Maintaining Security in a Heterogeneous and Changing World

Credits: Embedded World Conference 2019 Proceedings, http://www.embedded-world.eu

Abstract — Safety and security concerns are holding back the Industrial Internet of Things (IIoT). Much of this comes down to two very different inconvenient truths: first, that Smart Cities and Connected Infrastructure are by nature composed of highly diverse sets of devices, yet device security standards are highly variable; and second, that those devices are operating in a permanently degraded state.
Firmware and device data need ongoing maintenance to overcome vulnerabilities and defend against newly-discovered threats, and yet this lack of interoperability makes such patching very difficult to realize. This paper argues for standards and interoperability at a critical layer of the stack – secure boot, firmware, trusted execution environment and identity protection – in order to enable proper security management of the IIoT ecosystem.

INTRODUCTION
The Internet of Things, the technology that promised us utopian smart cities and connected lives, is failing to deliver. Instead of a coherent Internet of Things we have in its place an Internet of Silos, where narrow use cases may work very well, but devices, systems, and economies cannot interoperate. Differences in device standards, a lack of consistency in device security, and a ‘land-grab’, ‘winner-takes-all’ mentality on cloud management services means that while vertical walled-garden digital consumer services are making strides into the connected future, the physical world is left frustratingly behind.

Read more of this post

A New Zero-Trust Model for Securing Embedded Systems

Credits: Embedded World Conference 2019 Proceedings, http://www.embedded-world.eu

Abstract — The attack surface in embedded systems has grown exponentially as connectivity requirements are increasingly met with the integration of readily available 3rd party libraries. A new Zero Trust Model is required to address the intrinsic security threat posed by the resulting monolithic firmware. This paper explores a new modern approach based on open source hardware and software where security through separation is achieved via a state-of-the-art multi-domain Trusted Execution Environment (TEE) for RISC-V processors.

INTRODUCTION
Embedded devices are a part of the daily lives of people all around the world. As devices get more personal and become placed in increasingly sensitive environments, the security of those devices becomes paramount. Security is a multi-tier approach, with different solutions being used across the industry depending on device capabilities and functionalities. Most security challenges faced by those resource-constrained devices that make up the Internet of Things can be minimized by enforcing physical separation between functional blocks and by properly implementing established encryption schemas to protect data in transit and at rest.

Read more of this post

Trusted Execution Environments – A System Design Perspective

Credits: Embedded World Conference 2019 Proceedings, http://www.embedded-world.eu

Abstract — The Internet of Things (IoT) represents a collection of billions of smart, connected devices. Current approaches to securing IoT devices typically go through the addition of complex hardware mechanisms or the implementation of heavy containerization and virtualization solutions. In this paper, we take the reader through designing a real-world scenario of an IoT device making use of Trusted Execution Environments (TEE) to securely isolate different parts of the system. We aim to demonstrate a network connected device resembling a typical IoT device with a clear boundary separation between the application, the networking stack, and the root of trust.

INTRODUCTION
The Internet of Things (IoT) field has proliferated, with current estimates at 11 billion devices according to a recent Development Bank of Singapore (DBS) report [13]. According to the same report, privacy, security, and interoperability are the key barriers for widespread adoption [11]. While attempts at interoperability and standardization exist with organizations such as EdgeX [9], privacy and security still remain largely unaddressed. IoT devices do not work in isolation, they typically need to communicate with a central manager, posting their results and accepting commands from that central manager. Typical forms of communication involve protocols like BLE and TCP/IP. These protocols bring complex serializers and de-serializers often vulnerable to buffer overflow exploits, use after free and so on, with the latest examples being vulnerable TCP/IP stacks that could be exploited [12].

Read more of this post

User Mode Interrupts – A Must for Securing Embedded Systems

Credits: Embedded World Conference 2019 Proceedings, http://www.embedded-world.eu

Abstract — With the advent of the Internet of Things (IoT), devices are becoming smaller, smarter and increasingly connected. This explosion in connectivity creates a larger attack surface and new security threats. Recent cybersecurity attacks clearly demonstrated that the success of this new Internet era depends heavily on the security of those embedded devices that make up the IoT. In this paper, we argue in favor of a paradigm shift in the way computing systems are conceived and designed. We explain why the free and open RISC-V ISA promises to be a game-changer for embedded security, and we share our experience developing the industry-first RISC-V secure implementation of FreeRTOS based on MultiZone Security, the first Trusted Execution Environment for RISC-V. In the context of this research, we explain how to implement user-mode interrupts to secure modern embedded systems.

INTRODUCTION
The world is undergoing an unprecedented technological transformation, evolving from isolated systems to ubiquitous Internet-enabled ‘things’ capable of generating and handling vast amounts of security-critical and privacy-sensitive data [1]. This novel paradigm, commonly referred to as the Internet of Things (IoT), is a new reality that is enriching our everyday life but simultaneously creating several risks. Recent cybersecurity incidents, such as the Mirai Botnet, have clearly demonstrated that the success of this new Internet era is heavily dependent upon the trust and security built in these IoT devices.
The ongoing cat-and-mouse game of hacks and patches is largely due by the intrinsic lack of security of the traditional computing model, which is not safe nor secure. Mainstream operating systems (OSes) are designed for functionality and speed. These systems follow a monolithic architecture, with most of the services enjoying privileged execution rights. Typically, programs share the same access to code and data and functional blocks communicate via shared memory structures such as buffers, stacks and hypes – a single failure in one component can bring the entire system down [2]. Even more evolved systems that implements virtual memory protection schemas have shown several vulnerabilities, mainly due to the complexity of the software necessary to operate the underlying MMU [3].

Read more of this post

How to Secure a RISC-V Embedded System in Just 30 Minutes

Credits: Embedded World Conference 2019 Proceedings, http://www.embedded-world.eu

Abstract — The free and open RISC-V ISA defines many important building blocks of security. Properly implementing them is the system designer responsibility. So, the real question is: How does one properly secure a RISC-V embedded system? This paper offers a practical guide to using these security blocks to build a state-of-the-art Trusted Execution Environment (TEE) with a multitude of isolated security domains – Zones, and secure communications between them. The paper also shows how to verify Zone isolation and benchmark overall TEE system performance.

INTRODUCTION
Originally developed at U.C. Berkeley, the free and open RISC-V ISA promises to bring the innovation and collaboration of the open source community to the hardware world. When it comes to security, RISC-V specifications [1] provide many important building blocks and the rapidly growing RISC-V ecosystem even more. For designers used to traditional closed-source proprietary architectures, the complexity associated with properly implementing these new security technologies may prove daunting [2].

From a system design perspective, the real question is: How do I properly secure a RISC-V embedded system? In this paper, we describe how to secure a RISC-V system using the free and open MultiZone Security Trusted Execution Environment (TEE) – developed and maintained by Hex Five Security, Inc. MultiZone Security provides signed boot, hardware enforced isolation for an unlimited number of security domains – Zones, a secure messaging system between Zones, secure interrupts, and operates on top of the standard RISC-V ISA.

Read more of this post

How to Build a RISC-V System In Just 30 Minutes

Credits: Embedded World Conference 2019 Proceedings, http://www.embedded-world.eu

Abstract — RISC-V is an open ISA (instruction set architecture) enabling a new era of innovation for processor architectures. RISC-V includes open source processor cores, toolchains, simulators and other key supporting components. The RISC-V ecosystem enables a new level of innovation in processor architecture that will be a key driver for the needed gains in performance and power efficiency over the next decade.

Introduction
The rapid growth of RISC-V has been truly impressive to witness. Originally developed at UC Berkeley as a means to support a graduate student project, the free and open ISA has become widely popular promising to bring the innovation and collaboration of the open source community to the hardware world – and to dramatically disrupt the whole semiconductor industry in the process.

So really the question is: How do I get started with RISC-V?

Read more of this post

Hypervisors in Embedded Systems: Applications and Architectures

Credits: Embedded World Conference 2018, ISBN 978-3-645-50173-6, http://www.embedded-world.eu

Abstract — As microprocessor architectures have evolved with direct hardware support for virtualization, hypervisor software has become not just practical in embedded systems, but present in many commercials applications. This paper discusses embedded systems use cases for hypervisors, including their use in workload consolidation and security applications.

Introduction

Hypervisors are a type of operating system software that allows multiple traditional operating systems to run on the same microprocessor [1]. They were originally introduced in traditional IT data centers to solve workload balancing and system utilization challenges. Initial hypervisors required changes to the guest OS to compensate for a lack of hardware support for the isolation required between guest operating systems. As microprocessor architectures have evolved with direct hardware support for virtualization, hypervisors have become not just practical in embedded systems, but are present in deployed applications [2]. Hypervisors are here to stay in embedded systems. This paper discusses embedded systems use cases for hypervisors, including their use in workload consolidation and security applications.

Read more of this post

Physically Unclonable Functions – A new way to establish trust in silicon

Credits: Embedded World Conference 2018, ISBN 978-3-645-50173-6, http://www.embedded-world.eu

Download full paper https://bringyourownit.files.wordpress.com/2018/03/puf-physically-unclonable-functions-a-new-way-to-establish-trust-in-silicon.pdf

Abstract — As billions of devices connect to the Internet, security and trust become crucial. This paper proposes a new approach to provisioning a root of trust for every device, based on Physical Unclonable Functions (PUFs). PUFs rely on the unique differences of each silicon component introduced by minute and uncontrollable variations in the manufacturing process. These variations are virtually impossible to replicate. As such they provide an effective way to uniquely identify each device and to extract cryptographic keys used for strong device authentication. This paper describes cutting-edge real-world applications of SRAM PUF technology applied to a hardware security subsystem, as a mechanism to secure software on a microcontroller and as a basis for authenticating IoT devices to the cloud.

Introduction

The Internet of Things already connects billions of devices and this number is expected to grow into the tens of millions in the coming years [5]. To build a trustworthy Internet of Things, it is essential for these devices to have a secure and reliable method to connect to services in the cloud and to each other. A trustworthy authentication mechanism based on device-unique secret keys is needed such that devices can be uniquely identified and such that the source and authenticity of exchanged data can be verified.

In a world of billions of interconnected devices, trust implies more than sound cryptography and resilient transmission protocols: it extends to the device itself, including its hardware and software. The main electronic components within a device must have a well-protected security boundary where cryptographic algorithms can be executed in a secure manner, protected from physical tampering, network attacks or malicious application code [18]. In addition, the cryptographic keys at the basis of the security subsystem must be securely stored and accessible only by the security subsystem itself. The actual hardware and software of the security subsystem must be trusted and free of known vulnerabilities. This can be achieved by reducing the size of the code to minimize the statistical probability of errors, by properly testing and verifying its functionality, by making it unmodifiable for regular users and applications (e.g. part of secure boot or in ROM) but updateable upon proper authentication (to mitigate eventual vulnerabilities before they are exploited on a large scale). Ideally, an attestation mechanism is integrated with the authentication mechanism to assure code integrity at the moment of connecting to a cloud service [3].

Read more of this post

The Journey to a Secure Internet of Things Starts Here

IoT Security Guidance

As the Internet of Things finds its way into ever more critical environments – from cars, to airlines to hospitals – the potentially life-threatening cyber security implications must be addressed. Over the past few months, real world examples have emerged showing how proprietary connected systems relying on outdated notions of ‘security-by-obscurity’ can in fact be reverse engineered and chip firmware modified to give hackers complete remote control. The consequences could be deadly.

A new approach is needed to secure connected devices, which is exactly what the prpl Foundation is proposing in its new document: Security Guidance for Critical Areas of Embedded Computing. It lays out a vision for a new hardware-led approach based on open source and interoperable standards. At its core is a secure boot enabled by a “root of trust” anchored in the silicon, and hardware-based virtualization to restrict lateral movement.

Read more of this post

How to Fix the Internet of Broken Things

iot-securityThe Internet of Things is already permeating every part of our lives – from healthcare to aviation, automobiles to telecoms. But its security is fundamentally broken. In my previous blog I’ve shown how vulnerabilities found by security researchers could have catastrophic consequences for end users. This isn’t just about data breaches and reputational damage anymore – lives are quite literally on the line. The challenges are many: most vendors operate under the misapprehension that security-by-obscurity will do – and lobby for laws preventing the disclosure of vulnerabilities; a lack of security subject matter expertise creates major vulnerabilities; firmware can too easily be modified; and a lack of separation on the device opens up further avenues for attackers.

But there is something we as an industry can do about it – if we take a new hardware-led approach. This is all about creating an open security framework built on interoperable standards; one which will enable a “root of trust” thanks to secure boot capabilities, and restrict lateral movement with hardware-based virtualization.

Read more of this post