tower defense for hackers: layered (in-)security for microcontrollers
TRANSCRIPT
Tower defense for hackers:Layered (in-)security for
microcontrollers
Milosch Meriacmeriac.com
@FoolsDelight
My OpenSoftware &HardwareProjects
meriac.com
PO p e n P C D . o r g
fO p e n P I C C . o r g
O p e n B e a c o n . o r g X b o x L i n u x C o r e T e a m
B l i n k e n l i g h t sS t e r e o s c o p e
Myproject atARM Ltd.
ARMmbed uVisor
on github
dP r i n c i p a l S e c u r i t y E n g i n e e r
Security+ Time = Comedy
D E V I C E L I F E T I M E
w
A T T A C K S S C A L E W E L L
U
Y O U C A N ’ T S T O P I T
!
It’s insane fun to bea security troll.
B E E N T H E R E , D O N E T H A T !
M y f a v o u r i t e : “ H e a r t o f D a r k n e s s - e x p l o r i n g t h e u n c h a r t e db a c k w a t e r s o f H I D i C L A S S T M s e c u r i t y ”
If we believe thatsecurity requires a sound
architecture from the start, we must stop trolling the result,
and start trolling the architecture.
B E A G O O D C I T I Z E N !S H O W T H E M H O W T O D O I T R I G H T
C R E A T E B E S T - P R A C T I C E I o T S O L U T I O N S R U N N I N G O N U N T R U S T E D C L O U D S Y S T E M SA N D E X E R C I S E E N D - T O - E N D E N C R Y P T I O N
Why is MicrocontrollerSecurity so hard?
The ugly truth™ is thatmakers must find all flaws –
attackers only have to find one.
B R E A K I N G A S Y S T E M I S E A S Y .F I X I N G A S Y S T E M I S H A R D .
L
MMU-LESS ARCHITECTURES
w
LIMITED COMPUTING POWER & MEMORY
z
RANDOM NUMBER GENERATION
f
INTERNAL STORAGE
Security from the 80’s for today’s threats
“It ain’t what you don’t know that gets you into trouble. It’s what you know for sure that
just ain’t.”
M A R K T W A I N
Flat memorymodels
N O S E P A R A T I O N
E S C A L A T I O N
F
V E R I F I C A T I O N
#
L E A K A G E
H
§ Hypervisor with hardware-enforced security sandboxes using MPU virtualization – no MMU needed.
§ Targeting ARM Cortex-M3/M4 microcontrollers§ Apache Licensed github project in development –
integrated with ARM mbed and Keil RTX, (also Apache-licensed)
§ Mutually distrustful security model:§ Principle of Least Privilege§ Boxes are protected against each other and drivers§ Enforces API entry points across boxes§ Box-API functionality can be restricted to specific
boxes: “Box caller ID”§ Per-box access control lists (ACL)
§ Restrict access to selected peripherals like Flash to avoid malware persistence
§ Remote Procedure Call API (RPC) for secure box-box calls
Example: uVisor for microcontrollers
Resourcesmatter
P U B L I C K E Y C R Y P T O
9
S H O R T C U T S
l
C O M M U N I C A T I O N
V
Device power consumption:The perfect tool for understandingdevice operation
Random,or not?
T I M E I S N O T R A N D O M
v
P R N G v s . T R N G
P R N G R E Q U I R E M E N T S
X
r a n d ( ) i s n o t r a n d o m
C O D E F R O M A D A T A B A S E A P P L I C A T I O N U S E DB Y T H E G E R M A N G O V E R N M E N T
F O R S E C U R I T Y A U D I T M A N A G E M E N T
3 0 C 3 T a l k
Storage,seriously?
O U T O F M E M O R Y
U
D A T A S E C U R E , T O O ?
extracted
indirectly
stepping through existing code
F
S I D E C H A N N E L S
Hr a n d ( ) i s n o t r a n d o m
R e a d p r o t e c t i o n b y p a s s
Case Study: Secure Firmware Update
Exposed box with communication stack
GAP
GATT
AP
BLE LL
BluetoothCommunicatio
n Stack
Flash interface box protected by MPU access control –without own communication stack
Cu
sto
m A
pp
lic
ati
on
Co
de
Opaque Block
, Messages delivered independently of communication stacks
Firmwareupdate blocks
FW005
Firmware Update Image
Secure Storage,Firmware Update Blocks
Re-flash Untrusted Application Upon Completion
Opaque
Secured and trusted device process
Decrypt and verify using DTLS
§ Flash access is exclusive to the firmware update core service.
§ Using the MPU for blocking access to the flash controller to everybody but the firmware update service.
§ Malware is forced to use APIs to attempt writing to flash
§ Public Key signatures of the device owner or manufacturer are required for API to accept an update.
§ Firmware is downloaded piece by piece into secure storage. The system reboots after initial verification into a boot loader for copying the new firmware into its actual position in internal flash.
§ The internal firmware is activated after final verification.
§ Crypto watchdog box enforces remote updates even for infected devices as only the server can re-trigger the watchdog with its cryptographic secret.
And now for something completelydifferent…
An 180°C PTC heater from AliExpress: $4
180°C PTC heater from AliExpress: $4… taped to a ceramic plate with Kapton tape ...
… and a supergluedscrew-cap: $5
… and a supergluedscrew-cap: $5
Decapping chips withcheap, non-toxicDiMethyl SulfOxide:
PRICELESS!
Keep on trollin’Keep on breakin’One fine day you’ll gonna be the oneTo make us understandOh yeah
THANKS!S O N G B Y T H E S P E N C E R
D A V I S G R O U P