Secure Embedded System Networking: An Advanced Security Perspective

Secure Embedded System Networking:

An Advanced Security Perspective

K.JYOSTNA

Assistant Professor,

Department of Electronics and Communication Engineering, VNR VJIET, Hyderabad, India

Dr. V. PADMAJA

Professor,

Department of Electronics and Communication Engineering, VNR VJIET, Hyderabad, India.

Abstract:

It is widely recognized that security is a concern in the design of a wide range of embedded systems. The promise of universal connectivity for embedded systems creates increased possibilities for malicious users to gain unauthorized access to sensitive information. This paper presents an overview of theneed for security in the design of embedded systems as they are potent, autonomous and highly connected. With the emerging growth of embedded systems ranging from low-end systems such as PDAs, networked sensors and smart cards, to high-end systems such as routers, gateways, firewalls, and web servers, security of embedded systems became a paramount issue. Attacks on these systems are getting more and more sophisticated. Hence, it is essential that these devices have good protection against attacks. In several scenarios, one can expect malicious entities preventing an embedded system from performing the functions it is supposed to, resulting in degradation of performance. Finding a design to enforce security in systems using various security mechanisms within the constraints posed by embedded system is a severe challenge. Embedded security can’t be solved at a single security abstraction layer, but rather is a system problem spanning multiple abstraction levels. After a brief introduction to security, we discuss possibilities of various threats to embedded systems, different levels of abstraction in providing security, various attacks that embedded systems face and the solution techniques that are employed to simultaneously prevent and counter the attacks.

Keywords: Embedded Systems, Cryptography, Security Design, Network, Attacks, and Abstraction levels

1. INTRODUCTION

An embedded system is a special-purpose computer system that is part of a larger system which is designed to perform a narrow range of functions with no, or minimal user intervention. These systems interact with the environment and often have to produce output within a given timeframe

.

Many embedded systems today communicate with other embedded systems and general-purpose computers using a network. Such systems can be called as networked embedded systems. Networked embedded systems connect the physical world with the computers, enabling new applications ranging from environmental monitoring, base stations for mobile telephony and wildlife tracking to improvements in health care and medicine.

Embedded Systems. This paper will survey the use of evolving trends and standards to meet the secure design objectives.

2

. Security Requirements of an Embedded System

The growing global interconnection and interdependency of embedded networks, in connection with increased sophistication of cyber attacks over time, demonstrate the need for a

better

understanding of the collective and cooperative security measures needed to prevent and respond to cyber security emergencies. Embedded network does have secure vulnerabilities. Parts of the network can be compromised. Compromised parts can make successful attacks. Security should be taken into account during the design phase .Proper security solutions should be found for Message authentication, Key management, Encryption. Access to the embedded networks should be restricted to a selected set of authorized users. Security functions implemented in an embedded system must be considered in both hardware and software, at all design abstraction levels, in communications between components, and in the manufacturing phase. Embedded system security requires a methodical documented approach of identifying the threat and mapping countermeasures and then verifying their effectiveness through a recognized process. Security will mean the embedded devices’ ability to contain sensitive information and to hold down its end of a secure communication.

Security defined in a system is to:

• Identify Threat

• Set Targets

• Assess Risks

• Devise Countermeasures (people, processes, measures and procedures)

• Assure Countermeasures Remain Effective

A security protocol is a sequence of steps, followed by two or more parties, such that certain security objectives are satisfied. A security objective is formulated to either counter the threats or to ensure that interactions between legitimate parties satisfy some requirements.

Following are the common security objectives which need to be satisfied by security protocols:

• Confidentiality - Information is not disclosed to unauthorized entities.

• Integrity - Any unauthorized manipulation of data can be detected.

• Authentication - An unauthorized entity should not be able to pose as a legitimate entity.

• Non-repudiation: An authorized entity should not be able to disown its legitimate.

• Availability - A system should be usable on demand by an authorized entity. 2.1 Challenges in Secured Embedded Systems

Fig 1.Basic requirements of an Embedded System [7]

The four primary abstraction layers in an embedded system: [2]

• Protocol level, which includes the design of protocols to be performed on embedded devices to attain such security goals as confidentiality, identification, data integrity, authentication, and no repudiation.

• Algorithmlevel, consisting of the design of cryptographic primitives (such as block ciphers and hash functions) and application-specific algorithms used at the protocol level.

• Architecture level, consisting of secure hardware/software partitioning and embedded software techniques to prevent software hacks. Also deals with the hardware design of the modules (the processors and coprocessors) required and specified at the architecture level and

• Resource level, which includes the implementation of energy efficient security protocols through a combination of new hardware and software optimization techniques.

Fig 2.Top Risk Factors for Security Evaluation [7]

3. Attacks on Embedded Systems and Counter measures

Potential attacks first must be identified which can come from both internal and external sources. They may be Software attacks, Physical attacks or Side channel attacks.

Fig 3.Types of Attacks

Attacks on Embedded S Software Attacks

Side – channel Attacks Physical Attacks Content Storage Tamper Resistance User Identification Access Basic Security Functions Secure Storage Id en tifica tio n Da ta I n teg rity Ap plication Sp ec if ic Cryp tog rap h ic Secu ri ty H/W D esi g n S/

W Design _Po

wer C o n sum pt io n Ad dres s Are a Co n fid entiality

Protocol Algorithm Architecture Resource

3.1 Software Attacks

Ensuring secure execution of software is a critical aspect of modern embedded systems. Software security can be compromised in a variety of ways, e.g., through the execution of programs that originate from untrusted or unknown sources, or through the corruption of binaries while they are being downloaded or stored on the embedded system. Software security attacks exploit weaknesses in “trusted” code (operating system (OS), middleware, applications) that is already present in the system. They can corrupt code and data in the system. These malware also have the ability to leak critical information out of the system. Ex: buffer overflow attacks.

3.2 Physical Attacks

Embedded systems are also susceptible to physical attacks that involve tampering with system properties such as voltage levels and memory contents. When the attacker has physical access to the embedded equipment, he can interfere with the communication between CPU and memory to launch attacks. These attacks can be by either insertion of the malicious logic into the circuit or by the malicious attack on the integrated circuit. Malicious logic can be inserted at different levels of abstraction in the supply chain architecture of the semiconductor IC. The malicious logic can lead to various unwanted scenarios like causing the system to output data to the wrong port or address (information leakage), monitoring and modifying the system’s output data (tampering).

Invasive physical attacks: These are physical attacks which consist of cutting open the chip packaging and examining its internals with micro-probing techniques to eavesdrop on communication between components to read secret information.

Non-invasive (Side Channel) attacks: These attacks monitor information leaked by the circuit during cryptographic computation in order to figure out the secret key. The information leaked includes timing information, power dissipation, and electromagnetic radiation. Here the attacker only needs to collect information during the normal operation of the target embedded device, and analyze this information in order to extract the secret key information. Side-channel attacks are quite dangerous because they do not cause any damage to the device, and thus the probability of escaping detection is very high, and second, they provide a tractable way of breaking algorithms with very high theoretical cryptanalytic strength. Commonly known side channel attacks are timing analysis, power analysis and electromagnetic analysis.

Fig 4.Physical Attack on external memory [1]

3.3 Countermeasures against software attacks

Defeating software attacks can be done through practice of good software and hardware-assisted mechanisms. Embedded designers must ensure privacy and integrity of sensitive code and data during every stage of software execution and must remove the security loopholes that make system more vulnerable to such attacks. A security problem is more likely to arise because of a problem in the standard part like application program interface to the server. This is the reason why security must be a part at the different levels of software development life cycle [5].

Design level: Security requirements must cover functional security characteristics and analyze cost and benefits of using the secure architectures.

Development level: The system must present a unified architecture that takes into account secure coding principles and scan the source code for common vulnerabilities, discover the implementation bugs.

Testing level: Standard functional testing techniques and risk based security testing must be employed. Every known application in the system should undergo a validation step before its execution.

Techniques that provide protection against software attacks include sandboxing, proof carrying code, program shepherding and formal verification techniques. These techniques prevent soft wares from performing unauthorized or illegal operations [5].

3.4 Countermeasures against physical attacks

An obvious way to counter physical attacks is to improve the packaging. The Federal Information Processing Standard (FIPS 140-2) provides four different levels of security requirements that can be satisfied by the system.

Fig 6.Levels of Security Requirements

3.5 Countermeasures against side channel attacks

A side channel is any observable side effect of computation that an attacker could measure and possibly influence. Several hardware and software approaches are proposed to prevent the leakage of side channel information like power dissipation, operation timing, behavior in the presence of induced faults and electromagnetic radiation. A wide range of design techniques have been proposed to counter side channel attacks. With the use of such techniques, the presence of side-channels can be minimized. However, it is very difficult to completely eliminate them. While some of the early side-channel attacks targeted hardware implementations, software implementations are equally, if not more, vulnerable. Data exposure can occur in software implementations through memory bus exposure, core dump files, and persistence of data in disk memory after swap, etc. This problem of data exposure exists even in secure software implementations. Recent studies have revealed the possibility of data exposure from software computations even after the computation is over. In some instances, even sensitive data, like passwords, were left in accessible system buffers. Software side-channels typically reveal data in bytes or (larger) words, making them especially attractive targets for attacks.

Minimal physical protection Tamper evident mechanisms

Strong detection and response

mechanisms Environmental

failure protection and

testing

Level 3

Level 2

4. Mechanisms for Embedded Security

Embedded devices must implement methods or protocol for secure data transfer and also should implement security methods to defeat attempts of unauthorized access of secure data from the device. The security needs for an embedded device thus can be classified into two:

• Security needs for data transfer and

• Security needs within the device

New security protocols and cryptographic algorithms specifically targeted at low-footprint embedded systems have been developed. Functional security mechanisms, such as security services, protocols, and their constituent cryptographic algorithms, suitably employ mathematical primitives in order to achieve the desired security objectives. However, functional security measures alone cannot ensure security, since most embedded systems present attackers with an abundance of opportunities to observe or interfere with their implementation, and hence to compromise their theoretical strength.

4.1 Secure Access Protocols

Security protocols are built using cryptographic algorithms to realize a combination of four security objectives confidentiality, integrity, authentication and non-repudiation, while availability is made possible through the use of access control security mechanisms The level of security provided is dependent upon many things such as the cryptographic methods used, the access to the transmitted data, algorithm key lengths, server and client implementations and most importantly, the human factor. Security protocols provide ways of ensuring secure communication channels to and from the embedded system. To achieve data security, cryptographic methods such as Encryption/Decryption, Key Agreement, Digital Signatures and Digital Certificates are being used.

4.2 Data Encryption

Encryption is the process of scrambling/encrypting any amount of data using a (secret) key so that only the recipient, who is having access to the key, will be able to descramble/decrypt the data. The algorithm used for the encryption can be any publicly available algorithm like DES, 3DES or AES or any algorithm proprietary to the device manufacturer. The key is known only between the communicating devices and will typically of length 100s of bits. If publicly available algorithms are used, the security of the transferred data totally depends on the secrecy of the keys used for the encryption. Sharing and maintaining the secret key between the communicating devices without any unauthorized entity getting access to the keys is important for foolproof secure data communication. These keys can be embedded in the device prior to the communication, exchanged offline in a secure manner or established online using any key agreement algorithm as explained in section Public key Key Agreement Algorithm. The storage of the secret keys within the device is also critical for ensuring the complete protection of data.

4.3 Public-key Key Agreement Algorithm

When there are 100’s of devices in a network, sharing and maintaining secret keys between all the devices for data encryption seems difficult, even unrealistic. This is where the Key Agreement Algorithm is used. Using Key Agreement algorithm, a shared secret can be established between communicating parties without the need for exchanging any secret keys or secret parameters online or offline.

4.4 Digital Signature

The device in a network may be communicating with the unknown or less familiar device located 100s of kilometers apart. The communication may also require routing through many intermediate points. During Key Agreement process, for establishing a secret key, any middlemen can substitute a devices key to its public-key and thus results in establishing a shared secret with the device. Therefore, for establishing shared secret using the key agreement algorithm, it is important for device to receive an authenticated public-key from the peer. For authenticated exchange of public-key, Digital Signature and Digital Certificates are used.

Digital signature is a public-key method to verify the authenticity of a received data from the peer. In digital signature, like the key agreement algorithm, a device uses a pair of keys, ‘sign private-key’ and ‘sign public-key’. Only the device knows its sign private-key whereas the sign public-key is distributed to all the communicating devices. A device signs the message using a signatures algorithm with its sign private-key to generate a signature and any device that has got the access to the sign public-key of the signed device can verify the data with the signature using the signature verification algorithm. If any third party modifies the data or signature, the verification fails. Since only the signed device knows its sign private-key, it will be impossible for any other device to forge the signature. Examples of Digital Signature algorithms are RSA, DSA or ECDSA.

4.5 Digital Certificate

Even while using the digital signature algorithm, the ‘sign public-key’ from a peer device has to be obtained by an authenticated way to ensure the authenticity of a received message. For key agreement or digital signature the authenticated transfer of public-key in a large network is difficult or even not possible without a centralized trusted authority. This centralized authority is trusted by all the devices in the network. This authority is generally known as trusted Certificate Authority or CA. The Certificate Authority (CA) signs the public-keys of devices along with the device ID using the CA’s private-key to generate the signature. These CA signed data of a device (public-key, IDs etc.) along with the signature arranged in a standard format is called as a certificate. The certificate is issued by CA to all devices taking part in the communication. Any device, having the CA’s public-key installed, can verify the authenticity of the received certificate and thus the public-key of the peer device. One popular certificate format is X.509.

5 Secure processing Architectures

The limited processing and memory capacity of embedded systems make it impossible for their architectures to keep up with the continuously growing complexity of security mechanisms and the increasing data rates offered by recent communication networks. This problem is much more noticed in systems that need to process very high data rates such as network routers or resource constrained embedded systems like PDA’s leading to “processing performance gap”.

The conventional security mechanisms tend to be conservative in their security guarantees. To minimize such performance gaps or high energy consumption several hybrid hardware-software approaches have been proposedto efficiently implement security functions. Security in architectural level maps the adopted algorithms and protocols within a software layer and hardware specializations.

5.1 Secure SoC

limited or pre-programmed by the hardware manufacturer, the Secure ROM can be programmed with a master key. This master key can be used to encrypt and store the device secret keys in the internal ROM.

5.2 Secure ROM

One method for storing the device secret keys securely in the persistent storage of a device is to encrypt the secret keys before storing. Thus even if anyone managed to get the data out of the persistent storage he/she will never be able to understand the secret keys. To encrypt any data generally two things are required, an encryption algorithm and a key for encryption. If any well-known algorithm like AES is used for encryption of the secret keys, then the strength of the encryption is only as strong as the secrecy of the key that used for the encryption. Thus the same problem faced for the storage of the secret keys is faced again for the storage of the key that is used for encrypting the secret keys. This problem is repeated unless an encryption algorithm is used that is known only to the device manufacturer. If the device proprietary algorithm is used for the encryption and storage of the secret keys, the security of the secret keys are only as strong as the secrecy of the algorithm. Since the code binary is stored in the clear text in the device memory and plenty of tools for reengineering the code like ‘objdump’ are available, the chance of exposing the secret keys is impossible. Another method to store the secret keys is to store it inside a Secure ROM. The Secure ROM resides inside the Secure SoC in the device. The hardware controller of the Secure ROM descrambles the data before retrieving it back from the ROM. This hardware support will prevent the unauthorized physical access to retrieve the secret key stored in the Secure ROM. The buffers that hold the secret keys or the intermediate values of cryptographic operations involving the secret keys are allocated in the Internal RAM of Secure SoC. Thus the secret keys are prevented from being available to any bus outside the secure Soc. In the case where the Secure ROM is limited or pre-programmed by the hardware manufacturer, the Secure ROM can be programmed with a device master key. The device master key is a key unique to each device hardware or Secure SoC that can be further used to encrypt and store the device secret keys in a less Secure ROM.

5.3 Internal RAM and Secure Processes

The buffers for secret keys or intermediate values of cryptographic operations involving secret keys are allocated in the Internal RAM of the Secure SoC to prevent the secret keys being available to any bus outside the Secure SoC. Let this memory area in the Internal RAM be called as Secure Memory Area. Not every process should access this memory area. Only the processes with special OS privilege, Secure Process, should be able to access the Secure Memory Area. This is analogous to process with administrative privilege or root privilege in an operating system.

The OS during boot up configures the memory management unit to permit access to Secure Memory Area by only the Secure Processes. It is also important that the MMU configuration code in the OS is not modified by an unauthorized user to get access to the secure memory area. This can be ensured by the use of Secure Bootloader and code signing as discussed in section Secure Boot-Loader and Code Signing.

5.4 Secure Boot-Loader and Code Signing

6. CONCLUSION

In this paper we analyzed the various ways in which the attacks can be performed on the embedded systems. Any security function implemented in an embedded system must be considered in both hardware and software, at all design abstraction levels, in communications between components, and in the manufacturing phase.Finding a way to enforce security in systems using the various security mechanisms within the constraints posed by embedded system is a severe challenge. This can be well tackled only if embedded system designers work closely with security engineers.We also presented some counter measures along with their limitations. We believe that a combination of advances in architectures and design methodologies would enable us to scale the next frontier of embedded system design, wherein, embedded systems will be “secure” to the extent required by the application and the environment. To achieve this, we should look beyond the basic security functions of an embedded system and provide defenses against broad classes of attacks — all without compromising performance, area, energy consumption, cost and usability.

REFERENCES

[1] Chunguang Bu, Xiang Wang, and Chi Zhang, Jizhong Liu Xiaodong Wang, Chuntang Qi,and Xiaoying Gao, Baosen Li, “Compiler/Hardware Assisted Application code and data security in Embedded Systems” , Digital Avionics Systems Conference, IEEE, 2009, pp. 7.E.2-1-7.E.2-8

[2] David D.Hwang, Patrick Schaumount, KrisTiri, Ingrid Verbauwhede, “Securing Embedded Systems”, IEEE Computer Society, 2006, pp. 40 – 49(13)

[3] Huaqiang Huang, Chen Hu, Jianhua He, “A Security Embedded System Base on TCM and FPGA”IEEE, 2009, pp. 605 – 609

[4] N. Potlapally, S. Ravi, A. Raghunathan, and G. Lakshminarayana, “Algorithm exploration for efficient public-key security processing on wireless handsets,” in Proc. Design, Automation, and Test in Europe (DATE) Designers Forum, pp. 42–46, Mar. 2002.

[5] Paul Kocher, Ruby Lee, Gary McGraw, Anand Raghunathan and Srivaths Ravi, “Security as a New Dimension in Embedded System Design”, ACM, 2004, pp. 753 – 760(10.1)

[6] Peter Gutmann, David Naccache, Charles C. Palmer, “Side Channel Attacks on Cryptographic Software” , IEEE Computer and Reliability Societies, IEEE,2009, pp. 72-75

[7] Shao Long Zhang, Ning Zhou, and Jia Xin Wu,“The Fuzzy Integrated Evaluation of Embedded System Security” IEEE Computer Society, 2008, pp. 157 – 162

[8] Sasikiran Burugapalli and Waleed K. Al-Assadi, “Secured Hardware Design – An Overview” IEEE, 2008

[9] Saravanan Sinnadurai”Secure Embedded Systems” J. Viega and G. McGraw, Building Secure Software (http://www.buildingsecuresoftware.com). Addison-Wesley, 2001.

[10] S. Ravi, A. Raghunathan, and S. Chakradhar, “Tamper Resistance Mechanisms for Secure Embedded Systems,” in Proc. Int. Conf. VLSI Design, Jan. 2004.