information security of embedded systems 27.1.2010: remote access, wireless networks prof. dr....
Post on 21-Dec-2015
212 Views
Preview:
TRANSCRIPT
Information Security of Embedded Systems
27.1.2010: remote access, wireless networks
Prof. Dr. Holger SchlingloffInstitut für Informatik
undFraunhofer FIRST
27.1.2010Embedded Security © Prof. Dr. H. Schlingloff 2010 2
Structure
1. Introductory example2.Embedded systems
engineering1. definitions and terms2. design principles
3.Foundations of security1. threats, attacks, measures2. construction of safe
systems
4.Design of secure systems1. design challenges2. safety modelling and
assessment3. cryptographic algorithms
5. Communication of embedded systems
1. remote access2. sensor networks
6. Algorithms and measures
1. digital signatures2. key management3. authentication4. authorization
7. Formal methods for security
1. protocol verification2. logics and proof
methods
27.1.2010Embedded Security © Prof. Dr. H. Schlingloff 2010 3
Communication of Embedded Systems
•Various wired and wireless bus systems are being used CAN, LIN, MOST, I2C, … GSM, UMTS, … WiFi, Bluetooth, …
•Security considerations general rule: newer standards are more secure known problems with nearly all standards
27.1.2010Embedded Security © Prof. Dr. H. Schlingloff 2010 4
Wireless Data Communication
•History: replacement of cables First: “make it work” Then: specialization (application-specific) Now: security vs. resource limitations
•Trend: All IP coalescence of telephone and data
communication(“B3G”, “NGN”, “4G”)
data- vs. knowledge-communication, semantic net
27.1.2010Embedded Security © Prof. Dr. H. Schlingloff 2010 5
WLAN (802.11x)
• 802.11 a,b (1999); 802.11 g,h(2003)
• Widely used (2003 Intel Centrino)
• Point-to-point and Access-point networking
• Local data transfer, internet-connectivity, integration in company or private networks
• Air frequencies openly accessible (cf. mobile phones)
• Threats: illegitimate foreign hard disk access, unauthorized use of connectivity, unauthorized data access, masking and fake identities
27.1.2010Embedded Security © Prof. Dr. H. Schlingloff 2010 6
WLAN Security Measures
•Frequency hopping ( pseudo-random)
•SSID cloaked mode ( eavesdropping)
•MAC address control ( spoofing)•VPN and CHAP (Server must know user
passwords, Client calculates hash key possible attacks)
•WEP ( next slide)
•WPA with EAP and TKIP
27.1.2010Embedded Security © Prof. Dr. H. Schlingloff 2010 7
WEP
• “Wired Equivalent Privacy”, Authentication & secured communication via symmetric encryption and checksums
• Authentication by challenge-response; client proves knowledge of the common key up to 4 keys are possible; choice by client; 40 bit weak all user (and all access points) need to know the key(s);
key exchange difficult access point does not authentify itself to the client!
- sending of challenges, analysing responses- denial-of-service, logoff of clients
• Checksums (CRC) instead of secure hashing modification and generation of messages even without key! redirection of communication (IP-address-faking)
27.1.2010Embedded Security © Prof. Dr. H. Schlingloff 2010 8
WEP-Attack 1
• CRC-property: CRC(M M’)=CRC(M) CRC(M’)
• RC-4-property: M Key Key = M
(M|CRC(M)) Key
(M|CRC(M)) Key (D|CRC(D))
(M|CRC(M)) Key (D|CRC(D)) Key =(M+D)|CRC(M+D)
27.1.2010Embedded Security © Prof. Dr. H. Schlingloff 2010 9
WEP-Attack 2
2. (M|CRC(M)) Key 3. (M|CRC(M)) Key (M|CRC(M)) (M’|CRC(M’))
1. M
M’|CRC(M’)
27.1.2010Embedded Security © Prof. Dr. H. Schlingloff 2010 10
WPA
•WiFi Protected Access•128 bit, AES/TKIP (temporal key integrity
protocol) message integrity code (MIC) sequence numbering against replay-attacks key management, key mixing, quasi asymmetric encryption master key, session keys, key renewal
•EAP (extensible authentication protocol) password-based, certificate-based, SIM-based forwarding of requests to a designated server still no authentication of server! ( PEAP)
27.1.2010Embedded Security © Prof. Dr. H. Schlingloff 2010 11
Sensor Networks
• Network of small, cheap, low-power nodes e.g. earthquake early warning system e.g. ambient assisted living e.g. wireless controller network e.g. logistics routing
Construction of threat scenarios?
• Self-organization new nodes must integrate into the network the network must be able to build “trust”
• Several emerging radio technologies
27.1.2010Embedded Security © Prof. Dr. H. Schlingloff 2010 12
Bluetooth Security
•Replacement of IrDA•Bluetooth profiles (> 30)
headset, AV remote control, telephony, obj exchange, ftp, serial, lan, pan, health devices…
•Security mechanisms visibility restrictions (“non-discoverable”) pairing via passkey or PIN unit keys encrypted communication frequency hopping
27.1.2010Embedded Security © Prof. Dr. H. Schlingloff 2010 13
Bluetooth Security
http://grouper.ieee.org/groups/1451/5/Comparison%20of%20PHY/Bluetooth_24Security_Paper.pdf
27.1.2010Embedded Security © Prof. Dr. H. Schlingloff 2010 14
Vulnerabilities and Attacks
• Passkey for headsets: 1234 or 0000• Default discoverability• Pairing in public areas
mobile phone always accepts a basic L2CAP connection request without acceptance of the user
• Scanning for bluetooth addresses MAC address ranges of devices are known
• Eavesdropping air frequencies Pseudo-random frequency hopping scheme
• Reading passkeys from compromised devices• Unauthorized access to information on devices
http://www.securityfocus.com/infocus/1830
27.1.2010Embedded Security © Prof. Dr. H. Schlingloff 2010 15
• Public “Blue Kiosk” vulnerability: display of
device by name only
• Stack overflow attacks vCard file names in File Transfer or
Object Push
• Activating the microphone• Tracking and positioning attacks
triangulation antenna extensions
27.1.2010Embedded Security © Prof. Dr. H. Schlingloff 2010 16
ZigBee
http://www.zigbee.org/imwp/idms/popups/pop_download.asp?contentID=9436
27.1.2010Embedded Security © Prof. Dr. H. Schlingloff 2010 17
27.1.2010Embedded Security © Prof. Dr. H. Schlingloff 2010 18
• Infrastructure security network access; keys installed in a trusted
environment integrity of packet routing
• Application data security message integrity authentication data encryption
• Configurability of security memory and computational constraints
top related