Trusted remote attestation for secure embedded systems
Editor's note: This article is based on a paper presented by the authors as part of a class (ESC-436) at the Spring 2012 ESC DESIGN West.
Modern mission and safety critical embedded systems present a heterogeneous footprint with different domains, operating systems, devices, and network protocols. Such systems often rely on information originating from remote embedded devices, which run on commercially available platforms that cannot be assumed to be trusted.
Hence, there is the challenge of controlling and trusting the software and information originating from such remote embedded devices. Given the nature of critical systems such as defense, healthcare, and industrial process control, there is a clear need to ensure that the remote embedded devices have not been tampered with through internal networks, the Internet, or other Ethernet, wired or wireless connection points.
In this paper, we describe the investigation of a real-time remote attestation approach that ensures software and information from remote embedded devices can be trusted. Our solution addresses two key challenges: how to ensure the integrity of code on a remote device that uses Commercial-off-the-shelf (COTS) OS and software, and how to securely communicate the state of the software both at boot-up and run time.
We investigated measurement tools to determine the integrity of critical software running on remote devices. Using virtualization, we sought to separate the target device’s OS and software from the measurement tools such that the integrity of the measurements could not be compromised. Our framework included Trusted Platform Module (TPM) [1] hardware as the root of trust for the software measurements. Finally, we wanted attestation information to be securely and efficiently communicated using the security-enhanced Object Management Group (OMG) Data Distribution Service (DDS) standard.
RTI and ObjectSecurity investigated an architecture that can assess the trust posture of a remote embedded device by measuring its software integrity. The architecture includes a mechanism for communicating the result of the measurements to a local verifier using DDS as the attestation transport. By using the intrinsic characteristics of DDS, we also wanted the ability to detect misconfigured local and remote devices before communication is established.
Further, we identified the mechanisms required to securely communicate attestation information from remote embedded devices to monitoring nodes. In particular we identified the parts of a solid security architecture for the described architecture: Model-driven security for access policy automation, together with attribute-based access control, authorization-based access control, and traditional mechanisms such as SSL/TLS and authentication.
We used a DDS-based real-time messaging technology as a secure communication gateway that can be integrated with hypervisor technologies. We used the misconfiguration detection mechanisms provided by the publish-subscribe middleware.
ObjectSecurity has expertise in security policy management, and has developed a model-driven security policy automation technology called OpenPMF (Open Policy Management Framework). RTI has extensive experience with defense networks and supports Technology Readiness Level (TRL) 9 technology in mission-critical applications. RTI is the leading vendor of DDS middleware. RTI co-wrote the DDS standard, chairs the OMG committee, and sits on the OMG board.
Critical Systems Use of Exposed Heterogeneous Frameworks
Safety-critical and mission-critical systems such as defense, health care, and control systems are rapidly evolving. Modern systems integrate complex distributed functions, building upon a heterogeneous framework comprising different domains, operating systems, devices, and network protocols. These include remote embedded sensors, payloads, communication nodes, command and control, and mission planning. Currently, few formal security processes or technologies are used to secure the perimeters of such critical systems.
While technologies such as Supervisory Control and Data Acquisition (SCADA) systems have been designed for reliability and personnel safety, only implicit trust of their components and communication has been the norm. For the most part, SCADA systems historically did not consider threats from malicious intruders. In fact, most SCADA users are still ignorant about their exposure, with only robustness against basic errors considered.
Untrustworthy Remote Embedded Devices and Software
The Stuxnet worm, which targets embedded systems [2], signals a change in this state of affairs. Stuxnet is considered the most complex threat to date that targets industrial control systems. Its final goal is to alter the code on programmable logic controllers (PLCs) to change the intended system’s behavior in a manner that is not readily observable by the operators. The exploits that are used include zero-day malware, a Windows rootkit, the first ever PLC rootkit in the wild, antivirus evasion, complex process injection, etc. The original infection may have been introduced by removable drives, but in the future, we expect to see similar exploits originating from external networks.
In a General Accounting Office (GOA) report [3], the US Government predicted this weakness and identified five trends that have escalated the risk to SCADA networks. The most prevalent threat involves connecting to external networks through modern technologies such as Ethernet and the Internet Protocol (IP). Although using these technologies makes systems functional and efficient, it unfortunately also opens our key national infrastructure to cyber attacks, especially through the use of embedded devices.
A similar vulnerability is inherited by a number of modern safety-critical embedded systems—from sensors to medical devices to remote vehicles to automotive systems—which are also becoming network-accessible [4]. For example, the embedded software in implanted medical devices is now accessible via radio frequency identification (RFID) interfaces [5] and has already been proven vulnerable to attack [6]. Moreover, automotive embedded-device software connects to cloud service technology [7] and DoD tele-medical applications enable software-controlled surgical robots in U.S. military facilities in Iraq to be operated via satellite uplinks by doctors at the U.S. Navy Hospital in Bethesda, Maryland [8].
Hoglund and McGrew [9] raise the problem of a misconception regarding embedded devices: there is an assumption that they are not vulnerable to remote software-based attacks because they do not include an interactive shell out of the box. Hence, it is assumed that the worst thing that an attacker can do to most embedded systems is merely to crash the device. However, this is not the case, as complex programs can be inserted via a remote attack on an embedded system. Shell code is only one of them. The highest risk lies in the fact that embedded device use commercially available platforms that can be reverse engineered and ultimately attacked; thus, they cannot be trusted.
Securing operations with Remote Attestation and Communication
To provide reliable evidence about the state of the software executing on an embedded device, a trusted computing approach is needed. Specifically, remote attestation can offer assurance of software invocation, delivery of content to trusted clients, and mitigation of mutual suspicion between clients [10]. This approach relies upon measurement mechanisms that collect software integrity information on the state of the target embedded device. However, remote attestation and software-integrity measurement systems need flexibility. They must provide not only completeness of measurement and trust in the collection, but also dissemination of the attestation information. Moreover, they increasingly need to cope with mobile sensors and mobile handheld devices, which exhibit resource limitations. In this case, data compression and feature extraction are needed to balance dissemination of collected information against often high cost wireless communications [11].
Remote attestation architecture. RTI and ObjectSecurity investigated a remote attestation infrastructure that ensures end-to-end control of remote embedded devices and applications using commercially available platforms across different administrative domains in real time; as seen in Figure 1.
Figure 1: Remote embedded devices attest that they are not compromised prior to initiating communication with the enterprise system. Periodic attestation is used to ensure integrity over time.
As shown in Figure 2, our architecture used a secure hypervisor approach that allows a separation between the integrity measurements of the target COTS guest OS along with the embedded system applications, and the target COTS guest OS itself. Measurement tools are used to determine the integrity of critical software running on remote embedded devices. The architecture uses commodity TPM hardware to provide the root of trust for the software measurements. Finally, a real-time distributed framework reports attestation evidence.
Figure 2: Remote attestation architecture for embedded devices
Communication and Misconfiguration Detection with OMG DDS
The Object Management Group (OMG) Data Distribution Service (DDS) standard [12] [13] provides the technology base for developing a distributed trust architecture.
DDS publish-subscribe middleware is well suited to communicate between applications running on different hardware, between various operating systems, and over many transports. Active efforts are underway to develop new secure and safety-certified versions.
DDS is a critical technology used by embedded military networks on land, sea, air, and space. For example, the US Navy Aegis uses DDS to provide data distribution across its distributed combat management system. DDS is also being adopted by SCADA systems. For instance, Schneider Electric uses DDS to provide global data access in its line of programmable logic controllers.
Loading comments... Write a comment