ESS

Embedded System Requirements

*Act deterministically* (exactly the same each time) or in real-time (instant reacting for an event) or Be *fault tolerant* with graceful degradation when errors encountered. For example, flying drones should be able to land safely when an error occurs

Security Measures/Mechanism

*Technical measures* (with synergies and overlaps): cryptography, system security *Organizational* (including personal): password guidelines, security trainings *Physical* (protection of buildings) Key factor in choosing a security mechanism is the adversary model (specification of the capabilities of the attacker)

Why MMUs more expensive

*area overhead*: translation table (memory overhead), translation lookaside buffer (caching of table entries), additional translation hardware. *decreased frequency*: decreased maximum frequency is caused by longer signal transmission lines, which results from more hardware for address translation. Every address passes an additional step (the TLB) before data access. Dense layout of FPGA can also lead to decreased performance

Types of embedded systems

*baremetal*: whole functionality included in the application (application on hardware, no OS). *full-featured*: known softare layers exist. application on OS on loader on firmare on hardware

classification of protective measures

*prevention*: take measures that prevent your assets from being damaged. *Detection*: take measures that allow you to detect when an asset has been damaged, how it has been damaged, and who has caused the damage *Reaction:* take measures that allow you to recover your assets from a damage (in some cases the damage may be irretrievable. Unintended consequences, eg because of recovery from manipulated backups possible)

security aspects of MMU and MPU

*protect memory regions from unallowed access* (MMU and MPU): a malicious application is not allowed to change other applications' memory content. *marking memory regions as read only* (MMU and MPU), execution of injected code is prevented. Unallowed manipulation of memory mapped IO registers is prevented. *virtual address translation* (MMU), logic isolation of memory regions. Only MMU knows other applications' memory regions

Fuse

A fuse is a safety device, its typical functionality is to provide overcurrent protection for an electrical circuit. The main component is a metal wire that melts when high current flows through it, thereby preventing the high current from flowing to the rest of the circuit and damaging it

How to program PROM

A grid of columns and rows with fuses placed at the intersections of a column and a row. The state of a fuse represents a bit in PROM. Initial state of a PROM is not programmed with all cells set to 1 (all fuses are intact). To change the value of a praticular cell to 0, a specific amount of current must flow to that cell burning the fuse. This process is know as burning the PROM and is irreversible, ie once a bit is changed to 0 it cannot be set to 1 again.

MPU

A memory protection unit (MPU) can be seen as a trimmed down version of a memory Management unit (MMU) providing only access control for memory regions used by different applications. Thus, isolating memory regions used by individual applications running on the CPU

cryptographic speeds comparison

AES (128 bit key and 16 byte message) with software implementation on 16 bit CPU: frequency 4.9 MHz, Execution time 20ms encryption and 25ms decryption. AES (128 bit key and 16 byte message) with AES Engine: execution time 1.9ns RSA (2048 bit key) with coprocessor: frequency 4.9 MHz, Execution 65ms signing

Necessary for effective tamper evident systems

An audit policy must exist and be adhered to, for a tamper-evident system to be effective. Otherwise it may not be known if, or when, the system was breached. If no one looks for the evidence of tampering, that evidence will never be found

Processor families

Application Processors (with MMU, support Linux, Android, Windows- high level OSs), RealTime Processors (MPU), microcontrollers and deeply embedded devices (MPU, lower frequency, designed for energy efficiency)

Other security targets

Authenticity (Authentizität), Accountability (Zurechenbarkeit), non-repudiation (Verbindlichkeit)

Non-repudiation

Availability and integrity of the identity of the sender of a message (non-repudiation of the origin), or of the receiver (non-repudiation of the reception). Ability to prove this to (honest) third parties

accountability

Availability and integrity of the identity of the subject who performed an operation. Data origin authentication (verifying the source of transmitted data), entity authentication (verifying the identity of an entity)

why integrity is a prerequisite for availability

Availability is about the prevention of unauthorized withholding of information resources. To achieve this goal, security policies are defined which state the allowed (availability relevant) actions in the system. These policies are enforced by (different) mechanisms implemented in the system. To achieve the availiability security goal, it is crucial to ensure the integrity of these mechanisms

why physical security is necessary

Because known security mechanisms by which, eg operating systems and other software components prevent unauthorized access to data (logical security) do not safeguard information against physical attack. Logical security has also been improved so that a physical attack may become more easily performed than a logical attack

TLB

Because of the mostly slow performance of memory which is large enough to provide sufficient space to store translation tables, the translation process would be much too slow if each memory access would include another memory access for only translating one address. This makes the TLB necessary, which is a hardware implemented cache for frequently used virtual addresses

Hardware components Microcontroller

CPU and coprocessor, MMU, ROM, RAM and Flash and EEPROM

Embedded Systems in IoT hardware

CPU: Railink RT350F, OS Linux: d-link wifi day camera. CPU: ESP8266, no OS (bare metal): sonoff S20, smarter iKettle 2.0

challenge of computer security

Computer security is about controlling access to information and resources. However, controlling access to information can sometimes be quite elusive and is therefore often replaced by the more straightforward goal of controling access to data. The distinction between data and information is subtle but is also the root of some of the more difficult problems in security

computer security

Computer security is about protection of information assets. We must examine how information assets can be compromised. Definition of computer security (anderson): computer security deals with the prevention and detection of unauthorized actions by users of a computer system

Embedded System Constraints

Constraints can be at the hardware level. Examples: CPUs running at lower frequencies to consume less power and save battery energy, Less memory for cheaper manufacturing costs, Supporting a subset of peripherals. These constraints make known security solutions not portable to embedded systems.

Dependability intuitive definition

Dependability is a value showing the reliability of a person to others because of his/her integrity, truthfulness, and trustfulness, traits that encourage someone to depend on him/her

Dependability Main idea

Depending on the preferred point of view, security is an aspect of reliability or vice versa. To escape from this dilemma, the notion of dependability has been introduced as unifying concept. Security, reliability, integrity, and availability can be treated as aspects of dependability

Embedded systems in IoT

Drahtlos Geräte miteinander verbinden mithilfe vom Internet Examples: digital Personalausweis, Smart Home (alexa, philips hue), fitness tracker, drones IoT Geräte sehr unsicher

embedded system

Embedded Systems sind Basis für Internet of Things (IoT). High-end embedded system: infotainment unit of a modern car. Low-end embedded system: eg a pill with a sensor to monitor medication (smart end is not low end because it has a processor).

Examples tamper resistant systems

Example: design of an ATM, tamper resistant physical security is usually easiest to apply. Single chip implementations of secure devices have a certain level of physical security due to the small size of the features and the complexity of determining which part of the circuit performs which function

remote attestation

Gain information about the state of a remote entity Use Case: enables to check the state of another system A secret key is shared between prover and verifier, which is used while creating a Hash-mac

Sonoff S20 Hard and software

Hardware: ESP8266 CPU SoC, L106 32 bit RISC 80 MHz, 32KiB instruction RAM, 32 KiB instruction cache RAM, 80KiB user data RAM, 1MB flash. Software: proprietary bare metal, open source variants like ESPeasy

authenticated boot v secure boot

Hier terminiert das System nicht direkt falls eine Komponente nicht ganz stimmt. In authenticated boot, the remote verifier's trust in the checksum(s) is based on his trust in the RTM. Both are based on the creation of a chain of trust during the system boot. Both are mechanisms to ensure the integrity of the initial state of a computer system.

physical protection measures

IBM 4758-023 (Warning: incorrect battery replacement or misuse will permanently disable the card. Refer to IBM 4758 PCI cryptographic coprocessor installation manual). Smartcard processor with covering plastic removed. Sticker: warranty void if removed. Removing tamper evident tape with acetone and a needle at Defcon 23. ORWL: an open source, physically secure personal computer.

When to choose MMU

In high level systems or more advanced systems featuring full feature OS (Linux, Android, Windows, etc), a MMU can even be essential to provide the features required by the OS. For these systems, the virtual address space of each application is essential for the separation of applications

criteria for effective physical security

In the event of an attack, there should be a low probability of success and A high probability of detection either during the attack, or subsequent to penetration

Properties of microcontroller's CPU

Instruction set: RISC (reduced Instruction set computing) vs CISC (complex instruction set computer) Architecture (ARM, AVR, MIPS, MSP430, x86..) Bit-width (4-bit, 8-bit, 16-bit, 32-bit) Processing power (MHz, Dhrystone MIPS - DMPIS)

challenge of ESS

Known security solutions not applicable to these systems Wide range of devices with different capabilities and requirements

Dimensions of Computer Security

Main Dimensions for the design space for computer security. Horizontal axis represents the focus of the security policy: User (subject) and Resource (object). Vertical axis represents the layers of the computer system where a protection mechanism is implemented: Software and Hardware

MMU

Memory Management Unit (MMU) is a hardware component that performs virtual memory management (virtual address to physical address mapping) and memory isolation in multi-tasking scenarios

Nature of assets being protected

Now the assets are often information, which can be stolen without being physically removed from where they are. Computer systems have moved out of environmentally security computer rooms into less environmentally secure offices and homes, mobile devices and Internet of Things. At the same time, the value of data on these computing systems is increasing as centralization decreases. Further, logical security has been improved to the extent that a physical attack might be easier to perform

translation table

Objects required for address translation must be implemented in hardware. The translation tables can be stored in memory, which is expensive

Vertical Axis: Layers of a computer system

Outside system: user input Outside security perimeter - not security relevant (untrusted- user input, system interface, applications). Inside Security perimeter - security-relevant (trusted-Security perimiter interface, operating system, hardware interface, Hardware)

Integrity

Prevention of unauthoriyed modificaiton of information. Some meanings of integrity are: precise, accurate, unmodified, modified only in acceptable ways, modified only by authorized people or processes, consistent, internally consistent, meaningful and correct results. As confidentiality, can be enforced by rigorous control of who can access which resources in what way

confidentiality

Prevention of unauthorized disclosure of information. Problems: Who determines who is authorized? What extent of disclosure is relevant (one bit?)? Can be enforced by rigorous control of who can access which resources in what way. Implemented by cryptography

Privacy Targets

Privacy, anonymity (Anonymität), untraceability (Nicht-Rückverfolgbarkeit), Unlinkability (Unverknüpfbarkeit), Unobservability (Unbeobachtbarkeit)

Smart card phases

Production phase, card preparation phase, application preparation phase

why parts of the OS are in smart card ROM

ROM cell is roughly 4 times smaller than EEPROM cell - ROM has higher density. manufacturing costs, smart cards with large EEPROM are more expensive than smart cards with ROM

Edimax SP/2101W Hard and Software

Railink RT250F CPU 260 MHz, 32MB RAM, 4MB Flash. Software: custom linux, busybox (cli), lighttpd (webserver), polarSSL, sqllite database

Security Policy v mechanism

Security policy determines what is allowed and not allowed (ex: a user is only allowed to read his own data). Security mechanism is an approach which enforces a security policy (ex: encryption)

tamper evident systems

Tamper-evident systems are designed to ensure that if a break occurs, evidence of the break-in is left behind. Tamper-evident systems are not designed to prevent an attack or to respond to the indication that one is in progress Their job is to ensure that the fact of a break-in will remain known and can be ascertained in a later time

tamper resistant systems

Tamper-resistant systems take the "bank vault" approach: thick steel or other robust materials are ultilized to slow down the attack by requiring powerful tools and great effort to breach the system. Weight and bulk of the system can be a problem or benefit, depending on the application. Complexity or size can be another variety of tamper resistance

Where tamper responding systems are employed

Tamper-responding systems do not depend on robust construction or weight to guard an asset. Therefore, they are good for portable systems or other systems where size and bulk are a disadvantage

tamper responding systems

Tamper-responding systems use the burglar alarm approach: the defense is the detection of the intrusion, followed by a response to protect the asset. In the case of attended systems, the response may consist of sounding an alarm. Erasure or destruction of secret data is sometimes employed to prevent theft in the case of isolated systems which cannot depend on outside response

MMU v MPU

The MMU covers all the features a MPU has. Next to this, virtual address translation is supported

why physical security is becoming more important

The nature of assets being protected has changed In the past the assets to be protected were nominally physical items (cash, jewlry, bounds, etc). Physical security technology is a relatively recent addition to computing system design

Horizontal Axis: Resource/Object

The term "object" generally refers to a passive entity (file or a record in a database). However, object may indicate an active device from the systems resource pool (network printer or a programmable service that is managed as a resource)

Horizontal Axis: User/subject

The term "subject" generally refers to an active entity. It is used to identify a running process (a program in execution). Each subject assumes the identity and the privileges of a single principal. A principal may launch several processes within a single login session and thus be associated with multiple subjects, each of which inherits the identity of the login session

Remote attestation process

The verifier starts remote attestation by sending a challenge to the prover On the prover side, a trusted component called attestor creates the attestation response which represents the prover's software configuration. In order to prevent replay-attacks, in calculation of the attestation response the challenge received from the verifier is included. The response is sent to the verifier in an authentic way (HMAC) On the verifier side, the authenticity and freshness of the response are verified and it is compared with an a priori reference value. Based on the result of this comparison, the verifier makes a decision about the state of the prover

Notes on computer security in practice

There is no single definition of security When reading a document, be careful which notion/definition of security is used in the document A lot of time is being spent (and wasted) in trying to define unambiguous notations for security

Implementation tamper evident systems

This is usually accomplished by a chemical or mechanical means, such as a white paint that "bleeds" red when cut or scratched, or tape or seals that show evidence of removal Frangible (brittle, breakable) covers or seals are other methods available using current technology

physical security traditional

Traditional use of the term physical security: To describe protection of material assets from fire, water damage, theft or similar perils. Ongoing concerns in computer security have caused "physical security" to take on a new meaning

Card preparation phase

after manufacturing, operations are loaded into EEPROM (OS tables and pointers). done by smart card issuer (eg bank). Applications are written into EEPROM (application data that is the same for all smart cards, ie not person specific)

Embedded System

an integrated (into a higher level system) computing system performing a limited set of well-defined control, regulation, and data processing tasks (The controller is embedded so far in the system that usually users don't realize its presence)

Production phase smart card

boot loader (program) enables smart card issuer to load the operating system onto flash/EEPROM after microcontrollers are manufactured. Programmed into ROM during manufacturing, in addition to hardware test and diagnostic functions. General purpose kernel routines are basis for special purpose applications of smart cards.

Classical security targets

confidentiality (Vertraulichkeit), integrity (integrität), availability (verfügbarkeit). These tree qualities are largely independent, but sometimes overlapping. They can even be mutually exclusive (eg strong protection of confidentiality can severely restrict availability)

Anonymity

confidentiality of the identity of the person, for instance, who invoked an operation. Alternatively: the state of being not identifiable within a set of subjects

Privacy

confidentiality with respect to personal data, which can be either "information" or "meta-information" (identity of a user who performed a particular operation, sent a particular message, received a message, etc)

Actions performed by smart card

cryptography: public key crypto (RSA, elliptic curve cryptography), secret key crypto (AES, triple DES), random number generation (some cryptographic functions can be implemented in hardware to achieve higher performance)

MMU features

define memory access rules, perform virtual address translation, has TLB (translation lokaside buffer), restrict access to allowed entities, suitable for high level OS (eg unix), mark regions as read only

MPU features

define memory access rules, restrict access to allowed entities, mark regions as read only, suitable for low cost embedded systems

Dependability according to IEC IEV 191-02-03 (broader)

dependability is the collective term used to describe the availability performance and its influencing factors: reliability performance, maintainability performance and maintenance support performance

can a system verify its own integrity

depends on the system. A conventional system without a trusted component cannot. Only a system with the trusted functionality for quantifying and evaluating its state is able to perform this task

Unlinkability

different transactions are not linkable

EEPROM

electronically erasable programmable read-only memory. non-volatile memory that does not lose its content when power supply is off. Unlike ROM, its content can be erased and reprogrammed many times. It corresponds to the hard disk of a desktop or laptop

authenticated boot

enables the verification of the inital system state (external verifier decides on integrity of the system). Each boot component measures its successor but does not verify it (checksums of all boot components represent the system state right after execution of boot process)

secure boot

ensures the system is started in the correct state by checking root of trust for measurement (RTM), Firmware, Loader, OS, and applications. Each component verifies its successor-if the successor is in the expected state it's executed (otherwise abort boot)

When to choose MPU

in a low cost/power device performing only a handful of dedicated tasks. Single memory slices can be assigned to the tasks as well as regions for data exchange between those tasks. The address translation features of a MMU are not necessary and would lead to a more complex and expensive system.`

Application preparation phase

individual data for personalizing the smart card is usually programmed into EEPROM during this phase. Includes user name and address, as well as user secret keys and PIN

security goals in ESS

integrity is prerequisite for other goals. Integrity verification ensures that the system is in the expected state (defined by the contents of its memory). Options are make memory immutable (read only memory ROM) and check memory contents (small code in ROM checks contents of flash with checksum to be compared to known reference value). Basis for secure and authenticated boot

authenticity

integrity of a message content and origin, Implemented by digital signatures

Requirements authenticated boot

integrity of measurements, authenticity of measurements

physical security

involves technologies used to safeguard information against physical attacks. physical security is a barrier placed around a computer system to deter unauthorized physical access to the computing system itself. this concept is complementary to the logical security, ie the mechanisms by which operating systems and other software prevent unauthoriyed access to data

Data

physical phenomena chosen by convention to represent certain aspects of our conceptual and real world. Data represents information and is used to transmit information, store information, and derive new information by manipulating the data according to formal rules

availability

prevention of unauthorized withholding of information or resources. Enforcing availability is not trivial and is one of the most serious problems of computer security

PROM

programmable ROM. In ROM content is written during manufacturing process, while with a PROM the content is programmed only for one time after manufacturing. fabricated using fuses.

RAM

random access memory. volatile memory (loses its content when power supply is off). Flash of EEPROM are an example

ROM

read only memory. Its content is immutable, ie permanent and cannot be changed after manufacturing. This content is the same for all chips of a production batch and can only be programmed into the ROM during manufacturing. Types: PROM, Fuse

Reliability

related to (accidental) failures in the system.

Untraceability

related to anonymity

Safety

related to the impact of system failures on their environment, which also deal with situations where the system has to perform properly in adverse conditions

Security

security is about the protection of assets. You have to know your assets and their values. Risk analysis is a part of a comprehensive information security strategy.

Example of embedded system

smart card. Includes interface with terminal, clock, vcc, data I/O, microcontroller Applications: smart cards are primarily used to provide authorization for specific actions or identify the cardholder, they can be used in: Debit and credit cards, Mobile telecommunication (GSM, UMTS, auch SIM Karten zum Beispiel), Personal IDs, access control systems, Health insurance cards. Hardware components is microcontroller

physical security methods

tamper resistant systems, tamper responding systems, tamper evident systems

Information

the meaning we assign to data. Information is the subjective interpretation of data

Overall dependability

the property of a computer system such that reliance can justifiably be placed on the service it delivers. The service delivered by a system is its behavior as it is perceived by its users. A user is another system (physical, human) which interacts with the former

environmental security

the protection that the system receives by virtue of location such as guards, cameras, badge readers, access policies, etc. Both physical and logical security are complementary to environmental security

Unobservability

the state of items of interest (IOI), eg subjects, messages, events, being indistinguishable from any IOI (of the same type) at all

Dependability accrosing to IFIP 10.4 Working Group on dependable computing and fault tolerance

the trustworthiness of a computing system which allows reliance to be justifiably placed on the service it delivers

embedded system security goal

to achieve the security goals in resource-constrained computing systems

RTM

trust anchor. Is executed on each system startup, cannot be verified, is trusted. Trust in secure boot is based on trust in RTM

which entity in remote attestation is trustworthy

verifier