Presentation is loading. Please wait.

Presentation is loading. Please wait.

Embedded system security

Published bySherman Waters Modified over 8 years ago

Similar presentations

Presentation on theme: "Embedded system security"— Presentation transcript:

1 Embedded system security
Yifan hao Xiaoshu liu zhihong luo

2 embedded system security
Like PC in 1990s Too many programs are developed Operation system is vulnerable Worse than PC in 1990s A variety of embedded systems Hardware hacking is easier Consequences are more severe

3 embedded system security
Sorts of embedded security issues Software security Hardware security Network security

4 software security Link to Paper:
1. There was a story. In 2012, a group from umich, led by Halderman. 2. They did this through software method. Interesting: Indian voting machine Link to Paper: “We successfully changed every vote and revealed almost every secret ballot,” writes the researchers — Scott Wolchok , Eric Wustrow, Dawn Isabel and J. Alex Halderman Another paper in Indian voting machine:

5 software security Most attacks are via software Cryptographic attacks
Code injection attacks Stack-based buffer overflows Heap-based buffer overflows Etc.

6 software security Example - Stack-based buffer overflows
1. Say you want to write 200 bytes, but the stack has less than 200 bytes space. 2. Once the RA is overwritten by attacker, your system is controlled to execute their code.

7 software security Example - Stack-based buffer overflows
1. Feed the ADC with electronic signals, and ADC will translate them into binary, which can be used as machine codes of attacking instructions. 2. Recall hackers can change your RA, now they can do whatever they want on your system

8 software security Possible security strategies
No unknown source program in execution space Non-executable stack Read-only memory Strong data privacy and encryption Hardware-assisted protection Is there any solutions to the problem?

9 Network security What is network security Sources of network attack
Ways to manage risk

10 Network security Federal Aviation Administration warned Boeing that its new Dreamliner aircraft Boeing 787 had design problem. Hackers could hack the aircraft from passengers’ Wi-Fi network. Navigation system or control system could be hijacked

11 Network security Activities designed to protect your network
Give reliability, usability, integrity and safety to network

12 Network security Attack categories: Threat sources: Passive attack
Active attack Threat sources: Wiretapping: a third party monitoring your network Port scanner: probes the host to find the current service Idle scan: send garbage to the host to find available service DoS (Denial of Service Attack): service rejects the legal user Man in the middle: attacker cheat the server and client

13 Network security Man in the middle
Third party relays or possibly alter the message Server and client believe they are talking directly to each other Secret message getting stolen might lead to severe outcome to the country

14 Network security Method to improve network security
Anti virus and anti spyware Firewall Intrusion prevention system Virtual private network Key authentication

15 Network security Key authentication Public key encryption
Public key: A public key encrypts a message. Public key is publicly known. Private key: A private key decrypts a message. Private key is only known by owner. Needham-Schroeder protocol Public key encryption An encryption mechanism where two keys are used. A public key is used to encrypt the message and a secret private key to decrypt the message. Advanced encryption algorithm Diffi-Hellman key exchange Needham-Schroeder protocol

16 hardware security Credit Card Skimmer
Malicious card reader that grabs data off the magetic stripe. Create cloned cards, and steal money Credit Card Skimmer Credit Card Skimmer

17 hardware security Credit Card Skimmer Things can get worse ..
Malicious card reader that grabs data off the magetic stripe. Create cloned cards, and steal money Things can get worse .. Use the CAN bus in the car Take control of braking, acceleraion ...

18 hardware security Pyramid of Trust
Each layer can rely on the effective security of its underlying layer without being able to verify it directly A perfect software security solution will be useless with a weak hardware protection Lots of Methods of Hardware Hacking ...

19 hardware security Side-Channel Analysis Types
Definition - any attack based on information gained from the physical implementation of a cryptosystem  Types Timing Analysis - timing due to program branches Simple Power Analysis (SPA) - Power supply currents Electromagnetic Analyses (EMA) - Electromagnetic Radiation

20 hardware security SPA analysis on RSA RSA
IC power consumption depends on activity of transistors Variations in power consumption occur as the device performs different operations RSA If a bit of the binary private key is di = 1, we square + multiply If the bit is 0, we just square Power consumption of Multiplication and Square are different Side channel attack

21 hardware security Solution Hardware Security Modules (HSM)
Payment Card Industry (PCI) HSM Physical Isolation Etc.

22 Embedded sysem security
Reference:

23 Embedded sysem security
Q&A

Download ppt "Embedded system security"

Similar presentations

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography and Network Security

Cryptography and Network Security
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
L0. Introduction Rocky K. C. Chang, January 2013.

L0. Introduction Rocky K. C. Chang, January 2013.
Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.

Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.
Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.

Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
NETWORKS Lauren Hickman Patrick McCamy Morgan Pace Noah Ryder.

NETWORKS Lauren Hickman Patrick McCamy Morgan Pace Noah Ryder.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.

Similar presentations

Ads by Google