SlideShare a Scribd company logo

Secure Embedded Systems

Informatik-Forum Stuttgart e.V.
Informatik-Forum Stuttgart e.V.

The document discusses secure embedded systems as a requirement for cyber physical systems and the internet of things. It begins by providing examples of attacks on modern embedded systems like cars, industrial control systems, smart grids, and medical devices. It then discusses trends increasing security risks for embedded systems like network connectivity and standardization. Finally, it outlines requirements for future secure embedded systems and describes techniques like hardware security modules, secure elements, physical unclonable functions, and trusted operating systems to provide security in embedded systems going forward.

TechnologyBusiness
1 of 36
Download to read offline
Technische Universität München Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge Kolloquium der Fakultät 5 der Universität Stuttgart 17. Dezember 2013 Prof. Dr.-Ing. Georg Sigl Lehrstuhl für Sicherheit in der Informationstechnik Technische Universität München Fraunhofer Institut für Angewandte und Integrierte Sicherheit AISEC
Technische Universität München Content • Attack examples on embedded systems • Future secure embedded systems 2
Technische Universität München ATTACKS ON EMBEDDED SYSTEMS 3
Technische Universität München Attacks on modern cars Comprehensive Experimental Analyses of Automotive Attack Surfaces S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, T. Kohno. USENIX Security, August 10–12, 2011. 4
Technische Universität München Attacks on industrial control systems: Stuxnet http://www.faz.net/aktuell/feuilleton/debatten/digitales-denken/trojaner-stuxnet-der-digitaleerstschlag-ist-erfolgt-1578889.html 5
Technische Universität München Attacks on industrial control systems Source: http://www.bhkw-infothek.de/nachrichten/18555/2013-04-15-kritische-sicherheitsluckeermoglicht-fremdzugriff-auf-systemregler-des-vaillant-ecopower-1-0/ 6
Technische Universität München Attacks on smart grid through smart meter 7
Technische Universität München Attacks on medical devices Source: http://media.blackhat.com/bh-us-11/Radcliffe/BH_US_11_Radcliffe_Hacking_Medical_Devices_Slides.pdf 8
Technische Universität München Product Piracy • Estimated damage in machine construction industry (source VDMA) – 7.9 Billon Euro (~4% of revenue) • Steps of pirates – HW Component identification – Software extraction – Rebuilding hardware – Cloning software 9
Technische Universität München Trends increasing the security risks • Network connection – ES can be attacked through network – Insecure system  remote attacks  attacked through unprotected ES  malware • Standardization in software – Operating systems (e.g. Linux) – Web browsers • Platform design with software configurability  jail break, tuning • Concentration of multiple functions (multicore)  separation risk • Significant Know-How in ES  product piracy • Hacker = product owner  hardware attacks 10
Technische Universität München Threads in Cyber Physical Systems Network and Backgroud Systems Attacks through broken embedded systems Attacks out of Cyberspace Embedded System BMBF-FKZ: 01IS13020 11
Technische Universität München FUTURE SECURE EMBEDDED SYSTEMS 12
Technische Universität München Requirements for future secure embedded systems 1. 2. 3. 4. Security for more than 10 years (target 30 years) Secure machine to machine communication (M2M) Protection of embedded systems against manipulation and misuse Fulfillment of typical non functional requirements, i.e.: – Real time behavior – Resource limitations (cost, power) 5. Maintain security despite of increasing complexity 6. Protection of intellectual property 7. Secure software update during operation 13
Technische Universität München Secure embedded system M2M other System on Chip SIM ID Actuator GSM Trust Core 1 OS Core 2 Core i System on Chip Core n IO-interfaces RAM Flash ID Sensor Peripherals Hardware Security Module 14
Technische Universität München Secure embedded system: Chip Identities M2M other System on Chip SIM ID Actuator GSM Trust Core 1 OS Core 2 Core i System on Chip Core n IO-interfaces RAM Flash ID Sensor Peripherals Hardware Security Module 15
Technische Universität München IDs for Hardware • Binding of components – Authentication – Integrity checking • Piracy protection – Encryption with derived keys • Methods – Physical Unclonable Functions (PUF) : fingerprint of a chip – Fuses (electric or laser) – Flash memory 16
Technische Universität München PUFs as security primitive „Unique“ Physical Property + Measurement Method = Authentication, Key Generation PUF + = Physical Unclonable Function 17
Technische Universität München Ring Oscillator PUF (Suh and Devadas, 2007) * • Ring oscillator frequencies depend on manufacturing variations • Two ROs are compared to obtain a response bit * G. E. Suh and S. Devadas. Physical unclonable functions for device authentication and secret key generation. Design Automation Conference, 2007. DAC ’07. 44th ACM/IEEE, pages 9–14, 2007. 18
Technische Universität München SRAM PUF (Guajardo et al., 2007) * • Symmetric circuit balance influenced by manufacturing variations • SRAM cells show a random, but stable value after power-up * J. Guajardo, S. S. Kumar, G. J. Schrijen, and P. Tuyls. FPGA intrinsic PUFs and their use for IP protection. In CHES 2007, volume 4727 of LNCS, pages 63–80. Springer, 2007 19
Technische Universität München Automotive ECUs today and in future Microcontroller Microcontroller NVM RAM Code key CPU Code application PUF key Embedded Flash 65nm √ 40nm √ 28nm ? ??? CPU application Flash Encrypted Code/Data Logic Process + external Flash + Shrinkable + Lower Cost + Higher Performance 20
Technische Universität München Alternatives to PUF based key generation Microcontroller RAM • Fuses – Electrical • Reliability: weak Code key CPU application – Laser • Size: very large • Security: Easy to identify and modify Flash Encrypted Code/Data • OTP (one time programmable memory) – Cost: comparison with PUF technology open – Security: memory cells easier to detect, extract and modify – Programming of key during test increases test complexity 21
Technische Universität München Reliability of PUFs • Critical parameters: – Temperature – Voltage – Ageing • Countermeasures: – Differential measurement – Redundancy: Selection of reliable bits (1000 PUF Bits  100 Key Bits) – Proper design: Design and design parameters must consider the behavior of temperature and voltage variations as well as ageing (as for any other circuit design) 22
Technische Universität München Frequency behavior of an oscillator PUF f Osc 3 instable Osc 4 f Osc 1 good Osc 2 f Osc 5 Osc 6 -40°C 25°C Critical: uniqueness may be compromised 150°C 23
Technische Universität München State of the Art in error correction Encoded Key Bits PUF Bits: - Reliable 1 - Reliable 0 - Unreliable PUF Response Block Borders Helper Data u =1 index of selected bit 1 u2=? u3=3 • All error correctors work on fixed block structure: e.g. IBS (Yu and Devadas, 2010 *) • Goal: find one white and one black square in each block of four • Helper data store the indices of selected bits * M.-D. Yu and S. Devadas, Secure and robust error correction for physical unclonable functions, IEEE Design & Test of Computers, vol. 27, no. 1, pp. 48-65, 2010 24
Technische Universität München Differential Sequence Coding * Encoded Key Bits PUF Response Helper Data - distance - inversion • • • • No fixed block borders Helper data store distance to next bit and an inversion indicator Larger blocks of unreliable bits can be skipped Most efficient error corrector scheme known to date * M. Hiller, M. Weiner, L. Rodrigues Lima, M- Birkner and G. Sigl. Breaking through Fixed PUF Block Limitations with Differential Sequence Coding and Convolutional Codes, TrustED, 2013 25
Technische Universität München Components of a PUF key store Challenge Ci • • • • • Physical System Response Error Correction S RCi E Challenge: Physical System: Response: Error Correction: Hash Function: Hash Function Helper Data (Public) Key H K Power-On for SRAM, Ring-Oscillator selection SRAM, Ring-Oscillators Stream of Bits Using public helper data to increase reliability Removes bias in the key bit distribution 26
Technische Universität München Secure embedded system: Secure Elements M2M other System on Chip SIM ID Actuator GSM Trust Core 1 OS Core 2 Core i System on Chip Core n IO-interfaces RAM Flash ID Sensor Peripherals Hardware Security Module 27
Technische Universität München Tasks of Secure Elements • • • • • • • • Key storage Asymmetric cryptography (signing and encryption) Session key generation Random number generation Access right check Integrity check Attestation Secure data storage • Resistance against Hardware attacks! 28
Technische Universität München Secure Element in a vehicle • In BMBF Project SEIS (Sicherheit in eingebetteten IP-basierten Systemen) AISEC integrated a Secure Element in a car. Internet Gateway OEM Server Secure Element 29
Technische Universität München Secure Element in Smart Meter The BSI Protection Profile requests a Secure Element in the Smart Meter Gateway. Secure Element Source: Protection Profile für das Gateway eines Smart Metering Systems; http://www.bsi.bund.de 30
Technische Universität München Secure Smart Meter • Java 3.0 Secure Element in Smart Meter – All security functions enclosed – Communication end point • Gateway – Memory (encrypted) – Display – Communication channels • Advantages: – High Security through Hardware Secure Element – Easier certification 31
Technische Universität München Secure Elements in mobile phones 3 Secure Elements • SIM • Security Chip • Secure SD Card 32
Technische Universität München Secure embedded system: Secure Software M2M other System on Chip SIM ID Actuator GSM Trust Core 1 OS Core 2 Core i System on Chip Core n IO-interfaces RAM Flash ID Sensor Peripherals Hardware Security Module 33
Technische Universität München Trusted OS • Trusted execution environment in the system controller • Virtualisiation for application separation • Integration of a hardware secure elements as trust anchor 34
Technische Universität München Trusted OS: Linux Containers (Trust|Me) Idea: Sandboxed Android using container-based isolation – Remote device administration – – Remote access using ssh and other Linux utilities Storage – – Transparent file encryption (device or file based) – – Filesystem snapshots and recovery File integrity protection using Linux Security Modules (LSM) Network – – Transparent tunneling using Virtual Private Networks (VPN) Graphical User Interface (GUI) – Secure display (indicated by LED) and secure input (hardware buttons) – Secure PIN entry used to unlock SE in microSD card (key storage) 35
Technische Universität München Thank You georg.sigl@aisec.fraunhofer.de sigl@tum.de 36

Recommended

Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security Malachi Jones
 
Security in embedded systems
Security in embedded systemsSecurity in embedded systems
Security in embedded systemsRaghav S
 
Security in an embedded system
Security in an embedded system Security in an embedded system
Security in an embedded system UrmilasSrinivasan
 
Securing embedded systems (for share)
Securing embedded systems (for share)Securing embedded systems (for share)
Securing embedded systems (for share)AndrewRJamieson
 
406997673-Computers-as-Components-2nd-Edi-Wayne-Wolf.pptx
406997673-Computers-as-Components-2nd-Edi-Wayne-Wolf.pptx406997673-Computers-as-Components-2nd-Edi-Wayne-Wolf.pptx
406997673-Computers-as-Components-2nd-Edi-Wayne-Wolf.pptxpraveenkistappagari
 
Cyber Physical System: Architecture, Applications and Research Challenges
Cyber Physical System: Architecture, Applications and Research ChallengesCyber Physical System: Architecture, Applications and Research Challenges
Cyber Physical System: Architecture, Applications and Research ChallengesSyed Hassan Ahmed
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Applicationedavid2685
 
IoT and embedded systems.pptx
IoT and embedded systems.pptxIoT and embedded systems.pptx
IoT and embedded systems.pptxDanishKhan894003
 

Recommended

Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security Malachi Jones
 
Security in embedded systems
Security in embedded systemsSecurity in embedded systems
Security in embedded systemsRaghav S
 
Security in an embedded system
Security in an embedded system Security in an embedded system
Security in an embedded system UrmilasSrinivasan
 
Securing embedded systems (for share)
Securing embedded systems (for share)Securing embedded systems (for share)
Securing embedded systems (for share)AndrewRJamieson
 
406997673-Computers-as-Components-2nd-Edi-Wayne-Wolf.pptx
406997673-Computers-as-Components-2nd-Edi-Wayne-Wolf.pptx406997673-Computers-as-Components-2nd-Edi-Wayne-Wolf.pptx
406997673-Computers-as-Components-2nd-Edi-Wayne-Wolf.pptxpraveenkistappagari
 
Cyber Physical System: Architecture, Applications and Research Challenges
Cyber Physical System: Architecture, Applications and Research ChallengesCyber Physical System: Architecture, Applications and Research Challenges
Cyber Physical System: Architecture, Applications and Research ChallengesSyed Hassan Ahmed
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Applicationedavid2685
 
IoT and embedded systems.pptx
IoT and embedded systems.pptxIoT and embedded systems.pptx
IoT and embedded systems.pptxDanishKhan894003
 
Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructureNeha Agarwal
 
Presentation on IOT SECURITY
Presentation on IOT SECURITYPresentation on IOT SECURITY
Presentation on IOT SECURITYThe Avi Sharma
 
Securing Electric Utility Infrastructure
Securing Electric Utility InfrastructureSecuring Electric Utility Infrastructure
Securing Electric Utility InfrastructureDragos, Inc.
 
Cryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie BrownCryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie BrownInformation Security Awareness Group
 
IP Security
IP SecurityIP Security
IP SecurityKeshab Nath
 
Security in Cyber-Physical Systems
Security in Cyber-Physical SystemsSecurity in Cyber-Physical Systems
Security in Cyber-Physical SystemsBob Marcus
 
Arm processor
Arm processorArm processor
Arm processorSHREEHARI WADAWADAGI
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hackingchakrekevin
 
Typical Embedded System
Typical Embedded SystemTypical Embedded System
Typical Embedded Systemanand hd
 
18CS44-MODULE3-PPT.pptx
18CS44-MODULE3-PPT.pptx18CS44-MODULE3-PPT.pptx
18CS44-MODULE3-PPT.pptxSudeep35
 
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToJim Gilsinn
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?Raffael Marty
 
IOT Forensic Challenges
IOT Forensic ChallengesIOT Forensic Challenges
IOT Forensic ChallengesAnukaJinadasa
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructureUnisys Corporation
 
Final cyber physical system (1)
Final cyber physical system (1)Final cyber physical system (1)
Final cyber physical system (1)vanisre jaiswal
 
Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control FundamentalsInformation Technology
 
Pervasive Computing
Pervasive ComputingPervasive Computing
Pervasive ComputingAnkita Gupta
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT SecurityCAS
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoTWSO2
 
Security in Embedded systems
Security in Embedded systems Security in Embedded systems
Security in Embedded systems Naveen Jakhar, I.T.S
 
Embedded Systems Security: Building a More Secure Device
Embedded Systems Security: Building a More Secure DeviceEmbedded Systems Security: Building a More Secure Device
Embedded Systems Security: Building a More Secure DevicePriyanka Aash
 

More Related Content

What's hot

Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructureNeha Agarwal
 
Presentation on IOT SECURITY
Presentation on IOT SECURITYPresentation on IOT SECURITY
Presentation on IOT SECURITYThe Avi Sharma
 
Securing Electric Utility Infrastructure
Securing Electric Utility InfrastructureSecuring Electric Utility Infrastructure
Securing Electric Utility InfrastructureDragos, Inc.
 
Security in Cyber-Physical Systems
Security in Cyber-Physical SystemsSecurity in Cyber-Physical Systems
Security in Cyber-Physical SystemsBob Marcus
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hackingchakrekevin
 
Typical Embedded System
Typical Embedded SystemTypical Embedded System
Typical Embedded Systemanand hd
 
18CS44-MODULE3-PPT.pptx
18CS44-MODULE3-PPT.pptx18CS44-MODULE3-PPT.pptx
18CS44-MODULE3-PPT.pptxSudeep35
 
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToJim Gilsinn
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?Raffael Marty
 
IOT Forensic Challenges
IOT Forensic ChallengesIOT Forensic Challenges
IOT Forensic ChallengesAnukaJinadasa
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructureUnisys Corporation
 
Final cyber physical system (1)
Final cyber physical system (1)Final cyber physical system (1)
Final cyber physical system (1)vanisre jaiswal
 
Pervasive Computing
Pervasive ComputingPervasive Computing
Pervasive ComputingAnkita Gupta
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT SecurityCAS
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoTWSO2
 

What's hot (20)

Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructure
 
Presentation on IOT SECURITY
Presentation on IOT SECURITYPresentation on IOT SECURITY
Presentation on IOT SECURITY
 
Securing Electric Utility Infrastructure
Securing Electric Utility InfrastructureSecuring Electric Utility Infrastructure
Securing Electric Utility Infrastructure
 
Cryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie BrownCryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie Brown
 
IP Security
IP SecurityIP Security
IP Security
 
Security in Cyber-Physical Systems
Security in Cyber-Physical SystemsSecurity in Cyber-Physical Systems
Security in Cyber-Physical Systems
 
Arm processor
Arm processorArm processor
Arm processor
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Typical Embedded System
Typical Embedded SystemTypical Embedded System
Typical Embedded System
 
18CS44-MODULE3-PPT.pptx
18CS44-MODULE3-PPT.pptx18CS44-MODULE3-PPT.pptx
18CS44-MODULE3-PPT.pptx
 
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How To
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?
 
IOT Forensic Challenges
IOT Forensic ChallengesIOT Forensic Challenges
IOT Forensic Challenges
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical Infrastructure
 
Final cyber physical system (1)
Final cyber physical system (1)Final cyber physical system (1)
Final cyber physical system (1)
 
Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control Fundamentals
 
Pervasive Computing
Pervasive ComputingPervasive Computing
Pervasive Computing
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT Security
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoT
 

Viewers also liked

Embedded Systems Security: Building a More Secure Device
Embedded Systems Security: Building a More Secure DeviceEmbedded Systems Security: Building a More Secure Device
Embedded Systems Security: Building a More Secure DevicePriyanka Aash
 
introduction to Embedded System Security
introduction to Embedded System Securityintroduction to Embedded System Security
introduction to Embedded System SecurityAdel Barkam
 
ppt on embedded system
ppt on embedded systemppt on embedded system
ppt on embedded systemmanish katara
 
Embedded Security and the IoT
Embedded Security and the IoTEmbedded Security and the IoT
Embedded Security and the IoTteam-WIBU
 
Next Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by KasperskyNext Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by KasperskyL. Duke Golden
 
Enabling embedded security for the Internet of Things
Enabling embedded security for the Internet of ThingsEnabling embedded security for the Internet of Things
Enabling embedded security for the Internet of Thingsteam-WIBU
 
Embedded based home security system
Embedded based home security systemEmbedded based home security system
Embedded based home security systemNIT srinagar
 
ppt on Smart antennas
ppt on Smart antennasppt on Smart antennas
ppt on Smart antennasRitesh Kumar
 
Steganography Project
Steganography Project Steganography Project
Steganography Project Jitu Choudhary
 
Pmi pmp-resume template-7
Pmi pmp-resume template-7Pmi pmp-resume template-7
Pmi pmp-resume template-7mission_vishvas
 
Journey to sef development
Journey to sef developmentJourney to sef development
Journey to sef developmentM R Jhalawad
 
Vishvas resume template-13
Vishvas resume template-13Vishvas resume template-13
Vishvas resume template-13mission_vishvas
 
Pmi pmbok-resume template-10
Pmi pmbok-resume template-10Pmi pmbok-resume template-10
Pmi pmbok-resume template-10mission_vishvas
 
Resume template 18-cmmaao-pmi
Resume template 18-cmmaao-pmiResume template 18-cmmaao-pmi
Resume template 18-cmmaao-pmimission_vishvas
 
Vishvas resume template-19
Vishvas resume template-19Vishvas resume template-19
Vishvas resume template-19mission_vishvas
 

Viewers also liked (20)

Security in Embedded systems
Security in Embedded systems Security in Embedded systems
Security in Embedded systems
 
Embedded Systems Security: Building a More Secure Device
Embedded Systems Security: Building a More Secure DeviceEmbedded Systems Security: Building a More Secure Device
Embedded Systems Security: Building a More Secure Device
 
introduction to Embedded System Security
introduction to Embedded System Securityintroduction to Embedded System Security
introduction to Embedded System Security
 
ppt on embedded system
ppt on embedded systemppt on embedded system
ppt on embedded system
 
Embedded Security and the IoT
Embedded Security and the IoTEmbedded Security and the IoT
Embedded Security and the IoT
 
Next Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by KasperskyNext Generation Embedded Systems Security for IOT: Powered by Kaspersky
Next Generation Embedded Systems Security for IOT: Powered by Kaspersky
 
Embedded System Basics
Embedded System BasicsEmbedded System Basics
Embedded System Basics
 
Enabling embedded security for the Internet of Things
Enabling embedded security for the Internet of ThingsEnabling embedded security for the Internet of Things
Enabling embedded security for the Internet of Things
 
Embedded based home security system
Embedded based home security systemEmbedded based home security system
Embedded based home security system
 
ppt on Smart antennas
ppt on Smart antennasppt on Smart antennas
ppt on Smart antennas
 
Steganography Project
Steganography Project Steganography Project
Steganography Project
 
Polytronics
PolytronicsPolytronics
Polytronics
 
Resume template 1
Resume template 1Resume template 1
Resume template 1
 
Pmi pmp-resume template-7
Pmi pmp-resume template-7Pmi pmp-resume template-7
Pmi pmp-resume template-7
 
Journey to sef development
Journey to sef developmentJourney to sef development
Journey to sef development
 
ПУБЛІЧНА ШКОЛА
ПУБЛІЧНА ШКОЛАПУБЛІЧНА ШКОЛА
ПУБЛІЧНА ШКОЛА
 
Vishvas resume template-13
Vishvas resume template-13Vishvas resume template-13
Vishvas resume template-13
 
Pmi pmbok-resume template-10
Pmi pmbok-resume template-10Pmi pmbok-resume template-10
Pmi pmbok-resume template-10
 
Resume template 18-cmmaao-pmi
Resume template 18-cmmaao-pmiResume template 18-cmmaao-pmi
Resume template 18-cmmaao-pmi
 
Vishvas resume template-19
Vishvas resume template-19Vishvas resume template-19
Vishvas resume template-19
 

Similar to Secure Embedded Systems

Webinar: Potencializando a Indústria 4.0 com tecnologias ST
Webinar: Potencializando a Indústria 4.0 com tecnologias STWebinar: Potencializando a Indústria 4.0 com tecnologias ST
Webinar: Potencializando a Indústria 4.0 com tecnologias STEmbarcados
 
MIT Bitcoin Expo 2018 - Hardware Wallets Security
MIT Bitcoin Expo 2018 - Hardware Wallets SecurityMIT Bitcoin Expo 2018 - Hardware Wallets Security
MIT Bitcoin Expo 2018 - Hardware Wallets SecurityCharles Guillemet
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meetingfcleary
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meetingfcleary
 
Vishwanath rakesh ece 561
Vishwanath rakesh ece 561Vishwanath rakesh ece 561
Vishwanath rakesh ece 561RAKESH_CSU
 
System-level Threats: Dangerous Assumptions in modern Product Security
System-level Threats: Dangerous Assumptions in modern Product SecuritySystem-level Threats: Dangerous Assumptions in modern Product Security
System-level Threats: Dangerous Assumptions in modern Product SecurityCristofaro Mune
 
IoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutionsIoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutionsEric Larcheveque
 
Will future vehicles be secure?
Will future vehicles be secure?Will future vehicles be secure?
Will future vehicles be secure?Alan Tatourian
 
Cps security bitsworkshopdec15.2012 (1)
Cps security bitsworkshopdec15.2012 (1)Cps security bitsworkshopdec15.2012 (1)
Cps security bitsworkshopdec15.2012 (1)shanshicn
 
CPSSecurityBITSWorkshopDec15.2012 (1).pptx
CPSSecurityBITSWorkshopDec15.2012 (1).pptxCPSSecurityBITSWorkshopDec15.2012 (1).pptx
CPSSecurityBITSWorkshopDec15.2012 (1).pptxMahendraShukla27
 
Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Ahmed Mohamed Mahmoud
 
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...promediakw
 
1 es introduction
1 es introduction1 es introduction
1 es introductionchethana hs
 
Sicurezza Industrie4.0 - E M Tieghi templ Assintel_short
Sicurezza Industrie4.0 - E M Tieghi templ Assintel_shortSicurezza Industrie4.0 - E M Tieghi templ Assintel_short
Sicurezza Industrie4.0 - E M Tieghi templ Assintel_shortEnzo M. Tieghi
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolShah Sheikh
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cCharles Li
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systemsAlan Tatourian
 
STSAFE-A: certified security for IoT devices and services
STSAFE-A: certified security for IoT devices and servicesSTSAFE-A: certified security for IoT devices and services
STSAFE-A: certified security for IoT devices and servicesSylvie Boube-Politano
 
[Webinar] Software: The Lifeblood of any Medical Device
[Webinar] Software: The Lifeblood of any Medical Device[Webinar] Software: The Lifeblood of any Medical Device
[Webinar] Software: The Lifeblood of any Medical DeviceICS
 

Similar to Secure Embedded Systems (20)

Webinar: Potencializando a Indústria 4.0 com tecnologias ST
Webinar: Potencializando a Indústria 4.0 com tecnologias STWebinar: Potencializando a Indústria 4.0 com tecnologias ST
Webinar: Potencializando a Indústria 4.0 com tecnologias ST
 
MIT Bitcoin Expo 2018 - Hardware Wallets Security
MIT Bitcoin Expo 2018 - Hardware Wallets SecurityMIT Bitcoin Expo 2018 - Hardware Wallets Security
MIT Bitcoin Expo 2018 - Hardware Wallets Security
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meeting
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meeting
 
Vishwanath rakesh ece 561
Vishwanath rakesh ece 561Vishwanath rakesh ece 561
Vishwanath rakesh ece 561
 
System-level Threats: Dangerous Assumptions in modern Product Security
System-level Threats: Dangerous Assumptions in modern Product SecuritySystem-level Threats: Dangerous Assumptions in modern Product Security
System-level Threats: Dangerous Assumptions in modern Product Security
 
IoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutionsIoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutions
 
Will future vehicles be secure?
Will future vehicles be secure?Will future vehicles be secure?
Will future vehicles be secure?
 
Cps security bitsworkshopdec15.2012 (1)
Cps security bitsworkshopdec15.2012 (1)Cps security bitsworkshopdec15.2012 (1)
Cps security bitsworkshopdec15.2012 (1)
 
CPSSecurityBITSWorkshopDec15.2012 (1).pptx
CPSSecurityBITSWorkshopDec15.2012 (1).pptxCPSSecurityBITSWorkshopDec15.2012 (1).pptx
CPSSecurityBITSWorkshopDec15.2012 (1).pptx
 
Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Internet of things security "Hardware Security"
Internet of things security "Hardware Security"
 
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
 
1 es introduction
1 es introduction1 es introduction
1 es introduction
 
Sicurezza Industrie4.0 - E M Tieghi templ Assintel_short
Sicurezza Industrie4.0 - E M Tieghi templ Assintel_shortSicurezza Industrie4.0 - E M Tieghi templ Assintel_short
Sicurezza Industrie4.0 - E M Tieghi templ Assintel_short
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrol
 
Industrial networks safety & security - e+h june 2018 ben murphy
Industrial networks safety & security - e+h june 2018 ben murphyIndustrial networks safety & security - e+h june 2018 ben murphy
Industrial networks safety & security - e+h june 2018 ben murphy
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425c
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systems
 
STSAFE-A: certified security for IoT devices and services
STSAFE-A: certified security for IoT devices and servicesSTSAFE-A: certified security for IoT devices and services
STSAFE-A: certified security for IoT devices and services
 
[Webinar] Software: The Lifeblood of any Medical Device
[Webinar] Software: The Lifeblood of any Medical Device[Webinar] Software: The Lifeblood of any Medical Device
[Webinar] Software: The Lifeblood of any Medical Device
 

Recently uploaded

Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 

Recently uploaded (20)

Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 

Secure Embedded Systems

  • 1. Technische Universität München Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge Kolloquium der Fakultät 5 der Universität Stuttgart 17. Dezember 2013 Prof. Dr.-Ing. Georg Sigl Lehrstuhl für Sicherheit in der Informationstechnik Technische Universität München Fraunhofer Institut für Angewandte und Integrierte Sicherheit AISEC
  • 2. Technische Universität München Content • Attack examples on embedded systems • Future secure embedded systems 2
  • 4. Technische Universität München Attacks on modern cars Comprehensive Experimental Analyses of Automotive Attack Surfaces S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, T. Kohno. USENIX Security, August 10–12, 2011. 4
  • 5. Technische Universität München Attacks on industrial control systems: Stuxnet http://www.faz.net/aktuell/feuilleton/debatten/digitales-denken/trojaner-stuxnet-der-digitaleerstschlag-ist-erfolgt-1578889.html 5
  • 6. Technische Universität München Attacks on industrial control systems Source: http://www.bhkw-infothek.de/nachrichten/18555/2013-04-15-kritische-sicherheitsluckeermoglicht-fremdzugriff-auf-systemregler-des-vaillant-ecopower-1-0/ 6
  • 7. Technische Universität München Attacks on smart grid through smart meter 7
  • 8. Technische Universität München Attacks on medical devices Source: http://media.blackhat.com/bh-us-11/Radcliffe/BH_US_11_Radcliffe_Hacking_Medical_Devices_Slides.pdf 8
  • 9. Technische Universität München Product Piracy • Estimated damage in machine construction industry (source VDMA) – 7.9 Billon Euro (~4% of revenue) • Steps of pirates – HW Component identification – Software extraction – Rebuilding hardware – Cloning software 9
  • 10. Technische Universität München Trends increasing the security risks • Network connection – ES can be attacked through network – Insecure system  remote attacks  attacked through unprotected ES  malware • Standardization in software – Operating systems (e.g. Linux) – Web browsers • Platform design with software configurability  jail break, tuning • Concentration of multiple functions (multicore)  separation risk • Significant Know-How in ES  product piracy • Hacker = product owner  hardware attacks 10
  • 11. Technische Universität München Threads in Cyber Physical Systems Network and Backgroud Systems Attacks through broken embedded systems Attacks out of Cyberspace Embedded System BMBF-FKZ: 01IS13020 11
  • 12. Technische Universität München FUTURE SECURE EMBEDDED SYSTEMS 12
  • 13. Technische Universität München Requirements for future secure embedded systems 1. 2. 3. 4. Security for more than 10 years (target 30 years) Secure machine to machine communication (M2M) Protection of embedded systems against manipulation and misuse Fulfillment of typical non functional requirements, i.e.: – Real time behavior – Resource limitations (cost, power) 5. Maintain security despite of increasing complexity 6. Protection of intellectual property 7. Secure software update during operation 13
  • 14. Technische Universität München Secure embedded system M2M other System on Chip SIM ID Actuator GSM Trust Core 1 OS Core 2 Core i System on Chip Core n IO-interfaces RAM Flash ID Sensor Peripherals Hardware Security Module 14
  • 15. Technische Universität München Secure embedded system: Chip Identities M2M other System on Chip SIM ID Actuator GSM Trust Core 1 OS Core 2 Core i System on Chip Core n IO-interfaces RAM Flash ID Sensor Peripherals Hardware Security Module 15
  • 16. Technische Universität München IDs for Hardware • Binding of components – Authentication – Integrity checking • Piracy protection – Encryption with derived keys • Methods – Physical Unclonable Functions (PUF) : fingerprint of a chip – Fuses (electric or laser) – Flash memory 16
  • 17. Technische Universität München PUFs as security primitive „Unique“ Physical Property + Measurement Method = Authentication, Key Generation PUF + = Physical Unclonable Function 17
  • 18. Technische Universität München Ring Oscillator PUF (Suh and Devadas, 2007) * • Ring oscillator frequencies depend on manufacturing variations • Two ROs are compared to obtain a response bit * G. E. Suh and S. Devadas. Physical unclonable functions for device authentication and secret key generation. Design Automation Conference, 2007. DAC ’07. 44th ACM/IEEE, pages 9–14, 2007. 18
  • 19. Technische Universität München SRAM PUF (Guajardo et al., 2007) * • Symmetric circuit balance influenced by manufacturing variations • SRAM cells show a random, but stable value after power-up * J. Guajardo, S. S. Kumar, G. J. Schrijen, and P. Tuyls. FPGA intrinsic PUFs and their use for IP protection. In CHES 2007, volume 4727 of LNCS, pages 63–80. Springer, 2007 19
  • 20. Technische Universität München Automotive ECUs today and in future Microcontroller Microcontroller NVM RAM Code key CPU Code application PUF key Embedded Flash 65nm √ 40nm √ 28nm ? ??? CPU application Flash Encrypted Code/Data Logic Process + external Flash + Shrinkable + Lower Cost + Higher Performance 20
  • 21. Technische Universität München Alternatives to PUF based key generation Microcontroller RAM • Fuses – Electrical • Reliability: weak Code key CPU application – Laser • Size: very large • Security: Easy to identify and modify Flash Encrypted Code/Data • OTP (one time programmable memory) – Cost: comparison with PUF technology open – Security: memory cells easier to detect, extract and modify – Programming of key during test increases test complexity 21
  • 22. Technische Universität München Reliability of PUFs • Critical parameters: – Temperature – Voltage – Ageing • Countermeasures: – Differential measurement – Redundancy: Selection of reliable bits (1000 PUF Bits  100 Key Bits) – Proper design: Design and design parameters must consider the behavior of temperature and voltage variations as well as ageing (as for any other circuit design) 22
  • 23. Technische Universität München Frequency behavior of an oscillator PUF f Osc 3 instable Osc 4 f Osc 1 good Osc 2 f Osc 5 Osc 6 -40°C 25°C Critical: uniqueness may be compromised 150°C 23
  • 24. Technische Universität München State of the Art in error correction Encoded Key Bits PUF Bits: - Reliable 1 - Reliable 0 - Unreliable PUF Response Block Borders Helper Data u =1 index of selected bit 1 u2=? u3=3 • All error correctors work on fixed block structure: e.g. IBS (Yu and Devadas, 2010 *) • Goal: find one white and one black square in each block of four • Helper data store the indices of selected bits * M.-D. Yu and S. Devadas, Secure and robust error correction for physical unclonable functions, IEEE Design & Test of Computers, vol. 27, no. 1, pp. 48-65, 2010 24
  • 25. Technische Universität München Differential Sequence Coding * Encoded Key Bits PUF Response Helper Data - distance - inversion • • • • No fixed block borders Helper data store distance to next bit and an inversion indicator Larger blocks of unreliable bits can be skipped Most efficient error corrector scheme known to date * M. Hiller, M. Weiner, L. Rodrigues Lima, M- Birkner and G. Sigl. Breaking through Fixed PUF Block Limitations with Differential Sequence Coding and Convolutional Codes, TrustED, 2013 25
  • 26. Technische Universität München Components of a PUF key store Challenge Ci • • • • • Physical System Response Error Correction S RCi E Challenge: Physical System: Response: Error Correction: Hash Function: Hash Function Helper Data (Public) Key H K Power-On for SRAM, Ring-Oscillator selection SRAM, Ring-Oscillators Stream of Bits Using public helper data to increase reliability Removes bias in the key bit distribution 26
  • 27. Technische Universität München Secure embedded system: Secure Elements M2M other System on Chip SIM ID Actuator GSM Trust Core 1 OS Core 2 Core i System on Chip Core n IO-interfaces RAM Flash ID Sensor Peripherals Hardware Security Module 27
  • 28. Technische Universität München Tasks of Secure Elements • • • • • • • • Key storage Asymmetric cryptography (signing and encryption) Session key generation Random number generation Access right check Integrity check Attestation Secure data storage • Resistance against Hardware attacks! 28
  • 29. Technische Universität München Secure Element in a vehicle • In BMBF Project SEIS (Sicherheit in eingebetteten IP-basierten Systemen) AISEC integrated a Secure Element in a car. Internet Gateway OEM Server Secure Element 29
  • 30. Technische Universität München Secure Element in Smart Meter The BSI Protection Profile requests a Secure Element in the Smart Meter Gateway. Secure Element Source: Protection Profile für das Gateway eines Smart Metering Systems; http://www.bsi.bund.de 30
  • 31. Technische Universität München Secure Smart Meter • Java 3.0 Secure Element in Smart Meter – All security functions enclosed – Communication end point • Gateway – Memory (encrypted) – Display – Communication channels • Advantages: – High Security through Hardware Secure Element – Easier certification 31
  • 32. Technische Universität München Secure Elements in mobile phones 3 Secure Elements • SIM • Security Chip • Secure SD Card 32
  • 33. Technische Universität München Secure embedded system: Secure Software M2M other System on Chip SIM ID Actuator GSM Trust Core 1 OS Core 2 Core i System on Chip Core n IO-interfaces RAM Flash ID Sensor Peripherals Hardware Security Module 33
  • 34. Technische Universität München Trusted OS • Trusted execution environment in the system controller • Virtualisiation for application separation • Integration of a hardware secure elements as trust anchor 34
  • 35. Technische Universität München Trusted OS: Linux Containers (Trust|Me) Idea: Sandboxed Android using container-based isolation – Remote device administration – – Remote access using ssh and other Linux utilities Storage – – Transparent file encryption (device or file based) – – Filesystem snapshots and recovery File integrity protection using Linux Security Modules (LSM) Network – – Transparent tunneling using Virtual Private Networks (VPN) Graphical User Interface (GUI) – Secure display (indicated by LED) and secure input (hardware buttons) – Secure PIN entry used to unlock SE in microSD card (key storage) 35
  • 36. Technische Universität München Thank You georg.sigl@aisec.fraunhofer.de sigl@tum.de 36