Index: 092510 Module : Embedded systems and design Module code : HCA3110 Cohort: BEng TEL/09/FT Assignment title:

Security in Embedded System

Introduction Nowadays majority of equipment uses digital components for fabrication involving microprocessors and microcontrollers. Loads of embedded devices from defense system to home small gadgets. For example smart cards, DVD players, washing machine and cell phones. With the increase in embedded system usage it has been seen that criminals are taking advantage of the weak leakage in the system. Mostly financial institution, battlefield equipment, fighter aircrafts and nuclear power plants are more prone to get hacked due to their important information and high money transaction is involved. So its a must to ensure that the security is not compromised. They are built to perform duty while being completely or partially independent of humans. Real time response it needed. Security threats against embedded system do not propagate as fast as those against standard OS or software applications.

Securities which can be implemented in embedded system are: 1. Cryptography methods (data must be scrambled so that it becomes useless to unauthorized persons) 2. Security protocols 3. Digital certification and digital biometrics 4. Security threats against embedded system initiated at any one of the designing stages before the device is built 5.Tamper mechanism

Cryptography methods It is the process of encryption and decryption of information to ensure security over network. Involved cryptography algorithm like. 1.Symmetric cipher-receiver and sender uses same key to encrypt and decrypt data. 2. Asymmetric cipher-Uses public key for encryption but private key for decryption of the data 3. Hashing algorithm-maps messages into fixed length value then compares two signatures to ensure integrity of communicated data.

 Security protocols It is a way of make the communication channel to and from embedded system much more secure for sending of data. An Example is secure web transaction. Some of the security protocols are VPN`s(Virtual private network), WEP , IP sec, SSL .These protocols secures range of data services and applications. IP sec uses process of tunneling to hide identity of information sender and receiver Digital biometrics Fingerprint recognition, digital signatures helps in authentication to access some important data helps to prevent intruders to hack information. Architectural design of device(hardware and software design issue) It affects the processing capabilities of as high demands for security processing which therefore encounter failures. Some portable devices such as mobile are sometimes forced into their resources therefore at this face security involving battery operators must be implemented. Various types of attack ever increasing needs to more secured as they have to function under different constraints. Tamper mechanism Locks and security screws put on the device itself using specialized materials to increase level of tampering It can be divided into tamper resistance and tamper detection. Tamper resistance- can be seen if someone has tried to force the lock for unscrew. Tamper detection- detects any case of tampering example switches used therefore knowing if the device had been opened or tampered with. Sensors also are used to indicate presence of usage like pressure sensor or light sensor.

Attacks on embedded systems can be motivated by a number of different goals like: o o o o o Extracting secret information for example reading cryptography material on a smart card Modifying data ( tampering with utility meter readings) Denial of service attack Hijacking of hardware platform (reprogramming of tv- set top box) Thermal attacks -damaging or destroying a device by overheating its chip

Embedded system are threatened by cyber security issues. So countermeasures need to be established to tight against cybercrimes thus ensuring better security.

Security involves three aspects which are: Confidentiality Integrity Availability

The threats can be either hardware or software. Attacks through physical and logical interfaces. Considering threats in the software aspect part of embedded system:

Logical interface
CONFIDENTALITY Threats: spoofing during transmission Countermeasure: user/ server authentication Threats: data interception during transmission Countermeasure: communication encryption

INTERGRITY Threats: data modification during transmission Countermeasure: data signature AVAILABILITY Threats: Denial of service Countermeasure: filtering

OS/Drivers
CONFIDENTALITY Threats: privilege escalation (gaining elevated access to resources) Countermeasure: vulnerability countermeasure INTERGRITY Threats: privilege escalation Countermeasure: logging, vulnerability measure AVAILABILITY Threats: denial of service attack Countermeasure: logging

Logical interface
CONFIDENTALITY Threats: spoofing during transmission Countermeasure: user/ server authentication Threats: data interception during transmission Countermeasure: communication encryption

INTERGRITY Threats: data modification during transmission Countermeasure: data signature AVAILABILITY Threats: Denial of service Countermeasure: filtering

Considering threats in the hardware aspect part of embedded system: CONFIDENTALITY Threats: probing Countermeasure: data encryption Threats: side channel attack Countermeasure: anti- tamper INTERGRITY Threats: data modification and data destruction Countermeasure: anti-tamper AVAILABILITY Threats: Denial of service due to loss of integrity Countermeasure: anti tamper Threats: Denial of service due to monopolization of bandwidth and processing power Countermeasure: filtering, logging, prevention of resource monopolization

References: http://www.irma-international.org/viewtitle/56302/ http://en.wikibooks.org/wiki/Embedded_Systems/Embedded_Systems_Introduction