EMBEDDED SYSTEMS SECURITY - CSE at UNT•There is always a trade-off between security and energy...

EMBEDDED SYSTEMS SECURITY

SoMiC Workshop 2012

Presented By,

Satyajeet Nimgaonkar Email: [email protected]

1 04/09/2012 UNT CSCE SoMiC Workshop 2012

mailto:[email protected]

Agenda

• What are Embedded Systems ?

• Security issues in embedded systems.

• Security solutions.

• Hardware Security Architectures.

• Embedded system constraints.

• Motivation

• Proposed Energy Efficient Security Mechanism.

• State-of-the-Art.

• Summary & Conclusions.


What are Embedded systems ???

• Dedicated system designed to serve a specific sub-task within a

larger system.

Characteristics :

• High performance systems, flexible enough to perform a variety of

computing tasks in a cost effective manner.

• Modern day embedded devices are often miniaturized, portable and highly

interconnected.

• Capable of tracking, storing information and even transmitting essential data

over the Internet.


• Embedded systems have become ubiquitous in this era of computing.

• They access, store and communicate sensitive information like secret passwords,

credit card numbers and bank account numbers etc.

• Hence security is essential.


Internet

Security issues in embedded systems

• The operating environment allows the adversary to have complete control of

the computing node - supervisory privileges along with complete physical

and architectural object observational capabilities.

• Also vulnerable to software based and network based attacks.


Current Security Scenario

• Symantec Internet Security Threat Report (2010).

286M+ Threats.

93% increase in Web Attacks.

260,000 Identities exposed per data breach.

42% more vulnerabilities in Mobile.

$0.07 to $100 price range for each stolen credit card number.

• Mobile and Smart Device Security Survey (2011)

65% corporate personnel require a regular attention from their I.T Staff

for non-PC based device attacks.

• Wall Street Journal Report (2008) –

Cyberspies have recently penetrated the U.S. electrical grid system and left

behind software that could be used to disrupt it at a future date.


• Software Security Solutions

Software Obfuscation.

Software Watermarking

• Pros

Easy to build.

Flexible to modify.

• Cons

Huge code-base.

No root of trust.

7

Possible security solutions

• Hardware Security Solutions

TPM.

Security Architectures etc.

• Pros

Better reliability.

Trustworthy root-of-trust.

• Cons

Difficult to test and build.

Difficult to modify.

Costly.

04/09/2012 UNT CSCE SoMiC Workshop 2012

Example: AEGIS Hardware Security Architecture

8

Secure Architectures

Reference: Suh, G.E.; O'Donnell, C.W.; Devadas, S.; , "Aegis: A Single-Chip Secure Processor," Design & Test of Computers, IEEE ,

vol.24, no.6, pp.570-580, Nov.-Dec. 2007 , doi: 10.1109/MDT.2007.179

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4397182&isnumber=4397167


http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4397182&isnumber=4397167

Encryption/Decryption

• Process of transforming information to make it unreadable to unwanted

entities.

• C = Ek(M) and M = DK(C)

• Provides confidentiality to data.

• Common algorithms – AES, DES, RC2 etc.

9

Security mechanisms

Reference: Suh, G.E.; O'Donnell, C.W.; Devadas, S.; , "Aegis: A Single-Chip Secure Processor," Design &

Test of Computers, IEEE , vol.24, no.6, pp.570-580, Nov.-Dec. 2007 , doi: 10.1109/MDT.2007.179




Memory Integrity Verification

• Achieved with Merkle Hash Trees.

• Data is located at leaves.

• Internal nodes = Hash(concatenation

of its children).

• Root is stored in secure memory where

it cannot be tampered.

10

Security mechanisms cont…

Reference: Suh, G.E.; O'Donnell, C.W.; Devadas, S.; , "Aegis: A Single-Chip Secure Processor," Design & Test of Computers,

IEEE , vol.24, no.6, pp.570-580, Nov.-Dec. 2007 , doi: 10.1109/MDT.2007.179




• Severe constraints on energy consumption, area, performance, speed and lifetime.

• Hardware security mechanisms are computationally intensive and account for excessive energy consumption.

11

Embedded system constraints


Reference: N. R. Potlapally, S. Ravi, A. Raghunathan, N. K. Jha, Analyzing the energy consumption of security protocol, ISLPED.

• Concentrate on Memory Integrity Verification (MIV) mechanism and design

novel schemes to make them energy efficient.

• Proposed Novel energy efficient MIV mechanism for embedded systems,

based on sensors.

• Published in proceeding of International Symposium on Electronic System

Design (ISED), 2011

12

Motivation


• Embedded systems typically employ several sensors to interact with its

environment.

• [1], [2] and [3] deploy hardware sensors to measure power dissipation and

thermal dissipation in the CPU.

• Similarly, [3] makes use of a current Sensor Module to predict the power

consumption of their architecture.

• The intuition is to use these sensors to detect any physical attack on the memory.

• Integrity verification is performed only when an attack is detected.

13

Proposed mechanism


References:

[1]. Dongkeun Oh, Nam Sung Kim, Charlie Chung Ping Chen, Azadeh Davoodi, and Yu Hen Hu. Runtime temperature-based

power estimation for optimizing throughput of thermal-constrained multi-core processors. Proceedings of the 2010 Asia and South

Pacific Design Automation Conference (ASPDAC’10), 2010.

[2]. Rich McGowen, Christopher A. Poirier, Chris Bostak, Jim Ignowski, Mark Millican,Warren H. Parks, and Samuel Naffziger.

Power and temperature control on a 90-nm itanium family processor. IEEE JOURNAL OF SOLID-STATE CIRCUITS, 41(1),

2006.

[3]. Lide Zhang, Lan S. Bai, Robert P. Dick, Li Shang, and Russ Joseph. Process variation characterization of chip-level

multiprocessors. DAC’09, 2009.

[4]. R. Muresan, Y. Zhanrong H. Vahedi, and S. Gregori. Power-smart system-on-chip architecture for embedded cryptosystems.

CODES+ISSS, 2005.

14

Proposed Architecture


15

Proposed architecture cont…


Write Operation Read Operation

16

Proposed architecture cont…


• This Detect and Protect mechanism creates multiple hash trees for

verification.

• The verification terminates once the memory block’s hash is verified.

• This creates multiple Disjoint Hash Trees in the memory.

17

Energy Consumption Model


• We propose a probabilistic model to estimate average number of hash

invocations.

• Based on whether the hash of a block of memory is present in the cache or

not.

• This probability is called as a cache hit or cache miss.

18

Results and Analysis


Simulation Framework

• Based on Simplescalar Tool Set, configured to execute Alpha binaries.

• Simulations were performed using a cache based simulator - sim-cache on

Spec2k benchmarks.

Cache Configurations

• Modeled behind ARM cache configurations.

• L1-D Cache: 8KB, 2-way, 32B Line

• L1-I Cache: 16KB, 2-way, 32B Line

• L2-D Cache & L2-I: None

19

Experimental Setup


• Identified two false positives based on the working of MIV and sensor -

Random block to predict the infected memory block and Window size to

predict the number of memory accesses required for the MIV to function.

• Random block size - 16, 20 and 24 bits & Window size - 2000, 8000 and

15000 memory accesses.

• Random attack seed of same size of block size is embedded.

• Number of disjoint trees represent the number of secrets that can be stored

on-chip. Varied for 3 values - 16, 64 and 128.

• Simulations conducted for all 27 possible combinations.

20

Simulation Algorithm


• Inputs: Random block size, Window size, No. of Disjoint trees.

• Sensor monitors the system to detect an attack.

• if Random attack seed == Random Block. (There is an anomaly)

• Invoke MIV for given Window size; Generate disjoint trees.

• During this keep repeating steps 2 & 3.

• If there is match again. (The anomaly persists)

• Extend the Window size; keep generating disjoint trees.

• Else anomaly has subsided.

• De-couple the MIV.

• Keep repeating step 2.

21

Results


Base case Results Average Energy Saved in % for 16 Disjoint Trees

Average Energy Saved in % for 128 Disjoint Trees Average Energy Saved in % for 64 Disjoint Trees

State-of-the-art


Authors Proposed Limitations

Shi et al. Authentication Speculative Execution to

authenticate shared memory.

5% energy degradation.

Catherine et al. Model for key masking 2.5% overhead savings

Muresan et al. Power-Smart System-On-Chip

Architecture

Overhead of 12% of the

total power.

Roger et al. Protect integrity of softwares by signing

each instruction block

5% performance

overhead and 12.5%

memory overhead.

Gelbart et al. Architectural approach to address

memory spoofing attacks.

Performance overhead

ranging between 4.5%

and 26%.

Architectural Approaches

State-of-the-art cont…


Authors Proposed Limitations

Gassend et al. CHash and LHash with varying cache

block sizes

Increases memory

Bandwidth

requirements; high

overhead.

Roger et al. Address Independent Seed Encryption

(AISE) is proposed along with Bonsai

Merkle Trees (BMT)

only 12% to 2%

overhead savings.

Gordon-Ross et al. Low overhead encryption algorithms

and cache level tuning

53% energy savings.

Yan et al. Split-counter scheme for memory

encryption and authentication

20% overhead

improvement.

Memory Encryption and Authentication Approaches

Summary and Conclusions

• There is always a trade-off between security and energy consumption in Embedded

Systems.

• Embedded devices are typically fast, miniaturized and specific to their application

and hence often pose severe energy constraints.

• As they now handle a lot of critical information, security is of utmost importance in

them.

• Therefore the need arises to design new security mechanisms so that their energy

consumption is minimal while still preserving the security of the system.

• With this motivation, we specifically focus on reducing the energy consumption of

Memory Integrity Verification mechanisms in embedded systems and propose an

energy efficient mechanism based on sensors that achieves energy saving in the range

of 88% - 99%.


Thank You

Any Questions?

Can email me at

[email protected]

mailto:[email protected]

Date post:	18-Mar-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

EMBEDDED SYSTEMS SECURITY - CSE at UNT•There is always a trade-off between security and energy...

Documents