Professional Documents
Culture Documents
2011-12
Chapter 1 INTRODUCTION
An embedded system is a special-purpose computer system, which is completely encapsulated in the device it controls. It has specific requirements and performs pre-defined
tasks, unlike a general-purpose personal computer. PDAs, mobile phones, household
appliances, monitoring and control systems for industrial automation etc are examples embedded systems. Even though the technology of embedded systems is fast improving and devices are becoming more and more advanced very less attention is being given to its security. The reason mainly being the high sensitivity of costs, even a small rise in cost of production will make a big difference when building millions of units. Embedded systems often have significant energy constraints, and many are battery powered. Some embedded systems can get a fresh battery charge daily, but others must last months or years on a single battery. Protection of an embedded system is very intricate from that of a typical computer because of the working environments of the particular system. Building a secure embedded system also involves designing a robust application that can deal with internal failures; no level of security is useful if the system crashes and is rendered unusable. It is obvious that the higher the level of security the bigger the cost of the product. For this reason the manufacturer should carry out a risk analysis to determine what the cost of a successful attack against his product will be and what class of attacker he must protect the product from. Once he knows the possible loss he must identify the candidate security measures for completion and their cost.
Dept. Of CSE
-1-
KIT, Tiptur
2011-12
2011-12
agreement algorithm will have a private-key and an associated public-key. The private-key is generally a random number of hundreds or few thousands of bits and the public-keys are derived from the private-key using the one-way function specified by the key agreement algorithm.
Fig 1. Public key. The key generation algorithm Generate Key will be such that the generated keys at the device A and B will be the same, that is shared secret KA=KB=K(PA, PB, C). This protocol faces a deficiency. Nothing in this key agreement protocol prevents someone from impersonating.. So even though the transmissions of the public keys do not need to be encrypted, they should be signed for maximum safety.
2.1.3 Digital Signature As mentioned before, public-key cryptography is inefficient. In order to make publickey authentication practical, the digital signature was invented. A digital signature is simply a hash of the data to be sent encrypted using the public-key authentication method. Some digital signature algorithms DSA, Full Domain Hash, RSA-PSS, etc.
Fig 2 Digital signature algorithm For establishing shared secret using the key agreement algorithm, it is important for device to receive an authenticated public-key from the peer. For authenticated exchange of public-key, Digital Signature is used. By encrypting only the fixed-size message hash, we remove the
Dept. Of CSE -3KIT, Tiptur
2011-12
inefficiency of the public-key algorithm and we can efficiently authenticate any arbitrary amount of data. In digital signature, like the key agreement algorithm, a device uses a pair of keys, sign private-key and sign public-key. Only the device knows its sign private-key whereas the sign public-key is distributed to all the communicating devices. A device signs the message using a signatures algorithm with its sign private-key to generate a signature and any device that has got the access to the sign public-key of the signed device can verify the data with the signature using the signature verification algorithm. If any third party modifies the data or signature, the verification fails. 2.1.4 Digital Certificate Even while using the digital signature algorithm, the sign public-key from a peer device has to be obtained by an authenticated way to ensure the authenticity of a received message. For key agreement or digital signature the authenticated transfer of public-key n a large network is difficult or even not possible without a centralized trusted authority. This centralized authority is trusted by all the devices in the network. This authority is generally known as trusted Certificate Authority or CA. The Certificate Authority (CA) signs the publickeys of devices along with the device ID using the CAs private-key to generate the signature. Digital certificates are encoded using a language called ASN.1 (Abstract Syntax Notation). A digital certificate is provided by sending an application at the start of a secure communication. The receiving application parses the certificate, decrypts the digital signature, hashes the information, and compares it to the decrypted signature hash. If the hashes do not match, then the certificate has been corrupted in transit or is a counterfeit. If the hashes do match, it does a second check against a field in the data section.One popular certificate format is X.509.
Chapter 3
Dept. Of CSE -4KIT, Tiptur
2011-12
2011-12
The Secure Bootloader, on boot up checks the validity of the code by verifying the signature using the code verification public-key. The Memory Management Unit (MMU) configured by the OS permits the access to the buffers in the Internal RAM that involves secret key operations only to the secure processes with special OS privileges. Another method to store the secret keys is to store it inside a Secure ROM. The Secure ROM resides inside the Secure SoC in the device. The hardware controller of the Secure ROM will prevent the unauthorized physical access to the secret key stored in the Secure ROM.
Fig: Internal block diagram of secure SOC Even with key data stored only on the microcontroller, attackers can still discover secret information. For example, A sophisticated attacker could actually remove the plastic packaging from the microcontroller and use a microprobe to read the internal memory contents. A secure system, therefore, needs some way to impede this access, and even signal the microcontroller to erase its memory contents. One simple approach to this security challenge is to seal the entire "sensitive area" (i.e., microcontroller, clocks, memories) in a tamper-evident material, perhaps by filling an area of the PC board with plastic or covering it with a metal box. 3.2 Security at fabrication stages In fabrication and test stages, we also have many security holes. Foundry and test engineers can get various design information, which are useful for attack of the chips. Since design environment of SoC includes many tools and computers connected by a network, design data can be stolen through the tools and the network. Hence many innovative and new design and fabrication flow for SoC need to be formulated which are expensive. The economical solution is that most part of the system is implemented by ordinal flow and process and a core part for the security is designed and processed by the secure flow. The core, called a security core that can be implemented in many ways.
Dept. Of CSE -6KIT, Tiptur
2011-12
3.3 Impersonation prevention Counterfeit of the devices is another serious issue and It is important to establish a technology for protection and detection of counterfeit of the secure SoCs. Special functions and characteristics will be useful for distinction of counterfeit chips. We can implement devices with different characteristics (e.g. delay time, power consumption etc.). If the characteristics can be measured easily, we can use the characteristics as a fingerprint of the chip.
Fig:4 An Example of Detection of Counterfeit device 3.4 Battery-Powered Tamper Detection and Reaction A secure system requires sensors to detect an attack. Multiple battery powered tamper sensors are used in the device. The microcontroller does not need to be in an active state to react to a tamper event. It can detect fault-injection attacks with its on-chip temperature and voltage sensors. When the operating voltage or temperature passes outside the microcontroller's operation range, the device instantly erases its internal RAM. This action eliminates the possibility of a hacker recovering any key data. To prevent micro probing of the SRAM cells, the top layer of the silicon implements an ultra-fine mesh. If traces of that mesh are shorted, the device triggers a self-destruct and the key data is erased. The device must also be equipped with inputs that enable external circuits to trigger a self-destruct. This allows a system to implement multiple layers of security. The types of external circuits that can trigger a self-destruct are limitless. Some of the usual external sensors include: 1. Switches on an enclosure to detect entry. 2. Pressure sensors to detect that a pressurized seal has been broken.
Dept. Of CSE -7KIT, Tiptur
2011-12
3. Motion sensors for devices that should not be moved in their normal course of use.
Dept. Of CSE
-8-
KIT, Tiptur
2011-12
Dept. Of CSE
-9-
KIT, Tiptur
2011-12
Chapter 5 CONCLUSIONS
Today, secure embedded system design remains a field in its infancy in terms of research and pervasive deployment. Although historically, various security issues have been investigated in the context of cryptography, network security and computer security, the challenges imposed by the process of securing emerging environments or networks of embedded systems compel us to take a fresh look at the problem. Mans quest for completely mobile computing even in hostile environments is by far coming to reality but somewhere his security is kept at stake. A sincere and dedicated effort need be shown at developing secure systems that help mankind grow and be in peace.
Dept. Of CSE
- 10 -
KIT, Tiptur
2011-12
Chapter 6 Bibliography
[1] Anoop MS Security needs in embedded systems Tata Elxsi Ltd. India anoopms@tataelxsi.co.in [2 ] Eric Uner A Framework for Considering Security in Embedded Systems [3] Hiroto Yasuura Security Technologies for SoCs System LSI Research Center Kyushu University Fukuoka, Japan yasuura@slrc.kyushu-u.ac.jp [4 ] Jess Lizarraga, Roberto Uribeetxeberria, Urko Zurutuza, Miguel Fernndez SECURITY IN EMBEDDED SYSTEMS Computer Science Department Mondragon University, Spain. [5]Lawrence Ricci (eMVP) Larry McGinnes (CPL) Applied Data Systems COACT White Paper Embedded System Security Designing Secure Systems with Windows CE [6]Wikipedia.com
- 11 -
KIT,