Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using...
Transcript of Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using...
![Page 1: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/1.jpg)
embedded systems security: virtualizationand beyond
Kolin Paulhttp://www.cse.iitd.ac.in/~kolin
Department of Computer Science and TechnologyIndian Institute of Technology Delhi
![Page 2: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/2.jpg)
day one
![Page 3: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/3.jpg)
me
• Associate Professor @CSE@IITD
• Research Area• Reconfigurable Computing
• Silicon Compilation• Custom Processor Design
• Embedded Systems• Runtime Systems
• Hardware Security.
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 3
![Page 4: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/4.jpg)
introduction
• Security and Privacy are key challenges to IoT Growth1
• Security is often a BoltOn
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 4
![Page 5: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/5.jpg)
iot architecture
• IoT is• Devices using Internet Protocol to
communicate
• Why the Buzz ...• 32 bit µControllers• Powerful yet low power• Can run the entire Stack
• Hence
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 5
![Page 6: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/6.jpg)
iot architecture
• IoT is• Devices using Internet Protocol to
communicate
• Why the Buzz ...• 32 bit µControllers• Powerful yet low power• Can run the entire Stack
• Hence
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 6
![Page 7: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/7.jpg)
so why should we be concerned?
• 20-50 Billion Devices• Unequal Capabilities• Security in the whole• Design time constraint
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 7
![Page 8: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/8.jpg)
how real is the threat?
• Smart Grid
Source: Google
• Smart Meter• Physical Attack• Breach of metering databases• Remote connect/disconnect
Notice the significant increase in Attack Surface by becoming Smart
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 8
![Page 9: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/9.jpg)
how real is the threat?
• Smart Grid
Source: Google
• Smart Meter• Physical Attack• Breach of metering databases• Remote connect/disconnect
Notice the significant increase in Attack Surface by becoming Smart
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 9
![Page 10: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/10.jpg)
how real is the threat?
• Smart Grid
Source: Google
• Smart Meter• Physical Attack• Breach of metering databases• Remote connect/disconnect
Notice the significant increase in Attack Surface by becoming Smarthttp://www.cse.iitd.ac.in/~kolin Embedded Systems Security 10
![Page 11: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/11.jpg)
how real is the threat?
• Connected Vehicles• V2V Communications• Mobile Integration• In car WiFi
• Risks• Install “unauthorized components”• Tamper ECU• Fake ADAS Messages• Leak Driver/owner behavior information• Electronic Attack
• Current Scenario• Very few “(Open) Gates”• ECUs are secured• Similar to a Bank vault
Notice the significant increase in Attack Surface by becoming Smart
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 11
![Page 12: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/12.jpg)
how real is the threat?
• Connected Vehicles• V2V Communications• Mobile Integration• In car WiFi
• Risks• Install “unauthorized components”• Tamper ECU• Fake ADAS Messages• Leak Driver/owner behavior information• Electronic Attack
• Current Scenario• Very few “(Open) Gates”• ECUs are secured• Similar to a Bank vault
Notice the significant increase in Attack Surface by becoming Smarthttp://www.cse.iitd.ac.in/~kolin Embedded Systems Security 12
![Page 13: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/13.jpg)
challenges and opportunities
• Opportunities• Healthcare• Homes• Smart Cities• (Connected) Vehicles
• Challenges• Potentially insecure code• Unauthenticated Devices• Device EveryWhere Syndrome• Absence of a System Level
Abstraction
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 13
![Page 14: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/14.jpg)
the solution space
• Tamper-proofing the hardware• Implementing secure processing domains
• ARM TrustZone• Secure boot• Secure storage
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 14
![Page 15: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/15.jpg)
hardware security
• Ensure Code at Boot is “authentic”• Root of Trust• Secure Boot• DPA Resistant• Protect IP
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 15
![Page 16: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/16.jpg)
system virtualization
• Complexity of the Stack• Every linux based effort becomes a proprietary stack• Typical OS abstractions are mature
• New emerging requirements, IP issues can be frustrating to implement incurrent stack
• A new OS in market
New Level of Abstraction needed to handle sophisticated electronichardware is the OS
• Have the ability to run any operating system in the hardware
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 16
![Page 17: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/17.jpg)
system virtualization
• Complexity of the Stack• Every linux based effort becomes a proprietary stack• Typical OS abstractions are mature
• New emerging requirements, IP issues can be frustrating to implement incurrent stack
• A new OS in marketNew Level of Abstraction needed to handle sophisticated electronichardware is the OS
• Have the ability to run any operating system in the hardware
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 17
![Page 18: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/18.jpg)
embedded hypervisor
• System Virtualization• Enables hosting of multiple OS in
the same physical hardware
• Also known as Virtual Machines• Guest Operating systems
• Different from Enterprisehypervisors• Embedded hypervisor is designed
specifically for embedded andmobile systems
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 18
![Page 19: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/19.jpg)
embedded hypervisor
• System Virtualization• Enables hosting of multiple OS in
the same physical hardware
• Also known as Virtual Machines• Guest Operating systems
• Different from Enterprisehypervisors• Embedded hypervisor is designed
specifically for embedded andmobile systems
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 19
![Page 20: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/20.jpg)
applications of virtualization
• Time Sharing used in data centerserver consolidation
• Testing new (versions) of OSarchitectures
• Backward Compatibility
• Environment Sandboxing• Virtual Machine isolation• Robustness depends on the
underlying hypervisor architecture• Enterprise hypervisor flaws have
been exploited
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 20
![Page 21: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/21.jpg)
applications of virtualization
• Time Sharing used in data centerserver consolidation
• Testing new (versions) of OSarchitectures
• Backward Compatibility
• Environment Sandboxing• Virtual Machine isolation• Robustness depends on the
underlying hypervisor architecture• Enterprise hypervisor flaws have
been exploited
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 21
![Page 22: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/22.jpg)
arm trust zone
• Virtual Security Appliances• Isolate the trusted component
from the primary OS
Source:http://www.adac.co.jp/eng/products/multivisor/images/TrustZone.jpg
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 22
![Page 23: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/23.jpg)
a solution
• A typical Embedded SystemImplementation using Hypervisors
• Hardware based security fornetworked embedded systems
• Prevent unauthorized networktransactions
• Anti-malware must run in aseparate space
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 23
![Page 24: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/24.jpg)
a solution
• A typical Embedded SystemImplementation using Hypervisors • Hardware based security for
networked embedded systems• Prevent unauthorized network
transactions• Anti-malware must run in a
separate space
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 24
![Page 25: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/25.jpg)
exploit trust zone
• Available in ARM1176, Cortex-A*• VMware introduced full system virtualization• Hardware security extensions
• Virtualizes a physical core as two virtual cores
• Processor state: set/reset NS (Non-Secure)bit of the SCR (Secure ConfigurationRegister) via CP15 interface
• Trustzone Software Architecture• Key Idea: Separate Execution
Domains• Low Cost Security Framework
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 25
![Page 26: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/26.jpg)
system architecture
• System call trap• LKM in Hypervisor “redirects”
syscalls
• Security policy• Policy accesible to secure VM only• Encrypted Flash
• Hardware Policy based Passthru• Can selectively do PCI passthru
• Implementation• Solution implemented using KVM
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 26
![Page 27: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/27.jpg)
system architecture
• System call trap• LKM in Hypervisor “redirects”
syscalls
• Security policy• Policy accesible to secure VM only• Encrypted Flash
• Hardware Policy based Passthru• Can selectively do PCI passthru
• Implementation• Solution implemented using KVM
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 27
![Page 28: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/28.jpg)
system architecture
• System call trap• LKM in Hypervisor “redirects”
syscalls
• Security policy• Policy accesible to secure VM only• Encrypted Flash
• Hardware Policy based Passthru• Can selectively do PCI passthru
• Implementation• Solution implemented using KVM
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 28
![Page 29: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/29.jpg)
system architecture
• System call trap• LKM in Hypervisor “redirects”
syscalls
• Security policy• Policy accesible to secure VM only• Encrypted Flash
• Hardware Policy based Passthru• Can selectively do PCI passthru
• Implementation• Solution implemented using KVM
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 29
![Page 30: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/30.jpg)
using reconfigurable devices
• Reconfigurable Devices• Security policy decryption engine• Processor cache/RAM: No access to secure data• Reduced Overheads
• Driver only for the Decryption Engine
Transmission Rate (µs/Transmission)Without LKM 6217.38 196.170With LKM 5097.63 224.003
Configurable hardware defines the security policies and makes that visibleonly to the security VMJoint work with Anupam Joshi and Vivek Parmar
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 30
![Page 31: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/31.jpg)
using reconfigurable devices
• Reconfigurable Devices• Security policy decryption engine• Processor cache/RAM: No access to secure data• Reduced Overheads
• Driver only for the Decryption Engine
Transmission Rate (µs/Transmission)Without LKM 6217.38 196.170With LKM 5097.63 224.003
Configurable hardware defines the security policies and makes that visibleonly to the security VMJoint work with Anupam Joshi and Vivek Parmar
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 31
![Page 32: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/32.jpg)
using reconfigurable devices
• Reconfigurable Devices• Security policy decryption engine• Processor cache/RAM: No access to secure data• Reduced Overheads
• Driver only for the Decryption Engine
Transmission Rate (µs/Transmission)Without LKM 6217.38 196.170With LKM 5097.63 224.003
Configurable hardware defines the security policies and makes that visibleonly to the security VMJoint work with Anupam Joshi and Vivek Parmar
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 32
![Page 33: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/33.jpg)
iot security
• Smart interconnected devicesoperate in swarms
• Nowadays most device attestationscheme assume a single proverdevice and don’t not scale toswarms
• Software integrity verification ofdevice swarms is essential
Source: SEDA: Scalable Embedded Device Attestation N. Asokan et
al
• Offline Phase : Training• Initialize• Registration
• Online Phase : Attest
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 33
![Page 34: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/34.jpg)
iot security
• Smart interconnected devicesoperate in swarms
• Nowadays most device attestationscheme assume a single proverdevice and don’t not scale toswarms
• Software integrity verification ofdevice swarms is essential
Source: SEDA: Scalable Embedded Device Attestation N. Asokan et
al
• Offline Phase : Training• Initialize• Registration
• Online Phase : Attest
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 34
![Page 35: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/35.jpg)
iot security
• Smart interconnected devicesoperate in swarms
• Nowadays most device attestationscheme assume a single proverdevice and don’t not scale toswarms
• Software integrity verification ofdevice swarms is essential
Source: SEDA: Scalable Embedded Device Attestation N. Asokan et
al
• Offline Phase : Training• Initialize• Registration
• Online Phase : Attest
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 35
![Page 36: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/36.jpg)
conclusion
• Architectures must transcend Domains• Need for System Wide Design Patterns• Programming Language Support to ensure Security is a Design
Parameter• Create Testbeds, Simulators, Reference Code Bases and Benchmarks
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 36
![Page 37: Embedded Systems Security: Virtualization and …...iotarchitecture • IoTis • Devices using Internet Protocol to communicate • WhytheBuzz... • 32 bit µControllers • Powerful](https://reader034.fdocuments.net/reader034/viewer/2022042022/5e790fe026840819ba5a2a09/html5/thumbnails/37.jpg)
Thank You
http://www.cse.iitd.ac.in/~kolin Embedded Systems Security 37