Using Hardware Means to secure Critical Infrastructure Devices
This post was written by Prof. Apostolos P. Fournaris, University of Patras, Greece
Patras, Mar. 27th
There is a dominant trend of securing critical infrastructures from cyber security attacks using software tools from the network security domain. However, when it comes to cryptography and security services there exist many attacks that a malicious entity can mount on a critical infrastructure device. In a well-established and computationally powerful device that is installed in an office environment those attacks can be thwarted, but what does it happen when a device is left unattended in an unsecure, remote and potentially “hostile” environment?
This use case matches most of the end node devices existing in critical infrastructure systems that consist of embedded processor units for measuring critical environmental variables and taking decisions based on proprietary software with scarce security updates. In such an environment, a malicious entity can utilize a broad toolset of attacks that can exploit the many vulnerabilities the embedded system world still face. This vulnerability of software solutions on malicious attackers that can bypass software security of such end nodes as well as the slow response of software solutions to security requests and updates, indicate that a different, hardware based approach should be followed from the CIS security administrators/architects to protect CIS devices. Hardware solutions are more appropriate for high security demanding applications like those in financial, military, or governmental environments and thus seem ideal for the CIS domain.
There exist a wide range of hardware security tokens for certain CIS like financial or military ones that act as security arbiters and/or user authentication tools (validating a user’s identity by providing a token that only the user possesses). These tokens are based on dedicated hardware processing units consisting of physically tamper-resistant embedded cryptographic processors that communicate with the conventional general purpose system processor in order to offer a predefined set of cryptographic and security services.
Hardware Security Modules in “Traditional” Critical Infrastructures
Hardware security modules (HSM) were originally described and implemented for financial transactions and aimed to enforce a policy on key usage along with a variety of key protection measures. Electronic payment systems use the HSMs for secure communication between the banks and the customers and for secure storage of all authentication information. The financial sector customer (user) is provided with a cheap autonomous HSM (typically a smart card) along with a personal identification number (PIN) for authentication. Through this HSM end-to-end security in the communication between the bank and its clients is achieved and 2 factor authentication is used for identifying user identity to the financial CIS services. The introduction of Internet banking brought new dynamics in the field of financial transactions since the customer has no physical presence in a prearranged place to use financial CIS services (ubiquitous use of bank services). To retain strong security remotely, the user-customer needs to build and maintain a secure, trusted environment, irrespective of his physical location. To somehow address the above challenge, banks provide to their customers’ tamper-resistant authentication, i.e., authorization devices (e.g., the RSA SecurID) that can generate time-dependent or random passwords based on unique registered key in the device. However, the customer end device (a PC, tablet or mobile phone) is not protected in any way against cybersecurity attacks targeting the end device itself (not the HSM). Customers must apply their own additional security measures (e.g., firewall, antivirus, antimalware software) to create a trusted environment in their devices.
Diagram of the University of Patras HSM prototype and its connection to possible Host devices.
HSMs are also used in military–government CIS. There exist dedicated military cryptographic processors embedded in special purpose military machines for mane year (even from the Cold War era) capable of encrypting sensitive communications and for authorizing people as well as for protecting high-importance military CIS stations. In some governmental, civil protection agencies this technology has been lightly replicated for crisis management situations when entities (police, fire brigade, and ambulance staff) need to communicate over secure channels. Proprietary secure communication channels have been used in such scenarios (TETRA,Tetrapol, etc.) that strongly rely on dedicated HSMs in an attempt to create a secure communication environment over an untrusted infrastructure (wireless links, telephone network, etc.).
Apart from the above mentioned "traditional" and well-established CIS, the use of HSM is not very popular in other environments that till recently were considered to be "closed" to the IT world and its cybersecurity dangers and thus protected against attacks. This however is changed in the modern CIS world thus highlighting the need for strong security solutions. HSMs in the CIS environment as a whole can be a game changer in terms of attack protection. Connecting an HSM to a CIS device can enhance the device's capabilities in terms of security. This is highly useful in legacy CIS devices that may not be able to support efficiently security functions due to constrained resources and processing power. Migrating all cryptography/security functions to a (physically) associated HSM, a CIS host device can support needed by the CIS security architect security features related to information confidentiality, integrity, authenticity but also to device and user authentication, identification (as already is done in the governmental and financially CIS environments).
Key point to retain this HSM enabled level of security is the strong belief that the HSM remains secure at all times and it cannot be compromised. Trust that the HSM will always perform its intended functionality must be retained and guaranteed. In that sense, an associated to a host HSM acts as a trust anchor for the host system and the CIS IT network it is connected to.
In HSMs we trust…
The HSM architecture is built around a system-on-Chip concept and thus consists of several Hardware blocks that are managed by a secure microprocessor through software code stored in the HSM RAM memory. The HSM capabilities are enhanced by secure NVRAM storage and dedicated hardware IP Cores for cryptographic acceleration. A high level of trust must be placed on the HSM system, so that it can always operate as intended to. To achieve that, the HSM is protected against a broad range of possible software and hardware attacks.
The University of Patras add-on HSM SoC abstract architecture.
There exist several security risks associated with the HSM software and hardware components. Software vulnerabilities written during code development (Buffer overflows, stack smashing attacks etc.) can constitute an attack vector for code injection attacks. Approaches to mitigate software vulnerabilities and instill trust have been devised and standardized in the past few years including technologies like ARM's TrustZone, Trusted Computing Group's (TCG) Trusted Platform Module and GlobalPlatform's Trusted Execution Environment (TEE) specifications. The above approaches, aim to create a secure environment within the processor execution plane that is isolated from the rest of the code environment. This approach while not explicitly designed for HSM's (but rather for secure computation) can constitute a strong countermeasure against software vulnerabilities.
Since, CIS end device (and the associated HSM) can operate unattended, thus it works in a hostile environment from security perspective, it can be stolen and manipulated in order to give out any sensitive information that may be stored or processed in it. While the system might be protected from cryptanalytic attacks through the use of strong security schemes, it can still be compromised when an adversary applies an attack on the security implementation itself. Even if secret information cannot be learned, attackers may be able to disrupt the hardware or deny service leading to failures in the security system. There exist several types of such implementation attacks aiming hardware or even software security component implementations. The most easy to mount such attacks are side channel attacks (SCA). Such attacks exploit a system’s hardware characteristics leakage (power dissipation, computation time, electromagnetic emission e.t.c) to extract information about the processed data and use them to deduce sensitive information (cryptographic keys, messages e.t.c). An attacker does not tamper with the chip in any way and needs only make appropriate observations to mount a successful attack. SCAs can be mounted very easily, cheaply, using a PC, a digital oscilloscope and some probes.
HSMs are highly protected against SCAs by introducing cryptography algorithmic and circuit based countermeasures that aim at disassociating sensitive information from the processing flow and/or hiding/masking this sensitive information leakage in randomized noise.
CIPSEC project results receive funding from the European Union’s Horizon 2020 Research and Innovation Programme, under Grant Agreement no 700378.
The opinions expressed and arguments employed in this publication do not necessarily reflect the official views of the Research Executive Agency (REA) nor the European Commission.