EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof...
Transcript of EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof...
![Page 1: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/1.jpg)
EECS 388: Embedded Systems
11. Security (Part 2)
Heechul Yun
1
![Page 2: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/2.jpg)
Agenda
• Security attributes
• Threat model
• Software security
• Information flow
• Encryption
• Digital signature and hashing
• SSL/TLS
2
![Page 3: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/3.jpg)
Information Flow
• Many security properties concern the FLOW of information between different principals in a system.– Confidentiality: preventing secret → attacker
– Integrity: preventing attacker → system
• Information flow security is the study of how such flows affect the security and privacy properties of a system.
3
![Page 4: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/4.jpg)
Example 1: Illegal Information Flow?
4
![Page 5: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/5.jpg)
Example 2: Illegal Information Flow?
5
![Page 6: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/6.jpg)
Example 3: Illegal Information Flow?
6
The fact that you failed to loginLeak some information about Your password
![Page 7: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/7.jpg)
Limiting Password Attempts
• To limit information leakage, most today’s devices disable them after a few failed attempts.
7
![Page 8: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/8.jpg)
Invasive Attack
8
What if the attacker is capable of directly reading from the memory?
![Page 9: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/9.jpg)
Secure Storage and Hashing
9
(hash(input_pwd) == patient_pwd_hash)
patient_pwd_hash = read_from_secure_storage(…)
![Page 10: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/10.jpg)
Invasive Attack
10
What if the attacker is capable of directly reading from the memory?
![Page 11: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/11.jpg)
Basic Cryptography
• Symmetric (shared key) crypto
– XOR encryption (one-time pad)
– DES (56 bit key)
– AES (up to 256bit key)
• Asymmetric (public-key) crypto
– RSA
• Digital signature and secure hashing
– SHA-256
11
![Page 12: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/12.jpg)
XOR
NPUT OUTPUT
A B A XOR B
0 0 0
0 1 1
1 0 1
1 1 0
12
![Page 13: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/13.jpg)
XOR Encryption
Slide source: Edward A. Lee and Prabal Dutta (UCB)
![Page 14: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/14.jpg)
XOR Encryption
Slide source: Edward A. Lee and Prabal Dutta (UCB)
![Page 15: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/15.jpg)
Example
• Encryption
• Decryption
15
01010111 01101001 01101011 01101001 M: message (“Wiki”)XOR 11110011 11110011 11110011 11110011 K: repeat key (11110011)-------------------------------------------= 10100100 10011010 10011000 10011010 C: encrypted message
10100100 10011010 10011000 10011010 C: encrypted messageXOR 11110011 11110011 11110011 11110011 K: repeat key-------------------------------------------= 01010111 01101001 01101011 01101001 M: message (“Wiki”)
https://en.wikipedia.org/wiki/XOR_cipher
![Page 16: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/16.jpg)
XOR Encryption
How?
Slide source: Edward A. Lee and Prabal Dutta (UCB)
![Page 17: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/17.jpg)
Example
• Recovering the key from M and C
• Pros and Cons of XOR Encryption
– Inexpensive
– Insecure when key is used repeatedly and/or part of the message is known
17
01010111 01101001 01101011 01101001 M: message (“Wiki”)XOR 10100100 10011010 10011000 10011010 C: encrypted message -------------------------------------------= 11110011 11110011 11110011 11110011 K: repeat key (11110011)
![Page 18: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/18.jpg)
Symmetric (Shared Key) Cryptography
• Block cipher uses more elaborate algorithms so that key size and message size don’t need to be the same.
• Data Encryption Standard (DES) – mid 1970s.
• Advanced Encryption Standard (AES) – 2001Based on a cryptographic scheme called Rijndaelproposed by Joan Daemen and Vincent Rijmen, two researchers from Belgium. AES uses a message block length of 128 bits and three different key lengths of 128, 192, and 256 bits.
![Page 19: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/19.jpg)
Asymmetric (Public Key) Cryptography• Each participant has two keys, a public and a private one.
• A message is encrypted with the public key.
• The message can only be decrypted with the private key.
• Public and private keys match via clever algorithms.
• Relies on a one-way function, easy to compute, hard to reverse without knowing a (private) key.
![Page 20: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/20.jpg)
SSL/TLS
• Secure Socket Layer/Transport Layer Security
– Widely used for web serverson the Internet
– Provides:• Authentication
• Confidentiality and integrity of communication
HTTPS = HTTP over SSL/TLS
Slide source: Hokeun Kim and E. A. Lee (UCB)
![Page 21: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/21.jpg)
Intro to SSL/TLS Based on Certificates
Account balance
Make wire transfer
Internet
Eavesdropper
ID/PasswordBrowser (client)
Your bank (server)Message Encryption
Shared secret: Cryptographic key for encryption
Slide source: Hokeun Kim and E. A. Lee (UCB)
![Page 22: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/22.jpg)
Intro to SSL/TLS Based on Certificates
• Public key cryptography (e.g., RSA)
Browser (client)
Secret to be sharedEncrypted With Bank's
Public Key
Bank'sPublic Key
Bank'sPrivate Key
Your bank (server)
Decrypted WithBank's Private Key
Slide source: Hokeun Kim and E. A. Lee (UCB)
![Page 23: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/23.jpg)
Intro to SSL/TLS Based on Certificates
• However, even with public key cryptography…Browser (client) Your bank (server)
Bank'sPublic Key
Bank'sPrivate Key
Fake website &Malory's Public Key
Encrypted With Malory's Public Key
Malory"Man In The Middle"
Decrypted WithMalory's Private Key
Encrypted With Bank's Public Key
Malory'sPublic Key
Malory'sPrivate Key
Spoof network address to redirect client to fake website(e.g. DNS cache poisoning)
www.bankofamerica.com=> Malory's IP address
Slide source: Hokeun Kim and E. A. Lee (UCB)
![Page 24: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/24.jpg)
Signing a Message• Each participant has two keys, a public and a
private one.
• A message is encrypted with the private key and both the message and its encryption are sent.
• The encrypted part can be decrypted with the public key. If it matches the plaintext message, the signature is valid.
![Page 25: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/25.jpg)
Intro to SSL/TLS Based on CertificatesA (Digital) Certificate (Proof of Public Key's Authenticity)
Signed (encrypted)* with issuer (CA)'s Private key
Can only be decrypted (verified) with issuer (CA)'s matching public key!
• www.bankofamerica.com
• Additional Information: validity period, etc.
• Bank's public key
Actually the hash of data is encrypted (signed), and the result of decryption is also hash
• Digital Signature
• Name of certificate authority (CA)
Slide source: Hokeun Kim and E. A. Lee (UCB)
![Page 26: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/26.jpg)
Intro to SSL/TLS Based on Certificates
Browser (client) Your bank (server)
CAs Issues a certificate for Bank
Connects to www.bankofamerica.com
CA Certificates(embedded in browser)
Bank's certificate issued by CA
Verify Bank's certificatewith CA's certificate
Malory's (invalid)certificateinsisting ownership of domain
Can't be verified!
Slide source: Hokeun Kim and E. A. Lee (UCB)
![Page 27: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/27.jpg)
Issues with Using SSL/TLS for IoT
• Overhead for resource-constrained devices
– Energy/computation overhead for public key crypto, communication bandwidth, memory, etc.
• Limited support one-to-many communication
– Connections are 1-to-1 (server/client model)
Thermostat
Sensors
HVAC
Garage door
Vehicle
Fridge
Microwave
Washing Machine
Roomba
Mobile phoneRemote doorcontrol
Certificates
Slide source: Hokeun Kim and E. A. Lee (UCB)
![Page 28: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/28.jpg)
Issues with Using SSL/TLS for IoT
• Company Validation… First, we will verify that the company requesting a certificate is in good standing …
• Domain Validation… can include emails or phone calls to the contact listed in a domain's whois record …
• Management overhead of certificates
– If you use commercial certificate authorities (CAs)
– Alternative: free & automated CA• Overhead for managing domains to get certificates
Quotes from www.digicert.com
Slide source: Hokeun Kim and E. A. Lee (UCB)
![Page 29: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/29.jpg)
Summary
• Security used to be an after thought (if any)
• In networked embedded systems (a.k.a. IoT) security is a first-class concern
• Embedded systems security are even harder than desktop/server security because of:– Diversity (no standard os, hardware, runtime, …)
– Resource constraints (performance, energy, memory space, …)
– The prevalent use of C (insecure language)
• Read chapter 17, take security courses…
29
![Page 30: EECS 388: Embedded Systems - ITTCheechul/courses/eecs388/W11... · A (Digital) Certificate (Proof of Public Key's Authenticity) Signed (encrypted)* with issuer (CA)'s Private key](https://reader033.fdocuments.net/reader033/viewer/2022053011/5f0ea8757e708231d4404ccd/html5/thumbnails/30.jpg)
Acknowledgements
• Security slides are based on the materials developed by
– Edward A. Lee and Prabal Dutta (UCB) for EECS149/249A
30