Building from the Ground Up: Protecting End Devices
Embedded devices are becoming ever more present in the systems of today; such as end devices, whether cars, industrial machinery or in the areas of health, robotics, etc. Moreover, with the emergence of the Internet of Things (IoT), the use of communication devices and information exchange is expanding even further. Starting with the principle that there is no such thing as absolute safety, many problems can be avoided with certain measures, especially if they are included in the design, and the philosophy of operation; what is called Security by Design. Many current end devices are practically small computers, with an operating system, software, different applications and service (web server, SSH, FTP, etc.), firmware, connectivity (WiFi, Bluetooth, cable), etc. These features are susceptible to security problems and the possibility that an attacker might assume control of the device. All this makes it necessary to perform exhaustive cybersecurity evaluations before installing these products.
- A device with different interfaces Source: http://sine.ni.com -
Security at End Points
When it comes to taking security measures in these devices, cybersecurity evaluations must verify that all of the parts that comprise them are secure.
- PROTOCOLS: The device must be configured so that it uses the secure version of the protocol where this exists, for example Secure DNP3 in place of DNP3. It is common to find that in these configurations, the protocols activated by default are the insecure versions, which lack the possibility of authentication and encryption.
Through techniques such as fuzzing, one can test the implementation of the protocols to attempt to detect vulnerabilities such as buffer overflow or entire or infinite loops. The use of these tools is ideal for determining, for example, if, for certain protocols that operate at the lower layers of a network, security mechanisms can be included in the protocols above or if it is necessary to isolate networks to prevent possible attacks.
- PORTS & INTERFACES: End devices usually feature more than one physical access interface (RJ45, WiFi, Zigbee, CAN, USB, etc.) and, generally, some of these provide access to firmware. These interfaces must be controlled both physically, anti-tampering protection; and logically, disabling those that are not used and provide an access control mechanism to unique users.
- ACCESS TO HARDWARE: One of the biggest security problems with end devices is the physical access to same, which would allow an attacker to study the functioning in detail. To prevent access to internal parts, there must be anti-tampering protection that physically and logically blocks the opening of the device.
Moreover, there are more sophisticated attacks that require significant knowledge, called Side Channel Attacks. These attacks allow values to be modified through alterations in the system clock or memory positions that are close to certain circuitry. They are modified thanks to changes in temperature or some other external physical alterations such as, for example, electromagnetic interferences.
To solve problems arising from these attacks, the following counter measures must be taken
- Use of shielding material to reduce and weaken electromagnetic emissions in the circuitry.
- Emit more noise to the channel in a controlled manner so that measures that can be monetized are less precise and more difficult to assume.
- In the event that computing times are quantified in discreet clock cycles, an attack can be prevented at the signal of the clock through the design of isochronous software, that is, that it is executed in constant, exact time.
- Avoid the data reference table so that the cache does not determine which part of the search had access. This makes it impossible to for an attacker to run queries against the cache and to search for information used on the device.
Apart from possible direct attacks, certain devices may conceal undocumented or unknown accesses, such as back doors in order to be able to capture all the information processed and then transmitted from initial hardware. Occasionally, these back doors are introduced by the manufacturers themselves to help with device maintenance tasks.
- FIRMWARE: To evaluate vulnerabilities that may reach the hardware of the devices, it is necessary to use an infrastructure in which the security and integrity level at the hardware level of all machinery, chips and systems.
In the past it was complicate to obtain firmware from a device, as it had to be extracted from the device itself, but today this can be found on the website of the manufacturer in many cases. With firmware, it is possible to carry out reverse engineering in search of passwords stored in the code, weak or poorly implemented encryption algorithms, buffer overflows or other vulnerabilities that allow the possible execution of malicious code.
To carry out this analysis, it is necessary to disassemble the code. It is difficult to protect firmware against disassembly, but it is possible to encrypt the code and place a small routine at the start-up of firmware so that it is deciphered when executed, making the process difficult. Nevertheless, today there are tools, such as IDA (Interactive DisAssembler), that can decipher the original code almost in an instant. These tools can execute the binary in the test environment and perform a RAM memory dump, with all its content.
There also exist different techniques of obfuscation of code to prevent analysis, which, although in practice never making it impossible, does result in the task of extraction of information being arduous and tedious. It is always advisable to encrypt firmware to make its extraction difficult and avoid giving information on the system of files, bootloader, kernel, etc.
- SOFTWARE: : Industrial devices have sufficient calculation power to run many of the applications that work in a conventional server, but not jointly. For this reason, an evaluation of installed software is required, as it may contain unnecessary applications and services.
In other cases, these applications are poorly configured or, at the very least, not configured to take security into account. For precisely this reason, it is necessary to review the configuration of all applications, databases, password stores, etc. to apply the appropriate security measures in each case. Similarly, one must review the security warnings published up until now in order not to use vulnerable software or versions of software.
The security of end devices is one of the fundamental pillars of comprehensive protection of a control system. These devices are those that take control of many tasks performed on a daily basis, making their security critical and measures must be taken towards guaranteeing the functionality and availability of these same devices.