ABSTRACT
Through the prevalence of interconnected embedded systems, the vision of pervasive computing has become reality over the last few years. More recently, this evolutionary development has become better known as the Internet of Things. As part of this development, embedded security has become an increasingly important issue in a multitude of applications. Examples include the Stuxnet virus, which has allegedly delayed the Iranian nuclear program, killer applications in the consumer area like iTunes or Amazon's Kindle (the business models of which rely on IP protection) and even medical implants like pace makers and insulin pumps that allow remote configuration. These examples show the destructive and constructive aspects of modern embedded security. In this tutorial we will address both the constructive and "penetration testing" aspect of embedded security.
In the area of destructive embedded security implementation attacks, also known as physical attacks, are of crucial importance. Whereas a network-borne attacker usually can't exploit the physical environment of an application, embedded devices often allow this. For instance, an attacker can monitor the power or timing behavior of a device. Also she can force the device to malfunction, e.g., through power spikes, and deduct information from faulty outputs. Many systems which are otherwise secure become vulnerable against implementation attacks. In this talk, we will focus on side-channel attacks, or SCA, which form arguably the most powerful method among physical attacks. After developing the mechanics of DPA (differential power analysis), we will look at recent case studies in which real-world implementation were broken using SCA. This includes successful attacks against contactless smart cards and FPGAs.
With respect to constructive aspects of embedded security, we will look at the field of lightweight cryptography. The goal here is to provide security at the lowest possible "cost", e.g., measured in power consumption, code size or chip area. Over the last six years or so, this has become a very active area within symmetric cryptography. Very recently, even NSA released two lightweight ciphers, SIMON and SPECK. We will look at the motiviation for such ciphers, e.g., for passive RFID tags or anti-counterfeiting applications. We will then introduce several lightweight constructions and will compare them with AES.
Index Terms
- Constructive and destructive aspects of embedded security in the internet of things
Recommendations
Internet of things security: challenges and perspectives
ICC '17: Proceedings of the Second International Conference on Internet of things, Data and Cloud ComputingNo one can deny that the Internet of Things (IOT) will revolutionize our daily thanks to its many benefits in order to improve and simplify people's lives. Us any new technology the internet of things has a number of problems that prevents it to reach ...
Internet of Things: information security challenges and solutions
Keeping up with the burgeoning Internet of Things (IoT) requires staying up to date on the latest network attack trends in dynamic and complicated cyberspace, and take them into account while developing holistic information security (IS) approaches for ...
Internet of Things security
The Internet of things (IoT) has recently become an important research topic because it integrates various sensors and objects to communicate directly with one another without human intervention. The requirements for the large-scale deployment of the ...
Comments