Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security of Embedded Systems

Similar presentations

Presentation on theme: "Information Security of Embedded Systems"— Presentation transcript:

1 Information Security of Embedded Systems 11. 11
Information Security of Embedded Systems : Foundations of Security Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST

2 Structure Introductory example Embedded systems engineering
definitions and terms design principles Foundations of security threats, attacks, measures construction of safe systems Design of secure systems design challenges safety modelling and assessment cryptographic algorithms Communication of embedded systems remote access sensor networks Algorithms and measures digital signatures key management authentification authorization Formal methods for security protocol verification logics and proof methods Embedded Security © Prof. Dr. H. Schlingloff 2009

3 Security – Basic Terms RAMS: the pillars of trustability (Verlässlichkeit) Reliabiliy (Zuverlässigkeit) mean time between failure, inverse failure rate Availability (Verfügbarkeit) limit of uptime/time Maintainability (Betriebsfähigkeit) probability that an item will be operational within a given period of time Safety (Sicherheit, Ausfallsicherheit) probability of absence of critical failures Security (Schutz, Informationssicherheit) degree of protection against attacks R=mtbf=1/failure rate; A=P(ok)=d/dt uptime/time; M=probability that an item will be operational within a given period of time; S=probability of absence of critical failures S=degree of protection against attacks Embedded Security © Prof. Dr. H. Schlingloff 2009

4 Safety vs. Security Safety (frz. sauf, exception)
protection against unintended accidents/incidents threats from the system’s inside (malfunctioning) “nothing bad ever happens” Security (lat. sine cura, carefree) protection against malevolent (intended) attacks, degree of resistance to harm threats from the outside Boundaries sometimes not clear Intention, purpose, aim, will, wish, faith … Embedded Security © Prof. Dr. H. Schlingloff 2009

5 Threats and Attacks Analysis of threats and possible attacks Hints
model the system with all stakeholders who possesses, who owns which information? know your system interfaces and boundaries in particular, which potential harm it could do assess your enemy’s intentions assume he/she has total control of the system: full access to all sensor information, controlling all actuators Hints Refrain from categories such as “good” and “bad” Remember Murphy’s law “anything which can go wrong, will go wrong” every lock can be broken, every line overheard… Embedded Security © Prof. Dr. H. Schlingloff 2009

6 Main Reasons for Security Problems
Faulty design implementation bugs missing checks of parameters, possibility of avoidance of checks, missing / unimplemented security checks wrong rights in design, e.g. unlimited access Faulty operation (missing awareness, administrative sloppyness, convenience instead of security) passwords pinned to the screen, easy-to-guess passwords, account without password, default settings for devices exceptions in firewall no reactions to known gaps Embedded Security © Prof. Dr. H. Schlingloff 2009

7 What are the Attacks? Accessing confidential information
intellectual damage e.g. monetary transactions, IPR spoiled reputation, lost identity gaining access to other systems Unauthorized control of the system physical property damage causing system malfunctions causing accidents through the system potentially even injury, death Embedded Security © Prof. Dr. H. Schlingloff 2009

8 Who are the Attackers? Hacker, cracker Criminal organizations
“sport”, avoiding license fees Criminal organizations Mass-mailing farms, bots Industrial espionage underbidding, know-how transfer Government agencies infamous “Bundestrojaner” Personal enemies Insiders More than 50% of all known attacks are from insiders! reasons: frustration, monetary, revenge Embedded Security © Prof. Dr. H. Schlingloff 2009

9 What are the Reactions? Owners Suppliers Competitors Government
don’t care complain Suppliers don’t publish security issues; blame the customer Competitors demand and advertise software multi-culture Government criminal laws against trespassers Software-industry better/more virus protection software Science discuss in the open, research security improvements, social engineering Embedded Security © Prof. Dr. H. Schlingloff 2009

10 Example: Internet Thermostat
Control of household heating and cooling Embedded control for automatic adjustment summer/winter, day/night, presence/absence, … Connectivity for remote control e.g. via SMS for noticing imminent arrival Attacks false “coming home” messages waste energy subject the house to extreme heat and cold turn off the system, freezing pipes, dying pets… Philip Koopman, Embedded System Security, Carnegie Mellon University 2004 Embedded Security © Prof. Dr. H. Schlingloff 2009

11 Example: Internet Thermostat (2)
Connectivity to utility companies possibility of suggesting or demanding changes in thermostat operation during periods of peak demand radio commands to disable or reduce the duty cycle of air conditioning units during peak loads change all thermostat’s set point a few degrees to ease power requirements during peak loads financial compensation Attacks practical jokes such as “nightly home sauna” increase power demand by modifying set points, inflate utility bills coordinate power consumption among many homes, causing power grid failure, esp. if feature is calculated with Embedded Security © Prof. Dr. H. Schlingloff 2009

12 Example: Internet Thermostat (3)
Power supply wireless thermostat (no wires, no transformer, increased safety) each communication costs battery power attack: drain battery by repeated queries Systems are particularly vulnerable if battery is low low-voltage detection circuit, energy management, … Privacy monitor thermostat setting to detect absence or habits monitor traffic for inbound packets talking to the thermostat to detect absence “Big Brother” monitoring whether temperature is properly set monitor household temperature for taxes, dragnet investigations, … compare meter reading and temperature for suspicious differences Leo: Rasterfahndung = computer-aided search for wanted persons whereby the data of a large number of people are checked against existing data in a database Embedded Security © Prof. Dr. H. Schlingloff 2009

13 Homework: Car Guidance System
Automotive navigational systems are nowadays standard Internet connectivity is imminent Dynamic route calculation and guidance will soon be available broadly (partially, it already exists) What are the threats? Embedded Security © Prof. Dr. H. Schlingloff 2009

Download ppt "Information Security of Embedded Systems"

Similar presentations

Ads by Google