The growing challenge of securing embedded systems
In his most recent column “Trends in embedded software design,” former Embedded Systems Design (ESD) editor Michael Barr identifies what he thinks will be one of the greatest challenges for embedded designers: securing their now ubiquitously connected device hardware and software from malicious hackers. In this, he is reinforcing a theme that is often addressed by Embedded.com columnist Jack Ganssle in such columns as “Is the SCADA infrastructure secure?”
Writes Barr: “We must architect our systems first to be secure and then to be able to take downloads securely so that our products can keep up in the inevitable arms race against hackers and attackers.”
The challenges ahead for embedded developers surmount even those the laws of physics present them with as they push to lower power operation in constrained and often wirelessly untethered environments. This is because the laws of physics do not change but the whims and strategies of hackers do.
As the recent Stuxnet worm attacks demonstrated, embedded developers will be facing malicious hackers and intentional attackers who are as creative in the ways they find to penetrate into connected systems as software and hardware engineers are in creating them. This means embedded developers can no longer depend on traditional security solutions, many of which have been written about extensively on Embedded.com.
Fortunately, new and imaginative solutions are emerging. Based on a sampling of about a dozen or so companies and engineers I have talked to in recent months, here are my Editor’s Top Picks of new or recent security strategies:
Code morphing. This idea comes from researchers at Italy’s Politecnico di Milano and described in a paper at the 2012 Design Automation Conference. They have built an automated framework for creation of countermeasures against Differential Power Attacks (DPA) aimed at cryptographic primitives. They do this by creating multiple versions of the code, only one of which contains the secret key, to prevent attackers from recognizing the exact point in time where the observed operation is executed via an easily identifiable power surge signature. They have tested the approach in a simulated DPA attack against OpenSSL AES implementation on an industrial grade ARM-based SoC.
Trojan Horse Benchmarks. Looking at the security problem in a different way, researchers at the University of California, Los Angeles, have developed a set of benchmarks security specialists can use to track down Trojan horse files that may have already been inserted into a system and which can make copies of themselves, steal information, or harm their host computer systems. Described in a paper presented at the 2012 DAC, they have developed a technique that combines an iterative searching algorithm to find switching locations and a backtracking-based reconvergence method of identifying normally non-observable delay paths and tracking the Trojan horse back to its hiding place.
Logic Obfuscation. Researchers at the Polytechnic Institute of New York, New York University, and the Air Force Research Labs are been working on a way to deal with device counterfeiting and hacking using a technique they call 'logic obfustcation'. Somewhat similar to software code morphing, their technique is described in a paper presented at the 2012 DAC. To gain access to systems, hackers have developed hardware Trojans that can be inserted and hidden in devices removed from the supply chain and then inserted back into it with Trojans awaiting for the right code sequence to do their dirty work. Traditional techniques for guarding against this, the researchers found, were easily surmounted, so they have developed an exponential algorithm technique that explodes the number of logic combinations hackers would have to employ to get at their hidden hardware Trojans.
Hiding keys and secured data in the cloud. Using a set of proprietary techniques, Security First Corp. has developed a secret sharing scheme in which a cryptographic key is randomly generated and a collection of key shares is created. Data that needs to be secured is encrypted using the key, resulting in a ciphertext that is broken into fragments using an Information Dispersal Algorithm that spreads them to locations on the network where they reside hidden until needed and decrypted.
Security rulesets. Methods have been developed by Wurldtech to test and manage, and then mitigate SCADA cyber security threats in control systems and embedded devices. To prevent cyber attackers from penetrating into SCADA systems and causing the plant operator to lose control of critical devices, it uses a framework that allows creation of powerful security test suites capable of quickly and efficiently testing a protocol’s implementation against its specification. It makes use of a Unified Threat Management System (UTMS) for securing network traffic in a process control system that tells the control devices under which conditions they can accept or deny the network traffic. The system is based on rulesets derived from tests and other information about the latest security threats, threat patterns, and control system vulnerabilities found or predicted to exist within the network.
Two pronged security. The recent change in strategy by hackers writing botnets that currently plague the networks is illustrative of the constantly morphing security landscape embedded developers will have keep in mind. Once security experts figured out that most of them used a centralized command and control structure with a single botmaster, the botnet designers moved to more Hydra-like peer-to-peer structures that are harder to counter. Researchers at the Veermata Jijabai Technological Institute (VJTI) in Mumbai, India, have come up with a dual pronged search, indentify and destroy mechanism.
The first line of defense in the VJTI model is an algorithm designed to protect individual nodes within a network. But if an intrusion is detected at more than one of the nodes, their system goes to a second line of defense - a separate software algorithm running on the network itself that checks incoming and outgoing traffic for signs of malware.
Their software monitors parameters on networked devices, looking for lags in response time, unbalanced output-to-input data traffic ratios, or other signs of bot infection. Over time their software is designed such that it “learns” how a particular node is used—the typical addresses of inbound and outbound data, for example—so that it can more accurately spot unusual activity. If it spots something suspicious, it triggers security software, which analyzes the devices on the network in search of now known malware, or patterns that are the signature of a botnet.
There are also numerous techniques being developed for the physical security of the integrated circuits and the logic they contain, not only to prevent counterfeiting but to prevent unauthorized physical access to insert hidden keys that hackers later can access over the network and open a system for purposes of information gathering or disruption. These include:
Physically unclonable functions (PUFs). PUFs are a common technique for deriving truly random crypto key sequences derived from the absolutely unique physical characteristics of the device itself, and thus in theory are resistant to cloning or physical tampering. While current PUF techniques are focused on improving quality at the architectural level, researchers at the University of Maryland, College Park, have come up with a technique that uses an IC’s fundamental source of randomness, the fabrication process. Described in a paper at the 2012 DAC, they have used the Optical Proximity Correction step in the fabrication process, normally used to suppress manufacturing variations. They instead use OPC to increase the effects of manufacturing variations within PUF circuitry and produce more randomness in PUFs for greater uniqueness and reliability.
Hardware intrinsic security. Developed by IntrinsicID, HIS uses the unique "intrinsic" digital characteristics of a device itself whenever it is turned on rather than using the underlying silicon to generate unique randomly generated secret keys. Unlike the one-time approach used in traditional PUFs, which requires storage after it is created,HIS on the fly generates a secret key derived from characteristics of the device at the moment it is needed. This allows the device to generate a secret key only when needed and power down with no key present. Because no key is stored, attackers have nothing to find.
Beyond making use of such efforts as those described above, there’s a lot embedded developers can do by writing better, more concise and better structured and efficient code. A truism that emerges from almost every conversation I have with security specialists is that the easiest way hackers have to gain access to software is through the holes left in the final, but less than tightly written, code base. Good quality code is secure code.
This means that embedded software developers may have to be not only more disciplined in their current work habits, but as code complexity increases, they may have to move to the more structured development environments, as Jack Ganssle advocates, or to more sophisticated model-driven and model-based automatic code generation tools that Michael Barr is predicting.
Embedded developers can no longer hide their designs in obscurity and assume they are protected by the invisibility of the embedded devices to the outside world and the security threats that reside there. Invisible no longer, embedded systems are not only front and center in our homes in literally every electronics system we use, but are becoming more ubiquitously connected through machine-to-machine networks and the Internet of Things.