embedded security
DESCRIPTION
Embedded Security. A.J. Han Vinck May 2003. content. Introduction Embedded system Embedded cryptography Some problems in crypto or: how to use/implement mathematics ? Counter measures. embedded system. a computing system as part of a larger system may use - PowerPoint PPT PresentationTRANSCRIPT
Institute for Experimental Mathematics
Ellernstrasse 29
45326 Essen - Germany
Embedded Security
A.J. Han Vinck
May 2003
Han Vinck February 2003
University Duisburg-Essen digital communications group
content
• Introduction – Embedded system– Embedded cryptography
• Some problems in crypto– or: how to use/implement mathematics
?– Counter measures
Han Vinck February 2003
University Duisburg-Essen digital communications group
embedded system
• a computing system as part of a larger system• may use
– a ROM-based operating system – a disk-based system, like a PC
• used to control, monitor or assist an operation
Example:Example: a P that controls an automobile engine
Han Vinck February 2003
University Duisburg-Essen digital communications group
Source: Richard Newton
Han Vinck February 2003
University Duisburg-Essen digital communications group
Components in embedded systems
• Micro processors– no access to programm
• Busses• Communication ports/modems
• Hardware • Programmable hardware: FPGA• (P)ROM, RAM
• Battery/Power supply• System clock
Pin/memory protection;
proper design
Check variations
Bus and port management needed
Protect software
Han Vinck February 2003
University Duisburg-Essen digital communications group
Embedded processor constraints small amounts of memory (RAM, ROM)
limit the amount of data a program can hold restrict the program code size
restriction on power consumption
slower clock speeds less processing power.
An embedded processor is not subject to FIRMR
Federal Information Resources Management Regulation
regulation when used for control of communication devices, automobile diagnostics
Word length 8, 16, 32; speed XX MHz
BUT: BUT: CryptographyCryptography is is computationally intensive computationally intensive
Han Vinck February 2003
University Duisburg-Essen digital communications group
Some interesting facts
• Intel 4004 was an embedded application (a calculator)
• Of todays microprocessors– 95% go into embedded applications
• SSH3/4 (Hitachi): best selling RISC microprocessor
• application area– Microcontrollers– DSPs– Media Processors– Graphics Processors– Network and Communication Processors
Han Vinck February 2003
University Duisburg-Essen digital communications group
Embedded System Constraints cont‘d
Less hardware more software
lower speed
parallel structure serial solutions
Han Vinck February 2003
University Duisburg-Essen digital communications group
embedded cryptography
• Cryptography engineered into an equipment or
system whose basic function is not cryptographic Problem: if to be implemented later
Han Vinck February 2003
University Duisburg-Essen digital communications group
ATTACKSATTACKS
– can be more difficult in customized (specialized) HW/SW
– new possibilities: side-channel/tamper attacks» Power analysis; voltage variations; etc
– easy access to nodes; reverse engineering available
– easier because security depends on HW/SW/power constraints
– Public key infrastructure is missing – no backboneno backbone
Han Vinck February 2003
University Duisburg-Essen digital communications group
Why attack ?
• Gain control ( power )– Competition; 11.9
• Money (crime)– Pay TV, cell Phones, car stealing, misuse of information
• Kick– hackers
Han Vinck February 2003
University Duisburg-Essen digital communications group
Basic Cryptographic tools
• Algorithms:– Symmetric-key: 3DES, AES– Public-key: RSA, Diffie-Hellman, ECC– Hashing: MD5
• Random Number Generation:– RC4
• Protocols: – SSL; SSH; Kerberos– Based on zero-knowledge; honest coin flipping
• Certification; Arbitrating; Trusted center
Han Vinck February 2003
University Duisburg-Essen digital communications group
example
• Many tools based on discrete logarithm problem
ax = y modulo n
given x „easy“ to find ygiven y „hard“ to find x
All integers of size > = 1024 bits!
Han Vinck February 2003
University Duisburg-Essen digital communications group
discrete logarithm application
• Secret key algorithm Pohlig-Hellman • Public key algorithm RSA; El Gamal• Random number generation • Key exchange Diffie-Hellman• Signatures; Hash functions ***
• additional property used
– when ed = 1 modulo p-1 aed = a modulo p
• SLOW:SLOW: Security based on numbers > 1024 bits
Han Vinck February 2003
University Duisburg-Essen digital communications group
Interesting new approach
• NTRU: – based on convolution product of two polynomials
• Faster than usual algorithms like RSA, ECC
• CEES embedded security standard – (IEEE P1363.1)
CEES: consortium for efficient embedded security
Han Vinck February 2003
University Duisburg-Essen digital communications group
Symmetric key systems
• Stream cipher: simple and fast
MMR
RR
MR M
PRNG PRNG problem
key stored at two locations!
Han Vinck February 2003
University Duisburg-Essen digital communications group
Problems in cryptographic systems
• Choise of parametersChoise of parameters– Example:
• bad numbers in Diffie-Hellman, • RSA key e d = 1 modulo (p-1)(q-1)
• „„own development“own development“– Example:
• WiFI, Hash(M+d) = Hash(M) + Hash(d)• Avoid patents (IDEA)
• Pseudo random number generationPseudo random number generation– not predictable; long period; dependability
Han Vinck February 2003
University Duisburg-Essen digital communications group
Problems (cont)
• protocol not completeprotocol not complete– Man in the middle attack– Replay
• complexity complexity – Mathematics OK, size of parameters not
• limited processing power additional risk• network speeds increase security must also
• network connectionsnetwork connections– Web-based applications; cell phone without protection
Han Vinck February 2003
University Duisburg-Essen digital communications group
Problems (cont)
• Internet connection security threatsInternet connection security threats – Packet sniffing use encryption
• Avoids reading open messages, passwords, keys, etc.
– Substitution use signed Hash• Modifying data, commands or software
– Impersonation use authentication• Replay; man in the middle; masquerade
– Key management use key infrastructure• Who can do what and when
• Insider attacksInsider attacks– Manufacturing, distribution, installation and operation
Han Vinck February 2003
University Duisburg-Essen digital communications group
Problems (cont)
• Physical securityPhysical security– Tamper-resistant– Side channel attack resistance
• Timing-, power analysis
Han Vinck February 2003
University Duisburg-Essen digital communications group
access to the system
• via Internet or Internal
• many candidate nodes
• wireless is „open“
• downloading may start malicious programs
– Illegal memory allocation or corruption
– Reading for passwords send to outside attack
Han Vinck February 2003
University Duisburg-Essen digital communications group
Counter measures (1)
– Use secure Base• Log all activities
– Utilize Access control• Assign privilage levels/rights
– Careful downloading of SW• Allow only signed and authorized downloading
– Fixed memory partitions
– Encrypt sensitive content
– Determine failure modes (what happens after?)
Han Vinck February 2003
University Duisburg-Essen digital communications group
Counter measures (2)
• Test at initialization
• Test at operation if everything works properly – Example: Random Number generation
• Logging of Deviations
• Immediatly signaling of serious deviations
Han Vinck February 2003
University Duisburg-Essen digital communications group
Research projects
• Security in critical infrastructures– key management; compatibility; scalability
• Security in embedded systems– best algorithm and architecture for specified
resources• memory or computing power
– Investigate the CEES proposal
• Random number generation based on inverse source coding– easy to implement, but hard to analyze
Han Vinck February 2003
University Duisburg-Essen digital communications group
conclusions
performance of cryptographic algorithms is crucial
low speed dissatisfaction and inconvenience
needed at communication speed
programmability facilitates modifications and enhancements
make algorithm independent from the protocol
Key management protocol needed • Master keys, Session keys
Han Vinck February 2003
University Duisburg-Essen digital communications group
Digital Signal Processor
– fast arithmetic; strong integer arithmetic• specialized computational unitsspecialized computational units and and instructions
for signal processing
– real-time capabilities• highly parallel architecturehighly parallel architecture lower clock speed relatively lower power
– relatively low price
– programmability flexibility• programmer selects the units he needs • can be implemented as a co-processor > speed
Han Vinck February 2003
University Duisburg-Essen digital communications group
Example Field Programmable Array
Type Itwo or more look-up tables and two or more flip-flops
Type IItwo-input logic function or a 4-to-1 multiplexer and a flip-flop
Han Vinck February 2003
University Duisburg-Essen digital communications group
FPGA