Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms...
-
date post
18-Dec-2015 -
Category
Documents
-
view
217 -
download
0
Transcript of Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms...
![Page 1: Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d255503460f949fb89a/html5/thumbnails/1.jpg)
Building Security into Embedded Systems:Validating Theoretical Designs using Experimental
Platforms
Yuan XueInstitute for Software Integrated Systems Vanderbilt University
A joint work withMatthew Eby, Janos Mathe, Jan Werner, Taojun Wu, Gabor Karsai, Sandeep Neema, Janos Sztipanovits, Akos Ledeczi
![Page 2: Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d255503460f949fb89a/html5/thumbnails/2.jpg)
Outline
• Introduction• Challenge• Approach• Two Projects
– Experiment Platform for Model-based Secure Embedded System Design
– Application-Driven Testbed for Wireless Sensor Network Security Analysis and Design
![Page 3: Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d255503460f949fb89a/html5/thumbnails/3.jpg)
Introduction
• Embedded systems – Low end: cellphones, PDAs, sensors, smartcards– High end: routers, home appliances
• They are– Interactive with physical world – Pervasive in our daily life– Essential for national critical infrastructure
• Currently embedded systems are migrating – From proprietary solutions to open standard– From standalone systems to networked
environments
Increasing concern of security threats in embedded systems
![Page 4: Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d255503460f949fb89a/html5/thumbnails/4.jpg)
Challenge
• Security solutions developed in the context of desktop-based operating systems and networks– Cryptography, – Secure network protocol– Etc.
• Designing secure embedded systems faces unique challenges– Embedded system design is a systems-software co-design
problem needs to meet cross-cutting requirements in terms of performance and physical constraints
– Securing embedded systems involves more issues than what are addressed for desktop computing
• Resource constraint • Development model and environment
Applying existing security mechanisms as the additions of functional features is insufficient to secure embedded systems
![Page 5: Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d255503460f949fb89a/html5/thumbnails/5.jpg)
Approach
• Our approach– security consideration as an integral part
throughout the design process, – security design to be validated over the
software and system platforms.
• This talk will present two experimental platforms– Plant control system– Wireless sensor network
Secure embedded system design needs to be validatedusing the experimental platforms
![Page 6: Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d255503460f949fb89a/html5/thumbnails/6.jpg)
Experimental Platform for
Model-Based Secure Embedded System Design
![Page 7: Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d255503460f949fb89a/html5/thumbnails/7.jpg)
Overview
• Model-based Approach to Embedded System Design
• Integrate Security into Model-based Approach
• Experiment Platform Architecture• Demonstration System
![Page 8: Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d255503460f949fb89a/html5/thumbnails/8.jpg)
Model-based Approach
Models facilitate formal analysis, verification, validationand generation of embedded systems
Functional Models
ComponentModels
Componentized Model Platform
Model
Deployment Model
Generators(Interpreters)
Composition Platform(e.g.: AADL)
HW/SW Architecture(Windows, Linux)
Source Files(e.g.: SimuLink, Hand crafted code, etc.)
![Page 9: Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d255503460f949fb89a/html5/thumbnails/9.jpg)
Integrate Security into Models
Generators(Interpreters)
Secure Composition Platform(e.g.: AADL security extension)
Hardware, OS service(e.g.: Kernel partition)
Source Files(e.g.: SimuLink, Hand crafted code, etc.)
Security Extension examples
• Role Based Access Control
• Secure Links• Fair Exchange
Functional Model
Component Model
Secure Componentized Model
PlatformModel
Deployment Model
Securityextension
Securityservice
Secure Component Structure Model
Securitypolicy
![Page 10: Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d255503460f949fb89a/html5/thumbnails/10.jpg)
Advantages
• Advantages to integrate security into model-based embedded system development– Introducing security at design level– Verifying required security properties using
explicit security models– Consistent and automatic configuration of
security services offered by the operating system
– Investigating design tradeoffs between performance and security properties
![Page 11: Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d255503460f949fb89a/html5/thumbnails/11.jpg)
An Example based on AADL
• AADL (Architectural Analysis and Design Language – SAE Aerospace Standard (AS5506)– provide a standard interface and
environment for system designers to model, analyze and generate embedded system code. AADL Components
AADL Metamodel
![Page 12: Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d255503460f949fb89a/html5/thumbnails/12.jpg)
AADL Security Extension
An example security mechanism
Role-based Access Control
• Objects – subject to access control
• Operations – execution of some functions on objects
• Permissions – approval to perform operation on RBAC protected object
• Roles – job with assigned authority and responsibility
• Users – human being, machine, network or agent requesting operation on objects
Security Extension Metamodel
![Page 13: Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d255503460f949fb89a/html5/thumbnails/13.jpg)
Platform Security Service Modeling
Security Service Providers• OS (ex: Linux, LynxOS, WinCE)• HW (ex: Space Partitioning,
Memory protection)• Services of different
applications• (ex: Web Browser Based
Authentication)• Partition in OS
Platform Security Models with sufficient detail enable Code Generators to access Platform Specific Security Services
Theoretical Security Concepts (Platform Independent)
Theoretical Security Concepts (Platform Independent)
SecurityRequirementsof a System
Existing Security Solutions Provided Different Platforms
Existing Security Solutions Provided Different Platforms
SecurityCapabilitiesof a Platform
Mapping between requirementsand underlying capabilities
( Ideally requirements are thesubset of the capabilities )
Platform Security Service Model-- Abstracts out security properties of the platform that are essential for the design flow
![Page 14: Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d255503460f949fb89a/html5/thumbnails/14.jpg)
Software Architecture with Security Extension
Embedded Hardware Target
Real-TimeOperating System
AADL Runtime System
Application Software
Component
Application Software
Component
Application Software
Component
Embedded Hardware Target
Real-Time Operating System
OS Security Extension
App App App
AADLRuntimeSystem
Application Software
Component
AADLRuntimeSystem
Application Software
Component
AADLRuntimeSystem
Application Software
Component
API
API
AADL Execution Environment
AADL Extended AADL
![Page 15: Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d255503460f949fb89a/html5/thumbnails/15.jpg)
Experimental Platform Architecture
10/100BASE-T or 802.11b
PlantSimulator
Data Acquisition Board (DAQ)
EmbeddedSystem Board
EmbeddedSystem Board
EmbeddedSystem Board
The Data Acquisition Board interfaces plant simulation with embedded system boards
The Plant Simulator acts as the physical environment in which the embedded system would run
The embedded system boards run distributed control algorithms
![Page 16: Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d255503460f949fb89a/html5/thumbnails/16.jpg)
Implementing Systems on Platform
• The experimental platform facilitates “Hardware”-in-the-Loop testing of controllers.
• High fidelity plant simulations behave just as the actual physical environment would.
• Controllers can run on various operating systems with different security designs.
• Code for controllers is generated based on security models for the embedded system
![Page 17: Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d255503460f949fb89a/html5/thumbnails/17.jpg)
Putting things Together!
10/100BASE-T or 802.11b
PlantSimulator
Data Acquisition Board (DAQ)
EmbeddedSystem Board
EmbeddedSystem Board
EmbeddedSystem Board
Automatic Code Generation and Deployment
Ref
eren
ce
Th
e p
rocess o
f A
AD
L c
od
e
gen
era
tion
![Page 18: Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d255503460f949fb89a/html5/thumbnails/18.jpg)
Results
• Real-Time Simulation of Three Tank Fluid Transfer System
• With I/O register protection only the tank control process has permission to write to I/O channels
• Model-Based approach can map desired security properties to underlying platform services such as POSIX capabilities (e.g. CAP_SYS_RAWIO)
![Page 19: Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d255503460f949fb89a/html5/thumbnails/19.jpg)
Application-Driven Testbed for
Secure Wireless Sensor Network Design
![Page 20: Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d255503460f949fb89a/html5/thumbnails/20.jpg)
Dirty Bomb Detection & Localization
Stadium with Sensors Deployed
Google Earth Illustration of Localization System
Automatic Camera Feed
~12 Static XSM Motes (positions known )
Guard moves with an XSM Mote, tracked by RIPS technology
![Page 21: Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d255503460f949fb89a/html5/thumbnails/21.jpg)
Architecture
Rad level servlet and camera glue code
Tracking service anduser interface
Nextel/Internet
Mote network
Camera controlnode (Linux)
Jumbotroncontroller
VGA to NTSCadapter
Rad detector, mobile phone
mote
Internet
![Page 22: Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d255503460f949fb89a/html5/thumbnails/22.jpg)
System Vulnerabilities
Rad level servlet and camera glue
code
Tracking service and
user interface
Nextel/Internet
Mote network
Camera controlnode (Linux)
Jumbotroncontroller
VGA to NTSCadapter
Rad detector, mobile phone
mote
Internet
Mac/Link
Network
Application/Service
Physical• Jamming
• Bogus tracking results• Tracking commandSpoofing• Battery consumption attack
• MAC DoS• Eavesdropping
• Packet dropping• Mis-forwarding• ID spoofing• Forging routingInformation• Disclosing/modifying/replaying tracking results
Sensor network vulnerabilities
Traditional network/system vulnerabilities
• Denial of Service Attack• Information disclosing/modification/replaying• Address Spoofing• etc..
![Page 23: Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d255503460f949fb89a/html5/thumbnails/23.jpg)
Security Issues in Sensor Networks
Security IssuesMechanisms
Jamming Physical
Mac/Link
Network
addressing
routing
forwarding
MAC DoS
Eavesdropping
Address spoofing
Forge routing information
Drop/forward to wrong neighbor
Release/modify contentMsg Auth Code
Application
/ServiceEncryption
Secure Routing
Source Authentication
Link Level Encryption
Attach Detection
User ID spoofingUser Authentication
![Page 24: Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d255503460f949fb89a/html5/thumbnails/24.jpg)
Peer Authentication Scheme
• Objective– Provide efficient, effective, and flexible peer
sensor authentication
• Basic Idea – Symmetric-key based (SkipJack in TinySec)– Each sensor node has a different set of keys
through a pre-key distribution scheme– Multiple MACs are generated for each
message from a sensor node– MACs are verified at the receiver sensor
using its common keys with the sender
![Page 25: Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d255503460f949fb89a/html5/thumbnails/25.jpg)
A Simple Example
A
D
B
C
1
4 2
3
A
D
B
C
D
C
B
C
C
I am C
You are not C, since you
don’t have key 3
You are not C, since you don’t
have key 2
I know you are not me.
Sensors A, B, C, D have different combination of overlapping keys:
A: 1, 4B: 1, 2C: 2, 3D: 3, 4
Sensor A pretends to be C, appends message authentication code (generated with key 1 & 4) to outgoing messages
![Page 26: Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d255503460f949fb89a/html5/thumbnails/26.jpg)
Implementation and Results
• We implement the peer authentication scheme as a component (MultiMAC) under TinyOS (based on SkipJack in TinySec)
• Measurement Results– Computation time: 5.3 ms;– Verification time: < 0.1 ms, 1.3~1.4 ms or
2.5 ms, if receiver has 0, 1 or 2 keys in common with sender.
• Demonstration Video– Windows Media
![Page 27: Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d255503460f949fb89a/html5/thumbnails/27.jpg)
Summary
• Security is an increasing concern in embedded system design
• Using a model-based approach, security can be considered as an integral part through design process
• Experiment platforms are critical to validate security designs
![Page 28: Building Security into Embedded Systems: Validating Theoretical Designs using Experimental Platforms Yuan Xue Institute for Software Integrated Systems.](https://reader036.fdocuments.net/reader036/viewer/2022062421/56649d255503460f949fb89a/html5/thumbnails/28.jpg)
Thank you very much!
Questions?