grand embedded security us04

8/19/2019 Grand Embedded Security US04

1/63

Introduction to Embedded Security

Joe Grand

Grand Idea Studio, [email protected]

Black Hat USA 2004 Briefin!

"edne!day, July 2#, $%4&'m ( )%00'm


2/63

2 © 2004 Grand Idea Studio,Inc.

Aenda

Goals

Security in the Product Lifecycle

Attack and Threat Classifications

Practical esi!n Solutions


3/63

" © 2004 Grand Idea Studio,Inc.

Goal!

Learn the conce#ts of desi!nin! secure hard$are

%eco&e fa&iliar $ith ty#es of attacks andattackers

'nderstand and acce#t that #ro#erly ile&entedsecurity is e(tre&ely difficult

)ducation *y de&onstration


4/63


*i!k A!!e!!ment

+othin! is eer -00 secure / Gien enou!h ti&e, resources, and &otiation, an

attacker can *reak any syste&

Secure your #roduct a!ainst a s#ecific threat / hat needs to *e #rotected

/ hy it is *ein! #rotected

/ ho you are #rotectin! a!ainst 1define the ene&y


5/63


*i!k A!!e!!ment 2


6/63

© 2004 Grand Idea Studio,Inc.

Security in t+e roduct

-eelo'ment /ifecycle )sta*lish a sound security #olicy as the

5foundation5 for desi!n

Treat security as an inte!ral #art of syste& desi!n 6educe risk to an acce#ta*le leel

/ )li&ination of all risk is not cost7effectie

8ini&i9e the syste& ele&ents to *e trusted / 5Put all your e!!s in one *asket5


7/63

: © 2004 Grand Idea Studio,Inc.

Strie for silicity / The &ore cole( the security, the &ore likely it is

to contain e(#loita*le fla$s Ile&ent layered security

o not ile&ent unnecessary security&echanis&s / )ach &echanis& should su##ort a defined !oal

Security in t+e roduct

-eelo'ment /ifecycle 2


8/63

; © 2004 Grand Idea Studio,Inc.

Attack y'e!

Insider Attack / Si!nificant #ercenta!e of *reaches

/ 6un7on fraud, dis!runtled eloyees

Lunchti&e Attack / Take #lace durin! a s&all $indo$ of o##ortunity


9/63

= © 2004 Grand Idea Studio,Inc.

Attacker 1la!!ification

Class I> Cleer ?utsiders / Intelli!ent, *ut hae li&ited kno$led!e of the syste&

/ ?ften try to take adanta!e of an e(istin! $eakness

Class II> @no$led!ea*le Insiders / Su*stantial s#eciali9ed technical e(#erience

/ i!hly so#histicated tools and instru&ents

Class III>


10/63

-0 © 2004 Grand Idea Studio,Inc.

Attacker 1la!!ification 2

+oBarieseses6elease

infoD

eses+o+o?r!ani9edD

'nkno$n


11/63

-- © 2004 Grand Idea Studio,Inc.

Attack -ifficulty

escri#tion+a&eLeel

8aor ti&e and effort reJuired. 6esources

aaila*le to fe$ facilities in the $orld.

In La*oratory

i!hly s#eciali9ed tools and e(#ertise asfound in acade&ia or !oern&ent.

S#ecial Tools3

)n!ineers usin! dedicated tools aaila*le

to &ost #eo#le.

'nusual Tools4

Technically coetent. Tools aaila*le at

retail couterEelectronic stores.

Co&&on Tools"

8ini&al skills. 'niersally aaila*le tools.Intent2

+o tools or skills needed. Can ha##en *y

accident.

+one-


12/63


roduct Acce!!ibility

Purchase / Attacker o$ns or *uys the #roduct

)aluation

/ Attacker rents or *orro$s the #roduct Actie

/ Product is in actie o#eration, not o$ned *y attacker

6e&ote Access / +o #hysical access to #roduct, attacks launchedre&otely


13/63

-" © 2004 Grand Idea Studio,Inc.

+reat ector!

Interce#tion 1or )aesdro##in! / Gain access to #rotected infor&ation $ithout

o#enin! the #roduct

Interru#tion 1or


14/63


Attack Goal!

Coetition 1or Clonin! / S#ecific IP theft to !ain &arket#lace adanta!e

Theft7of7Serice

/ ?*tainin! serice for free that nor&ally reJuires 'ser Authentication 1or S#oofin!

/


15/63


ractical -e!in Solution!

)nclosure

Circuit %oard


16/63

- © 2004 Grand Idea Studio,Inc.

roduct Enclo!ure

Should #reent easy access to #roduct internals


17/63

-: © 2004 Grand Idea Studio,Inc.

roduct Enclo!ure 2

)(ternal Interfaces

Taer 8echanis&s

)&issions and I&&unity


18/63

-; © 2004 Grand Idea Studio,Inc.

E3ternal Interface!

'sually a #roductKs lifeline to the outside $orld / 8anufacturin! tests, field #ro!ra&&in!, #eri#heral

connections

/ )(.>


19/63

-= © 2004 Grand Idea Studio,Inc.

E3ternal Interface! 2

o not sily o*fuscate interface / ill easily *e discoered and e(#loited *y an attacker

/ )(.> Pro#rietary connector ty#es, hidden access doors orholes

6e&oe TAG and dia!nostic functionality ino#erational &odes / %lo$n fuses or cut traces can *e re#aired *y an attacker

Protect a!ainst &alfor&ed, *ad #ackets / Intentionally sent *y attacker to cause fault


20/63


E3ternal Interface! )

?nly #u*licly kno$n infor&ation should *e #assed )ncry#t secret or critical coonents

/ If they &ust *e sent at all...

/ )(.> Pal& ?S syste& #ass$ord decodin! M-N ireless interfaces also at risk

/ )(.> ;02.--*, %luetooth


21/63

2- © 2004 Grand Idea Studio,Inc.

am'er ec+ani!m!

Pri&ary facet of #hysical security for e&*eddedsyste&s

Attets to #reent unauthori9ed #hysical or

electronic action a!ainst the #roduct / 6esistance

/ )idence

/ etection

/ 6es#onse


22/63


am'er ec+ani!m! 2

8ost effectiely used in layers Possi*ly *y#assed $ith kno$led!e of &ethod

Costs of a successful attack should out$ei!h

#otential re$ards Physical Security Devices for Computer

Subsystems M2N #roides corehensie attacksand counter&easures / )(.> Pro*in!, &achinin!, electrical attacks, #hysical

*arriers, taer eident solutions, sensors, res#onsetechnolo!ies


23/63

2" © 2004 Grand Idea Studio,Inc.

am'er *e!i!tance

S#eciali9ed &aterials to &ake taerin! &oredifficult / )(.> ardened steel enclosures, locks, ti!ht airflo$

channels

?ften taer eident / Physical chan!es can *e isually o*sered


24/63


am'er *e!i!tance 2

Security *itsEone7$ay scre$s / Can still *e *y#assed, *ut raises difficulty oer standard

scre$ or Tor(

)nca#sulation / Coer circuit *oard or critical coonents $ith e#o(y or

urethane coatin!

/ Preents &oisture, dust, corrosion, #ro*in!

/ ifficult, *ut not iossi*le, to re&oe $ith solents orre&el tool 1and $ooden ske$er as a 5*it5


25/63


am'er *e!i!tance )

SealedE&olded housin! / 'ltrasonic $eldin! or hi!h7teerature !lue

/ If done #ro#erly, $ill reJuire destruction of deice too#en it

/ Consider serice issues 1if a le!iti&ate user can o#endeice, so can attacker


26/63


am'er Eidence

)nsure that there is isi*le eidence left *ehind *ytaerin!

8aor deterrent for &ini&al risk takers

?nly successful if a #rocess is in #lace to check fordefor&ity / If attacker #urchases #roduct, taer eident

&echanis&s $ill not sto# attack


27/63

2: © 2004 Grand Idea Studio,Inc.

am'er Eidence 2

S#ecial enclosure finishes / %rittle #acka!es, cra9ed alu&inu&, *leedin! #aint

Passie detectors

/ 8ost co&&on> seals, ta#es, !lues Vulnerability of Security Seals M"N e(#lains that

&ost can *e *y#assed $ith ordinary tools / All =4 seals tested $ere defeated

/ )(.> Adhesie ta#e, #lastic, $ire loo#, &etal ca*le, &etalri**on, #assie fi*er o#tic


28/63

2; © 2004 Grand Idea Studio,Inc.

am'er -etection

)na*le the hard$are deice to *e a$are oftaerin!

S$itches

/ etect the o#enin! of a deice, *reach of security*oundary, or &oe&ent of a coonent

/ )(.> 8icros$itches, &a!netic s$itches, &ercurys$itches, #ressure contacts


29/63

2= © 2004 Grand Idea Studio,Inc.

am'er -etection 2

Sensors / etect an eniron&ental chan!e, !litch attacks a!ainst

si!nal lines, or #ro*in! ia O7rayEion *ea&

/ )(.> Teerature, radiation, olta!e, #o$er su##ly


30/63

"0 © 2004 Grand Idea Studio,Inc.

am'er -etection )

Circuitry / S#ecial &aterial $ra##ed around critical circuitry to

create a security #eri&eter

/ etect a #uncture, *reak, or atteted &odification ofthe $ra##er

/ )(.>


31/63

"- © 2004 Grand Idea Studio,Inc.

am'er *e!'on!e

Counter&easures taken u#on the detection oftaerin! / orks hand7in7hand $ith taer detection

&echanis&s

)rase critical #ortions of &e&ory 159eroi9e5 orre&oe #o$er / Contents not necessarily coletely erased

/ Bolatile &e&ory 1S6A8 and 6A8 retains so&edata $hen #o$er is re&oed M4N


32/63


am'er *e!'on!e 2

Shut do$n or disa*le deice / )(tre&e solution> Physical destruction usin! s&all,

sha#ed e(#losie char!e

Lo!!in! &echanis&s / Proide audit infor&ation for hel# $ith forensicanalysis after an attack

Accidental tri!!ers are unlikely

/ 'ser &ay still need to understand eniron&ental ando#erational conditions


33/63

"" © 2004 Grand Idea Studio,Inc.

Emi!!ion! and Immunity

All deices !enerate )8I 1e&issions Can *e &onitored and used *y attacker to

deter&ine secret infor&ation

/ )(.> ata on a couter &onitor M3N, cry#to!ra#hickey fro& a s&artcard MN

eices &ay also *e susce#ti*le to 6< or )S1i&&unity / Intentionally inected to cause failure


34/63


Emi!!ion! and Immunity 2

Aside fro& security, )8I e&issionsEi&&unityconditions #art of &any s#ecifications / )(.>


35/63


1ircuit Board

Physical Access to Coonents PC% esi!n and 6outin!

8e&ory eices

Po$er Su##ly Clock and Ti&in!

IE? Port Pro#erties

Cry#to!ra#hic Processors and Al!orith&s


36/63

" © 2004 Grand Idea Studio,Inc.

+y!ical Acce!! to 1om'onent!

Giin! an attacker easy access to coonentsaids in reerse en!ineerin! of the #roduct

8ake sensitie coonents difficult to access

/ )(.> 8icro#rocessor, 6?8, 6A8, or #ro!ra&&a*lelo!ic

6e&oe identifiers and &arkin!s fro& ICs / @no$n as 5e7&arkin!5 or 5%lack to##in!5

/ 'se stainless steel *rush, s&all sander, &icro7*ead*last, laser etcher, or third #arty

/ IC 8aster, ata Sheet Locator, and Part8iner allo$sanyone to easily find data sheets of coonents


37/63

": © 2004 Grand Idea Studio,Inc.

+y!ical Acce!! to 1om'onent! 2

'se adanced #acka!in! ty#es / ifficult to #ro*e usin! standard tools

/ )(.> %GA, Chi#7on7%oard 1C?%, Chi#7in7%oard 1CI%

)#o(y enca#sulation on critical areas / Preent #ro*in! and easy re&oal

/ )nsure desired security !oal is achieed


38/63

"; © 2004 Grand Idea Studio,Inc.

1B -e!in and *outin

6e&oe unnecessary test #oints / 'se filled #ad as o##osed to throu!h7hole, if necessary

?*fuscate trace #aths to #reent easy reerse

en!ineerin! / ide critical traces on inner *oard layers

'se *uried ias $heneer #ossi*le / Connects *et$een t$o or &ore inner layers *ut no

outer layer / Cannot *e seen fro& either side of the *oard


39/63

"= © 2004 Grand Idea Studio,Inc.

1B -e!in and *outin 2

@ee# traces as short as #ossi*le Pro#erly desi!ned #o$er and !round #lanes

/ 6educes )8I and noise issues

@ee# noisy #o$er su##ly lines fro& sensitie di!italand analo! lines

ifferential lines ali!ned #arallel / )en if located on se#arate layers


40/63


Bu! rotection

Address, data, and control *us lines can easily*e #ro*ed / )(.> Ta# *oard used to interce#t data transfer oer

O*o(Ks y#erTrans#ort *us M:N

/ %e a$are of data *ein! transferred across e(#osedandEor accessi*le *uses


41/63


emory -eice!

8ost &e&ory is notoriously insecure / Serial ))P6?8s can *e read in7circuit M;N

/ 6A8 deices retain contents after #o$er is re&oed,can also 5*urn in5 M4N

Security fuses and *oot7*lock #rotection / Ile&ent if aaila*le

/ Can *e *y#assed $ith die analysis attacks M=N usin!

PIC-C;4 attack in $hich security *it is re&oed

*y increasin! BCC durin! re#eated $rite accesses


42/63


rorammable /oic

In &any cases, IP $ithin PL or


43/63


rorammable /oic 2

Protect a!ainst IE? scan attacks / 'sed *y attacker to cycle throu!h all #ossi*le

co&*inations of in#uts to deter&ine out#uts

/ 'se unused #ins on deice to detect #ro*in!o Set to in#ut. If leel chan!e is detected, #erfor& a

counter&easure or res#onse.

Add di!ital 5$ater&arks5 /


44/63


o5er Su''ly

efine &ini&u& and &a(i&u& o#eratin! li&its / )(.> Coarators, $atchdo!s, su#erisory circuits

o not rely on end user to su##ly a olta!e $ithin

reco&&ended o#eratin! conditions / Ile&ent linear re!ulator or C7C conerter

Coart&entali9e noisy circuitry / )asier to reduce oerall )8I

/ 'se #ro#er filterin!

/ Po$er su##ly circuitry as #hysically close as #ossi*leto #o$er in#ut


45/63


o5er Su''ly 2

Sile Po$er Analysis 1SPA / Attacker directly o*seres #o$er consution

/ Baries *ased on &icro#rocessor o#eration

/ )asy to identify intensie functions 1cry#to!ra#hic

ifferential Po$er Analysis 1PA / Adanced &athe&atical &ethods to deter&ine secret

infor&ation on a deice

Power Analysis Attack Countermeasures andTheir Weaknesses M-0N #ro#oses solutions / )(.> +oise !enerator, actieE#assie filterin!, detacha*le

#o$er su##lies, ti&e rando&i9ation


46/63


1lock and imin

Attacks rely on chan!in! or &easurin! ti&in!characteristics of the syste&

Actie ti&in! attacks /

Inasie attack> ary clock to induce failure orunintended o#eration

/ 8onitor clock si!nals to detect ariations

/ Ile&ent PLL to reduce clock delay and ske$

Passie ti&in! attacks / +on7inasie &easure&ents of coutation ti&e

/ ifferent tasks take different a&ounts of ti&e


47/63


I67 ort ro'ertie!

'nused IE? #ins should *e disa*led or set to fi(edstate / 'se to detect #ro*in! of PL or @ey#ads, *uttons, s$itches, dis#lay


48/63


Stren!th of cry#to!ra#hy relies on secrecy of key,not the al!orith&

It is not safe to assu&e that lar!e key si9e $ill!uarantee security

If al!orith& ile&ented iro#erly, can *e*roken or *y#assed *y attacker

/ ithout a secure foundation, een the *estcry#tosyste& can fail

/ Test ile&entations in la*oratory firstQ

1ry'tora'+ic roce!!or! andAlorit+m!


49/63


o +?T roll7your7o$n cry#to / Possi*ly the &ost co&&on #ro*le& in en!ineerin!

/ )asily *roken, no &atter $hat you &ay think

/ 'sually ust 5security throu!h o*scurity5

/ )(.> Pal& ?S syste& #ass$ord decodin! M-N, 'S%authentication tokens M;N, i%uttonictionary Attack ulnera*ility M--N

1ry'tora'+ic roce!!or! andAlorit+m! 2


50/63


If #ossi*le, &oe cry#to!ra#hic #rocesses out offir&$are and into I%8 4:3;, PCI7O, Phili#s B8S:4:

1ry'tora'+ic roce!!or! andAlorit+m! )


51/63


8irm5are

Pro!ra&&in! Practices Storin! Secret Coonents

6un7Ti&e ia!nostics and


52/63


rorammin ractice!

Poor #ro!ra&&in!, fla$s, and *u!s can lead tosecurity coro&ises / )(.> %uffer oerflo$s

/ 6ead Secure Coding Principles and Practices M-2N

6e&oe unnecessary functionality and de*u!routines / )(.> Pal& %ackdoor e*u! &ode M-"N


53/63


rorammin ractice! 2

6e&oe de*u! sy&*ols and ta*les / As easy as a check*o( or co&&and7line s$itch

'se coiler o#ti&i9ations /

Possi*ly o*fuscate easily identifia*le code se!&ents / Increase code efficiency


54/63


Storin Secret 1om'onent!

ifficult to securely and totally erase data fro&6A8 and non7olatile &e&ory M4N / 6e&nants &ay e(ist and *e retriea*le fro& deices

lon! after #o$er is re&oed or &e&ory areas

re$ritten

Li&it the a&ount of ti&e that critical data isstored in the sa&e re!ion of &e&ory /

Can lead to 5*urn in5 / Periodically fli# the stored *its


55/63


8ake sure deice is fully o#erational at all ti&es / Periodic syste& checks

/ )(.> Internal $atchdo!, checksu&s of &e&ory

/


56/63


8ield rorammability

Is your fir&$are accessi*le to eeryone fro& youre* siteD / Attacker can easily disasse&*le and analy9e

Code si!nin! 1SA or hashes 1SA7-, 83 / 6educe #ossi*ility of loadin! unauthori9ed code

/ ill erify that fir&$are i&a!e has not *een taered$ith

)ncry#t fir&$are i&a!es / Coression routines are not encry#tion

/ Challen!e is in #rotectin! the #riate key


57/63


5Security throu!h o*scurity5 does +?T $ork / 8ay #roide a false sense of security

/ ill teorarily discoura!e Class I attackers

)ncode fi(ed data Scra&*le address lines throu!h e(tra lo!ic

6e#lace li*rary functions $ith custo& routines

rite lousy code

Add s#urious and &eanin!less data 15si!naldecoys5

7bfu!cation


58/63


1onclu!ion!

eter&ine $hat to #rotect, $hy you are #rotectin!it, and $ho you are #rotectin! a!ainst / +o one solution fits all

%est defense is to &ake the cost of *reakin! thesyste& !reater than the alue of your infor&ation

o not release #roduct $ith a #lan to ile&entsecurity later / It usually neer ha##ens...


59/63


1onclu!ion! 2

Think as an attacker $ould %e a$are of latest attack &ethodolo!ies trends

As desi!n is in #ro!ress, allocate ti&e to analy9e

and *reak #roduct Learn fro& &istakes

/ Study history and #reious attacks

+othin! is eer -00 secure


60/63


*eference!

-. . Grand 1@in!#in, Pal& ?S Pass$ord 6etrieal and ecodin!,U Se#te&*er 2000, www.grandideastudio.com/files/security/mobile/ palm_password_decoding_advisory.txt

2. S.. ein!art, 5Physical Security eices for Couter Su*syste&s> A Surey of Attacks and efenses,KK Workshop on Cryptographic !ardware and "mbeddedSystems, 2000.

". 6.G. ohnston and A.6.). Garcia, 5Bulnera*ility Assess&ent of Security Seals5,#ournal of Security Administration, -==:, www.securitymanagement.com/library/lanl_00418!".pdf

4. P. Gut&ann, 5Secure eletion fro& 8a!netic and Solid7State 8e&ory eices,5 Si$th%S"&'( Security Symposium, -==, www.usenix.org/publications/library/proceedings/sec!"/full_papers/gutmann/index.#tml


61/63

- © 2004 Grand Idea Studio,Inc.

*eference! 2

-. . an )ck, )lectronic 6adiation fro& Bideo is#lay 'nits> An )aesdro##in! 6iskDUComputers and Security , -=;3, www.jya.com/emr.pdf

2. .6. 6ao and P. 6ohat!i, 5)8Po$erin! Side7Channel Attacks,5 I%8 6esearchCenter, www.researc#.ibm.com/intsec/emf$paper.ps

". A. uan!, 5ackin! the O*o(> An Introduction to 6eerse )n!ineerin!,5 +o StarchPress, 200".

4. . Grand 1@in!#in, 5Attacks on and Counter&easures for 'S% ard$are Tokeneices,KK Proceedings of the )ifth &ordic Workshop on Secure 'T Systems, 2000, www.grandideastudio.com/files/security/to%ens/usb_#ardware_to%en.pdf

3. ?. @V&&erlin! and 8. @uhn, 5esi!n Princi#les for Taer76esistant S&artcard

Processors,5 %S"&'( Workshop on Smartcard Technology , -===, www.cl.cam.ac.u%/&mg%'(/sc!!$tamper.pdf


62/63


*eference! )

-. T.S. 8esser!es, 5Po$er Analysis Attack Counter&easures and Their eaknesses,5Communications* "lectromagnetics* Propagation* + Signal Processing Workshop,2000, www.iccip.csl.uiuc.edu/conf/ceps/'000/messerges.pdf

2. . Grand 1@in!#in, 5S-==- 8ulti@ey i%utton ictionary Attack Bulnera*ility,5anuary 200-, www.grandideastudio.com/files/security/to%ens/ds1!!1_ibutton_advisory.txt

". 8.G. Graff and @.6. Ban yk, 5Secure Codin!> Princi#les and Practices,5 ?K6eilly Associates, 200".

4. . Grand 1@in!#in, Pal& ?S Pass$ord Lockout %y#ass,U 8arch 200-, www.grandideastudio.com/files/security/mobile/palm_bac%door_debug_advisory.txt


63/63

Grand Idea Studio, Inc.

#ttp)//www.grandideastudio.com

[email protected]

+ank!9

grand embedded security us04

Documents