ppt - College of Engineering | SIU

Download Report

Transcript ppt - College of Engineering | SIU

ECE 424
Embedded Systems
Design
Embedded System Security
Chapter 14
Ning Weng
Is your System Secure
2
Security Requirements from User prospective
From: Security as a New Dimension in embedded system Design By Paul Kocher, Ruby Lee, Gary McGraw, Anand Ragunathan and
Srivaths Ravi
3
Basic Security Function
o Confidentiality
• Only authorized user can access
o Integrity
• Information should not be altered in any unintended way.
o Authentication
• Data sent and received by appropriate parties rather than
masqueraders
 User Identification
o embedded system should be restricted to a selected set of
authorized users
 Secure Network Access
o Access to a network or a service has to be provided only if
the device is authorized.
4
Availability
o protection against disruption of service
 Secure Storage
o Securing information in the embedded system’s storage
devices, external or internal to the system
 Content Security
o Protect the rights of the digital content used in the
system.
 Tamper Resistance
o It should maintain the security requirements when the
device falls into the hands of malicious parties, and can
be physically or logically probed
5
Consequence of People, Process and Technology
Factors
People
Process
Technology
Security Measures
Training users
security
risks
common pitfalls
Make
rules
procedure
complicated
about
and
Attack
Phishing attack
Attacker tries to lock out
and user accounts and send
more phishing messages with
false instruction to reenable accounts.
Regular update and apply Software
with
an
of
security-related exploitable weakness is
patches
targeted and attacked
6
Outline




Introduction
Security Concepts and Building Blocks
Major Security Attacks
Conclusion
7
Encryption and Cryptography
o Encryption: process of transforming information (referred to
as plaintext) using an algorithm (called a cipher) to make it
unreadable to anyone except those possessing a private key.
• Ex: Single-Key encryption
•
• Generate a Key that only user knows. Crypto algorithm like
GPG translates the key into numerical form that is used to
randomize the bits in the file, that needs to be encrypted and
makes the file inaccessible to user without password.
8
Asymmetric-Key Cryptography (RSA)
 User generates key pair, consists of Private key and Public Key.
 Private key is a secret and known only to owner
 Public key is for anyone who wants to send message to the owner, they
encrypt with public key and user can open it using private key.
 Private key and public key are mathematically related.
 RSA features to put signature along with encryption, so that user can
authenticate the sender by decrypting using public key of sender.
 Problem with RSA is exchange of Public key.
 Certificate Authorities solves the problem of exchange of keys.
9
Transport Layer Security (TLS)
• Also known Secure Sockets Layer (SSL)
• It is an application-level security protocol, built in web browsers.
• TLS enables web security with following rules
o Public- Key encryption is used to authenticate clients and server.
o Single-Key encryption is used to secure communication between
two applications.
o Cryptographic signatures are used to ensure message integrity.
o Certificates and Certificate authorities are used to associate names
with public keys in trusted manner.
• TLS works with handshake and concludes by creating a secure
communication channel.
• Lets go through the example how handshake works and creates
the secure channel with http://mail.google.com
10
11
Secure Shell(SSH)
It is a network protocol for secure data communication, remote
shell services or command execution in Linux or Unix systems.
 It is primarily used to enable secure remote connections.
 Once SSH is installed private and public keys are created.
 First time when user establishing connection, the public key
for the remote mechine will be appended to ~/.ssh/known_host
file.
 Once the client machine has authenticated and gotten public
key, it can use it to encrypt communication.
 SSH also allows to log in with public key but user must create
their key pair by executing
o ssh-keygen –t rsa
12
Ex: Connecting to Remote Server
13
Key generation:
14
Private Key and Public Key
15
Security Architecture for IP: IPSec
Internet Protocol Security (IPSec) is a protocol suite for
securing
Internet
Protocol
(IP)
communications
by authenticating and encrypting each IP packet of a
communication session.
 All protocols based on TCP and UDP inherit the security
benefits of IPSec.
 Can access server securely within company’s network.
Also provides secure access to remote employees and
machines.
 Two operating mode supported by IPSec
o Transport Mode
Only the payload of the IP packet is usually encrypted. Used for host-tohost communications.
o Tunnel Mode
The entire IP packet is encrypted and/or authenticated. It is then
encapsulated into a new IP packet with a new IP header. Used to
create virtual private networks for network-to-network communications 16
Two factor Authentication
Two-factor
authentication
is
an
approach
to authentication which requires the presentation of "two or
more" of the three authentication "factors" ("something the
user knows like password", "something the user has private
keys paired with public keys", and "something the user is,
like finger prints, iris pattern").
 It is an attempt to increase the difficulty involved with
defrauding authentication schemes.
17
Outline




Introduction
Security Concepts and Building Blocks
Major Security Attacks
Conclusion
18
Buffer Overflow
It is a stack based buffer overflow, or buffer over-run, is an anomaly where
a program, while writing data to a buffer, overruns the buffer's boundary and
overwrites adjacent memory. This is a special case of violation of memory safety.
o Ex:
o Trouble with this code is it takes no steps to determine buffer destination.
o Attacker may take advantage in one of several ways:
• By overwriting a local variable that is near the buffer in
memory on the stack to change the behavior of the
program which may benefit the attacker.
• By overwriting the return address in a stack frame. Once
the function returns, execution will resume at the return
address as specified by the attacker, usually a user input
filled buffer.
• By overwriting a function pointer, or exception handler,
which is subsequently executed.
19
SQL Injection
o SQL is the language for relational database, where information is represented
by tables with columns that refer to one another in order to express
relationships between the data.
o Websites and web applications uses database to store user logins and
associated data.
o Ex: Web applications retrieve user information from database as shown below
o Resulting SQL statement destroys information and also may insert new user,
write new files to web directories or modify user information.
20
Denial of Service (DOS)
o It attacks availability of resource.
o 3 categories of DOS
• Resource Exhaustion
• Resource interruption
• Active interference
o Resource Exhaustion would prevent valid users from accessing the
software, and it could potentially have an impact on the surrounding
environment.
o Resource interruption , a target is rendered ineffective by interrupting
access to a key resources or service. Ex: If DNS service is interrupted,
many remote systems become unreachable.
o Active interference is if a attacker knows destination IP address and ports
used by target machine and forge illegitimate packets that appear to come
from Dest IP address, attacker can shut down TCP connections by sending
TCP/RESET packet.
Social Engineering and Phishing
o It is the context of security, is understood to mean the art
of manipulating people into performing actions or divulging confidential
information.
21
Counter Measures against Software attacks
 Software in embedded systems is a major source of security
vulnerabilities.
 The requirements level: Security requirements must cover both overt
functional security (e.g., the use of applied cryptography) and emergent
characteristics.
 The design and architecture level: A system must be coherent and
present a unified security architecture that takes into account security principles
(such as the principle of least privilege)
 The code level: Static analysis tools — tools that scan source code for
common vulnerabilities — can discover implementation bugs at the code level.
22
From: Security as a New Dimension in embedded system Design By Paul Kocher, Ruby Lee, Gary McGraw, Anand Ragunathan and Srivaths Ravi
23
Firewalls
 Firewall is a device or software layer that filters out packet
based on a set of rules that define which packet can be
allowed through and which should be dropped.
 Firewalls operate beneath the operating system
networking stack. It is low enough in packet processing
sequence that drops decision can be made before assigning
the system resource and avoid SYN flood attacks.
 Firewall operates with chain of sequence of rules.
If the packet matches rules defined above it is accepted. Else it is
evaluated against the next rule.
24
Firewalls
 Five default chains
INPUT, OUTPUT, FORWARD, PREROUTING, POSTROUTING
25
Servers and Logs
 To make system more secure it is always a good habit to
maintain Logs of the system activity.
 List of logs Embedded system should probably maintain
o Failed Login attempts
o Web Server and database access logs
o Firewall logs
26
Hardware Attacks
 The design of secure hardware is often overlooked in the
product development life cycle, leaving many devices
vulnerable to hacker attacks.
 The critical components in your circuit needs to be protected
 Critical components may include specific algorithms, device
identifiers, digital media, cryptographic keys, complete
product firmware, or other product-specific data.
 Some the major hardware attacks are on
o
o
o
o
Emission and immunity
Board level
Memory Devices
Power supply
27
Memory
 Most memory is insecure
o Can be read with standard device programmer
 Difficult to securely and totally erase data from RAM and
non-volatile memory
o Remnants may exist and be retrievable from devices long after power is
removed
 SRAM-based FPGAs most vulnerable to attack
o Must load configuration from external memory
o Bit stream can be monitored to retrieve data
28
Memory counter measures
 Protect against I/O scan attacks
o Attacker cycles through all possible combinations of inputs to determine
outputs
o Use unused pins to detect probing
 Security fuses and boot-block protection
o Enabled for "write-once" access to a memory area or to prevent full read
back Implement if available
 Advanced memory management consists of using an
FPGA or other circuitry to perform hardware-based
bounds checking by monitoring the address bus or buses.
By doing so, one can restrict read/write access to defined
memory.
29
Power Supply
Using a low-dropout linear regulator or DC-DC converter
will help ensure that the circuitry in the product receives
power within its expected range, regardless of an improper
voltage supplied at the input. Such circuitry can obviously
be bypassed if the attacker has access to the board.
 In SPA (Simple Power Analysis),DPA(Differential Power
Analysis) an attacker directly observes a system's power
consumption, which varies based on the operation that the
microprocessor is performing.
 Using SPA and DPA attacker can easily guess
cryptographic keys.
30
Power attack Counter Measures
Define minimum and maximum operating limits
o Ex: Comparators, watchdogs, supervisory circuits
 Do not rely on end user to supply a voltage within
recommended operating conditions
o Implement linear regulator or DC-DC converter
31
Security
• Reasons: Information value and inexpensive to
duplicate, store and transfer
• Attacks: Malicious and misuse
Courtesy of Trusted Computing Group
Ning Weng
ECE 424
32
Outline




Introduction
Security Concepts and Building Blocks
Major Security Attacks
Conclusion
33
Conclusion
Hardware is now more accessible to hackers than ever
before. Both software and hardware security is important.
Simplest attacks known for decades still work
Use at least basic security .
New skills and techniques continually being
developed and shared.
Determine what to protect, why you are protecting it,
and who you are protecting against
Nothing is 100% secure, but being an engineer make the
best of it.
34