Technische Universität München - TUM · 2018-10-22 · Technische Universität München Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der

Technische Universität München

Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge

Mitgliederversammlung EIKON e.V.

26. Februar 2014

Prof. Dr.-Ing. Georg Sigl

Lehrstuhl für Sicherheit in der Informationstechnik


Fraunhofer Institut für Angewandte und Integrierte Sicherheit AISEC


Content

• Attack examples on embedded systems

• Future secure embedded systems

• Testing embedded systems‘ security

• Security research in Munich

2


ATTACKS ON EMBEDDED

SYSTEMS

3


FUTURE SECURE

EMBEDDED SYSTEMS

12


Requirements for future secure embedded systems

1. Security for more than 10 years (target 30 years)

2. Secure machine to machine communication (M2M)

3. Protection of embedded systems against manipulation and misuse

4. Fulfillment of typical non functional requirements, i.e.:

– Real time behavior

– Resource limitations (cost, power)

5. Maintain security despite increasing complexity

6. Protection of intellectual property

7. Secure software update during operation

13


Secure embedded system

Core 1 Core 2

Core i Core n RAM Flash

IO-interfaces Peripherals

Hardware

Security

Module

ID ID

Sensor Actuator

SIM

GSM

other System on Chip

System on Chip

M2M

Trust

OS

14


Secure embedded system: Chip Identities

Core 1 Core 2



Hardware

Security

Module

ID ID

Sensor Actuator

SIM

GSM


System on Chip

M2M

Trust

OS

15


IDs for Hardware

• Binding of components

– Authentication

– Integrity checking

• Piracy protection

– Encryption with derived keys

• Methods

– Physical Unclonable Functions

(PUF) : fingerprint of a chip

– Fuses (electric or laser)

– Flash memory

16


PUFs as security primitive

„Unique“

Physical Property Measurement

Method

Authentication,

Key Generation + =

+ =

PUF Physical

Unclonable

Function

17

http://www.google.de/search?q=fingerabdruckscanner&hl=de&biw=1843&bih=1003&prmd=imvnsa&source=univ&tbm=shop&tbo=u&sa=X&ei=wRJHUIb7ENKIhQeFsYCQCg&ved=0CE8QzAMwAQ



http://de.wikipedia.org/w/index.php?title=Datei:Fingerabdruckscanner_L_Scan_100.jpg&filetimestamp=20090117165106

http://de.wikipedia.org/w/index.php?title=Datei:Mustermann_nPA.jpg&filetimestamp=20101118201527


Ring Oscillator PUF (Suh and Devadas, 2007) *

• Ring oscillator frequencies depend on manufacturing variations

• Two ROs are compared to obtain a response bit

18 * G. E. Suh and S. Devadas. Physical unclonable functions for device authentication and secret key

generation. Design Automation Conference, 2007. DAC ’07. 44th ACM/IEEE, pages 9–14, 2007.


SRAM PUF (Guajardo et al., 2007) *

• Symmetric circuit balance influenced by manufacturing variations

• SRAM cells show a random, but stable value after power-up

19 * J. Guajardo, S. S. Kumar, G. J. Schrijen, and P. Tuyls. FPGA intrinsic PUFs and their use for IP

protection. In CHES 2007, volume 4727 of LNCS, pages 63–80. Springer, 2007


Microcontroller

PUF

Automotive ECUs today and in future

Microcontroller

NVM

key application

Code CPU

Embedded Flash

65nm √

40nm √

28nm ?

???

RAM

key application

Code CPU

Flash

Encrypted Code/Data

Logic Process + external Flash

+ Shrinkable

+ Lower Cost

+ Higher Performance

20


Alternatives to PUF based key generation

• Fuses

– Electrical

• Reliability: weak

– Laser

• Size: very large

• Security: Easy to identify and modify

• OTP (one time programmable memory)

– Cost: comparison with PUF technology open

– Security: memory cells easier to detect, extract and modify

– Programming of key during test increases test complexity

Microcontroller

RAM

key application

Code CPU

Flash

Encrypted Code/Data

21


Reliability of PUFs

• Critical parameters:

– Temperature

– Voltage

– Ageing

• Countermeasures:

– Differential measurement

– Redundancy: Selection of reliable bits (1000 PUF Bits 100

Key Bits)

– Proper design: Design and design parameters must consider

the behavior of temperature and voltage variations as well as

ageing (as for any other circuit design)

22


Frequency behavior of an oscillator PUF

-40°C 150°C 25°C

Osc 1 Osc 2

Osc 3

Osc 4

f

Osc 5

Osc 6

good

instable

Critical:

uniqueness may

be compromised

f

f

23


24

State of the Art in error correction

• All error correctors work on fixed block structure:

e.g. IBS (Yu and Devadas, 2010 *)

• Goal: find one white and one black square in each block of four

• Helper data store the indices of selected bits

PUF Bits:

- Reliable 1

- Reliable 0

- Unreliable

PUF Response

Block Borders

Helper Data

index of selected bit u1=1 u2=? u3=3

Encoded Key Bits

* M.-D. Yu and S. Devadas, Secure and robust error correction for physical unclonable functions,

IEEE Design & Test of Computers, vol. 27, no. 1, pp. 48-65, 2010


Differential Sequence Coding *

• No fixed block borders

• Helper data store distance to next bit and an inversion indicator

• Larger blocks of unreliable bits can be skipped

• Most efficient error corrector scheme known to date

Encoded Key Bits

Helper Data

- distance

- inversion

PUF Response

25 * M. Hiller, M. Weiner, L. Rodrigues Lima, M- Birkner and G. Sigl. Breaking through Fixed PUF

Block Limitations with Differential Sequence Coding and Convolutional Codes, TrustED, 2013


Secure embedded system: Secure Elements

Core 1 Core 2



Hardware

Security

Module

ID ID

Sensor Actuator

SIM

GSM


System on Chip

M2M

Trust

OS

27


Tasks of Secure Elements

• Key storage

• Asymmetric cryptography (signing and encryption)

• Session key generation

• Random number generation

• Access right check

• Integrity check

• Attestation

• Secure data storage

• Resistance against Hardware attacks!

28


Secure Element in a vehicle

• In BMBF Project SEIS (Sicherheit in eingebetteten IP-basierten

Systemen) AISEC integrated a Secure Element in a car.

OEM

Server

Internet

Gateway

Secure Element

29


Secure Element in Smart Meter

Source: Protection Profile für das Gateway eines Smart Metering Systems; http://www.bsi.bund.de

The BSI Protection Profile

requests a Secure Element in the

Smart Meter Gateway.

Secure

Element

30


Secure Elements in mobile phones

• SIM

• Security Chip

• Secure SD Card

3 Secure Elements

32


TESTING EMBEDDED

SYSTEMS‘ SECURITY

36


AISEC Labs to test security of systems!

37

Hardware GSM

NFC,

Mobile

App Test

Embedded


Attacks on PUF based key generation

• All PUFs are vulnerable to HW attacks:

– Probing/Forcing

– Fault Attacks

– Side Channel Attacks

• Attacking the physical system (ring oscillators frequencies) D. Merli, J. Heyszl, B. Heinz, D. Schuster, F. Stumpf, and G. Sigl. Localized

Electromagnetic Analysis of RO PUFs. In Proceedings of Int. Symposium

on Hardware-Oriented Security and Trust (HOST), June 2013. IEEE.

• Attacking the key extraction process D. Merli, D. Schuster, F. Stumpf, and G. Sigl. Semi-invasive EM attack on

FPGA RO PUFs and countermeasures. In 6th Workshop on Embedded

Systems Security (WESS’2011), Taipei, Taiwan, October 2011. ACM.

D. Merli, F. Stumpf, and G. Sigl. Protecting PUF error correction by

codeword masking. Cryptology ePrint Archive, Report 2013/334, 2013.

38


Ring Oscillator PUF (Suh and Devadas, 2007) *

• Ring oscillator frequencies depend on manufacturing variations

• Two ROs are compared to obtain a response bit

39 * G. E. Suh and S. Devadas. Physical unclonable functions for device authentication and secret key

generation. Design Automation Conference, 2007. DAC ’07. 44th ACM/IEEE, pages 9–14, 2007.


RO PUF, EM Side-Channel Attack (Merli et al., 2011)*

• Identification of RO PUF frequencies through EM side-channel

RO frequencies

around 100 MHz

40 * D. Merli, D. Schuster, F. Stumpf, and G. Sigl. Semi-invasive EM attack on FPGA RO PUFs and countermeasures.

In 6th Workshop on Embedded Systems Security (WESS’2011), Taipei, Taiwan, October 2011. ACM.


RO PUF, EM Side-Channel Attack (Merli et al., 2011)*

• RO PUF modelling by EM side-channel of frequency comparisons

RO_1

RO_2

RO_2

RO_3

41 * D. Merli, D. Schuster, F. Stumpf, and G. Sigl. Semi-invasive EM attack on FPGA RO PUFs and countermeasures.

In 6th Workshop on Embedded Systems Security (WESS’2011), Taipei, Taiwan, October 2011. ACM.


Side Channel Analysis: Electromagnetic Analysis

42


RO PUF, Localized EM Analysis (Merli et al., 2013)*

• Separation of Ring Oscillator PUF measurement components

possible by EM analysis

• RO frequency measurement can be observed step by step

• Full PUF model can be extracted

43 * D. Merli, J. Heyszl, B. Heinz, D. Schuster, F. Stumpf, and G. Sigl. Localized Electromagnetic Analysis of RO

PUFs. In Proceedings of Int. Symposium on Hardware-Oriented Security and Trust (HOST), June 2013. IEEE.


Security Research in Munich

46

Fraunhofer Institute for Applied and Integrated Security

Claudia Eckert Georg Sigl

TU München Computer Science

Claudia Eckert

TU München Electrical

Engineering

Georg Sigl

~3000 Students

~3000 Students

Industry Industry

© Fraunhofer

AISEC KEY FIGURES Employees: 2013: current status: > 90

Plans for further growth

2014 > 110

2015 > 150

Financing (Fraunhofer Model)

Up to 30% state directly, 70% 3rd party research projects

© Fraunhofer

AISEC Fields of Expertise

Embedded Security

Trusted platforms (HW/SW-Co-Design)

Hardware Security

HSMs, Side-channel, EMA-, Fault-Analysis

Product- and Know-How-Protection

PUF-solutions, smart materials, Firmware-Protection

Mobile Security

Trusted BYOD, App-Analysis Tool, Automotive-Sec.

IP-based Networks

Cloud-Networking, Secure Multi-Party Computation

Digital Identity

Attribute based IDs, Object-IDs, Web-IDs


[email protected]

[email protected]

51

Thank You

Documents

Technische Universität München - TUM · 2018-10-22 · Technische Universität München Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der