security in E.S
Transcript of security in E.S
-
8/7/2019 security in E.S
1/21
Security In Embedded Systems
By:
G.RAVI KUMAR
Under the guidance of:K.VENKATESH SHARMA
-
8/7/2019 security in E.S
2/21
-
8/7/2019 security in E.S
3/21
SECURITY IN EMBEDDED SYSTEMS:
Many modern electronic systems-including PCs, PDAs, cell phones, smart
cards etc---need to access, store, manipulate or communicate information in
this security is the main concern.
Embedded Systems have a wide range of products from electronics and
other semi-conductors, face security concerns and often highly resource
constrained.
Security has been subject in computing and communication systems.
-
8/7/2019 security in E.S
4/21
EMBEDDED SYSTEMS DESIGN CHALLENGES:
Security Processing Gap
Battery Gap
Assurance Gap
-
8/7/2019 security in E.S
5/21
Security has traditionally been a subject in the area of
computing and networking.
Security in embedded systems is often ignored during
Design
Development
period of the product, thus leaving many devices vulnerableto attacks
-
8/7/2019 security in E.S
6/21
INTERNET SECURITY IN EMBEDDED SYSTEMS:
The advantages of having the embedded systems connected to the
Internet would be tremendous.
Embedded computing systems are continuously adopted in a wide
range of application areas and importantly, they are responsible for a
large number of safety-critical systems as well as for the management of
critical information
-
8/7/2019 security in E.S
7/21
The advent of internet-enabled embedded systems introduces a large
number of security issues:
The internet can be used to attack embedded systems.
Embedded systems can be used to attack the internet.
Furthermore,
Embedded systems are vulnerable to many attacks not relevant to
servers because they are physically accessible.
Inadvertent threats due to bugs, improper system use, etc. Can also have
effects that are indistinguishable from malicious attacks.
-
8/7/2019 security in E.S
8/21
THE INTERNET PROTOCOL LACKS SECURITY:
The Internet protocol, IP, has no security features. Thus all the datatransferred over the protocol is unprotected.
UNVERIFIED IDENTITY OF SENDERAND RECEIVER :
When communicating over the IP protocol, the identity of the peer is
unverified.
IP address provides non-reliable information.
Servers typically want to know the identity of the client.
e.g. To verify that the client is authorized. Clients typically want to know
that they are connected to the correct server, before they start to transfer
sensitive information.
DATA CAN BE READ BY UNAUTHORIZED PERSONS :
Data is transferred in clear over the Internet protocol. Thus the data is
unprotected and passwords can be stolen.
-
8/7/2019 security in E.S
9/21
.
ATTACKS ON EMBEDDED SYSTEMS
It is possible to classify the attacks based on their:
Final goal
Functional objective
The method used to execute them
ATTACKS:
Cloning, Theft-of-service,
Spoofing
Feature Unlocking
-
8/7/2019 security in E.S
10/21
COUNTER MEASURES TO AVOID ATTACKS:
The security of embedded systems is often not considered during the design
phase of a new product.
Security is a concern during the development lifecycle of the product.
In this case, developers must face important challenges during :
Processing
Storage
Battery life
There is an important research activity developing technologies for
protecting embedded systems against the attacks.
-
8/7/2019 security in E.S
11/21
AVOID PHYSICAL TAMPERING
To avoid physical tampering, there are mechanisms that offer:
Resistance
Evidence
Detection
Response
-
8/7/2019 security in E.S
12/21
Todays embedded systems often handle sensitiveinformation in the form of:
Application code (IP)
Data
making security a major concern in their design
-
8/7/2019 security in E.S
13/21
SECURITY EVALUATION:
When a manufacturer wants to lunch a new product he needs to know
how secure is his system and whether it meets the security objectives. To
achieve this it is necessary to perform some kind of security evaluation.
Security testing is about making sure that the counter measures present
in a device work correctly and all the security requirements are fulfill. The
most common approach to the evaluation process is to perform a suite of
tests that represents known exploits.
There are two types of threats:1.Theoretical Threats
2.Active Threats
-
8/7/2019 security in E.S
14/21
Centralized control:
Battery attacks:
Privacy:
WHATS DIFFERENT ABOUT EMBEDDED SECURITY?
Cost sensitivity
Interactive matters
Energy constraints
-
8/7/2019 security in E.S
15/21
EXAMPLE: INTERNET THERMOSTATS
For example,
The household thermostat, which controls heating and cooling may have
an embedded computer that adjusts the set point a few times each day to
keep the house comfortable when people are present and to save energy
when they arent.Some thermostats let a homeowner use the internet,
perhaps via cell phone,to communicate imminent arrival home after a
vacation or a day at work. This gives the thermostat time to reach a
comfortable temperature before the owner actually arrives.However,allowing internet control of a thermostat gives rise to several potential
attacks.
-
8/7/2019 security in E.S
16/21
EMBEDDED SYSTEMS DESIGN:
Embedded systems consist of :
Hardware
Software
Environment
The design of embedded systems requires a holistic approach that
integrates essential paradigms from hardware design, software design,
and control theory in a consistent manner.
-
8/7/2019 security in E.S
17/21
TUNING YOUR SCAN:
There are several factors to consider when scanning
embedded systems:
Speed
Availability
Platform
-
8/7/2019 security in E.S
18/21
CONCLUSION:
There is a lack of security on present embedded systems. Security is not
usually taken into account during the design phase of the product and it
is difficult to implement once the product is completed. Even in those
cases where security has been a concern from the beginning, the
developer must face important hardware constraints to include security
measures. Security should be integrated into the product during the
conceptual design phase and should be taken into account for every part
of the design.
-
8/7/2019 security in E.S
19/21
References:
REFERENCE:
Embedded System Security. White Paper.
Transaction Security System. IBM Systems Journal,
An Evaluation System for the Physical Security of Computing Systems.
Tamper Resistance Mechanisms for Secure Embedded Systems.
Practical Secure Hardware Design for Embedded Systems.
Physical Security Devices for Computer Subsystems
en.wikipedia.org/wiki/Embedded_system
search.4shared.com/search.html?...2...Embedded+Systems
-
8/7/2019 security in E.S
20/21
Thank You..!!!
-
8/7/2019 security in E.S
21/21