Talking about "embedded security" in the vernacular

Others 2020-09-18 15:24:01 views: null

ID: Technology makes dreams greater

Author: GorgonMeducer

 In a world full of PPT, some phenomena are quite interesting. For example, maybe your girlfriend has never heard of what is called an embedded system, but she must know what the Internet of Things is; even if she does not know "the Internet has no privacy", she must know that "the most important thing about the Internet of Things is security"—— As the so-called stories have been heard a lot, Einstein's drivers can all talk about the theory of relativity. So here comes the question:

As a professional, what is the security of the Internet of Things, can you make it clear?

Ok, okay, don't pretend to be forced, knowing that you don't understand anything, if you are not satisfied, please skim this article. Below, we first start with a few common misunderstandings, and slowly expand for you:

Misunderstanding 1: Safety and safety

  There are two words in English that can correspond to the Chinese "safety", namely Security and Safety. First of all, I want to clearly emphasize:

Security and Safety are not synonymous, they have completely different definitions in many areas.

Let alone ordinary people, many engineering experts may not be able to clearly explain their differences-the reason is simple, different industrial standards have completely different definitions of Security and Safety (in fact, mainly Safety)-textbooks in their hands Different, you can't naturally blame engineers for different understanding of safety.

Does this mean that if we leave the specific field, Security and Safety are a mess for us ordinary people? Nor is it. Divorced from the dogma of specific fields, Security and Safety have some spirits worthy of our understanding:

  • Security is basically equivalent to "information security", and Safety is basically equivalent to "functional/facility security"

  • Security mainly discusses how to ensure that information is not stolen by others.

Security in life is how to prevent the next door Pharaoh.

  • Safety mainly discusses how to ensure that equipment or facilities  will not go into trouble, cause damage or damage under  extreme conditions ; and even still provide minimal functions . To give a few examples:

    • When someone gets an electric shock, the home automatic circuit breaker will cut off the power (overcurrent protection)

    • When the temperature is too low, in order to protect the life of the lithium battery, certain responsible electronic devices will prohibit you from charging or discharging. For example, a certain phone cannot be charged when it is cold in winter, so it needs to be warmed under the quilt (low temperature protection)

    • Some industrial-grade chips, if the system voltage is too low, will automatically pull the reset signal low to prevent the system from running out (BOD)

  • Security prevents malicious attacks ; Safety prevents damage caused by extreme environmental variables

  • Sometimes, Safety and Security need to be met at the same time. Take the car as an example. Traditional cars emphasize Safety—how to avoid traffic accidents and how to reduce casualties. The so-called Security is estimated to be related to car keys. Car dealers changed their odometers; in the "PPT" era, cars have been able to access the Internet. If you don't pay attention to Security, once hackers control the car, traffic accidents and casualties will be hard to avoid—Safety is also out of the question.

  • Sometimes, in the face of Safety, Security can be compromised.

It's like, you have been tied to a tiger bench by the culprit. What other safe password can't be said?

What are Security and Safety in an embedded system (or in an IoT system)? What is the relationship between them?

  • In embedded systems, Security is not the end of this article.

  • Communication has the information security of communication, that is, 1) encryption and decryption of various communication contents, and 2) handshake and authentication of both parties in communication (similarly, prove that your mother is your mother and you are your mother's child).

  • The software has software information security, for example, how to ensure that the code you write is not read by others; how to store the key for your communication safely, and how to ensure that the library you write in cooperation with others is not used by others without authorization and many more.

  • The system has system security, for example, how to ensure that the contents of FLASH are not directly read out by others, how to ensure that the algorithm logic (timing) of a certain hardware IP is obtained by hackers, and how to ensure that different tasks are mutually exclusive Authorized to read each other's content and so on.

  • Safety can be understood as the functional safety of infrastructure in a purely embedded system  . What does that mean? That is, for extreme temperatures, voltages, currents, and noisy clocks, the system should not run away, and even provide a minimal function.

  • In any case, Security is essentially a functional logic. The normal function of the function logic is established on the basis that the hardware can work normally. Hackers’ thinking is often that since I’m not easy to break through a working security logic, we will attack the hardware infrastructure that implements the security logic. If the security of the infrastructure is not strong enough, it is easy to be destroyed . As the saying goes, there is no skin. Mao will be attached, and the Security built on it will not work properly, exposing more opportunities for attack . Because of this, we say:

  • In embedded systems, Security is built on the basis of Safety . Leaving the Safety of infrastructure, Security is a paper tiger-for this reason, we can easily see that many methods of attacking Security are actually attacking Safety first. Many articles discussing Security will inevitably discuss a lot of Safety content. This can easily give readers the illusion that Safety and Security are the same thing in an embedded system. Now you know, this is not the case. It is like "drawing money from the bottom does not mean that firewood and "cooking" are the same thing."

Attacking the reset circuit once made the cracking of a well-known manufacturer's Cortex-M3 microcontroller "immediately desirable"-this is a typical case of attacking the upper layer Security by attacking the hardware infrastructure. In fact, did you know that software also has infrastructure, and attacking software infrastructure is also a common technique for hackers.

The stack is the infrastructure of the C language. Whether it is function call, parameter transfer, or local variable allocation, it is inseparable from the stack. Therefore, there are various attacks on the stack, such as classic stack smash, code injection, etc.; similar , Heap, C standard library are also software infrastructure.

In principle, a lot of Security’s offense and defense are actually launched against the offense and defense of the hardware and software infrastructure-a draw from the bottom, simple and effective-however, this is just the tip of the Security iceberg.

So, what is the essence of embedded information security?

The essence of embedded information security (Security) is isolation (Isolation)

It is worth emphasizing that the isolation here does not distinguish between software (Software Security), hardware (Hardware Security), and various team-related processes (Team / Design Flow Security). In other words, the use of "Isolation" to achieve "Security" is true regardless of the context in the embedded system-or it is universally applicable. axiom.

When it comes to isolation, we immediately face the following problems:

  • Isolate who from whom? (For whom)

  • What is to be isolated? (What to protect)

  • What method is used for isolation? (How to isolate)

Don't underestimate these three issues, they are the key to the design of information security systems. Answering these three questions correctly is the most effective way to prevent the doctor from selling off the donkey and writing a thousand words.

"Wait, wait..." Someone couldn't sit still: "I don't care about isolation. Shouldn't information security be encryption and decryption, handshake authentication, etc.?"

"Yes, yes, what DES, 3DES, what AES128 is already insecure, should I use AES256?" Someone echoed: "What does MD5, RSA and other algorithms have to do with Isolation? Is everything encrypted to achieve isolation?"

So, some of you comrades know some encryption and decryption algorithms when the picture is broken, thinking that the so-called information security is to encrypt and protect the key so that people can't understand it. This is very one-sided. For example, the relative information security of encryption and decryption algorithms, key management, and authentication is the relationship between bricks and houses-there must be a need to build a house (what is the purpose of the house, who is it for, what needs, and budget What is it? What is the design life? What are the natural and geological disasters where the house is located? What Chengdu needs to be combated?), target planning (how much budget, how long will it be built, who will be built, how will it be built, how will it be constructed? How will the acceptance criteria be? What), there must be theoretical guidance-finally through engineering practice, using various building materials to build a house that meets the requirements. Look, if it weren't for your interruptions and wasting so much tongue, the result would be nothing useful. To fully understand the relationship, I will introduce it in detail in a subsequent article. Here we start with more essential things to understand information security.

  • Who to protect and what to protect

These two issues are usually considered together. There are too many specifics and can't be said in a few words. I will tell a story around you:

Xiao Li is a hardware engineer, self-taught software development and small achievements, often take some private work to earn some barbecue money. This time, he accepted a development job from a small private boss he knew well. The specific hardware and function are not important, but it is worth noting that Xiao Li is proud of a software algorithm in it. This algorithm can greatly Improve the parameters of the product, and realize the parameters that can only be achieved by "expensive and advanced" products with a smaller hardware cost. In order to protect this algorithm, Xiao Li has spent a lot of extra effort on encrypting the product, such as "encrypting the communication of firmware upgrade", "using the state machine to obfuscate the algorithm logic", and what "firmware integrity detection", "Multiple key protection"... In short, he used all the algorithms that can be found on the Internet. Although it took a lot of time and the small private boss didn't give much money, he was still very satisfied.

However... less than two weeks after the product was launched, the exact same cloned product appeared on the market. The other party copied the firmware by violently opening the cover, and then used the same firmware for mass production. The little boss was very dissatisfied. He found Xiao Li and asked him if he didn't think the money was enough and sold the design to others. Xiao Li was aggrieved. He repeatedly emphasized that he has encrypted the product, and others can never obtain his own algorithm. Hearing this, the little boss smiled coldly, "No one is interested in your algorithm, others are interested in it. It’s just how to clone the entire product and then mass-produce it! — You waste so much time and energy without binding the key UID. I really don’t know how to say you."

It’s a good old saying: No matter how hard it looks, it will fall apart. No matter how good the encryption is, the clone will fall.

This story tells us that many times, if your isolation means essentially just close the door to guard against thieves, but if someone else digs away your house...So, for different attack methods, you must design different isolation methods. , Can’t just think of isolation in space, and isolation in time.

  • How to isolate

An elder in the movie once said that when you look at the disputes in the world, you can see through the words "famous and profit"... and you will understand that if you have to grasp both hands, you will be the real winner in life. An elder in the ivory tower once said that when you look at that time is complicated, but if you read the words "time and space" thoroughly, you will understand that information security, Temporal Isolation and Spatial Isolation ) Both hands are hard to grasp!

 Space isolation

Space isolation is easy to understand. For example, a 32bit 4G address space, you can divide it into small segments (any size) through hardware, and then each segment can have different access permissions (No-Access / Read-Only / Full Access) ). This is spatial isolation. But how to understand time isolation? Is it a pair of lovers who travel through time and space, who have all reached the same space, but have been missing? You really understand it this way, it's actually pretty good, but you are sure that you are a programmer, not a programmer? To understand this problem correctly, we first start with the spatial separation of two different types of resources.

Isolation of non-shared resources

Non-shared resources refer to resources "exclusively" by a certain task in a multitasking system. For this type of resource, it is very simple. It is enough to write the resource configuration of the current task to a dedicated memory isolation peripheral (such as the Memory Protection Unit in Cortex-M, MPU for short) during task switching . In this way, each task can isolate its own resources from other tasks.

Isolation of shared resources

Shared resources, as the name suggests, are resources that are shared among multiple tasks, such as shared peripherals (UART, SPI, etc.). For shared resources, it is impossible to achieve isolation from the perspective of static space, because isolation is essentially a kind of "exclusiveness"—my things are not allowed to be used by others—so how to do it What about "sharing" between multiple tasks? Naturally, the concept of "time-sharing multiplexing" was introduced. To put it simply, on the time axis, the time is segmented like an address space, and then different paragraphs are divided into different tasks, so that for each task, this resource is exclusively shared in its own time slice .

The concept of time-sharing multiplexing is not a new thing, so what does it have to do with isolation? Strictly speaking, nothing is related to a dime. Simple time-sharing multiplexing does not play any role in isolation-in the case of time-sharing multiplexing, the so-called isolation should be reflected in the fact that two tasks adjacent to each other before and after switching resource use rights, the latter It should not be possible to obtain the residual information of the former-otherwise the information of the task will be leaked. To achieve this function, we need to introduce the concept of on-site:

  • When a task obtains the right to use the resource, he must return to his site to continue his previous work

  • When a task is forced to give up the right to use, not only protect one's own site so that it can continue next time, but also destroy the current site to prevent leakage of information to other users of the resource

This process is not difficult to understand, but it is worth emphasizing that for shared resources, each task has a "site" for the resource. Where is the site kept? Isn't it in a certain memory of the task? Therefore, it is easy to deduce:

The isolation of shared resources is the spatial isolation of each task's resource-specific context.

Furthermore, the above-mentioned method of equipping each task with a "site" so that a common resource can be shared among multiple tasks is called "Virtualisation"-that is

Use a physical resource to create a virtual resource for each task in a time-sharing multiplexing manner.

and

Virtualization is the core way to achieve "time isolation".

Well, after a long time, I finally came back. Let's briefly summarize:

  • Non-shared resources-we use memory to manage peripherals, and simply use space isolation.

  • Shared resources-We use virtualization technology to isolate resources in time by means of spatial isolation "on-site" (to prevent information leakage during task switching)

Having said that, let's explain an interesting thing:

A pipeline is actually a shared resource-multiple tasks share the same pipeline, and the task code is executed by time-sharing multiplexing. For the "site" of the pipeline, we are used to calling it task context. In this sense, the OS just virtualizes the pipeline, so that each task can temporarily monopolize the pipeline during execution. So the problem is here. Have you noticed that if the front-end and back-end systems are simple multitasking, when ordinary MCUs perform interrupt processing, although there are stack operations, but they do not "erase" the leftovers of the previous task. Wreckage at the scene"! ——In other words, the task information will be leaked during the interrupt processing! ! In principle, ordinary MCUs cannot reliably achieve "time isolation"!

What does the ARMv8-M TrustZone architecture do? That is, when the program is running in Secure mode, there is a Non-Secure interruption suddenly, in addition to ordinary on-site protection, the hardware will also help you erase the phenomenon of Secure running! ——That is to say, the reliable "time isolation" is completely implemented through hardware in the architecture. This is something that the old ARMv7-M and ARMv-6M architectures cannot do through hardware. This is why ARMv8- in principle M's TrustZone is more secure than the old architecture.

Guess you like

Origin blog.csdn.net/u012846795/article/details/108373679
Recommended
Ranking
ElasticSearch-- data modeling best practices
Permission Maintenance - Shadow User Backdoor
Refactor the code using MVP mode
Quantitative investment-fundamental model-PVC multi-factor model
Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators
Blazor page components (2)
Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze
About Qi high in JAVA study notes SORM summary detailed personal explanation
Will you calculate the accuracy of the rope displacement sensor in the measurement?
OPENJTAG debugging learning (3): debugging using the gdb command line
Daily
More
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)

Code World

© 2018 codetd.com