Security as a New Dimension in Embedded System Design

Presented by : Vivek Srikantan

Authors:

Paul Kocher

Ruby Lee

Gary McGraw

Anand Raghunathan

Srivaths Ravi

Embedded Systems Design Metrics

• Performance• Power • Cost• Size

And• SECURITY

2

Factors affecting the security implementation in Embedded Systems

• Resource Constraint• Increasing range of attack techniques• Processing capabilities of the embedded systems• Power consumption• Flexible architecture

3

Security Requirements

• Varies depending on whose perspective is considered

• Ex: Cell Phone– Manufacturer– Service provider– Content provider– End user

4

Security Mechanisms

• Symmetric Ciphers

• Secure Hash Algorithms

• Asymmetric Algorithms

5

Security Mechanisms

• Secure communication protocols

• Digital Certificates

• Digital Rights Management

6

Types of Security Attacks

• Software Attacks

• Physical and Side-channel Attacks

7

Software Attacks

• Three Factors or Trinity of Trouble Complexity Extensibility Connectivity

8

Securing against software attacks

9

Physical and Side Channel Attacks

• Invasive Attacks

• Non-invasive Attacks

10

Invasive Attacks

• Physical Attacks De-packaging Layout reconstruction Micro probing or e-beam microscopy

11

Non-Invasive Attacks

• Timing Analysis

• Power Analysis– Simple Power Analysis– Differential Power Analysis

12

Architectures for Security

• Security Processing Architectures

• Attack – Resistant Architectures

13

Security Processing Architectures

• Hardware only approach

- Cost Effective

• Software only Approach

- Processing Gap

- Battery Gap

• Hybrid Approach

14

Attack-Resistant Architectures

• Strong process isolation

• Sealed memory

• Platform attestation

• Secure path to the user

15

Conclusion

• Security is currently specificed in a vague manner

• Time-to-market pressures

• Constrained resources

• Trade-offs

16