Embedded Systems & IoT (Q8)

Embedded Systems and Internet of Things

• A growing trend is to add capabilities to devices that have never had computing power before • These devices include: • Embedded systems and the Internet of Things

Embedded System Software Security

• Basically the same as other software security • Reduce complexity - the more complex the code the more difficult it is to identify bugs and security vulnerabilities • Minimize extensibility - extending functionality beyond original designs increases probability of vulnerabilities and unwanted access • Manage connectivity - more and more embedded systems are being connected to networks - makes possible small failures propagating into massive breaches • Apply security best practices - abuse cases, requirements and design reviews, external reviews, static & dynamic analysis, penetration testing, ...

IoT Data Security

• Design in security • Deep security analysis • Security recommendations • Source code edits • Cryptography implementation audits • Wireless protocol assessments • Device security • Check data obfuscation against tampering & RE • Apply appropriate device security controls (see embedded solutions) • Software security • Application penetration testing • Applicable countermeasures • Vulnerability patching • Key management • Multi-level key management • Risk management • Incident response strategy • Damage/loss control strategy

IoT Sensors

• Element that allows monitoring of the environment and the context on which IoT systems operate • sensors can measure defined physical, chemical, or biological indicators, and on the digital level, they collect information about the network and applications • accelerometers • temperature sensors • pressure sensors • light sensors • acoustic sensors

IoT Ecosystem

Image including • Cloud Platform, Backend and services • Communications • Endpoint devices (sensors, actuators, embedded devices etc.) • Gateways

Embedded Systems

• Embedded system • A computer hardware and software contained within a larger system designed for a specific function • Examples of embedded systems: • Medical devices • Aircraft • Vehicles • Industrial machines • Heating, ventilation, and air conditioning (HVAC) environmental systems • Malicious and accidental failures can have dire consequences • Embedded systems are not "all hardware" • They have software too • Autonomous nature • Embedded systems are highly configurable • They have to work in many different scenarios -----------Next Slide------------ • Environment is highly dynamic • Think about embedded systems in a battlefield • Embedded system in a vehicle • Functional requirements of embedded systems change over time • Embedded system deployed in a battlefield • Functional requirements change with mission • Embedded systems are part of a complex network of components • Components might be hardware or software • Source code might be available for some components • COTS components (only binary available) • Failure can create cascading events • Embedded systems used in critical applications • In some cases recovery is paramount • Recovery complicated by complex interaction of events • Failure can cause a complex cascade of events -----------Next Slide------------ • System on a chip (SoC) • All the necessary hardware components contained on a single microprocessor chip • Real-time operating system (RTOS) • Software designed for a SoC in an embedded system • Embedded system receive very large amounts of data quickly • RTOS is tuned to accommodate very high volumes of data that must be immediately processed for critical decision making • Industrial control systems (ICS) - control locally or at remote locations by collecting, monitoring, and processing real-time data so that machines can directly control devices such as: • Valves • Pumps • Motors • Multiple ICS are managed by a larger supervisory control and data acquisition (SCADA) system

Embedded System Hardware Security

• Enclosure • Tamper mechanisms - prevent any attempt by an attacker to perform an unauthorized physical or electronic action against the device • divided into four groups: resistance, evidence, detection, and response • resistance - make it hard to get inside the device via hardened steel enclosures, locks, one-way screws, sealing both sides of housing together, etc. • evidence - ensure there is visible evidence left behind if tampering occurs via use of brittle plastics or enclosures that crack or shatter, :bleeding" paint that changes color when scratched, etc. • detection - enable hardware to be aware of tampering via use of switches, sensors, and flexible circuitry • response - countermeasures taken when detection occurs that include shutting down, disabling, erasing, destroying • existing tamper mechanisms can only be discovered by attempted or complete disassembly of the target product • Making physical access to components difficult • epoxy or glue components to printed circuit boards (PCBs) • hiding critical traces & removing unnecessary test points • Use chip-on-board (COB) packaging

Internet of Things (IOT)

• IoT = a cyber-physical ecosystem of interconnected *sensors* and *actuators* which enable intelligent decision making (European Union Agency for CyberSecurity (ENISA)) • Internet of Things (IoT) • Connecting any device to the internet for the purpose of sending and receiving data to be acted upon • IoT Device Examples • Wearable technology and multifunctional devices • Everyday home automation items such as: • Thermostats, coffee makers, tire sensors, slow cookers, keyless entry systems, washing machines, electric toothbrushes, headphones, and lightbulbs • Body area networks (BAN) - a network system of IoT devices in close proximity to a person's body that cooperate for the benefit of the user • Autonomous body sensor network (ABSN) • ABSN can expand the use of functional electric stimulation to restore sensation, mobility, and function to those persons with paralyzed limbs and organs

IoT Security Implications

• Reasons why IoT and embedded system devices are vulnerable: • Most IoT vendors are concerned with making products as inexpensive as possible, leaving out security protections • Devices that do have security capabilities implemented have notoriously weak security • Few, if any, IoT devices have been designed with the capacity for being updated to address exposed security vulnerabilities • IoT and embedded systems that can receive patches often see long gaps between the discovery of the vulnerability and a patch being applied • No device is fully secured • Reliance on third-party components, hardware and software • Dependency on networks and external services • Design of IoT/connected devices • Vulnerabilities in protocols • Security by design NOT the norm • IoT security is currently limited • Investments on security are limited • Functionalities before security • Real physical threats with risks on health and safety • No legal framework for liabilities

Embedded System Security Issues

• The security techniques developed for desktop computing might not satisfy embedded application requirements. • Embedded systems are often highly cost sensitive - saving pennies can make a huge difference when building millions of units per year - adding things like security add cost • Many embedded systems interact with the real world. A security breach thus can result in physical side effects, including property damage, personal injury, and even death. • Embedded systems often have significant energy constraints, and many are battery powered. Some embedded systems can get a fresh battery change daily, but others must last months or years on a single battery. By seeking to drain the battery, an attacker can cause system failure even when breaking into the system is impossible. • Types of security threats are similar to desktop computing environments ... but different • Interception (or Eavesdropping) - This could be achieved by monitoring the external interfaces of the device or by analyzing compromising signals in electromagnetic radia • Fault Generation - operating the device under abnormal environmental conditions to intentionally provoke malfunctions, which may lead to the bypassing of certain security measures • Fabrication - Creating counterfeit objects. Sometimes these additions can be detected as forgeries, but if skillfully done, they may be indistinguishable from the real thing.

IoT Data Security Slide 2

• Transport and app layer encryption • TLS and DTLS for encrypting data transmitted over the Internet • App layer encryption for greater security (e.g. asinfinancial transactions) • Secure key exchange algorithms over unsecured channels • Authentication and Key management • IoT devices need to check that the server is who it says it is • Servers likewise need to check this for IoT devices • Asymmetric Public/Private keypairs vs Symmetric keys • Tamper resistant storage of keys and certificates • Challenges for provisioning services • Authorization rules • Authentication of the data recipient • Simple form of rules as access control lists • More general rules with complex conditions

IoT Security in Sectors

• Understand threats a& assets • Consider context of use • Highlight security good practices in specific sectors • Provide recommendations to enhance cyber security • Expert groups

IoT Security - Main challenges

• Very large attack surface and widespread deployment - direct, unprotected physical access to many devices • Limited device resources - IoT relies on microcontrollers • Lack of standards and regulations • Safety and security process integration • Security by design not a top priority & keeping up to date with security best practices is difficult • Lack of expertise • Applying security updates • Insecure development • Unclear liabilities • Generating vast amounts of data - more sensitive data available/at risk • How to do "trust delegation" - Users not around when IoT devices need to authenticate themselves to a service • How can users authorize or certify the trustworthiness of a device in advance ... a.k.a. Delegate Trust - Requires authentication of users as well as service providers

Sensor + Actuator + ...

• medical implants • wearables (smart watches) • connected lights • smart thermostats • flow control systems https://www.enisa.europa.eu/topics/iot-and-smart-infrastructures/iot

IoT Actuators

• the entity responsible for moving or controlling a system or mechanism. • an actuator operates in the reverse direction of a sensor; it takes an electrical input and turns it into physical action.