embedded security

Institute for Experimental Mathematics

Ellernstrasse 29

45326 Essen - Germany

Embedded Security

A.J. Han Vinck

May 2003

Han Vinck February 2003

University Duisburg-Essen digital communications group

content

• Introduction – Embedded system– Embedded cryptography

• Some problems in crypto– or: how to use/implement mathematics

?– Counter measures



embedded system

• a computing system as part of a larger system• may use

– a ROM-based operating system – a disk-based system, like a PC

• used to control, monitor or assist an operation

Example:Example: a P that controls an automobile engine



Source: Richard Newton



Components in embedded systems

• Micro processors– no access to programm

• Busses• Communication ports/modems

• Hardware • Programmable hardware: FPGA• (P)ROM, RAM

• Battery/Power supply• System clock

Pin/memory protection;

proper design

Check variations

Bus and port management needed

Protect software



Embedded processor constraints small amounts of memory (RAM, ROM)

limit the amount of data a program can hold restrict the program code size

restriction on power consumption

slower clock speeds less processing power.

An embedded processor is not subject to FIRMR

Federal Information Resources Management Regulation

regulation when used for control of communication devices, automobile diagnostics

Word length 8, 16, 32; speed XX MHz

BUT: BUT: CryptographyCryptography is is computationally intensive computationally intensive



Some interesting facts

• Intel 4004 was an embedded application (a calculator)

• Of todays microprocessors– 95% go into embedded applications

• SSH3/4 (Hitachi): best selling RISC microprocessor

• application area– Microcontrollers– DSPs– Media Processors– Graphics Processors– Network and Communication Processors



Embedded System Constraints cont‘d

Less hardware more software

lower speed

parallel structure serial solutions



embedded cryptography

• Cryptography engineered into an equipment or

system whose basic function is not cryptographic Problem: if to be implemented later



ATTACKSATTACKS

– can be more difficult in customized (specialized) HW/SW

– new possibilities: side-channel/tamper attacks» Power analysis; voltage variations; etc

– easy access to nodes; reverse engineering available

– easier because security depends on HW/SW/power constraints

– Public key infrastructure is missing – no backboneno backbone



Why attack ?

• Gain control ( power )– Competition; 11.9

• Money (crime)– Pay TV, cell Phones, car stealing, misuse of information

• Kick– hackers



Basic Cryptographic tools

• Algorithms:– Symmetric-key: 3DES, AES– Public-key: RSA, Diffie-Hellman, ECC– Hashing: MD5

• Random Number Generation:– RC4

• Protocols: – SSL; SSH; Kerberos– Based on zero-knowledge; honest coin flipping

• Certification; Arbitrating; Trusted center



example

• Many tools based on discrete logarithm problem

ax = y modulo n

given x „easy“ to find ygiven y „hard“ to find x

All integers of size > = 1024 bits!



discrete logarithm application

• Secret key algorithm Pohlig-Hellman • Public key algorithm RSA; El Gamal• Random number generation • Key exchange Diffie-Hellman• Signatures; Hash functions ***

• additional property used

– when ed = 1 modulo p-1 aed = a modulo p

• SLOW:SLOW: Security based on numbers > 1024 bits



Interesting new approach

• NTRU: – based on convolution product of two polynomials

• Faster than usual algorithms like RSA, ECC

• CEES embedded security standard – (IEEE P1363.1)

CEES: consortium for efficient embedded security



Symmetric key systems

• Stream cipher: simple and fast

MMR

RR

MR M

PRNG PRNG problem

key stored at two locations!



Problems in cryptographic systems

• Choise of parametersChoise of parameters– Example:

• bad numbers in Diffie-Hellman, • RSA key e d = 1 modulo (p-1)(q-1)

• „„own development“own development“– Example:

• WiFI, Hash(M+d) = Hash(M) + Hash(d)• Avoid patents (IDEA)

• Pseudo random number generationPseudo random number generation– not predictable; long period; dependability



Problems (cont)

• protocol not completeprotocol not complete– Man in the middle attack– Replay

• complexity complexity – Mathematics OK, size of parameters not

• limited processing power additional risk• network speeds increase security must also

• network connectionsnetwork connections– Web-based applications; cell phone without protection



Problems (cont)

• Internet connection security threatsInternet connection security threats – Packet sniffing use encryption

• Avoids reading open messages, passwords, keys, etc.

– Substitution use signed Hash• Modifying data, commands or software

– Impersonation use authentication• Replay; man in the middle; masquerade

– Key management use key infrastructure• Who can do what and when

• Insider attacksInsider attacks– Manufacturing, distribution, installation and operation



Problems (cont)

• Physical securityPhysical security– Tamper-resistant– Side channel attack resistance

• Timing-, power analysis



access to the system

• via Internet or Internal

• many candidate nodes

• wireless is „open“

• downloading may start malicious programs

– Illegal memory allocation or corruption

– Reading for passwords send to outside attack



Counter measures (1)

– Use secure Base• Log all activities

– Utilize Access control• Assign privilage levels/rights

– Careful downloading of SW• Allow only signed and authorized downloading

– Fixed memory partitions

– Encrypt sensitive content

– Determine failure modes (what happens after?)



Counter measures (2)

• Test at initialization

• Test at operation if everything works properly – Example: Random Number generation

• Logging of Deviations

• Immediatly signaling of serious deviations



Research projects

• Security in critical infrastructures– key management; compatibility; scalability

• Security in embedded systems– best algorithm and architecture for specified

resources• memory or computing power

– Investigate the CEES proposal

• Random number generation based on inverse source coding– easy to implement, but hard to analyze



conclusions

performance of cryptographic algorithms is crucial

low speed dissatisfaction and inconvenience

needed at communication speed

programmability facilitates modifications and enhancements

make algorithm independent from the protocol

Key management protocol needed • Master keys, Session keys



Digital Signal Processor

– fast arithmetic; strong integer arithmetic• specialized computational unitsspecialized computational units and and instructions

for signal processing

– real-time capabilities• highly parallel architecturehighly parallel architecture lower clock speed relatively lower power

– relatively low price

– programmability flexibility• programmer selects the units he needs • can be implemented as a co-processor > speed



Example Field Programmable Array

Type Itwo or more look-up tables and two or more flip-flops

Type IItwo-input logic function or a 4-to-1 multiplexer and a flip-flop



FPGA

embedded security

Documents