Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Software Updates via Integrity Protection Marcellus Buchheit President and CEO IoT Show North America, Chicago IL April 16, 2015 Page.

Published byDwight Watkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Secure Software Updates via Integrity Protection Marcellus Buchheit President and CEO IoT Show North America, Chicago IL April 16, 2015 Page."— Presentation transcript:

1 Secure Software Updates via Integrity Protection Marcellus Buchheit President and CEO mabu@wibu.com IoT Show North America, Chicago IL April 16, 2015 Page 1/35

2 Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 2/35 Security Challenge: Internet Connection Security Challenge: Open System Architecture Some Cryptographic Basics Solution: Code Integrity Technical Implementation Details Summary Agenda

3 Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 3/35 Security Challenge Internet Connection

4 ┐Most embedded systems are still “stand alone” ┐Most used interfaces (if any): USB and LAN Ethernet  Comparable with desktop PCs before Netscape  Comparable with cell phones before iPhone ┐Some remote access using land line phone and/or radio wireless This will all change with Internet Of Things Embedded Systems: Situation Today Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 4/35

5 ┐Embedded system can be directly accessed/attacked via internet  Principle protection: Firewalls etc. ┐Execution code updates can be polluted  Redirected code source: Hacker’s malicious code looks like new code update  Execution code modified during download process  Firewalls can protect but are difficult to manage by operation people ┐Weakness in code can be used to infiltrate malicious code  Example: Weak internet access parameter validation  Buffer Overruns Security Challenge “Internet Connection” Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 5/35

6 Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 6/35 Security Challenge Open System Architecture

7 ┐Many systems have simple software logic  All the software is in-house developed  Closed architecture, information outside of manufacturer difficult to get Seems as black box for users, administrators and hackers A successful hack typically needs a physical access to the system Reverse-engineering of architecture required before hack is possible Embedded Systems Today: Many are “closed” Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 7/35 ┐But such simple systems will disappear sooner or later  IoT requires complex interaction with a complex outside world

8 ┐Prediction: Embedded systems will go the way of PCs and cell phones ┐Reason: Much more complex software than today:  Graphical user interface  Complex memory management  Multithreading and multiprocessing  Remote access for administration  Access to complex control devices and/or sensors  Internet access  Complex internet protocols: HTTPS, SOAP, JSON etc. Embedded Systems Tomorrow: Most will be “open” Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 8/35

9 ┐Result: Not even large companies will develop everything “in-house” ┐More components will be used (similar to PCs and smart phone):  An open operating system for a specific purpose Linux, Windows Industry, VxWorks, QNX, RIO and many highly-specialized still coming  Open source libraries, static-link libraries, dynamic-link libraries, applets, applications, device drivers  Access to cloud/big-data: Code will be provided from service provider ┐All these components need standardized interfaces on a standardized platform Summary: Only open/standardized systems can fulfill the future demands Embedded Systems Tomorrow: Most will be “open” (II) Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 9/35

10 ┐Hacker has same information available as developer ┐Hacker can use powerful development/analysis tools  Debugger, Disassembler, Source-Reverser etc. ┐Hacker knows execution code binary structure  Direct modification on the executable file: Static attack ┐Hacker knows memory and process architecture  Inserting of malicious code into the process space: Dynamic attack Security Challenge “Open Systems” Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 10/35

11 Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015 Some “Real Life” Hacks… Page 11/35

12 Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 12/35 ┐ATM with Windows XP ┐Drill hole in case, attach USB stick ┐Reboot ATM (by power off/power on) ┐Boot from USB stick, install malware ┐Remove USB stick, reboot ATM ┐Malware activated by secret keypad input  Two-key authentication via cell phone guaranteed controlled access ┐Special keypad input instantly withdraws bills without trace Credit Card Hack: Attack an ATM machine http:// www.securityweek.com/skillful-hackers-drained-atms-using-malware-laden-usb-drives

13 Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 13/35 ┐Between Thanksgiving and Christmas 2013  Most busy retail shopping time in the year ┐Remote access through internet at POS to install malware  Used weak access security of Target partner company ┐Malware at POS tracked all swiped credit card information  Uploaded to Target server at hidden location  Downloaded by hackers over night with slow speed  Target’s problem: FireFly server security software was disabled ┐Result: 40 million credit cards and 70 million addresses/personal information stolen Target Credit Card Hack: Attack the POS systems http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/

14 Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 14/35 ┐Windows computer worm ┐Attacked Siemens Step 7 software to program PLCs  Modified files created by interactive software before they are copied to USB drive  Modified PLC control software on USB drive was uploaded into Siemens PLC ┐Was only effective in Iran at PLCs to control centrifuges to enrich nuclear material ┐Result: destroyed about 20% of the centrifuges Stuxnet: Attack Programmable Logic Controllers (PLC) https://en.wikipedia.org/wiki/Stuxnethttps://en.wikipedia.org/wiki/Stuxnet and book of Kim Zetter: “Countdown to Zero Day: Stuxnet and the Launch of the Word’s First Digital Weapon

15 Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 15/35 Some Cryptographic Basics

16 Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 16/35

17 secret ┐Shared secret key  Same key for encryption and decryption ┐Faster then asymmetric cryptography ┐Examples: DES, Triple DES, Blowfish, AES ┐Challenges:  Key exchange: needs secret path  Key storage: vulnerable for hacks  Authentication not possible Symmetric Encryption / Decryption Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 17/35

18 ┐Private/public key pair  Private  Private Key  Public  Public Key ┐Examples: RSA, elliptic curve ┐Asymmetric encryption receiver’s public  Sender uses receiver’s public key for encryption private  Receiver uses his private key for decryption ┐Signatures private  Sender uses private key to sign plain text data sender’s public  Receiver uses sender’s public key to verify the plain text data signature Asymmetric Cryptography Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 18/35

19 ┐Hash ┐Hash generates fingerprint of data ┐Large amount of data reduced to small fingerprints  Example: SHA-256 with 32 bytes  Difference to checksum, CRC-32 etc: no reverse-calculation possible signatures ┐Often used in combination with signatures  Create hash value private  Authenticate hash value (sign) with private key public  Verify hash value with public key Hash Functions and Signatures Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 19/35

20 certificate ┐A certificate is a standardized public key (X.509 format) ┐Challenge:  Public key must be authentic (not forged) ┐Solution: Certificate Authority CA  Trusted party: Certificate Authority (CA)  CA signs public key plus credential data Optional use of certificate chain root key  Public key of CA (root key) is used to verify certificate  After verification: Public key of certificate can be used  Credentials can be used after verified by public key of certificate Certificates Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 20/35

21 Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 21/35 Solution: Code Integrity

22 Embedded System Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 22/35 Code Integrity: The Principle DevelopmentDevelopment Encrypt Code Private Key Public Key Certificate Code Signature Decrypt Code License Key License Key Code Signature Verify Code Grant Code Execution yes/no

23 Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 23/35 ┐Execution Code is authenticated:  Can only be created by developer, no other source possible  Cannot be modified during delivery or on embedded system ┐Execution Code is encrypted:  Cannot be easily reverse engineered by hacker, competitor etc. Code Integrity: The Results

24 Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 24/44 Code Integrity: New Challenges ┐Who verifies the Verifier?  Hacker could remove the Code Verifier and force Code Execution Grant  Hacker can then start his own malicious code Embedded System Certificate Decrypt Code License Key Code Signature Verify Code Grant Code Execution yes/no ┐Solution: Code Verifier in the loader must be verified as well ┐Finally the whole boot process including OS must be verified

25 Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 25/35 Technical Implementation Details

26 Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 26/35 ExProtector: Automatic Protection Process Protected Executable / Library Original Executable / Library Header Original Code Header Credentials (Hash, Signature, …) ExProtector Keys for Encryption Keys for Code Signing Typically no source modification necessary Encrypted Code

27 Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 27/35 ExProtector: Keys and Credentials Protected Executable / Library Original Executable / Library Header Original Code Header Credentials (Hash, Signature, …) ExProtector Keys for Encryption Keys for Code Signing Encrypted Code AES Key (FSB) ECC Private Key Certificate(s) Encrypted Random AES Key Firm Code and Product Code Hash Signature Certificate(s)

28 Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 28/35 ExProtector: During Runtime - Load of Executable Protected Executable / Library Header Credentials (Hash, Signature, …) Encrypted Code ExEngine Public Root Key License with Firm Code and Product Code Memory of Embedded Device Header Decrypted Code (“Original Code”) Credentials (Hash, Signature, …) Additional Security: Watchdog against Memory modification

29 Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 29/35 ExProtector: Integration into Loader Operating System (for ExProtector) ExEngine (ExProtector Runtime) CodeMeter Embedded Driver Operating System (without modification) Engineering Original Loader Root Public Key Modified Loader

30 Check Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 30/35 Forward and Backward Check Protected Application Loader Load Credentials (Hash, Signature, …) Credentials (Hash, Signature, …) Time Start Check Application Certificate Loader Certificate

31 Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 31/35 Secure Boot: Cascaded Security Chain Application / Driver etc. Operating System (VxWorks, …) Boot Loader (UEFI, …) Hardware / Pre-Boot Loader Check Load Check Start Check

32 Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 32/35 ┐Integrity Protection provided by CodeMeter Embedded ┐Available today for:  WindRiver VxWorks version 7  Some Linux variants Demonstration for Rasberry Pi available (https://www.raspberrypi.org)https://www.raspberrypi.org  Adoption to other embedded systems platforms in future available Ask for demand/availability  Security credentials can be stored as files or in external security hardware CodeMeter CmDongle security storage Practical Implementation

33 Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 33/35 Summary

34 ┐Embedded Systems in the internet (“Internet of Things”) is a serious security threat ┐Using open platform designs will simplify malicious attacks  Hacker has easily detailed information available ┐Market will force Internet of Things and Open Platform designs ┐Code Integrity guarantees authenticated, encrypted code ┐Code Encryption prevents reverse engineering of code Summary: Code Integrity Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 34/35

35 Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 35/35 More Information

Download ppt "Secure Software Updates via Integrity Protection Marcellus Buchheit President and CEO IoT Show North America, Chicago IL April 16, 2015 Page."

Similar presentations

Network Security: Lab#2 J. H. Wang Apr. 28, 2011.

Network Security: Lab#2 J. H. Wang Apr. 28, 2011.
Vpn-info.com.

Vpn-info.com.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Security of Things Kelly Jagers op Akkerhuis

Security of Things Kelly Jagers op Akkerhuis
Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Identity and Access IDGo Secure Email (ISE) for Android Didier Bonnet April 2015.

Identity and Access IDGo Secure (ISE) for Android Didier Bonnet April 2015.
Security+ Guide to Network Security Fundamentals, Fourth Edition

Security+ Guide to Network Security Fundamentals, Fourth Edition
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.

Similar presentations

Ads by Google