SECURITY IN EMBEDDED SYSTEMS

2011-12

Chapter 1 INTRODUCTION
An embedded system is a special-purpose computer system, which is completely encapsulated in the device it controls. It has specific requirements and performs pre-defined
tasks, unlike a general-purpose personal computer. PDAs, mobile phones, household

appliances, monitoring and control systems for industrial automation etc are examples embedded systems. Even though the technology of embedded systems is fast improving and devices are becoming more and more advanced very less attention is being given to its security. The reason mainly being the high sensitivity of costs, even a small rise in cost of production will make a big difference when building millions of units. Embedded systems often have significant energy constraints, and many are battery powered. Some embedded systems can get a fresh battery charge daily, but others must last months or years on a single battery. Protection of an embedded system is very intricate from that of a typical computer because of the working environments of the particular system. Building a secure embedded system also involves designing a robust application that can deal with internal failures; no level of security is useful if the system crashes and is rendered unusable. It is obvious that the higher the level of security the bigger the cost of the product. For this reason the manufacturer should carry out a risk analysis to determine what the cost of a successful attack against his product will be and what class of attacker he must protect the product from. Once he knows the possible loss he must identify the candidate security measures for completion and their cost.

Dept. Of CSE

-1-

KIT, Tiptur

SECURITY IN EMBEDDED SYSTEMS

2011-12

Chapter 2 COUNTER MEASURES TO AVOID ATTACKS

2.1 SOFTWARE METHODS Whenever a system has to communicate with another device the data passes through a number of untrusted intermediate points. Therefore the secure data must be scrambled in such a way that the data will be useless or unintelligible for anyone who is having unauthorized access to the secure data. This can be achieved with the help of cryptographic methods, Digital Signatures and Digital Certificates. 2.1.1 Data Encryption Encryption is the process of scrambling/encrypting any amount of data using a (secret) key so that only the recipient, who is having access to the key, will be able to decrypt the data. The algorithm used for the encryption can be any publicly available algorithm like DES, 3DES or AES or any algorithm proprietary to the device manufacturer. The Data Encryption Standard (DES) is a block cipher (a method for encrypting information) .It is based on a Symmetric-key algorithm that uses a 56-bit key. An algorithm that takes a fixed-length string of plain text bits and transforms it through a series of complicated operations into another cipher text bit string of the same length. In the case of DES, the block size is 64 bits. DES uses a key to customize the transformation, so that decryption can supposedly only be performed by those who know the particular key used to encrypt. The key ostensibly consists of 64 bits; however, only 56 of these are actually used by the algorithm. Eight bits are used solely for checking parity, and are thereafter discarded. Hence the effective key length is 56 bits. If publicly available algorithms are used, the security of the transferred data totally depends on the secrecy of the keys used for the encryption. 2.1.2 Public-key Key Agreement Algorithm Key agreement algorithms exchange some public information between two parties so they each can calculate a shared secret key. However, they do not exchange enough information that eavesdroppers on the conversation can calculate the same shared key. Key
Dept. Of CSE -2KIT, Tiptur

SECURITY IN EMBEDDED SYSTEMS

2011-12

agreement algorithm will have a private-key and an associated public-key. The private-key is generally a random number of hundreds or few thousands of bits and the public-keys are derived from the private-key using the one-way function specified by the key agreement algorithm.

Fig 1. Public key. The key generation algorithm Generate Key will be such that the generated keys at the device A and B will be the same, that is shared secret KA=KB=K(PA, PB, C). This protocol faces a deficiency. Nothing in this key agreement protocol prevents someone from impersonating.. So even though the transmissions of the public keys do not need to be encrypted, they should be signed for maximum safety.

2.1.3 Digital Signature As mentioned before, public-key cryptography is inefficient. In order to make publickey authentication practical, the digital signature was invented. A digital signature is simply a hash of the data to be sent encrypted using the public-key authentication method. Some digital signature algorithms DSA, Full Domain Hash, RSA-PSS, etc.

Fig 2 Digital signature algorithm For establishing shared secret using the key agreement algorithm, it is important for device to receive an authenticated public-key from the peer. For authenticated exchange of public-key, Digital Signature is used. By encrypting only the fixed-size message hash, we remove the
Dept. Of CSE -3KIT, Tiptur

SECURITY IN EMBEDDED SYSTEMS

2011-12

inefficiency of the public-key algorithm and we can efficiently authenticate any arbitrary amount of data. In digital signature, like the key agreement algorithm, a device uses a pair of keys, sign private-key and sign public-key. Only the device knows its sign private-key whereas the sign public-key is distributed to all the communicating devices. A device signs the message using a signatures algorithm with its sign private-key to generate a signature and any device that has got the access to the sign public-key of the signed device can verify the data with the signature using the signature verification algorithm. If any third party modifies the data or signature, the verification fails. 2.1.4 Digital Certificate Even while using the digital signature algorithm, the sign public-key from a peer device has to be obtained by an authenticated way to ensure the authenticity of a received message. For key agreement or digital signature the authenticated transfer of public-key n a large network is difficult or even not possible without a centralized trusted authority. This centralized authority is trusted by all the devices in the network. This authority is generally known as trusted Certificate Authority or CA. The Certificate Authority (CA) signs the publickeys of devices along with the device ID using the CAs private-key to generate the signature. Digital certificates are encoded using a language called ASN.1 (Abstract Syntax Notation). A digital certificate is provided by sending an application at the start of a secure communication. The receiving application parses the certificate, decrypts the digital signature, hashes the information, and compares it to the decrypted signature hash. If the hashes do not match, then the certificate has been corrupted in transit or is a counterfeit. If the hashes do match, it does a second check against a field in the data section.One popular certificate format is X.509.

Chapter 3
Dept. Of CSE -4KIT, Tiptur

SECURITY IN EMBEDDED SYSTEMS

2011-12

SECURITY NEEDS WITHIN THE DEVICE

Security is not all about encryption. It's also about policy, procedure, and implementation. Case in point, encryption based on a secret key is only as good as the policy that controls access to the key. Secure code alone does not make a secure system. Security must be considered at each phase of the process, from requirements to design to testing, and even support. Whether it is the private-key of any public-key algorithm or it is any previously negotiated shared secret between the devices, the security of data transferred depends in the secrecy of these keys. These secret keys and secret values stored in the device (some even for the lifetime of the device.) that requires protection from unauthorized exposure. Hardware and software security measures implemented in the device must defeat any attempts of unauthorized access to retrieve these secret keys. 3.1 Secure SoC, ROM, MMU and BOOTLOADER The Secure SoC (System-on-a-Chip) provides physical protection to secret keys by keeping the components like Secure ROM, which is handling the secret key, inside the Secure SoC. Ideally a secure SOC has the following properties 1. The Secure ROM cannot be physically accessed to retrieve the secret keys. 2. The buses inside the Secure SoC cannot be monitored to obtain protected data or keys. 3. The removal or replacement of any components in the Secure SoC should be impossible or should prevent the SoC from working. During execution of any operation the keys from the secure soc must be loaded onto the RAM and must be transferred via a bus connecting the two. The bus may me monitored to access the keys; this can be prevented by allocating buffers for secret keys. This prevents the protected keys being available to any bus outside the Secure SoC. In some cases it may happen that a malicious program may be running in the device which may get access to the secure SOC and ROM private keys. The Secure Bootloader in the Secure SoC ensures that the device boots up with the genuine OS or firmware with right process privileges. Secure Bootloader resides on a write protected ROM inside the Secure SoC, this ensures that the Secure Bootloader itself is never modified. In addition to the general boot initialization code, the Secure Bootloader contains a signature verification module of the firmware code and the code verification public-key to verify the firmware code. The firmware code is signed using the device manufacturers code verification private key.
Dept. Of CSE -5KIT, Tiptur

SECURITY IN EMBEDDED SYSTEMS

2011-12

The Secure Bootloader, on boot up checks the validity of the code by verifying the signature using the code verification public-key. The Memory Management Unit (MMU) configured by the OS permits the access to the buffers in the Internal RAM that involves secret key operations only to the secure processes with special OS privileges. Another method to store the secret keys is to store it inside a Secure ROM. The Secure ROM resides inside the Secure SoC in the device. The hardware controller of the Secure ROM will prevent the unauthorized physical access to the secret key stored in the Secure ROM.

Fig: Internal block diagram of secure SOC Even with key data stored only on the microcontroller, attackers can still discover secret information. For example, A sophisticated attacker could actually remove the plastic packaging from the microcontroller and use a microprobe to read the internal memory contents. A secure system, therefore, needs some way to impede this access, and even signal the microcontroller to erase its memory contents. One simple approach to this security challenge is to seal the entire "sensitive area" (i.e., microcontroller, clocks, memories) in a tamper-evident material, perhaps by filling an area of the PC board with plastic or covering it with a metal box. 3.2 Security at fabrication stages In fabrication and test stages, we also have many security holes. Foundry and test engineers can get various design information, which are useful for attack of the chips. Since design environment of SoC includes many tools and computers connected by a network, design data can be stolen through the tools and the network. Hence many innovative and new design and fabrication flow for SoC need to be formulated which are expensive. The economical solution is that most part of the system is implemented by ordinal flow and process and a core part for the security is designed and processed by the secure flow. The core, called a security core that can be implemented in many ways.
Dept. Of CSE -6KIT, Tiptur

SECURITY IN EMBEDDED SYSTEMS

2011-12

3.3 Impersonation prevention Counterfeit of the devices is another serious issue and It is important to establish a technology for protection and detection of counterfeit of the secure SoCs. Special functions and characteristics will be useful for distinction of counterfeit chips. We can implement devices with different characteristics (e.g. delay time, power consumption etc.). If the characteristics can be measured easily, we can use the characteristics as a fingerprint of the chip.

Fig:4 An Example of Detection of Counterfeit device 3.4 Battery-Powered Tamper Detection and Reaction A secure system requires sensors to detect an attack. Multiple battery powered tamper sensors are used in the device. The microcontroller does not need to be in an active state to react to a tamper event. It can detect fault-injection attacks with its on-chip temperature and voltage sensors. When the operating voltage or temperature passes outside the microcontroller's operation range, the device instantly erases its internal RAM. This action eliminates the possibility of a hacker recovering any key data. To prevent micro probing of the SRAM cells, the top layer of the silicon implements an ultra-fine mesh. If traces of that mesh are shorted, the device triggers a self-destruct and the key data is erased. The device must also be equipped with inputs that enable external circuits to trigger a self-destruct. This allows a system to implement multiple layers of security. The types of external circuits that can trigger a self-destruct are limitless. Some of the usual external sensors include: 1. Switches on an enclosure to detect entry. 2. Pressure sensors to detect that a pressurized seal has been broken.
Dept. Of CSE -7KIT, Tiptur

SECURITY IN EMBEDDED SYSTEMS

2011-12

3. Motion sensors for devices that should not be moved in their normal course of use.

Dept. Of CSE

-8-

KIT, Tiptur

SECURITY IN EMBEDDED SYSTEMS

2011-12

Chapter 4 PROPRIETARY TECHONOLOGIES FOR SECURE DATA TRANSFER

Proprietary security modules are implemented on very few similar devices for the secure data transfer between the compliant devices. A proprietary technology can be either a device specific or a standard specific. In the case of a device specific technology, the secure data transfer can happen only between the devices of same manufacturer. An e.g. can be Apples iPod music player. Apple can use their proprietary technology for secured transfer of files between their compliant devices or applications like iPod, iTunes and iTunes store. Since the devices are from a single manufacturer, keeping it secret. If the proprietary technology is specified by a standard body, it can be used to enforce additional security between the devices of different manufacturer. In this case the standard body will disclose the technology to the device manufacturer on an agreement, usually legal, to not to disclose the technology. Maintaining the secrecy of the technology becomes more and more difficult as the number of manufacturer to whom the technology is circulated increases.

Dept. Of CSE

-9-

KIT, Tiptur

SECURITY IN EMBEDDED SYSTEMS

2011-12

Chapter 5 CONCLUSIONS
Today, secure embedded system design remains a field in its infancy in terms of research and pervasive deployment. Although historically, various security issues have been investigated in the context of cryptography, network security and computer security, the challenges imposed by the process of securing emerging environments or networks of embedded systems compel us to take a fresh look at the problem. Mans quest for completely mobile computing even in hostile environments is by far coming to reality but somewhere his security is kept at stake. A sincere and dedicated effort need be shown at developing secure systems that help mankind grow and be in peace.

Dept. Of CSE

- 10 -

KIT, Tiptur

SECURITY IN EMBEDDED SYSTEMS

2011-12

Chapter 6 Bibliography
[1] Anoop MS Security needs in embedded systems Tata Elxsi Ltd. India anoopms@tataelxsi.co.in [2 ] Eric Uner A Framework for Considering Security in Embedded Systems [3] Hiroto Yasuura Security Technologies for SoCs System LSI Research Center Kyushu University Fukuoka, Japan yasuura@slrc.kyushu-u.ac.jp [4 ] Jess Lizarraga, Roberto Uribeetxeberria, Urko Zurutuza, Miguel Fernndez SECURITY IN EMBEDDED SYSTEMS Computer Science Department Mondragon University, Spain. [5]Lawrence Ricci (eMVP) Larry McGinnes (CPL) Applied Data Systems COACT White Paper Embedded System Security Designing Secure Systems with Windows CE [6]Wikipedia.com

Dept. Of CSE Tiptur

- 11 -

KIT,