secure embedded systems: a software-hardware symbiosisembedded security challenges embedded system...
TRANSCRIPT
![Page 1: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/1.jpg)
Secure Embedded Systems:A Software-Hardware Symbiosis
Patrick SchaumontECE Department, Virginia Tech
2 April 2010CS Department, Virginia Tech
![Page 2: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/2.jpg)
Embedded Security? Where?
Authenticate
Wireless keys and access control
2
![Page 3: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/3.jpg)
Embedded Security? Where?
Electronic Money
3
Request
+ Signature
Approval
$$$
$$$
![Page 4: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/4.jpg)
Embedded Security? Where?
Protecting Bits at Rest
Integrity
4
Confidentiality
![Page 5: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/5.jpg)
Stored Secrets
• Integrity (key-less) hash
• Confidentiality Symmetric-Key
• Authentication Symmetric-Key/ Public-Key
• Non-repudiation (signing) Public-Key
5
Embedded Security relies on stored secrets
![Page 6: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/6.jpg)
Common Technologies
Architecture
DedicatedHardware
MicroController MicroController withAccelerator Hardware
6
Architecture
Program
Data
Power
MOPS
Hardware Accelerator Hardware
100's bits 100's bytes Several Kbytes
Several Kbytes Several 100's Kbytes
4 - 8 bit 16 - 32 bit
100's KHz 1 MHz 50 MHz
30 µW 5 mW 100 mW
Memory
![Page 7: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/7.jpg)
Embedded Security Challenges
Embedded System
Stored Secret
Crypto
7
![Page 8: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/8.jpg)
Embedded Security Challenges
Embedded System
Challenge #1: Dealing with Resource Constraints
Stored Secret
Crypto
8
Signing
AVR ATMega128 8MHz 2.00s [Liu 08]
Sig Generation0.13mm CMOS 500KHz18KGates 400mW
0.41s [Gaubatz 05]
Micro-Controller Software (Sensor Node)
Dedicated Hardware (Low Power)
Workstation Software
ECDSAsecp160p163
Sig Generation
Sig Generation
Intel Core 2 Q6600 2.4GHz 1.36ms [EBACS 10]
![Page 9: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/9.jpg)
Embedded Security Challenges
Embedded System
Challenge #2: Dealing with Implementation Attacks
in out
Stored Secret
Crypto
9
• Traditional cryptography assumes black-box implementations: attacks should only consider input/output data.
![Page 10: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/10.jpg)
Embedded Security Challenges
Embedded System
Challenge #2: Dealing with Implementation Attacks
Trust Boundary
in out
I(t)
EM
tStored Secret
Crypto
10
• Traditional cryptography assumes black-box implementations: attacks should only consider input/output data.
• Secure Embedded Systems are gray-box systems:their implementation characteristics (power dissipation, execution time, radiation, ...) can be observed
• Implementation attacks exploit features of the physical implementation
![Page 11: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/11.jpg)
Our Research
• How to implement trustworthy secure embedded systems
• that can thwart attacks?
• that are efficient?
11
1. Preventing Implementation Attacks on Software
2. Chip-Unique Binding of Software and Hardware
Two examples of ongoing projects
![Page 12: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/12.jpg)
Our Research
• How to implement trustworthy secure embedded systems
• that can thwart attacks?
• that are efficient?
12
1. Preventing Implementation Attacks on Software
2. Chip-Unique Binding of Software and Hardware
Two examples of ongoing projects
![Page 13: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/13.jpg)
Starting Point: An Embedded Core
LocalMemory
Program
13
Register File
ExecutionPipeline
I+D MemoryInterface
Register File
Execution
Pipeline
I+D MemoryInterface
LocalMemory
Program
![Page 14: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/14.jpg)
Passive Attack
Side-channel Analysis:
AES-128 (symmetric-key) on a embedded 32-bit CPU
- 256 measurements ("traces")
14
- 256 measurements ("traces") disclose first key byte
- 40,960 traces disclose ALL key bytes
Real-time for attack ~ 5 minutes
![Page 15: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/15.jpg)
Implementation Attack
LocalMemory
Program
AES-128(Symmetric-Key) Side-channel leakage observed from
AES-128 executing on a PPC Processor
15
Register File
ExecutionPipeline
I+D MemoryInterface
I(t)
Side-channel Analysis
Stored Secret
![Page 16: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/16.jpg)
How to thwart implementation attack?
I(t)Local
Memory
Program
16
Register File
ExecutionPipeline
I+D MemoryInterface
t
Program
I(t)
![Page 17: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/17.jpg)
How to thwart implementation attack?
I(t)Local
MemoryLocal
Memory
Program Program
Trust Boundary
Program
Side-channel leakage disappears!
17
Register File
ExecutionPipeline
I+D MemoryInterface
Register File
ExecutionPipeline
I+D MemoryInterface
t
Program
I(t)
![Page 18: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/18.jpg)
How to write Program and Program ?
• Side Channel Leakage is proportional to the Hamming Weight of the Sensitive Data
18
![Page 19: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/19.jpg)
How to write Program and Program ?
• Side Channel Leakage is proportional to the Hamming Weight of the Sensitive Data
• Program and Program work on complementary sensitive data
If Program writes 0x55 into register r5then Program writes into register
19
If Program writes 0x55 into register r5then Program writes 0xAA into register r5
• Program and Program execute complementary instructions
If Program performs and r3, r4, r5
the Program performs or r3, r4, r5
• Program and Program run synchronized
![Page 20: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/20.jpg)
How to write Program and Program ?
• Side Channel Leakage is proportional to the Hamming Weight of the Sensitive Data
• Program and Program work on complementary sensitive data
If Program writes 0x55 into register r5then Program writes into register
20
If Program writes 0x55 into register r5then Program writes 0xAA into register r5
• Program and Program execute complementary instructions
If Program performs and r3, r4, r5
the Program performs or r3, r4, r5
• Program and Program run synchronized
Hamming Weight of Sensitive Data remain constant
![Page 21: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/21.jpg)
Resulting Side-channel strength
Side-channel Analysis:
AES-128 (symmetric-key) on a dual-core CPU with complementaryprograms
21
programs
- 81920 traces to disclose firstkey byte (single-core: 256 traces)
- 1M traces cannot disclose all keybytes (single-core: 40960 tracesdiscloses all)
![Page 22: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/22.jpg)
Of course, there are other attacks ...
• Invasive attacks breach the trust boundary; Non-invasive attacks do not
• Active attacks affect the trusted behavior; Passive attacks do not
Active Passive
Trust Boundary
Trusted
Behavior
Crypto
22
Invasive
Non-Invasive
Active Passive
Tampering
Fault Attack
Probing
Side-channel Attack(SCA)
![Page 23: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/23.jpg)
Our Research
• How to implement trustworthy secure embedded systems
• that can thwart attacks?
• that are efficient?
23
1. Preventing Implementation Attacks on Software
2. Chip-Unique Binding of Software and Hardware
Two examples of ongoing projects
![Page 24: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/24.jpg)
Chip-Unique Binding of SW and HW
• How can we demonstrate the uniqueness of the link between embedded hardware and embedded software ?
SW SW
24
EmbeddedCPU
Embedded System
EmbeddedCPU
repurpose HW
steal SW
Counterfeit System Counterfeit System
![Page 25: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/25.jpg)
Physical Unclonable Functions
DesignerChip Fab Chip
Chip1
25
RandomProcess
ManufacturingVariations
Chip1
Chip2
Chip3An unclonable on-chip IDis a chip-level structure thatdeliberately exploits randomprocess manufacturingvariations to establish thechip identity
• Wire width• Doping Level• Threshold Voltage
![Page 26: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/26.jpg)
Chip-Unique Binding of SW and HW
• By definition, a PUF cannot be copied or tampered with
• A PUF can be implemented as a challenge/response function
• A PUF works can be used as an intrinsic key generator
26
EmbeddedCPU
SW
Embedded System
PUF
C
R
![Page 27: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/27.jpg)
SW Binding with a PUF
1. PUF Enrollment
SW
Generate a C/R pairEncrypt Software
ER(SW)Distribute
C, E (SW)
27
EmbeddedCPU
Embedded System
PUF
C
R
C, ER(SW)
2. Deployment
Recreate R with CDecrypt Software
DPUF(C)(SW)Execute SW
![Page 28: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/28.jpg)
Protection FPGA SW and HW
FPGAConfiguration
Memory
Embedded Hardware Platform
(Flash)
28
![Page 29: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/29.jpg)
Protection FPGA SW and HW
ConfigurationMemory
Embedded Hardware Platform1. Configure FPGA
Define HW(Flash)
PUF
IntegrityKernel
EmbeddedCPU
On-ChipRAM
29
FPGA Configuration
PUF
IntegrityKernel
EmbeddedCPU
On-ChipRAM
![Page 30: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/30.jpg)
Protection FPGA SW and HW
EncryptedSW Binary
FPGAConfiguration
Memory
Embedded Hardware Platform1. Configure FPGA
2. Prepare SW
Define HW(Flash)
SecurityKernel (C)
Encrypt SW w/ PUF R
30
Encrypt SW w/ PUF RStore PUF C
FPGA Configuration
PUF
IntegrityKernel
EmbeddedCPU
On-ChipRAM
![Page 31: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/31.jpg)
Protection FPGA SW and HW
EncryptedSW Binary
FPGAConfiguration
Memory
Embedded Hardware Platform1. Configure FPGA
2. Prepare SW
Define HW(Flash)
SecurityKernel (C)
Encrypt SW w/ PUF R
31
3. Boot System
Encrypt SW w/ PUF RStore PUF C
Verify Flash Integrity
FPGA Configuration
PUF
IntegrityKernel
EmbeddedCPU
On-ChipRAM
![Page 32: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/32.jpg)
Protection FPGA SW and HW
EncryptedSW Binary
FPGAConfiguration
Memory
Embedded Hardware Platform1. Configure FPGA
2. Prepare SW
Define HW(Flash)
SecurityKernel (C)
Encrypt SW w/ PUF R
32
3. Boot System
Encrypt SW w/ PUF RStore PUF C
Verify Flash IntegrityLoad Security Kernel
FPGA Configuration
PUF
IntegrityKernel
EmbeddedCPU
On-ChipRAM
![Page 33: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/33.jpg)
Protection FPGA SW and HW
EncryptedSW Binary
FPGAConfiguration
Memory
Embedded Hardware Platform1. Configure FPGA
2. Prepare SW
Define HW(Flash)
SecurityKernel (C)
Encrypt SW w/ PUF R
33
3. Boot System
Encrypt SW w/ PUF RStore PUF C
Verify Flash IntegrityLoad Security KernelRetrieve ResponseLoad & Decrypt SW
FPGA Configuration
PUF
IntegrityKernel
EmbeddedCPU
On-ChipRAM
![Page 34: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/34.jpg)
Protection FPGA SW and HW
EncryptedSW Binary
FPGAConfiguration
Memory
Embedded Hardware Platform1. Configure FPGA
2. Prepare SW
Define HW(Flash)
SecurityKernel (C)
Encrypt SW w/ PUF R
34
3. Boot System
Encrypt SW w/ PUF RStore PUF C
Verify Flash IntegrityLoad Security KernelRetrieve ResponseLoad & Decrypt SWExecute!
FPGA Configuration
PUF
IntegrityKernel
EmbeddedCPU
On-ChipRAM
![Page 35: Secure Embedded Systems: A Software-Hardware SymbiosisEmbedded Security Challenges Embedded System Challenge #2: Dealing with Implementation Attacks Trust Boundary in out I(t) EM t](https://reader034.vdocuments.mx/reader034/viewer/2022042022/5e791030cdcf0330747655fe/html5/thumbnails/35.jpg)
Conclusion
• Secure Embedded Systems =Information Security + Efficient Implementation + Trustworthy Implementation
35
• The Hardware/Software Symbiosys:Software delivers complexity, flexibilityHardware delivers trustworthiness