Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security of Embedded Systems 11.11.2009: Foundations of Security Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Similar presentations


Presentation on theme: "Information Security of Embedded Systems 11.11.2009: Foundations of Security Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST."— Presentation transcript:

1 Information Security of Embedded Systems : Foundations of Security Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST

2 Embedded Security © Prof. Dr. H. Schlingloff Structure 1. Introductory example 2. Embedded systems engineering 1.definitions and terms 2.design principles 3. Foundations of security 1.threats, attacks, measures 2.construction of safe systems 4. Design of secure systems 1.design challenges 2.safety modelling and assessment 3.cryptographic algorithms 5. Communication of embedded systems 1.remote access 2.sensor networks 6. Algorithms and measures 1.digital signatures 2.key management 3.authentification 4.authorization 7. Formal methods for security 1.protocol verification 2.logics and proof methods

3 Embedded Security © Prof. Dr. H. Schlingloff Security – Basic Terms RAMS: the pillars of trustability (Verlässlichkeit) Reliabiliy (Zuverlässigkeit)  mean time between failure, inverse failure rate Availability (Verfügbarkeit)  limit of uptime/time Maintainability (Betriebsfähigkeit)  probability that an item will be operational within a given period of time Safety (Sicherheit, Ausfallsicherheit)  probability of absence of critical failures Security (Schutz, Informationssicherheit)  degree of protection against attacks

4 Embedded Security © Prof. Dr. H. Schlingloff Safety vs. Security Safety (frz. sauf, exception)  protection against unintended accidents/incidents  threats from the system’s inside (malfunctioning)  “nothing bad ever happens” Security (lat. sine cura, carefree)  protection against malevolent (intended) attacks, degree of resistance to harm  threats from the outside Boundaries sometimes not clear Intention, purpose, aim, will, wish, faith …

5 Embedded Security © Prof. Dr. H. Schlingloff Threats and Attacks Analysis of threats and possible attacks  model the system with all stakeholders - who possesses, who owns which information?  know your system interfaces and boundaries - in particular, which potential harm it could do  assess your enemy’s intentions - assume he/she has total control of the system: full access to all sensor information, controlling all actuators Hints  Refrain from categories such as “good” and “bad”  Remember Murphy’s law “anything which can go wrong, will go wrong” every lock can be broken, every line overheard…

6 Embedded Security © Prof. Dr. H. Schlingloff Main Reasons for Security Problems Faulty design  implementation bugs  missing checks of parameters, possibility of avoidance of checks, missing / unimplemented security checks  wrong rights in design, e.g. unlimited access Faulty operation (missing awareness, administrative sloppyness, convenience instead of security)  passwords pinned to the screen, easy-to-guess passwords, account without password, default settings for devices  exceptions in firewall  no reactions to known gaps

7 Embedded Security © Prof. Dr. H. Schlingloff What are the Attacks? Accessing confidential information  intellectual damage - e.g. monetary transactions, IPR  spoiled reputation, lost identity  gaining access to other systems Unauthorized control of the system  physical property damage - causing system malfunctions - causing accidents through the system  potentially even injury, death

8 Embedded Security © Prof. Dr. H. Schlingloff Who are the Attackers? Hacker, cracker  “sport”, avoiding license fees Criminal organizations  Mass-mailing farms, bots Industrial espionage  underbidding, know-how transfer Government agencies  infamous “Bundestrojaner” Personal enemies Insiders  More than 50% of all known attacks are from insiders!  reasons: frustration, monetary, revenge

9 Embedded Security © Prof. Dr. H. Schlingloff What are the Reactions? Owners  don’t care  complain Suppliers  don’t publish security issues;  blame the customer Competitors  demand and advertise software multi-culture Government  criminal laws against trespassers Software-industry  better/more virus protection software Science  discuss in the open, research security improvements, social engineering

10 Embedded Security © Prof. Dr. H. Schlingloff Example: Internet Thermostat Control of household heating and cooling Embedded control for automatic adjustment  summer/winter, day/night, presence/absence, … Connectivity for remote control  e.g. via SMS for noticing imminent arrival Attacks  false “coming home” messages waste energy  subject the house to extreme heat and cold  turn off the system, freezing pipes, dying pets… Philip Koopman, Embedded System Security, Carnegie Mellon University

11 Embedded Security © Prof. Dr. H. Schlingloff Example: Internet Thermostat (2) Connectivity to utility companies  possibility of suggesting or demanding changes in thermostat operation during periods of peak demand  radio commands to disable or reduce the duty cycle of air conditioning units during peak loads  change all thermostat’s set point a few degrees to ease power requirements during peak loads  financial compensation Attacks  practical jokes such as “nightly home sauna”  increase power demand by modifying set points, inflate utility bills  coordinate power consumption among many homes, causing power grid failure, esp. if feature is calculated with

12 Embedded Security © Prof. Dr. H. Schlingloff Example: Internet Thermostat (3) Power supply  wireless thermostat (no wires, no transformer, increased safety)  each communication costs battery power  attack: drain battery by repeated queries  Systems are particularly vulnerable if battery is low - low-voltage detection circuit, energy management, … Privacy  monitor thermostat setting to detect absence or habits  monitor traffic for inbound packets talking to the thermostat to detect absence  “Big Brother” monitoring whether temperature is properly set  monitor household temperature for taxes, dragnet investigations, …  compare meter reading and temperature for suspicious differences

13 Embedded Security © Prof. Dr. H. Schlingloff Homework: Car Guidance System Automotive navigational systems are nowadays standard Internet connectivity is imminent Dynamic route calculation and guidance will soon be available broadly (partially, it already exists) What are the threats?


Download ppt "Information Security of Embedded Systems 11.11.2009: Foundations of Security Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST."

Similar presentations


Ads by Google