security in E.S

8/7/2019 security in E.S

1/21

Security In Embedded Systems

By:

G.RAVI KUMAR

Under the guidance of:K.VENKATESH SHARMA


2/21


3/21

SECURITY IN EMBEDDED SYSTEMS:

Many modern electronic systems-including PCs, PDAs, cell phones, smart

cards etc---need to access, store, manipulate or communicate information in

this security is the main concern.

Embedded Systems have a wide range of products from electronics and

other semi-conductors, face security concerns and often highly resource

constrained.

Security has been subject in computing and communication systems.


4/21

EMBEDDED SYSTEMS DESIGN CHALLENGES:

Security Processing Gap

Battery Gap

Assurance Gap


5/21

Security has traditionally been a subject in the area of

computing and networking.

Security in embedded systems is often ignored during

Design

Development

period of the product, thus leaving many devices vulnerableto attacks


6/21

INTERNET SECURITY IN EMBEDDED SYSTEMS:

The advantages of having the embedded systems connected to the

Internet would be tremendous.

Embedded computing systems are continuously adopted in a wide

range of application areas and importantly, they are responsible for a

large number of safety-critical systems as well as for the management of

critical information


7/21

The advent of internet-enabled embedded systems introduces a large

number of security issues:

The internet can be used to attack embedded systems.

Embedded systems can be used to attack the internet.

Furthermore,

Embedded systems are vulnerable to many attacks not relevant to

servers because they are physically accessible.

Inadvertent threats due to bugs, improper system use, etc. Can also have

effects that are indistinguishable from malicious attacks.


8/21

THE INTERNET PROTOCOL LACKS SECURITY:

The Internet protocol, IP, has no security features. Thus all the datatransferred over the protocol is unprotected.

UNVERIFIED IDENTITY OF SENDERAND RECEIVER :

When communicating over the IP protocol, the identity of the peer is

unverified.

IP address provides non-reliable information.

Servers typically want to know the identity of the client.

e.g. To verify that the client is authorized. Clients typically want to know

that they are connected to the correct server, before they start to transfer

sensitive information.

DATA CAN BE READ BY UNAUTHORIZED PERSONS :

Data is transferred in clear over the Internet protocol. Thus the data is

unprotected and passwords can be stolen.


9/21

.

ATTACKS ON EMBEDDED SYSTEMS

It is possible to classify the attacks based on their:

Final goal

Functional objective

The method used to execute them

ATTACKS:

Cloning, Theft-of-service,

Spoofing

Feature Unlocking


10/21

COUNTER MEASURES TO AVOID ATTACKS:

The security of embedded systems is often not considered during the design

phase of a new product.

Security is a concern during the development lifecycle of the product.

In this case, developers must face important challenges during :

Processing

Storage

Battery life

There is an important research activity developing technologies for

protecting embedded systems against the attacks.


11/21

AVOID PHYSICAL TAMPERING

To avoid physical tampering, there are mechanisms that offer:

Resistance

Evidence

Detection

Response


12/21

Todays embedded systems often handle sensitiveinformation in the form of:

Application code (IP)

Data

making security a major concern in their design


13/21

SECURITY EVALUATION:

When a manufacturer wants to lunch a new product he needs to know

how secure is his system and whether it meets the security objectives. To

achieve this it is necessary to perform some kind of security evaluation.

Security testing is about making sure that the counter measures present

in a device work correctly and all the security requirements are fulfill. The

most common approach to the evaluation process is to perform a suite of

tests that represents known exploits.

There are two types of threats:1.Theoretical Threats

2.Active Threats


14/21

Centralized control:

Battery attacks:

Privacy:

WHATS DIFFERENT ABOUT EMBEDDED SECURITY?

Cost sensitivity

Interactive matters

Energy constraints


15/21

EXAMPLE: INTERNET THERMOSTATS

For example,

The household thermostat, which controls heating and cooling may have

an embedded computer that adjusts the set point a few times each day to

keep the house comfortable when people are present and to save energy

when they arent.Some thermostats let a homeowner use the internet,

perhaps via cell phone,to communicate imminent arrival home after a

vacation or a day at work. This gives the thermostat time to reach a

comfortable temperature before the owner actually arrives.However,allowing internet control of a thermostat gives rise to several potential

attacks.


16/21

EMBEDDED SYSTEMS DESIGN:

Embedded systems consist of :

Hardware

Software

Environment

The design of embedded systems requires a holistic approach that

integrates essential paradigms from hardware design, software design,

and control theory in a consistent manner.


17/21

TUNING YOUR SCAN:

There are several factors to consider when scanning

embedded systems:

Speed

Availability

Platform


18/21

CONCLUSION:

There is a lack of security on present embedded systems. Security is not

usually taken into account during the design phase of the product and it

is difficult to implement once the product is completed. Even in those

cases where security has been a concern from the beginning, the

developer must face important hardware constraints to include security

measures. Security should be integrated into the product during the

conceptual design phase and should be taken into account for every part

of the design.


19/21

References:

REFERENCE:

Embedded System Security. White Paper.

Transaction Security System. IBM Systems Journal,

An Evaluation System for the Physical Security of Computing Systems.

Tamper Resistance Mechanisms for Secure Embedded Systems.

Practical Secure Hardware Design for Embedded Systems.

Physical Security Devices for Computer Subsystems

en.wikipedia.org/wiki/Embedded_system

search.4shared.com/search.html?...2...Embedded+Systems


20/21

Thank You..!!!


21/21

security in E.S

Documents

Transcript of security in E.S