SlideShare a Scribd company logo

Defense-in-depth for embedded devices

Download as PPTX, PDF
Jiggyasu Sharma, profile picture
Jiggyasu Sharma

This presentation discusses defense-in-depth strategies for embedded devices. It outlines various attack vectors at different levels of an embedded device stack, from hardware components to firmware to applications. It then describes corresponding countermeasures to protect against each attack vector. The attack vectors include device reconnaissance, tampering with hardware components, exploiting debug interfaces, firmware reverse engineering, software flaws, and application vulnerabilities. The countermeasures center around techniques like obfuscation, encryption, authentication, exception handling, updates, and using secure protocols. The presentation aims to help secure embedded devices against hacks and protect their integrity.

Internet
1 of 13
Downloaded 11 times
1
2
3
4
5
6
7
8
9
10
11
12
13
Defense-in-Depth for Embedded Devices Jiggyasu Sharma
DISCLAIMER The opinions and thoughts presented during the course of this presentation are my own and do not reflect the views or positions of my employer. 2
#whoami • A security evangelist • Working with Resideo (Honeywell Homes) – Product Security • Contributor towards security communities; IS-RA, null, CysInfo, h1hakz, ISC2. • Speaker at security conferences RSA, c0c0n, IoT day etc. • Having security certifications from Offensive Security, SANS and EC- Council • Interested in IoT, ICS and SCADA Security 3
Agenda • To know about embedded devices attack surface • And to protect them against hack
How is Embedded Device look like?
Embedded Device Stack • Attack Vectors • Device reconnaissance • Web Search Engines • FCCID • Open Source Libraries • Tempering the Device • Chip/components Identification • Datasheets • Pin-out Probes Hardware Components Hardware Protocols Boot/RootFS Application/Platform Kernel Bootloader / Firmware • Countermeasures • To protect the device IP • Service/User Manuals • Test Documents on FCCID • Securing Open source Libraries • Chip morphing • Temper Protection
Embedded Device Stack • Attack Vectors • JTAG • UART • SPI • I2C • CANBUS • BDS Hardware Components Hardware Protocols Boot/RootFS Kernel Bootloader / Firmware Application/Platform • Countermeasures • Obfuscation of pin-outs • Remove the Traces • Blow Fuse in Pin-Outs • Encryption/Authentication • Key Token • Power Toggle • Read out Protections • Randomizing Probes • Set option Bits • Validating Assembly • CRC/ HASH • Custom Baud Rate
Embedded Device Stack • Attack Vectors • U-Boot • RootFS • Firmware Signature • Root Certificates Hardware Components Hardware Protocols Boot/RootFS Kernel Bootloader / Firmware Application/Platform • Countermeasures • Run Time key Generation • Safe Zones • Using Secondary memory • Secure Boot enable • Authenticated RootFS • Obfuscated Signatures
Embedded Device Stack • Attack Vectors • Memory Leakage • Stack overflow • Buffer Overflow • Unmanaged code • Kernel Crash • Unhandled exception • Side Channels Faults • Power glitching • NAND/Clock glitching • ThermalHardware Components Hardware Protocols Boot/RootFS Kernel Bootloader / Firmware Application/Platform • Countermeasures • Memory management • Exception handling • Fixing Zero days • Crash reporting/Self Healing • Circuit Power Handling • Glitch detectors • Brownout detectors • Lockstep cores • Asynchronous internal clock with dummy cycles • Internal Oscillators • Halt on invalid instruction execution • Lock down unnecessary diagnostic signals • Mutable codes
Embedded Device Stack • Attack Vectors • Firmware Emulation • Reverse Engineering • Compression/Encryption • Hardcoded Credentials/Keys/Certificates • PII • Key Generation Algo • Backdoors Hardware Components Hardware Protocols Boot/RootFS Kernel Bootloader / Firmware Application/Platform • Countermeasures • Encryption • Compression • Obfuscation • Encoding • Certificates • Signatures • Run time Keys • Run time protection • Remove Backdoors • Randomized functions • Secure APIs/Libraries • Integral Updates • Complex key generations • Root of trust / Chain of Trust • Avoid Secondary memory
Embedded Device Stack • Attack Vectors • Application Flaws • COAP • MQTT Hardware Components Hardware Protocols Boot/RootFS Kernel Bootloader / Firmware Application/Platform • Countermeasures • Secure API implementation • Auth Mechanism • Reliable node detection • Active search engine scans • Secure 3rd party libraries • TLS
Take Away
Questions??? Connect to me: /jiggyasu-sharma /jiggyasu.sharma /jiggyasu_sharma jiggyasu.sharma@gmail.com 13 Thank you धन्यवाद्

More Related Content

PPTX
Firmware analysis 101
veerababu penugonda(Mr-IoT)
 
PDF
Beginners guide on how to start exploring IoT 2nd session
veerababu penugonda(Mr-IoT)
 
PDF
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
veerababu penugonda(Mr-IoT)
 
PDF
Maemo 6 Platform Security
Peter Schneider
 
PPTX
Hardware Security Training By TONEX
Bryan Len
 
PPTX
Practical Security Assessments of IoT Devices and Systems
Ollie Whitehouse
 
PPTX
Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23
Chase Schultz
 
PDF
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
Aditya K Sood
 
Firmware analysis 101
veerababu penugonda(Mr-IoT)
 
Beginners guide on how to start exploring IoT 2nd session
veerababu penugonda(Mr-IoT)
 
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
veerababu penugonda(Mr-IoT)
 
Maemo 6 Platform Security
Peter Schneider
 
Hardware Security Training By TONEX
Bryan Len
 
Practical Security Assessments of IoT Devices and Systems
Ollie Whitehouse
 
Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23
Chase Schultz
 
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
Aditya K Sood
 

What's hot (12)

PDF
Malware cryptomining uploadv3
Setia Juli Irzal Ismail
 
PDF
Pa or die
Setia Juli Irzal Ismail
 
PDF
Aes jul-upload
Setia Juli Irzal Ismail
 
PDF
Using fault injection attacks for digital forensics
Justin Black
 
PPTX
Practical hardware attacks against SOHO Routers & the Internet of Things
Chase Schultz
 
PDF
IoT security zigbee -- Null Meet bangalore
veerababu penugonda(Mr-IoT)
 
PDF
FIWARE Tech Summit - TST Connected Solutions Using FIWARE
FIWARE
 
DOCX
kali linix
Mirza Baig
 
PPT
iOS Application Pentesting
n|u - The Open Security Community
 
PDF
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
DefconRussia
 
PPTX
Introduction to epid
BeMyApp
 
PDF
Top 10 secure boot mistakes
Justin Black
 
Malware cryptomining uploadv3
Setia Juli Irzal Ismail
 
Pa or die
Setia Juli Irzal Ismail
 
Aes jul-upload
Setia Juli Irzal Ismail
 
Using fault injection attacks for digital forensics
Justin Black
 
Practical hardware attacks against SOHO Routers & the Internet of Things
Chase Schultz
 
IoT security zigbee -- Null Meet bangalore
veerababu penugonda(Mr-IoT)
 
FIWARE Tech Summit - TST Connected Solutions Using FIWARE
FIWARE
 
kali linix
Mirza Baig
 
iOS Application Pentesting
n|u - The Open Security Community
 
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
DefconRussia
 
Introduction to epid
BeMyApp
 
Top 10 secure boot mistakes
Justin Black
 
Ad

Similar to Defense-in-depth for embedded devices (20)

PDF
Implementing Trusted Endpoints in the Mobile World
LINE Corporation
 
PPTX
Null mumbai-reversing-IoT-firmware
Nitesh Malviya
 
PPTX
Making and breaking security in embedded devices
Yashin Mehaboobe
 
PPT
Control system including PLC cybersecurity
Dr.Maged Mikhail
 
PPTX
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Qualcomm Developer Network
 
PDF
Zephyr-Overview-20230124.pdf
ibramax
 
PPT
Attacking Embedded Devices (No Axe Required)
Security Weekly
 
PDF
Windy City Rails - Layered Security
Aaron Bedra
 
PPTX
BSIDES-PR Keynote Hunting for Bad Guys
Joff Thyer
 
PPTX
How to create a secure IoT device
Abhijeet Rane
 
PPTX
"Mobile security: iOS", Yaroslav Vorontsov, DataArt
DataArt
 
PPTX
Reverse Engineering.pptx
Sameer Sapra
 
PDF
Pci Req
Namrata Arora
 
PPTX
How to Build Your Own Physical Pentesting Go-bag
Beau Bullock
 
PPTX
LAS16-300K2: Geoff Thorpe - IoT Zephyr
Shovan Sargunam
 
PDF
Track 5 session 2 - st dev con 2016 - security iot best practices
ST_World
 
PPTX
Hacktrikz - Introduction to Information Security & Ethical Hacking
Ravi Sankar
 
PDF
Mobile security chess board - attacks & defense
Blueinfy Solutions
 
PPTX
What Does a Full Featured Security Strategy Look Like?
Precisely
 
PPT
Power Grid Communications & Control Systems
fajjarrehman
 
Implementing Trusted Endpoints in the Mobile World
LINE Corporation
 
Null mumbai-reversing-IoT-firmware
Nitesh Malviya
 
Making and breaking security in embedded devices
Yashin Mehaboobe
 
Control system including PLC cybersecurity
Dr.Maged Mikhail
 
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Qualcomm Developer Network
 
Zephyr-Overview-20230124.pdf
ibramax
 
Attacking Embedded Devices (No Axe Required)
Security Weekly
 
Windy City Rails - Layered Security
Aaron Bedra
 
BSIDES-PR Keynote Hunting for Bad Guys
Joff Thyer
 
How to create a secure IoT device
Abhijeet Rane
 
"Mobile security: iOS", Yaroslav Vorontsov, DataArt
DataArt
 
Reverse Engineering.pptx
Sameer Sapra
 
Pci Req
Namrata Arora
 
How to Build Your Own Physical Pentesting Go-bag
Beau Bullock
 
LAS16-300K2: Geoff Thorpe - IoT Zephyr
Shovan Sargunam
 
Track 5 session 2 - st dev con 2016 - security iot best practices
ST_World
 
Hacktrikz - Introduction to Information Security & Ethical Hacking
Ravi Sankar
 
Mobile security chess board - attacks & defense
Blueinfy Solutions
 
What Does a Full Featured Security Strategy Look Like?
Precisely
 
Power Grid Communications & Control Systems
fajjarrehman
 
Ad

Recently uploaded (20)

PPTX
Introuction about ICD -10 and ICD-11 PPT.pptx
naveenithkrishnan
 
PPTX
Digital Literacy And Online Safety on internet
riksa rifqi
 
PPTX
E -tech empowerment technologies PowerPoint
kylebalatero12
 
PDF
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
 
PPTX
artificial intelligence overview of it and more
yafotin445
 
PPTX
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
 
PDF
An introduction to the IFRS (ISSB) Stndards.pdf
farhankhan13694
 
PPTX
Internet___Basics___Styled_ presentation
poonam62133
 
PDF
The New Creative Director: How AI Tools for Social Media Content Creation Are...
SageTitans
 
PDF
Best Practices for Testing and Debugging Shopify Third-Party API Integrations...
CartCoders
 
PPTX
introduction about ICD -10 & ICD-11 ppt.pptx
naveenithkrishnan
 
PPTX
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
 
PPTX
Mathew Digital SEO Checklist Guidlines 2025
Mathew Digital
 
PDF
Exploring VPS Hosting Trends for SMBs in 2025
Liquid Web
 
PPT
Ethics in Information System - Management Information System
faizhossain3
 
PDF
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
 
PDF
Vigrab.top – Online Tool for Downloading and Converting Social Media Videos a...
Vigrab Top
 
PPTX
innovation process that make everything different.pptx
SoumyadipPaul18
 
PPT
Design_with_Watersergyerge45hrbgre4top (1).ppt
DiogoRibeiro730590
 
DOCX
Unit-3 cyber security network security of internet system
shivangisharma636228
 
Introuction about ICD -10 and ICD-11 PPT.pptx
naveenithkrishnan
 
Digital Literacy And Online Safety on internet
riksa rifqi
 
E -tech empowerment technologies PowerPoint
kylebalatero12
 
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
 
artificial intelligence overview of it and more
yafotin445
 
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
 
An introduction to the IFRS (ISSB) Stndards.pdf
farhankhan13694
 
Internet___Basics___Styled_ presentation
poonam62133
 
The New Creative Director: How AI Tools for Social Media Content Creation Are...
SageTitans
 
Best Practices for Testing and Debugging Shopify Third-Party API Integrations...
CartCoders
 
introduction about ICD -10 & ICD-11 ppt.pptx
naveenithkrishnan
 
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
 
Mathew Digital SEO Checklist Guidlines 2025
Mathew Digital
 
Exploring VPS Hosting Trends for SMBs in 2025
Liquid Web
 
Ethics in Information System - Management Information System
faizhossain3
 
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
 
Vigrab.top – Online Tool for Downloading and Converting Social Media Videos a...
Vigrab Top
 
innovation process that make everything different.pptx
SoumyadipPaul18
 
Design_with_Watersergyerge45hrbgre4top (1).ppt
DiogoRibeiro730590
 
Unit-3 cyber security network security of internet system
shivangisharma636228
 

Defense-in-depth for embedded devices

  • 2. DISCLAIMER The opinions and thoughts presented during the course of this presentation are my own and do not reflect the views or positions of my employer. 2
  • 3. #whoami • A security evangelist • Working with Resideo (Honeywell Homes) – Product Security • Contributor towards security communities; IS-RA, null, CysInfo, h1hakz, ISC2. • Speaker at security conferences RSA, c0c0n, IoT day etc. • Having security certifications from Offensive Security, SANS and EC- Council • Interested in IoT, ICS and SCADA Security 3
  • 4. Agenda • To know about embedded devices attack surface • And to protect them against hack
  • 5. How is Embedded Device look like?
  • 6. Embedded Device Stack • Attack Vectors • Device reconnaissance • Web Search Engines • FCCID • Open Source Libraries • Tempering the Device • Chip/components Identification • Datasheets • Pin-out Probes Hardware Components Hardware Protocols Boot/RootFS Application/Platform Kernel Bootloader / Firmware • Countermeasures • To protect the device IP • Service/User Manuals • Test Documents on FCCID • Securing Open source Libraries • Chip morphing • Temper Protection
  • 7. Embedded Device Stack • Attack Vectors • JTAG • UART • SPI • I2C • CANBUS • BDS Hardware Components Hardware Protocols Boot/RootFS Kernel Bootloader / Firmware Application/Platform • Countermeasures • Obfuscation of pin-outs • Remove the Traces • Blow Fuse in Pin-Outs • Encryption/Authentication • Key Token • Power Toggle • Read out Protections • Randomizing Probes • Set option Bits • Validating Assembly • CRC/ HASH • Custom Baud Rate
  • 8. Embedded Device Stack • Attack Vectors • U-Boot • RootFS • Firmware Signature • Root Certificates Hardware Components Hardware Protocols Boot/RootFS Kernel Bootloader / Firmware Application/Platform • Countermeasures • Run Time key Generation • Safe Zones • Using Secondary memory • Secure Boot enable • Authenticated RootFS • Obfuscated Signatures
  • 9. Embedded Device Stack • Attack Vectors • Memory Leakage • Stack overflow • Buffer Overflow • Unmanaged code • Kernel Crash • Unhandled exception • Side Channels Faults • Power glitching • NAND/Clock glitching • ThermalHardware Components Hardware Protocols Boot/RootFS Kernel Bootloader / Firmware Application/Platform • Countermeasures • Memory management • Exception handling • Fixing Zero days • Crash reporting/Self Healing • Circuit Power Handling • Glitch detectors • Brownout detectors • Lockstep cores • Asynchronous internal clock with dummy cycles • Internal Oscillators • Halt on invalid instruction execution • Lock down unnecessary diagnostic signals • Mutable codes
  • 10. Embedded Device Stack • Attack Vectors • Firmware Emulation • Reverse Engineering • Compression/Encryption • Hardcoded Credentials/Keys/Certificates • PII • Key Generation Algo • Backdoors Hardware Components Hardware Protocols Boot/RootFS Kernel Bootloader / Firmware Application/Platform • Countermeasures • Encryption • Compression • Obfuscation • Encoding • Certificates • Signatures • Run time Keys • Run time protection • Remove Backdoors • Randomized functions • Secure APIs/Libraries • Integral Updates • Complex key generations • Root of trust / Chain of Trust • Avoid Secondary memory
  • 11. Embedded Device Stack • Attack Vectors • Application Flaws • COAP • MQTT Hardware Components Hardware Protocols Boot/RootFS Kernel Bootloader / Firmware Application/Platform • Countermeasures • Secure API implementation • Auth Mechanism • Reliable node detection • Active search engine scans • Secure 3rd party libraries • TLS