Information Security of Embedded Systems : Embedded Systems – Terms and Definitions Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST
Embedded Security © Prof. Dr. H. Schlingloff Structure 1. Introductory example 2. Embedded systems engineering 1.definitions and terms 2.design principles 3. Foundations of security 1.threats, attacks, measures 2.construction of safe systems 4. Design of secure systems 1.design challenges 2.safety modelling and assessment 3.cryptographic algorithms 5. Communication of embedded systems 1.remote access 2.sensor networks 6. Algorithms and measures 1.digital signatures 2.key management 3.authentification 4.authorization 7. Formal methods for security 1.protocol verification 2.logics and proof methods
Embedded Security © Prof. Dr. H. Schlingloff Embedded Systems Engineering Material WorldIdeal World ThingsMatter, EnergyInformation Represen -tation ShapeForm Transfor- mation convert (split & splice, cut & assemble, mould & cast, …) process (code & recode, calculate & compute, …) Transfermove, transmitcommunicate
Embedded Security © Prof. Dr. H. Schlingloff Technical and Computational System Matter / energy = undefined basic term Technical system = machine/mechanism for the conversion or relocation of matter and/or energy wheel, car, motor, gears, steel mill, power plant, light bulb, … Information = undefined basic term Information processing = transformation or transfer of information System = “something composite”, usually: composed by humans (“artefact”) Computational system = Information processing system = artefact for the transformation or transfer of information “computer”, “calculator”, “processor”
Embedded Security © Prof. Dr. H. Schlingloff Embedded System Embedded system = computational system within a technical system (information processing component of technical syst.) designed, built and operated as a fixed component special purpose, in contrast to general-purpose interaction with physical environment via designated interfaces reactivity and real-time behaviour Characteristic attributes often for control tasks often mass-produced, consumer goods, cheap commodity mostly hard to maintain or extend sometimes safety-relevant or safety-critical communicating, connected, ubiquitous, pervasive, ambient, …
Embedded Security © Prof. Dr. H. Schlingloff Examples How many embedded systems are in this room? How many embedded systems did you encounter today?
Embedded Security © Prof. Dr. H. Schlingloff Embedded System or Not? Phone Watch Robot Assembly line Factory SAP-System in factory
Embedded Security © Prof. Dr. H. Schlingloff Market Areas (cf. [Fränzle]) Transport technologies motor/gear control, X-by-wire, position and dynamics stabilisation, ABS, passenger comfort, … traffic guidance, signal lights, radar localisation, … Communication technologies cell phone, dect-phone, DSL- modem, router, switch, … Office equipment fax machine, copier, printer, pointer, … Household appliances watch, microwave, toaster, gas burner, washing machine, audio/video-equipment, remote control unit, gaming, … Trade and Services ticket machine, sales automaton, taxometer, cash machine, … Building automation and control heating, lighting, elevators, locking and sentry services, security functions Production- and environmental technology power and production plants, emission control, robotics Medical technology ambient devices, hospital equipment, diagnosis and treatment instruments
Embedded Security © Prof. Dr. H. Schlingloff Market Relevance over 10 billion embedded processor unit shipments in % of all processors are used in embedded systems 87,6% of all produced microcontrollers are „pre-Win98-CPUs“ (DSPs, FPGAs, and MCUs), of which 57,6% are 8-Bit-processors W. Schröder-Preikschat, zitiert Quelle: D. Tennenhouse. Proactive Computing. Communications of the ACM, 43(5):43–50, May
Embedded Security © Prof. Dr. H. Schlingloff Predictable Future The trend will continue more new embedded processors than humans per year elektronics as consumable goods (e.g. RFID, post cards) Ubiquitous computing, ambient assisted living smart clothing (CeBIT `08) glasses with hearing aids, augmented reality watch with UMTS talking neckties? SoC, „System-on-Chip“ „Smart Dust“, sensor networks Intelligent agents, autonomous systems …
Embedded Security © Prof. Dr. H. Schlingloff Specific Problems of Embedded Systems Designed, built and operated as a fixed component of a technical system physical and mechanical constraints, assembly near the controlled process (e.g. inside jet engine or inside tyre) physical stress Special purpose, fixed tasks efficiency, minimal resource consumption predefined interfaces Interaction with physical environment sensor and actuator design mechanical impreciseness feedback effects unreliability of sensors and actuators Reactivity and real-time behaviour operating systems requirements verification problems
Embedded Security © Prof. Dr. H. Schlingloff Announcement
Embedded Security © Prof. Dr. H. Schlingloff Further Design Challenges Often for control tasks interaction of civil engineers and software engineers Often mass-produced, consumer goods, cheap commodity cost pressure for production (optimisation within cents) resource limitation (e.g. bandwidth, energy) Mostly hard to maintain or extend maintainance costs vs. development costs vs. production costs no „service packs“, everything must be correct at first launch callback or guarantee replacement can be desastrous Sometimes safety-relevant or safety-critical reliability, availability, maintainability (RAM) fault tolerance Communicating, connected, ubiquitous, ambient, … synchronization, multi-core deployment, feature interaction
Embedded Security © Prof. Dr. H. Schlingloff Embedded Systems Design Waterfall or V-Model small to medium design groups civil engineers, electrical engineers software often not valued Model-based design Matlab/Simulink, UML code generation Product lines no real system is developed “from scratch” look-and-feel, component reuse