Date post: | 26-Dec-2015 |
Category: |
Documents |
Upload: | norman-harrington |
View: | 216 times |
Download: | 1 times |
-1-
IoT, CPS, & Security issues of embedded devices
Yasuyoshi UemuraPresident
Electronic Commerce Security Technology Research Association
July 8th 2015, at Kyushu University
-2-
Definition; Machine to Machine communication
DeviceSensor
ComputerDevice
Closed network
Open network
Direct communication
-3-
Definition; Internet of things
Internet, Open network
DeviceSensor
Devices are connected with open network
MainframeComputer
-4-
Definition; Cyber Physical Systems
Network, either open or close
DeviceSensor
MainframeComputer
Devices connected with network, either open or close
-5-
Definition; Embedded Device
● Combination of hardware(system LSI) and software (operating system + application software)
● Does not depend on versatile operating system
● Generally, a part of security function depends on hardware
● Eg; Hardware crypto-library is implemented
-6-
Social InnovationAuthentication between elements in the closed system
-7-
Social InnovationAuthentication between elements in the open network
-8-
Social InnovationAuthentication between Control part and Controlled part
-9-
Machine to Machine AuthenticationDevice recognizes each other as “right entity”, without human being
Authentication between control part and controlled part
Devices as the system element recognizeeach other as “right entity”.
In this case, the guard system center recognizeseach camera or sensor as “right entity” belong to the guard system.
Machine to machine authentication through cloud
-10-
From Protocol authenticationTo Crypto-Authentication
Seeds of secure technology come from smartcard techniques
High security authentications are already realized in the smartcard world.
系 複合的な機器システム
金融決済Field of transportations
社会的なシステムFrom linier smartcard authenticationTo multiple M2M authentication in Cyber Physical SystemsFor “No false entity” in the system
Technological innovation in CPS age
Secure crypto-modulefor M2M authentication
Field of finance and retailing
-11-
Incidents related to M2M authentication service・
By threats such as copying key data, delete key data, replace key data, the system strays from proper function, and important incident occurs.
・ Going out of control etc.
・ Illegal payment・ Leak of informationetc.
・ Abnormal operation・ Breakdownetc.
・ Picture spillage・ Hijacking of cameraetc.
-12-
Threats against crypto-devicesThere is abstract threat analysis for M2M service layer as ESTI TR
Estimated threats Target of attacks
Leaking, deleting, replacing of key data M2Mdevices/ M2M gateways
Leaking of key data Monitoring communication between entities
Modification of data M2M service capabilities
Corrupt or corrupted software M2Mdevices/ M2M gateways
Bypass checking process of integrity M2Mdevices/ M2M gatewaysMonitoring, modification, re-transmission of message in M2M service layer
Communication between entities
Invasion of privacyM2Mdevices/ M2M gateways/M2M service capabilities/Communication between applications
• ETSI TR103 167 Threat analysis and counter-measures to M2M service layer• We have to develop evaluation techniques to assure crypto-devices implement enough security functions.
ETSI TR 103 167 v1.1.1 (2011-08) Machine-to-Machine Communications (M2M); Threat analysis and counter-measures to M2M service
Leaking, deleting, replacing of key data for authentication
Leaking of key dataMonitoring, modification, re-transmission of message Invasion of privacy
Communication
Modification of dataCorrupt or corrupted software
-13-
ISO/IEC15408 Common Criteria for HW fieldThird party evaluation/certification for hardware field IT products
Main target; Smartcard and similar devices
Expanding to embedded devices
CC; Logics and structure
Common Criteria
ISO/IEC15408International standardTarget; all IT productsDictionary of security requirements
ProtectionProfile
SecurityTarget
Security requirements forspecific field of product.Certified by CC schemePP is pointed by purchaser to developer of the product.There are many cases thatdeveloper group edit PPs.
Product
EvaluationEvidencedocuments
Third party evaluationAlmost all assurance families are evaluationwhether the product designis conform to ST or not, through document checking.
Security target depends onPP pointed by the purchaser.ST is declaration by developerthat the product is designedsecure.
ADV_VAN class is quite deferentfrom othersThe class is vulnerability analysis independently done by evaluation body.In HW case, tamper resistance is checked by penetration testing.
-14-
Vulnerability AnalysisUnique operation in HW/CC certification
Assumption; Attack technique is advancing.Standardization of protection technique cannot catch up above.
To integrate a mechanism of preemptive protection into the third party evaluation scheme.Raise the criteria of countermeasure to pass the vulnerability assessment, year by year, little by little.
Papers
Conference papers presage new attacks
Real experiences of attack
CCCertification Body
Inner circle
International discussion
How strong the countermeasure shall be implemented to pass thevulnerability assessment?
CC CertificationAVA_VAN class
The criteria to pass ADV_VAN evaluation is modified inside of CB,year by year
-15-
International communityas the inner circle
● Protected by strong NDA.
● Share the newest vulnerability information, but do not disclose.
● Engineer’s group tied each other with private confidence.
● Discussing “how strong the countermeasure shall be in the real world”.
● Modifying criteria for protection, little by little, year by year.
● Input the discussion results to CBs to modifying rating for vulnerability assessment in CC hardware evaluation/certification.
● Members are from users, system-vendors, chip-vendors, evaluation facilities, laboratories, certification bodies, and all stakeholders of hardware , security, in smartcard and similar devices field.
-16-
Managing vulnerability information
Software vulnerabilityVulnerabilities at application software on versatile operating systems such as Windows, Mac, UNIX, LINUX and so on.
JPCERT Coordination centerCSIRT (Computer Security Incident Response Team) representing JapanManaging JVN ( Japan Vulnerability Network) with IPA.Users can download the “Patch” by themselves and protect their own software.
ソフトウェアの脆弱性については充実した社会制度がある理由: End userが直接パッチを当てる等の対策が可能
Hardware vulnerabilityVulnerabilities of HW=IC chip which incorporate software on it.
Almost vulnerabilities of HW in PC/Main frame computer have not been cared so far.Reason; Existence of Intel, if Intel is secure it is secure.
Almost all attacks through logical interfaces.Smartcard & similar devices; JHAS/ICSS-JC liaison inner circle
Vulnerability is not disclosedReason; It is difficult for each user to implement the “Patch” to own device.
Serious vulnerability directly connects to recall of the product.It is usual to raise countermeasure a bit strong in alternation of product generation, if vulnerability is not so serious.
Embedded software vulnerabilityVulnerabilities at application software on original operating systems.
Eg; Cars, Robots, Guarding devices, Medical devices, Smart-meters, Information home electrical appliances
For third-party security evaluation, CC concept will be available.Vulnerability assessment for each product field is needed.
Inner circle such as in “Smartcard and similar devices” field is neededto discuss the “extent of countermeasure strength”.
Embedded software vulnerability + Hardware vulnerability“Managing organization for embedded device vulnerability information” is needed.
-17-
Development issues for secure M2M module
M2M認証用セキュア ICモジュール
Performance Tamper resistance
・ Implement high crypto-functions・ Implement tamper-resistant functions
・ Simple circuit・ High speed calculation・ Low cost Implement sensors
RandomizationProcess encryptionTamper detection→Stop, delete dataAccess control etc....
High performance in calculation part is needed, for secure implementation of the module.
Summarize development issues for secure M2MModule.
More fastMore light
Ultra high crypto-calculation performance,with tamper resistant implementation
More strongMore complex
More secureMore fastMore light
Contradiction
Supported with both cryptographic techniques and chip design techniques.
-18-
YASUYOSHI UEMURAPRESIDENT, ELECTRONIC COMMERCE SECURITY TECHNOLOGY RESEARCH [email protected]
Phone 81-3-5259-8062