, FORWARD, PREROUTING, POSTROUTING 25 Servers and Logs To make system more secure it is always a good habit to maintain Logs of the system activity. List of logs Embedded system should probably maintain o Failed Login attempts o Web Server and database access logs o Firewall logs 26 Hardware Attacks The design of secure hardware is often overlooked in the product development life cycle, leaving many devices vulnerable to hacker attacks. The critical components in your circuit needs to be protected Critical components may include specific algorithms, device identifiers, digital media, cryptographic keys, complete product firmware, or other product-specific data. Some the major hardware attacks are on o o o o Emission and immunity Board level Memory Devices Power supply 27 Memory Most memory is insecure o Can be read with standard device programmer Difficult to securely and totally erase data from RAM and non-volatile memory o Remnants may exist and be retrievable from devices long after power is removed SRAM-based FPGAs most vulnerable to attack o Must load configuration from external memory o Bit stream can be monitored to retrieve data 28 Memory counter measures Protect against I/O scan attacks o Attacker cycles through all possible combinations of inputs to determine outputs o Use unused pins to detect probing Security fuses and boot-block protection o Enabled for "write-once" access to a memory area or to prevent full read back Implement if available Advanced memory management consists of using an FPGA or other circuitry to perform hardware-based bounds checking by monitoring the address bus or buses. By doing so, one can restrict read/write access to defined memory. 29 Power Supply Using a low-dropout linear regulator or DC-DC converter will help ensure that the circuitry in the product receives power within its expected range, regardless of an improper voltage supplied at the input. Such circuitry can obviously be bypassed if the attacker has access to the board. In SPA (Simple Power Analysis),DPA(Differential Power Analysis) an attacker directly observes a system's power consumption, which varies based on the operation that the microprocessor is performing. Using SPA and DPA attacker can easily guess cryptographic keys. 30 Power attack Counter Measures Define minimum and maximum operating limits o Ex: Comparators, watchdogs, supervisory circuits Do not rely on end user to supply a voltage within recommended operating conditions o Implement linear regulator or DC-DC converter 31 Security • Reasons: Information value and inexpensive to duplicate, store and transfer • Attacks: Malicious and misuse Courtesy of Trusted Computing Group Ning Weng ECE 424 32 Outline Introduction Security Concepts and Building Blocks Major Security Attacks Conclusion 33 Conclusion Hardware is now more accessible to hackers than ever before. Both software and hardware security is important. Simplest attacks known for decades still work Use at least basic security . New skills and techniques continually being developed and shared. Determine what to protect, why you are protecting it, and who you are protecting against Nothing is 100% secure, but being an engineer make the best of it. 34