1. Soumitra Bhattacharyya
Engineering Manager- Sling Media Ltd.
website : www.slingmedia.com
Email : soumitrab@slingmedia.com
Linkedin : http://www.linkedin.com/in/soumitra001
1

2. We live in un-trust worthy
world of technology usage.
Can we afford security like this?
2

3. 1986–1995
• LAN environment
• First PC virus
• Motivation: damage
1995–2003
• Internet Era
• “Big Worms”
• Motivation: damage
2004+
• OS, DB attacks
• Spyware, Spam
• Motivation: Financial
2006+
• Targeted attacks
• Social engineering
• Financial + Political
 Cost of U.S.
cybercrime:
About $70B
Source: U.S. Government Accountability Office (GAO), FBI
2009+
• Embedded devices
• Virus , data theft , content theft
• Damage , financial
3

4. Trend of cyber crime reported over the years
4

5. What are fraudsters looking for?
5

6. Need for security in devices
 Devices getting integrated into personal and
commercial networks
 Consumer devices are ubiquitous
 Pervasive use of Wireless communication
 Portable devices communicate with changing
network conditions
 Gadgets can get stolen making them physically
accessible .
6

7. 7

8. 8

9. An innocuous hack
No device is secure
9

10. Threats vary with the type of
device and a single solution cannot
be applied to all
10

11. Need for Security
The threats are endless
11

12. Threats in a device
 Theft of data ,keys and privacy
 Loss of data consistency
 Altering device firmware
 Copy of digital content
 Breaking access control
12

13. Embedded devices have different
challenges compared to their
desktop counterparts.
13

14. Design challenges
 Devices are constrained on their
resources and capabilities
 Defense mechanisms should not alter the
response time of their key function
 Physical accessibility of devices call for
solutions different from ones applied to
traditional systems
14

15. Design challenges
 Security concerns cannot be solved in a
single abstraction layer of software
 Software on devices becoming complex
 Quick time to market and increased cost
need simple yet robust solutions
15

16. Security should be part of product definition
16

17. 17
Security requirements - Example
 All password and user data should be encrypted
using 128bit AES
 User and device should be authenticated before
allowing streaming session
 Device should use https for all transactions with the
server
 XXX 128 bit encryption should be used for content
security
 ATSC channels need not be protected.

18. What are the weak links intruders
looking for ?
18

19. Areas prone to attack
 Logical threats aiming to modify
device firmware
 Threats due to weakness in
design and implementation
 Unhandled system errors
19

20. 20

21. 21

22. 22

23. Consequences for the device
Buffer
Overflows
Arithmetic
error
System
crash
Changed
execution
flow
Data Theft
Malware
injection
Consequences
23

24. Business consequences
Products
out of
market
Loss of
reputation
Financial
loss
Lawsuits
24

25. Basic solutions to security issues
25

26. Core problems with ‘C’ language
26
 Language has no consideration for
security
 There are functions that can be used in
unsecure way
 Dynamic memory allocation needs careful
manipulation

27. Core problems with ‘C’ language
27
Vulnerable
Function
Safe Version
strcpy() strncpy() & explicit null
termination
strcat() strncat()(destination size–1)
sprintf() snprintf()
scanf()
family
scanf() (specify the maximum)
length)
getc() /
getchar()
This function can be
vulnerable if used in a loop.

28. Unsecure program
int func( char * input)
{
char local [10];
int i=0;
while (*input !=‘0’)
{
local[i++]=*input++;
}
return 0;
}
NO “NULL” CHECK
NO “Length of input “CHECK
28

29. Secure programming
A more appropriate program would be :
int func( char * input)
{
if((*input !=NULL) && (strlen(input) <=10))
{
……
…………….
}
}
29
Return appropriately based on error

30. Reducing attack at the entry
point is as important as trying
to get the code right
30

31. Input parameter validation
 Perform validation at all inputs across
modules
 Assume all inputs are malicious
 Reject data when in doubt
 Parse the characters , commands and
escape sequences
31

32. Input parameter validation
 Check input data size
 Validate email construct
 Evaluate URL
 Prevent attack from un- formatted strings
32

33. Checking constructs
void decode_file(char *buffer) {
if(*buffer == 0xff && *(buffer+1)==0xd8)
hw_decode_jpeg(buffer);
else
“ Invalid JPEG file” }
If invalid jpeg file is passed , decoder will fail
33

34. Arithmetic overflow
int ConcatBuffers(char *buf1, char *buf2,
size_t len1, size_t len2){
char buf[0xFF];
if((len1 + len2) > 0xFF)
return -1;
memcpy(buf, buf1, len1);
memcpy(buf + len1, buf2, len2);
// do stuff with buf
return 0;
len1
len2
0x103
+ 0xFFFFFFFC
0xFF
Both memcpy functions
attempt to copy >255 bytes
34

35. Memory management
 Always free() dynamically allocated memory
after it is not needed
 Set the free pointer to NULL
 Failure to release memory is problematic
on embedded devices with limited memory
Attackers can use memory
vulnerabilities to damage operation of
device 35

36. Error handling principles
 Every error should be handled in a graceful
way
 At lowest level (e.g. drivers) try to recover from
error
 Internal errors should not be reported to users
 Disable core dumps , stack trace , diagnostic
information
36

37. Safe initialization
 Initialize variables and file descriptors before
using them.
 Initialize and limit the use of env variables
 Avoid passing data using env variables
 Avoid execution of program at high privileges
37

38. Safe initialization
int vuln_fn(int a) {
unsigned int result;
if (a > 0) {
result = 256 % result;
}
return result;
}
uninitialized
variable
Potential security bugs can creep in
through uninitialized variable usage
38

39. Compiler warnings
 Warnings are first level of defense against any
security flaw
 Compiler warnings are effective at detecting
programming flaws
 It can catch bugs which are hard to find during
testing.
Compile with the highest level of
warning set as error
39

40. Flag setting for compilers
GNU C compiler :
-Wall : enable all compiler warnings
-Werror : treat compiler warnings as errors
ARM Developer Suite C compiler:
-E+c : enable all implicit cast errors
-E+l : errors on linkage disagreements
-fv : reports unused declarations
…
Greenhills Embedded MIPS compiler:
- check=all : enable all compile time error and warning
-strict :enables strictest level of error checking
40

41. Create your coding guidelines
41

42. Basics of cryptography
Encryption is used to encode message only the group
communicating would understand
Encryption : move alphabets one step up
Decryption :move alphabets one step down
“ A SECRET MESSAGE” encrypted as
“ B TFDSFU NFTTBHF “
42

43. Keyed encryption algorithm
KEY value = “No of steps rotated by position of English alphabet”
Encryption : Move up the alphabet
Encrypt : “A SECRET MESSAGE”
Key : “C”
Encrypted message “ C UGETGV OGUUCHG”
Cryptographic strength is measured in the time and
resource it would require to recover the plain content
43

44. Advantages of keyed algorithm
 Instead of communicating the algorithm , share
the key in secret
 With varying key sizes the encryption will get
stronger (min 80 bits)
44

45. Public key cryptography
Asymmetric scheme using a pair of keys for encryption:
 Public key is used to encrypt data
 Private key is used for decryption
 The public key is published to the world
 The private and public keys are mathematically
related but difficult to break
45

46. 46
Other crypto mechanisms
 Hash functions
o Validate integrity of data by sending a digest
 Digital signature
o Checks authentication of origin
o Non - repudiation
RSA DSA DES MD5 SHA1
Signature Encryption Hashing
SSL
Algorithm
Mechanism
Service

47. Protect data stored in device
 Encrypt private and confidential data
like password , address book, database.
 Do not store data in contiguous location.
 In your design identify critical and non critical
memory areas based on data stored
47

48. Securing Network transactions
• SSL is Secure socket layer ,a global standard
in transferring data
• It creates encrypted link between server and
web browser
Secure communication goals are
privacy, message integrity and
authentication 48

49. Security within the device
Architecture of a secure processor
49
Secure SoC
Secure ROM
Secure
Bootloader
ROM
(Internal)
RAM
(Internal)
Processor
External
RAM
Signed Firmware (Ext. ROM/Flash/HDD)

50. Signed Firmware binary
Secure boot loader
Boot
functionality
Sign
verification
Public
key
Signed firmware
App code + data Signature
Private
key
 The Keys are generated by the device manufacturer
 Firmware not signed by manufacturer will not work.
50
Key

51. Secure Boot
 Secure boot loader contains critical code to configure
the hardware for limited access.
 Secret keys are loaded into the internal RAM only
 Secure boot loader checks the validity of firmware
code by verifying the signature
 Abort loading of device firmware if signature
verification fails
51

52. Check for compliance
52

53. Security audit
Periodic audits will uncover security loopholes
 Review the code for security violation
 Review the system architecture
 Look for unintended firmware installations
 Check network and storage security
53

54. Example audit report
Module Audit step List Action required
Kernel
List and check if all
x.ko ,
modules
modules are needed
y.ko.
Remove modules
not needed
Kernel
debug
Is kernel debug enabled ? Yes Disable debug
Installed
software
Is there any installed
default software?
Rpc ,
pop3 ,
telnet
Remove these
installed software
Field debug Check logging protocol Clear Encrypt logging
mechanism
54

55. Example audit report (Contd..)
Module Audit step List Action required
Network
Ports
Check which ports
are available for
connection using
nmap.
Remove ports not
reqd.
Stored data Check stored data Clear in file Use encryption
Media
transmission
Check security of
transmission
tiny
encryption
Weak , use
stronger encrypt
Services
Any unintended
services running?
Httpd, telnet Remove the
services.
55

56. Rely on tools wherever possible
56

57. Tools
Some of the tools which un cover security issues
Does software analysis in depth.
Profiling and debugging tool
Tool for port scanning
Scans database server application
http://www.securecoding.org/companion/tools.php
57

58. Does hardware need to be
secure too?
58

59. 59

60. 60

61. Let us be safe
61

62. 62