Securing the Internet of Things (IoT)

Embedded devices and hardware security in IoT

Subhan Ullah, PhD

subhan.ullah@nu.edu.pk

MSCS Spring 2020

Agenda
• Embedded system
• Embedded devices
• UART, SPI, I2C, JTAG
• Hardware based security (PUF, TPM)
• Communication protocols

2
Embedded devices in IoT
• Embedded devices
− Objects that build the unique computing system and may or may
not connect to the Internet
− An embedded device generally runs as a single application
However, these devices can connect through the internet
connection, and able to communicate through other network
devices
• Embedded systems
− Encompass the CPU as well as many other resources
− Typically execute control laws, finite state machines and
processing algorithms
− Software is often specific to the application

3
Basic Embedded System

4
https://www.javatpoint.com/iot-embedded-devices
Embedded system and IoT ecosystem

5
Embedded systems in IoT
• Embedded systems
− Low power consumption units that are used to run specific tasks
• Examples: Remote controls, washing machines, microwave ovens, 
RFID tags, sensors, actuators, networking hardware such as
switches, routers, modems, mobile phones, PDAs
• Embedded system software
− Often specific to the application
− Manufacturers build it in electronics, e.g., cars, telephones,
modems, appliances
− Can be as simple as lighting controls running using an 8-bit
microcontroller
− Can also be complicated software for missiles, process control
systems, airplanes
• Embedded system design requirements
− Real-time operation
6
− Small size, low weight
Embedded system (Characteristics) in IoT
• Part of a large system
− Not a traditional computer with keyboard, display, etc
• Performs application specific functions
− Application is known a priori
• Some degree of re-programmability is essential
− Flexibility in upgrading, bug fixing
− Product differentiation and customization
− Microprocessors
• Interactive with external world
− Reactive system
− Sense, manipulate, communicate
• Never terminate (ideally)

7
Embedded system (Characteristics) in IoT
• Operation is time constrained
− Latency, throughput
− Real-time operation
− Finish operations by deadlines
• Other constraints
− Power consumption (critical in battery-powered devices)
− Low manufacturing costs
− Size, weight, heat, reliability etc
• Trends
− Increasingly high-performance (DSP)
− Increasingly networked
− Increasing need for flexibility
− Careful co-design of Hardware and software

8
Application of embedded system
• Embedded systems are critical in many industries and are found in
large stationary installations
− Examples: traffic lights, factory controllers, MRI machine,
automobiles, etc
− Many modern consumer electronics and appliances such as
watches, cell phones, microwaves, security systems, video
entertainment systems
• Embedded systems will also be at the cornerstone for the
deployment of many Internet of Things (IoT) solutions
− Especially within certain industry verticals and Industrial Internet
of Things (IIoT) applications
• Modern embedded systems employ a combination of
− Application-specific H/W (boards, ASICS, FPGAs etc.)
− Performance, low power, flexibility and complexity in software
− Trend to put them on one chip called System on Chip (SoC)
9
Analyzing the IoT devices
• Analyzing the IoT devices required:
− In cases where the devices themselves may yield critical data in the
investigation
• IoT devices may need to be reversed to extract firmware for analysis
− Firmware is a software program or set of instructions programmed
on a hardware device
− Firmware provides the necessary instructions for how the device
communicates with the other computer hardware
• Given the enormous variety of potential IoT devices, the specific tools
and processes will vary
− In practice, organizations may need to outsource these activities to
a reputable security firm
− Example: Find firms that have a firm background in forensics and
have a good working knowledge of, and policies regarding, chain of
custody and chain of evidence (should the data become necessary
in courts of law) 10
Analyzing the IoT devices involved
• Analysis of embedded devices can be a challenging task
− Many commercial vendors provide USB interfaces to memory, but
frequently restrict what areas of memory can be accessed
• Embedded device does support a Unix or Linux type of OS kernel, and the
analyst is able to get a command line to the device,
− Example: a simple dd command (whose primary purpose is to convert
and copy files) may be all that is necessary to extract the device's image,
specific volumes, partitions, or master boot record to a remote location
• Direct extraction of memory is possible typically through a JTAG or UART
interface
− Security-conscious vendors usually mask or disable JTAG interfaces
− JTAG connector can be used for JTAG test to access ports
− Open On-Chip Debugger or UrJTAG tools can be useful in communicating
with flash chips, CPUs and other embedded architectures and memory
types
• Open On-Chip Debugger:http://openocd.org/
• UrJTAG:http://urjtag.org 11
UART
• UART stands for Universal Asynchronous Receiver/Transmitter
− It's not a communication protocol but a physical circuit in a
microcontroller, or a stand-alone IC
− A UART's main purpose is to transmit and receive serial data
− UART only uses two wires to transmit data between devices
− Two UARTs communicate directly with each other
• The transmitting UART converts parallel data from a controlling
device like a CPU into serial form, transmits it in serial to the
receiving UART, which then converts the serial data back into
parallel data for the receiving device
− Only two wires are needed to transmit data between two UARTs
− Data flows from the Tx pin of the transmitting UART to the Rx pin
of the receiving UART

12
Limitation of serial UART Ports
• Serial ports are asynchronous (no clock data is transmitted),
devices using them must agree ahead of time on a data rate
− The two devices must also have clocks that are close to the
same rate
• Asynchronous serial ports require hardware overhead
• UART at either end is relatively complex and difficult to accurately
implement in software
• At least one start and stop bit is a part of each frame of data,
− For example 10 bits of transmission time are required for each 8
bits of data sent, which eats into the data rate
• Another core fault in asynchronous serial ports is that they are
inherently suited to communications between two, and only two,
devices
• Finally, data rate is an issue while there is no theoretical limit to
asynchronous serial communications 13
Joint Test Action Group (JTAG)
• JTAG is also known as boundary-scan
− Used for testing printed circuit board assemblies and in-system-
programming etc
• What is JTAG? and how can it be used to benefit organizations in
diverse industries across all phases of the product life cycle?
− JTAG is defined by IEEE as IEEE-1149.1 standard
− Originally began as an integrated method for testing
interconnectson printed circuit boards (PCBs) implemented at
the integrated circuit (IC) level

14
JTAG solutions
• As PCBs grew in complexity and density
− Limitation occurred in traditional test methods (in-circuit testers
(ICTs) of nails fixtures)
− These new technology developments led to dramatic increases
in costs related to designing and building bed of nails fixtures
and at the same time, circuit board test coverage also suffered
• JTAG presented an elegant solution to this problem: build
functionality into the IC to assist in testing assembled electronic
systems
− Today, JTAG is used for everything from testing interconnects
and functionality on ICs to programming flash memory of
systems deployed in the field and everything in-between
− JTAG and its related standards have been and will continue to be
extended to address additional challenges in electronic test and
manufacturing, including test of 3D ICs and complex, 15
hierarchical systems
Serial Peripheral Interface
• SPI is an interface bus commonly used to send data between
microcontrollers and small peripherals such as shift registers, sensors,
and SD cards
− It uses separate clock and data lines, along with a select line to
choose the device you wish to talk to
• SPI is a four wire-based full duplex communication protocol generally
known as,
− master out slave in (MOSI),
− master in slave out (MISO),
− a serial clock which produces by the master (SCL) and
− slave select (SS) line which use to select specific slave during the
communication
• SPI follows the master and slave architecture, where communication
is always started by the master
− It is also a synchronous communication protocol because the clock
is shared by master and slave 16
Inter-Integrated Circuit (I2C)
• Alternatively I²C is spelled as I2C (pronounced I-two-C) or IIC
(pronounced I-I-C)
• The I2C protocol intended to allow multiple “slave” digital
integrated circuits “chips” to communicate with one or more
“master” chips
− Like SPI it is intended for short distance communications within a
single device
− Like Asynchronous Serial Interfaces (such as RS-232 or UARTs), it
only requires two signal wires to exchange information
− It is widely used for attaching lower-speed peripheral ICs to
processors and microcontrollers in short-distance, intra-board
communication

17
Trust and security from a device perspective
• IoT devices are vulnerable in many aspects, so providing and maintaining
trust and security (e.g., providing token integrity over time) is a difficult task
− Once token integrity is compromised, for example, by recovering a secret
net- work key from a device and using it to fabricate malicious nodes, the
entire net- work is vulnerable to internal attacks
• On the physical level, device enclosures are often not tamperproof;
− Devices can be opened and their hardware can be accessed via probes
and pin headers
− Device central processing units (CPUs) are low-cost components that often
have no sophisticated means to protect their code, data, and tokens from
external access (e.g., via its JTAG)
− This allows an attacker to clone entire devices or manipulate software and
data
• IoT devices are often based on low-power hardware and may only be able to
process tokens with a low complexity
− This can have an implication on the robustness of a token, as it can be
reengineered or recovered via a brute-force attack
18
Trust and security from a device perspective
• As a result of this, any trust management system for IoT
deployments must have the ability to dynamically withdraw trust
of individual devices
• Likewise, individual devices must be dynamically able to validate
the trustworthiness of other nodes they engage with
• When trust and security credentials are distributed at the time of
manufacturing or deployment, a device is seen as initially
trustworthy

19
Trust and security from a device perspective
(assumptions)
• This trustworthiness, which might degrade over time, is based on
many assumptions and prerequisites, including
− The device’s hardware, as well as all stages of its
manufacturing/ integration, is trustworthy and sound
− For example, it must not have JTAG pin headers that allow the
extraction of program code and data.
− Likewise, the firmware and its development process (from
specification to test) is trustworthy and follows best practices
− For example, devices must not have undocumented software
back doors that have been deliberately left by developers.
− The generation, management, and deployment of tokens is
trustworthy and sound
− For example, pseudorandom number generators must have
sufficient entropy to avoid the generation of weak and
predictable keys 20
Secure key storage
• Secure storage facilities (also known as key stores) increase the
robustness of trust tokens used both within an IoT system and its trust
management infrastructure (like a certificate authority or a trust center)
• Passive key stores
− provide a means to securely save and retrieve credentials;
− Cryptographic operations are executed outside these stores by the
device’s CPU
• Active key stores
− In contrast allow the internal execution of cryptographic operations via
an application program interface (API), so the credentials are never
exposed
• Hardware security modules (HSM) have a place in trust management
infrastructures with extensive cryptographic requirements
− General-purpose HSMs provide a thoroughly secure, generally
configurable administration;
− A security level that can be some what adjusted to needs; and tools
that cover the whole life cycle of the HSM (such as secure key backup) 21
Trusted Platform Modules (TPMs)
• Trusted platform modules (TPMs) are dedicated processors
− They are meant to protect hardware (by authenticating devices,
or possibly attesting a certain hardware is present), booting
processes, and so on,
− And can also be used in a more general way to store and
retrieve credentials after booting has taken place

22
Physical Unclonable Function (PUF)
• The essence of a digital PUF is a hardware circuit with unique
binary or analog behaviour, depends on the integrated circuit (IC)
manufacturing variations (e.g., delays or frequencies)
− These process variations are not predictable (even the
manufacturer can not predict or clone it)
• PUFs have been proposed as an important building block for
security systems
− For example, PUFs can be used in a lightweight key storage
scheme or authentication and identification scheme
• No need for NVM to store the secret data
− Private key is derived from the PUFs during run time instead of
being stored in the NVM, thus, it can be used to protect against
certain NVM attacks
• PUF designs (e.g., arbiter PUF and Ring Oscillator (RO)-PUF) require
dedicated circuits which tend to be rather complex in design and 23
manufacturing
Thank You All 

24