Download presentation
Presentation is loading. Please wait.
Published byDwight Watkins Modified over 8 years ago
1
Secure Software Updates via Integrity Protection Marcellus Buchheit President and CEO mabu@wibu.com IoT Show North America, Chicago IL April 16, 2015 Page 1/35
2
Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 2/35 Security Challenge: Internet Connection Security Challenge: Open System Architecture Some Cryptographic Basics Solution: Code Integrity Technical Implementation Details Summary Agenda
3
Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 3/35 Security Challenge Internet Connection
4
┐Most embedded systems are still “stand alone” ┐Most used interfaces (if any): USB and LAN Ethernet Comparable with desktop PCs before Netscape Comparable with cell phones before iPhone ┐Some remote access using land line phone and/or radio wireless This will all change with Internet Of Things Embedded Systems: Situation Today Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 4/35
5
┐Embedded system can be directly accessed/attacked via internet Principle protection: Firewalls etc. ┐Execution code updates can be polluted Redirected code source: Hacker’s malicious code looks like new code update Execution code modified during download process Firewalls can protect but are difficult to manage by operation people ┐Weakness in code can be used to infiltrate malicious code Example: Weak internet access parameter validation Buffer Overruns Security Challenge “Internet Connection” Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 5/35
6
Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 6/35 Security Challenge Open System Architecture
7
┐Many systems have simple software logic All the software is in-house developed Closed architecture, information outside of manufacturer difficult to get Seems as black box for users, administrators and hackers A successful hack typically needs a physical access to the system Reverse-engineering of architecture required before hack is possible Embedded Systems Today: Many are “closed” Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 7/35 ┐But such simple systems will disappear sooner or later IoT requires complex interaction with a complex outside world
8
┐Prediction: Embedded systems will go the way of PCs and cell phones ┐Reason: Much more complex software than today: Graphical user interface Complex memory management Multithreading and multiprocessing Remote access for administration Access to complex control devices and/or sensors Internet access Complex internet protocols: HTTPS, SOAP, JSON etc. Embedded Systems Tomorrow: Most will be “open” Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 8/35
9
┐Result: Not even large companies will develop everything “in-house” ┐More components will be used (similar to PCs and smart phone): An open operating system for a specific purpose Linux, Windows Industry, VxWorks, QNX, RIO and many highly-specialized still coming Open source libraries, static-link libraries, dynamic-link libraries, applets, applications, device drivers Access to cloud/big-data: Code will be provided from service provider ┐All these components need standardized interfaces on a standardized platform Summary: Only open/standardized systems can fulfill the future demands Embedded Systems Tomorrow: Most will be “open” (II) Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 9/35
10
┐Hacker has same information available as developer ┐Hacker can use powerful development/analysis tools Debugger, Disassembler, Source-Reverser etc. ┐Hacker knows execution code binary structure Direct modification on the executable file: Static attack ┐Hacker knows memory and process architecture Inserting of malicious code into the process space: Dynamic attack Security Challenge “Open Systems” Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 10/35
11
Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015 Some “Real Life” Hacks… Page 11/35
12
Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 12/35 ┐ATM with Windows XP ┐Drill hole in case, attach USB stick ┐Reboot ATM (by power off/power on) ┐Boot from USB stick, install malware ┐Remove USB stick, reboot ATM ┐Malware activated by secret keypad input Two-key authentication via cell phone guaranteed controlled access ┐Special keypad input instantly withdraws bills without trace Credit Card Hack: Attack an ATM machine http:// www.securityweek.com/skillful-hackers-drained-atms-using-malware-laden-usb-drives
13
Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 13/35 ┐Between Thanksgiving and Christmas 2013 Most busy retail shopping time in the year ┐Remote access through internet at POS to install malware Used weak access security of Target partner company ┐Malware at POS tracked all swiped credit card information Uploaded to Target server at hidden location Downloaded by hackers over night with slow speed Target’s problem: FireFly server security software was disabled ┐Result: 40 million credit cards and 70 million addresses/personal information stolen Target Credit Card Hack: Attack the POS systems http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/
14
Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 14/35 ┐Windows computer worm ┐Attacked Siemens Step 7 software to program PLCs Modified files created by interactive software before they are copied to USB drive Modified PLC control software on USB drive was uploaded into Siemens PLC ┐Was only effective in Iran at PLCs to control centrifuges to enrich nuclear material ┐Result: destroyed about 20% of the centrifuges Stuxnet: Attack Programmable Logic Controllers (PLC) https://en.wikipedia.org/wiki/Stuxnethttps://en.wikipedia.org/wiki/Stuxnet and book of Kim Zetter: “Countdown to Zero Day: Stuxnet and the Launch of the Word’s First Digital Weapon
15
Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 15/35 Some Cryptographic Basics
16
Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 16/35
17
secret ┐Shared secret key Same key for encryption and decryption ┐Faster then asymmetric cryptography ┐Examples: DES, Triple DES, Blowfish, AES ┐Challenges: Key exchange: needs secret path Key storage: vulnerable for hacks Authentication not possible Symmetric Encryption / Decryption Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 17/35
18
┐Private/public key pair Private Private Key Public Public Key ┐Examples: RSA, elliptic curve ┐Asymmetric encryption receiver’s public Sender uses receiver’s public key for encryption private Receiver uses his private key for decryption ┐Signatures private Sender uses private key to sign plain text data sender’s public Receiver uses sender’s public key to verify the plain text data signature Asymmetric Cryptography Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 18/35
19
┐Hash ┐Hash generates fingerprint of data ┐Large amount of data reduced to small fingerprints Example: SHA-256 with 32 bytes Difference to checksum, CRC-32 etc: no reverse-calculation possible signatures ┐Often used in combination with signatures Create hash value private Authenticate hash value (sign) with private key public Verify hash value with public key Hash Functions and Signatures Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 19/35
20
certificate ┐A certificate is a standardized public key (X.509 format) ┐Challenge: Public key must be authentic (not forged) ┐Solution: Certificate Authority CA Trusted party: Certificate Authority (CA) CA signs public key plus credential data Optional use of certificate chain root key Public key of CA (root key) is used to verify certificate After verification: Public key of certificate can be used Credentials can be used after verified by public key of certificate Certificates Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 20/35
21
Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 21/35 Solution: Code Integrity
22
Embedded System Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 22/35 Code Integrity: The Principle DevelopmentDevelopment Encrypt Code Private Key Public Key Certificate Code Signature Decrypt Code License Key License Key Code Signature Verify Code Grant Code Execution yes/no
23
Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 23/35 ┐Execution Code is authenticated: Can only be created by developer, no other source possible Cannot be modified during delivery or on embedded system ┐Execution Code is encrypted: Cannot be easily reverse engineered by hacker, competitor etc. Code Integrity: The Results
24
Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 24/44 Code Integrity: New Challenges ┐Who verifies the Verifier? Hacker could remove the Code Verifier and force Code Execution Grant Hacker can then start his own malicious code Embedded System Certificate Decrypt Code License Key Code Signature Verify Code Grant Code Execution yes/no ┐Solution: Code Verifier in the loader must be verified as well ┐Finally the whole boot process including OS must be verified
25
Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 25/35 Technical Implementation Details
26
Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 26/35 ExProtector: Automatic Protection Process Protected Executable / Library Original Executable / Library Header Original Code Header Credentials (Hash, Signature, …) ExProtector Keys for Encryption Keys for Code Signing Typically no source modification necessary Encrypted Code
27
Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 27/35 ExProtector: Keys and Credentials Protected Executable / Library Original Executable / Library Header Original Code Header Credentials (Hash, Signature, …) ExProtector Keys for Encryption Keys for Code Signing Encrypted Code AES Key (FSB) ECC Private Key Certificate(s) Encrypted Random AES Key Firm Code and Product Code Hash Signature Certificate(s)
28
Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 28/35 ExProtector: During Runtime - Load of Executable Protected Executable / Library Header Credentials (Hash, Signature, …) Encrypted Code ExEngine Public Root Key License with Firm Code and Product Code Memory of Embedded Device Header Decrypted Code (“Original Code”) Credentials (Hash, Signature, …) Additional Security: Watchdog against Memory modification
29
Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 29/35 ExProtector: Integration into Loader Operating System (for ExProtector) ExEngine (ExProtector Runtime) CodeMeter Embedded Driver Operating System (without modification) Engineering Original Loader Root Public Key Modified Loader
30
Check Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 30/35 Forward and Backward Check Protected Application Loader Load Credentials (Hash, Signature, …) Credentials (Hash, Signature, …) Time Start Check Application Certificate Loader Certificate
31
Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 31/35 Secure Boot: Cascaded Security Chain Application / Driver etc. Operating System (VxWorks, …) Boot Loader (UEFI, …) Hardware / Pre-Boot Loader Check Load Check Start Check
32
Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 32/35 ┐Integrity Protection provided by CodeMeter Embedded ┐Available today for: WindRiver VxWorks version 7 Some Linux variants Demonstration for Rasberry Pi available (https://www.raspberrypi.org)https://www.raspberrypi.org Adoption to other embedded systems platforms in future available Ask for demand/availability Security credentials can be stored as files or in external security hardware CodeMeter CmDongle security storage Practical Implementation
33
Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 33/35 Summary
34
┐Embedded Systems in the internet (“Internet of Things”) is a serious security threat ┐Using open platform designs will simplify malicious attacks Hacker has easily detailed information available ┐Market will force Internet of Things and Open Platform designs ┐Code Integrity guarantees authenticated, encrypted code ┐Code Encryption prevents reverse engineering of code Summary: Code Integrity Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 34/35
35
Wibu-Systems USA presentation for IoT Show North America - Chicago IL - April 16, 2015Page 35/35 More Information
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.