Presentation is loading. Please wait.

Presentation is loading. Please wait.

Institute for Experimental Mathematics Ellernstrasse 29 45326 Essen - Germany Embedded Security A.J. Han Vinck May 2003.

Similar presentations


Presentation on theme: "Institute for Experimental Mathematics Ellernstrasse 29 45326 Essen - Germany Embedded Security A.J. Han Vinck May 2003."— Presentation transcript:

1 Institute for Experimental Mathematics Ellernstrasse Essen - Germany Embedded Security A.J. Han Vinck May 2003

2 University Duisburg-Essendigital communications group Han Vinck February 2003 content Introduction –Embedded system –Embedded cryptography Some problems in crypto –or: how to use/implement mathematics ? –Counter measures

3 University Duisburg-Essendigital communications group Han Vinck February 2003 embedded system a computing system as part of a larger system may use –a ROM-based operating system –a disk-based system, like a PC used to control, monitor or assist an operation Example: Example: a  P that controls an automobile engine

4 University Duisburg-Essendigital communications group Han Vinck February 2003 Source: Richard Newton

5 University Duisburg-Essendigital communications group Han Vinck February 2003 Components in embedded systems Micro processors –no access to programm Busses Communication ports/modems Hardware Programmable hardware: FPGA (P)ROM, RAM Battery/Power supply System clock Pin/memory protection; proper design Check variations Bus and port management needed Protect software

6 University Duisburg-Essendigital communications group Han Vinck February 2003 Embedded processor constraints  small amounts of memory (RAM, ROM)  limit the amount of data a program can hold  restrict the program code size  restriction on power consumption  slower clock speeds  less processing power.  An embedded processor is not subject to FIRMRprocessor Federal Information Resources Management Regulation regulation when used for control of communication devices, automobile diagnostics  Word length 8, 16, 32; speed XX MHz BUT: Cryptography is computationally intensive

7 University Duisburg-Essendigital communications group Han Vinck February 2003 Some interesting facts Intel 4004 was an embedded application (a calculator) Of todays microprocessors –95% go into embedded applications SSH3/4 (Hitachi): best selling RISC microprocessor application area –Microcontrollers –DSPs –Media Processors –Graphics Processors –Network and Communication Processors

8 University Duisburg-Essendigital communications group Han Vinck February 2003 Embedded System Constraints cont‘d Less hardware  more software    lower speed parallel structure  serial solutions

9 University Duisburg-Essendigital communications group Han Vinck February 2003 embedded cryptography Cryptography engineered into an equipment orCryptography system whose basic function is not cryptographicsystemcryptographic Problem: if to be implemented later

10 University Duisburg-Essendigital communications group Han Vinck February 2003 ATTACKS –can be more difficult in customized (specialized) HW/SW –new possibilities: side-channel/tamper attacks »Power analysis; voltage variations; etc –easy access to nodes; reverse engineering available –easier because security depends on HW/SW/power constraints no backbone –Public key infrastructure is missing – no backbone

11 University Duisburg-Essendigital communications group Han Vinck February 2003 Why attack ? Gain control ( power ) –Competition; 11.9 Money (crime) –Pay TV, cell Phones, car stealing, misuse of information Kick –hackers

12 University Duisburg-Essendigital communications group Han Vinck February 2003 Basic Cryptographic tools Algorithms: –Symmetric-key: 3DES, AES –Public-key: RSA, Diffie-Hellman, ECC –Hashing:MD5 Random Number Generation: –RC4 Protocols: –SSL; SSH; Kerberos –Based on zero-knowledge; honest coin flipping Certification; Arbitrating; Trusted center

13 University Duisburg-Essendigital communications group Han Vinck February 2003 example Many tools based on discrete logarithm problem a x = y modulo n given x „easy“ to find y given y „hard“ to find x All integers of size > = 1024 bits!

14 University Duisburg-Essendigital communications group Han Vinck February 2003 discrete logarithm application Secret key algorithm Pohlig-Hellman Public key algorithm RSA; El Gamal Random number generation Key exchangeDiffie-Hellman Signatures; Hash functions *** additional property used –when ed = 1 modulo p-1 a ed = a modulo p SLOW:SLOW: Security based on numbers > 1024 bits

15 University Duisburg-Essendigital communications group Han Vinck February 2003 Interesting new approach NTRU: –based on convolution product of two polynomials Faster than usual algorithms like RSA, ECC CEES embedded security standard –(IEEE P1363.1) CEES: consortium for efficient embedded security

16 University Duisburg-Essendigital communications group Han Vinck February 2003 Symmetric key systems Stream cipher: simple and fast M MRMR R R MRMR M PRNG problem key stored at two locations!

17 University Duisburg-Essendigital communications group Han Vinck February 2003 Problems in cryptographic systems Choise of parametersChoise of parameters –Example: bad numbers in Diffie-Hellman, RSA key e d = 1 modulo (p-1)(q-1) „own development“„own development“ –Example: WiFI, Hash(M+d) = Hash(M) + Hash(d) Avoid patents (IDEA) Pseudo random number generationPseudo random number generation –not predictable; long period; dependability

18 University Duisburg-Essendigital communications group Han Vinck February 2003 Problems (cont) protocol not completeprotocol not complete –Man in the middle attack –Replay complexitycomplexity –Mathematics OK, size of parameters not limited processing power  additional risk network speeds increase  security must also network connectionsnetwork connections –Web-based applications; cell phone without protection

19 University Duisburg-Essendigital communications group Han Vinck February 2003 Problems (cont) Internet connection security threatsInternet connection security threats –Packet sniffing  use encryption Avoids reading open messages, passwords, keys, etc. –Substitution  use signed Hash Modifying data, commands or software –Impersonation  use authentication Replay; man in the middle; masquerade –Key management  use key infrastructure Who can do what and when Insider attacksInsider attacks –Manufacturing, distribution, installation and operation

20 University Duisburg-Essendigital communications group Han Vinck February 2003 Problems (cont) Physical securityPhysical security –Tamper-resistant –Side channel attack resistance Timing-, power analysis

21 University Duisburg-Essendigital communications group Han Vinck February 2003 access to the system via Internet or Internal many candidate nodes wireless is „open“ downloading may start malicious programs –Illegal memory allocation or corruption –Reading for passwords  send to outside  attack

22 University Duisburg-Essendigital communications group Han Vinck February 2003 Counter measures (1) –Use secure Base Log all activities –Utilize Access control Assign privilage levels/rights –Careful downloading of SW Allow only signed and authorized downloading –Fixed memory partitions –Encrypt sensitive content –Determine failure modes (what happens after?)

23 University Duisburg-Essendigital communications group Han Vinck February 2003 Counter measures (2) Test at initialization Test at operation if everything works properly –Example: Random Number generation Logging of Deviations Immediatly signaling of serious deviations

24 University Duisburg-Essendigital communications group Han Vinck February 2003 Research projects Security in critical infrastructures –key management; compatibility; scalability Security in embedded systems – best algorithm and architecture for specified resources memory or computing power –Investigate the CEES proposal Random number generation based on inverse source coding – easy to implement, but hard to analyze

25 University Duisburg-Essendigital communications group Han Vinck February 2003 conclusions  performance of cryptographic algorithms is crucial low speed  dissatisfaction and inconvenience  needed at communication speed  programmability facilitates modifications and enhancements  make algorithm independent from the protocol  Key management protocol needed Master keys, Session keys

26 University Duisburg-Essendigital communications group Han Vinck February 2003 Digital Signal Processor –fast arithmetic; strong integer arithmetic specialized computational units andspecialized computational units and instructions for signal processing –real-time capabilities highly parallel architecturehighly parallel architecture  lower clock speed  relatively lower power –relatively low price –programmability  flexibility programmer selects the units he needs can be implemented as a co-processor  > speed

27 University Duisburg-Essendigital communications group Han Vinck February 2003 Example Field Programmable Array Type I two or more look-up tables and two or more flip- flops Type II two-input logic function or a 4-to-1 multiplexer and a flip-flop

28 University Duisburg-Essendigital communications group Han Vinck February 2003 FPGA


Download ppt "Institute for Experimental Mathematics Ellernstrasse 29 45326 Essen - Germany Embedded Security A.J. Han Vinck May 2003."

Similar presentations


Ads by Google