Following on from our article “8 good reasons”, we try and outline what IoT is and how difficult it can be to secure properly.
In and article written by the World renown security expert – Bruce Schneier www.schneier.com/crypto-gram/archives/2017/0215.html he describes the The Internet of Things as a Robot and he has a valid point. A classic robot – one that places and welds car panels on a car has all the components that make a robot – namely sensors, processing and actuators. Humans have much the same features – senses (touch, smell, sight, hearing etc) – processing in the brain, and muscles and tendons that do work.
The Internet of Things can be thought of as robot – with the following features
To illustrate just how the Internet of Things is all pervasive and already in our lives the following is an example from a nation electricity grid.
This industry is focused on generating and providing energy to millions of customers nationwide. It has a number of different generation capabilities – nuclear, coal, wind, solar, oil, gas, water and bio-digestion, each with different characteristics. Fast reacting systems are oil, gas and water storage. Slow reacting systems are coal, nuclear and bio-digestion. Unreliable generation is wind and solar. In addition there are seasonal effects on generation. The demand is also effected by seasonal and daily events.
So the problem is to manage the generation and distribution of electricity across a country in the most efficient manor, and increasingly, with the environment in mind, carbon tax.
Effective systems have evolved that monitor the weather, nuclear and bio-diestion production. These are systems that either cannot be controlled (in the case of the weather and the sewerage produced) or they are very difficult to alter the production of energy. These are systems that will be altered at last resort.
Unreliable energy production is used next, because the weather cannot be turned off, so either the wind farm is left to “free wheel” or it is used to generate electricity. Additionally these large capital expense items need to pay for themselves.
Top Up energy production, to meet the varying demand, is generated by Oil, Gas and water storage systems. These can come “on-line” within seconds or minutes and help manage the load on the grid.
All of the generation and consumption system can be viewed as a Smart System with sensors, processing and actors. Smart sensors gather information on the weather, the rate of sewerage entering a bio-digestion facility, the state of the tide etc. Cloud computing aggregates this data, performs statistical analysis and predictions. Historical data, time of day and special events – “e.g. world cup final events” are all used to predict the future supply and demand. Smart actors are then commanded to bring on line, throttle or remove generation capability from the grid to meet the forcasted demand.
In our example, what you may ask, has this to do with Cyber and IoT.
Well as with every system on the earth they are slowly being connected to the World Wide Web of computers. Problem is, the Web was never designed with security in mind and especially IoT. Governments, Companies and customers are scrabbling to catchup with the level of disruption caused by state actors, criminals, hacktivists and hackers.
The energy generation and supply system is especially vulnerable to this and governments are actively perusing strategies to protect this critical national infrastructure. The Ukraine power outage shows just how vulnerable the systems are and how ingenious state actors can be in disrupting systems that most people and never heard about.
How do we go about protecting IoT systems, that are distributed and have a number of competing requirements?
We have discussed trust, authentication and communication in the last article, but just to recap….
The cloud computer (just like a human) can only make decisions based upon accurate information from its sensors (eyes, ears, nose etc). The sensors in the IoT system must deliver accurate and timely information to the cloud otherwise the cloud might make erroneous decisions that could lead to disasters.
In a critical system, like an aircraft, the speed indicator is crucial to the operation of the aircraft systems – thus there are numerous, independent ways to measure speed. In addition the communication between the speed sensors and the aircraft control computers are in closed systems that cannot be altered. Not so for IoT.
So having established that accuracy and timely delivery of information from the Smart Sensors to the Cloud is essential, we need to have a method of guaranteeing (authenticating) the messages. Authenticated messages are only half the story – we must ensure that authenticated messages comes from a trusted source. Its no good having an authenticated message from a untrusted source because we cannot be sure that the message is correct.
So we need Trust AND Authentication. Finally we might want to obscure the message so that it cannot be interpreted by an unauthorised 3rd party.
Trust is built by having an unalterable system that once manufactured and programmed by a trusted company in a trusted country can be deployed, save in the knowledge that it is unalterable.
The idea of a trusted company and country to manufacture the equipment is critical. Equipment manufactured in the far-east has been demonstrated to contain un-trustworthy software & hardware and will compromise the entire system when deployed.
Even if a trusted company and country has manufactured the equipment the final programming of the equipment must be performed by a trusted party at a trusted location. The easiest way to attack IoT is in the supply chain of the equipment where trust is taken for granted but not guaranteed. Think of routers and home WiFi hubs that are manufactured in vast volumes by companies which have little time for security.
The only method to guarantee a trusted system is to have an automatic programming equipment that has been designed as part of the Trusted system. This programming environment cannot be altered and once deployed for the programming of the IoT devices it is unalterable and uncloneable. The Automatic Programming Equipment must be designed, manufactured and distributed by a trusted company or country.
An example of this is the easy attack vector for criminals to attack credit cards. They only have to steal/buy/borrow a credit card reader and then perform transactions on that. They are not attacking the credit card itself, but the equipment used to interact with the credit card.
We now have a trusted IoT Smart Sensor, that has been manufactured by a trusted company from a trusted country and programmed using a trusted Automatic Programming Equipment! This is connected via an untrusted communication channel that we authenticate and obscure using encryption.
The cloud is on a trusted server, and has the ability to authenticate and decrypt the messages from the smart sensor. Finally the cloud can communicate with a Smart Actor that is trusted, has been manufactured by a trusted company from a trusted country and programmed using a trusted Automatic Programming Equipment. The actor executes the commands received from the Cloud computer after authentication and decryption.
IT IS CRITICAL TO UNDERSTAND THAT A SUCCESSFUL ATTACK AT ANY POINT IN THE ABOVE CHAIN WILL RESULT IN A BREACH OF THE SECURITY.
This is why cyber security is so pernicious and difficult to get right. The attack surface for IoT is immense. Every connected IoT device (Smart Sensors and Smart Actors) is a potential entry point for an attacker. The Cloud computer itself has massive vulnerabilities, that if breached will compromise the entire system.
An example of this is the AES256 encryption standard. This is a very good encryption standard with no known successful attack on the algorithm. However, the implementation of the algorithm provides many opportunity to “crack” it. Hardware based AES encapsulated in a special chip is virtually impregnable from attack. However if the key used is stored in memory then it is vulnerable.
Software based AES encryption is not secure – period. Many example exist – from differential power analysis to memory dump and have shown that the implementation is always the critical part of the process. If the cloud computer has been infected by malware then the malware can potentially capture keys and compromise the whole security of the system.
In the attack on the Ukraine power grid, the attack vector was the entry into the SCADA (control computer) by an attacker that had copied/stolen/borrowed a maintenance engineer’s key card. Once in the system it was just an matter of time and persistence to map the whole Computer Server and plant malware into critical elements of the system.Even though the Servers had AES256 protection this was rendered useless by the insecure use of key cards.
So what have we learnt? The lessons are:
The next article describes how we can produce systems and processes to overcome these lessons.
Dr. Chris Mobley, PhD.
Director, Blueskytec Ltd,
CTO, M2M Telecom Ltd.
Eight good reasons to use Geepy NANO with embedded M12
What problem are trying to solve? There are number of issues that are currently in the news: IP being stolen by organized crime and state sponsored actors. A Mirai botnet zombie attack to launch a Distributed Denial Of Service at Dyn. The power outage in Ukraine. Hacking of Tesla and other vehicles. All of these attacks are similar in that they attacked the embedded systems housed in equipment not personal computers, company IT systems or banks.
The botnet zombie attack is particularly disturbing because this attacked embedded system such as CCTV cameras and home hubs etc. The zombies are small segments of code inserted into the embedded operating system of devices that are used on the Internet – CCTV cameras or digital video recorders for example. Once they are installed in the equipment they lie dormant until they are activated and thus the equipment starts to generate IP packets that target other systems on the network. These zombies could be there at the time of manufacturing, or could be introduced at a later stage.
At its heart the power outage in Ukraine was caused by an attack on a part of the fabric of the control system - the RS232 to Ethernet converters. These devices were re-programmed over the network to allow a classic Man-in-the-middle attack and enabled the whole power grid to be taken off-line. Module12 technology can help secure embedded systems connected to the Internet.
ANALYSIS OF THE ZOMBIE PROBLEM:This extract is from The Guardian on the 26th of October 2016 entitled: “DDoS attack that disrupted Internet was largest of its kind in history”
“On the 21st October 2016 Dyn, a company that controls much of the Internet's Domain Name System (DNS) infrastructure was attacked. It was hit and remained under sustained assault for most of the day, bringing down sites including Twitter, the Guardian, Netflix, Reddit, CNN and many others in Europe and the US.
The cause of the outage was a distributed denial of service (DDoS) attack, in which a network of computers infected with special malware, known as a “botnet”, are coordinated into bombarding a server with traffic until it collapses under the strain.
What makes it interesting is that the attack was orchestrated using a weapon called the MIRAI BOTNET. Unlike other botnets, which are typically made up of computers, the Mirai botnet is largely made up of so- called “internet of things” (IoT) devices such as digital cameras and DVR players.
Because it has so many Internet-connected devices to choose from, attacks from Mirai are much larger than from what most DDoS attacks could previously achieve. Dyn estimated that the attack had involved “100,000 malicious endpoints”, and the company, which is still investigating the attack, said that there had been reports of an extraordinary attack strength of 1.2Tpbs.
To put that into perspective, if those reports are true, that would make the 21st October attack roughly twice as powerful as any similar attack on record”
With an on-line botnet zombie attack – like Mirai - a remote agent takes over the embedded system - usually a Linux operating system - and controls it. How, you might ask, can they take over a Linux machine? well there are a number of ways...
All IoT mass-produced consumer products contain embedded systems and there is no incentive for the sub-contractor to install proper security measures – for example, unique and randomly generated passwords. They are usually shipped with “username: admin, password: password”, and crucially cannot be altered. Mirai contained a dictionary of around 65 common passwords used by industry to protect the embedded system. All it had to do to gain entry to the device was to successively try the password until it found the correct one.
Linux is a very good operating system, its used by the majority of phones, computers and embedded devices on the planet. However, all Linux builds that are done for embedded systems are based upon a standard version of the Linux kernel, and the boot loader. If the company that is doing the development is lazy (like most are) then they will leave lots of standard code in the build that may not be needed for their application. For example, support for a keyboard when used in and IP camera, or display when used in an engine management system.
This spare code can be used by malicious agents as a way into a Linux system - for example Telnet, Rlogin or FTP. If they are not disabled or removed at the build time of the product then they could be potential ways into the system.
There are a number of ways to mitigate this problem:
SO HOW CAN MODULE 12 TECHNOLOGY HELP?1. ZOMBIE ATTACKSModule12 technology has a secure boot system that does not contain standard Linux. It utilities a Real Time Operating System and an embedded IP stack (freeRTOS+TCP/IP) that has been tailored to this application and hence contains no redundant ports that an adversary can mount an attack onto. Additionally, the on- chip flash cannot be updated so malicious code cannot be inserted into the device. Although it does contain external SDRAM, it cannot be forced to crash and produce a core dump to external memory, where it could be analyzed. The on- board flash is encrypted so an adversary cannot intercept the code in the supply chin and analyze it for weaknesses.
Module12wt does not contain IP thus it could never be used in Zombie attacks.
2. MANUFACTURING ATTACKSM12 technology is based around the Microsemi M2S Smartfusion 2 chip (see Ref 3. and Ref 4.), that offers industry leading security features. These include the ability to program the chip with an AES256 encrypted boot and application code so that at no stage is the original code exposed to a potential adversary in the manufacturing supply chain.
The chip includes an ARM processor for running the RTOS and IP stack, and an area of programmable hardware for the security enforcing functions (SEF's) and additional processing.
The SEF's that Blueskytec provide allow a very secure boot process that allows encrypted and authenticated boot with no user code, keys or data exposed to the supply chain at any stage.
No-one can stop the manufacturing of additional boards by the supply chain, but without the original 256bit key (unique per board) the boards are useless. The bare boards could be programmed by a different engineer to do a different job, but no circuit diagram information is available to the supply chain, and the boards have been designed to use Blind and Buried vias to make it as difficult as possible to do trace analysis. The process is designed to stop the application IP being altered or falling into the wrong hands.
NOTE – Many commercial TPM's do not allow the use of encrypted boot and applications – only authentication. This means that an adversary could potentially copy the code – either at program time at the production facility or post production by snooping the boot process – for the express purpose of copying the IP and/or analysing it for weaknesses. Module12s are designed to specifically protect against unauthorized analysis of customer IP by encrypting with AES256 the boot and application code.
Physically Unclonable FunctionThis is an extract from Reference 1. - “Overview_Supply_Chain_WP” on the Microsemi website...
“To provide true device binding, an intrinsic physical property with a high degree of repeatability and individuality can be used. Such a behavior is known as a physically unclonable function (PUF). In an electronic circuit, any internal SRAM memories, when powered up but before being written to, will contain a random collection of 1s and 0s.
These are largely due to the nano-scale individual manufacturing differences of each memory cell (plus some noise), and are replicable to a high degree from power-up to power-up (typically more than 80% repeatability over all test conditions). This unique pattern of 1s and 0s, specific to an individual device, can be used to identify that particular device, analogous to the way fingerprints can provide biometric identification of people. Cryptographically binding this "silicon biometric" with the digitally-signed device certificate provides the strongest, most tamper-resistant, and difficult to forge method known today for assuring the pedigree of intelligent devices”.
3. PHYSICAL ATTACKS ON THE CIRCUIT BOARDSAny attempt to tamper with any item within the security boundary results in a tamper alarm and a range of actions result (full erasure of everything – to a remote alarm being raised). The boards use a layered approach to security with the outer layer being an external tamper switch. Then there is a secure enclosure on the circuit board, protected by a number of anti-tamper measures. Finally, there are chip level measures developed by Microsemi for the SmartFustion2 device that will erase the chip upon tamper. If an adversary removes any memory component from the board to try to mound a decryption attack (see the attack on Apple iPhone NAND flash - Ref 2. “NAND mirroring attack on iPhone”) the memory is AES256 encrypted with a 256bit key. This renders the flash all but useless.
4. MAN-IN-THE-MIDDLE ATTACKSA remote application can connect to the Module12 technology over any of the communications channels. However, we do not trust this application, because the laptop/smart phone/tablet may be compromised with mal-ware that may record and replay commands - REPLAY or MAN-IN-THE-MIDDLE attack. These attacks could be performed at any point from the operator through to the actuator.
Because we do not trust this application, all commands issued by the operator are subject to a time-bound authentication token. This token must be used within a few Milli-seconds before it expires. The token is generated by the M12 wearable technology in the operators pocket. The application connects to the wearable technology via low energy Bluetooth. The operator must bond the M12wt with the application before use. The bonding process uses a unique number that the operator knows so that if the M12wt is stolen it cannot be used by adversary in the time duration it takes the operator to report the theft/loss of their M12wt.
Any commands captured by the MAN-IN-THE-MIDDLE could be replayed and/or altered but the token will not be valid so the Module12 technology will not respond. This token is unique and will not repeat, ever. (actually 2^256 possible codes over 10-100 mS gives many 100's of years before the possibility of a BIRTHDAY ATTACK).
5. BIRTHDAY ATTACKA birthday attack is one where the possibility of 2 codes are generated that are the same. If AES256 is used in CBC mode this could occur with 2^128 bytes of information. If 2 codes are recorded that are the same in CBC mode then a simple XOR can be used to get the original key. Using IP where high bit rates are available with large transfers of data, we must be careful to change the key regularly, to avoid the birthday attack. There is no possibility of a birthday attack on the RS232/RS485 embedded network as this does not use CBC mode, and the data rates are exceptionally low – 9600 bps (not enough data to analyses).
5. ATTACKING THE CYPHER AND IMPLEMENTATIONAES256 has been accredited by all the major agencies as the default security standard. There is no evidence to suggest that AES256 can be attacked by the standard techniques (BRUTE FORCE, NON-LINER, HIGH ORDER etc). The implementation of the AES256 standard on the SmartFusion2 chip has been passed by a number of US and UK agencies for use in both military and commercial applications.
Module12 can use a variety of methods for authentication – from Symmetrical techniques using pre-placed keys and One Time Pads (OTP) to asymmetrical techniques using Elliptical Curve Cryptography (ECC) and other methods.
Module12 and Blueskytec also offer a number of custom algorithms for further security and additional tradeoffs/benefits.
6. ATTACK THE RANDOM NUMBER GENERATOR
The SmartFustion2 processor contains patented technology that generates a set of user keys from the state of the internal SRAM at start up – see the Physically Unclonable Function example above. This has been certified by various US and UK agencies for the purpose of generating keys for AES256.
In addition to this Module12ECU has a separate random number generator that is guaranteed to produce continuous random numbers. Again, this cannot be influenced by standard techniques, and is proprietary technology.
7. WHY NOT USE A TPM CHIP IN THE DESIGN?In essence, the Microsemi SmartFusion2 has a TPM integrated into the fabric of the FPGA, thus it is secure at chip level. A TMP that is housed on the same PCB or on a module attached to the PCB is always more vulnerable from snooping of the bus than if it is integrated into the FPGA fabric.
Thus there are 3 main reasons why the SmartFusion2 device (and hence Module12) is better than a separate TPM: (1) it is more secure by virtue of having security integrated into the silicon of the chip – not bolted on afterwards. (2) it requires less board space because of the high level of integration of the system-on-a-chip.
(3) using the internal security features allows custom hardware extensions to the process to add unique features not found in TMP modules.
8. WHY NOT USE AN ARM PROCESSOR WITH BUILT-IN TPM?The solution developed by ARM for their new range of processors has an integrated TPM. This will be well thought out and well designed to give designers using the chip a high degree of confidence of security. However, sometimes there are situations where a processor only solution, is not the best solution, and we need to turn to a system-on-a-chip from vendors like Altera, Xilinx or Microsemi.
Module12 is designed around the Microsemi SmartFusion2 processor. This is unique in the industry in offering a mix of programmable Flash based hardware (tiles) with a full Micro Controller in the fabric (ARM cortex M3), and an integrated TPM. Why is this important? In typical applications, a software approach is usually taken – which can be very effective. But ideally Digital Signal Processing tasks such as FIR filters, FFT, Polar to Cartesian conversion, running average, Matrix.
Manipulation and transformations are usually more effective when programmed in distributed hardware (more effective = higher throughput for lower power), leaving the processor to tackle the more complex tasks – such as IP stack manipulation or communications.
The SmartFusion2 provides the systems integrator with the ability to trade the cost, speed, power consumption and time to market. The processor is available from 5,000 to 90,000 programming elements (tiles) allowing the end customer or systems integrator to choose the device most appropriate for their application.
A typical ARM processor does not have this flexibility. The choice between the two approaches must be down to the systems integrator but with Module12 there is at least that choice.
SUMMARYWhat problems are we trying to solve? These are outlined below:
Zombie attacks - in the paragraphs above, we have highlighted the issues around zombie attacks, and have suggested several methods to counteract this.
Module12 uses a number of methods to eliminate this potential problem.
Supply chin attacks are very difficult to detect – especially if the production is off- shore and the quality procedures are subcontracted. The opportunity for organized crime, or governments to copy and analyses expensive software IP is widely available in far-east production facilities. The SmartFusion2 chip used in Module12 technology has been specifically designed to allow expensive IP to be protected and these have been cleared by various US/UK government organizations for use inthis type of application.
The security of the system is of prime importance. If we cannot rely on the safety of the process, we are controlling (a chemical or pharmaceutical plant for example) then the possibility of loss of life becomes important. The attacks on the controller come in many forms – from local physical attacks on the equipment to attacks on the operator's laptop. It is essential that a Root-of-trust is established at both ends of the communication channel to avoid compromising the system.
Blueskytec believes it has some useful technology that can help in securing embedded systems, and we have a system and equipment view of that market.
Dr. Chris Mobley,
PhD. Director, Blueskytec Ltd.
CTO, M2M Telecom Ltd.
Microsemi FPGAs deliver key data security capabilities to protect applications data at rest or in transit:
Building on a Secure Root of Trust
Once a secure Hardware Root of Trust is established, higher level security functions can be utilized safely.