Types of attack and counter-measures

Security consists of technologies, processes and measures that are designed to protect systems, networks, and data from cyber-crime. Effective security reduces the risk of a cyber attack and protects entities, organizations and individuals from the deliberate exploitation of systems, networks, and technologies.

In the industry, the term security is used to refer to many things that range from hardware blocks to software modules. A better way to look at the concept of security is from the point of view of the attack we are trying to secure against.

Types of attack

Physical attacks

Physical attack technologies may be divided into two main categories - non-invasive and invasive.

Non-invasive attacks include playing around with the supply voltage and clock signal. to disable protection circuits or force processors to perform incorrectly. Power and clock transients can also be used to affect the decoding and execution of individual instructions. Another possible non-invasive attack is side-channel attack in which we measure fluctuations in the current consumed or the EM radiated by the device. Distinguishable power and EM signatures of instructions often allows code to be reconstructed and so can be combined with other techniques to support an attack.

Non-invasive attacks can be particularly dangerous for two reasons:

  • The owner of the compromised device might not notice that secret keys have been stolen, so it makes it difficult for compromised keys to be revoked before they are abused.
  • Some types of non-invasive attacks can be scalable, as the necessary equipment can usually be reproduced and updated at low cost.

The main problem with performing such attacks is the requirement for detailed knowledge of both the processor and the software.

Invasive attacks start with the removal of the chip package. After the chip is opened, it is possible to perform probing or modification attacks by etching drilling or laser cutting at least part of the passivation layer.

Invasive attacks generally require days, or weeks, in a specialized laboratory with highly qualified specialists with a significant budget.

There is thus a large gap between these two types of attack. So TBSA-M focuses on non-invasive attacks, although it does not require countermeasures for side-channel attacks.


Communication attacks

IoT is about connectivity which means the device will be sending messages back to a server.

An attacker can use multiple means to intercept, spoof or disrupt those messages. 

Embedded Devices need to deploy best-practice cryptographic defenses to match the increasing value of the assets they communicate.

Lifecycle attacks

A device changes hands many times as it goes from the factory to the user and to end of life. We need to somehow protect the integrity of the device as it goes through this cycle.

The life cycle also describes maintenance cycles: is the object repairable, who is repairing it, and what is the process to handle confidential data when it’s being repaired?

It also addresses the response to unplanned or forbidden paths:

  • What happens if devices are stolen within a warehouse before being instantiated?
  • What happens if a factory produces more devices than allowed (for example to sell illegally)?
  • What happens if a device that is in a fixed location, (for example in a factory), connects in a different place with a completely new internet route?

Robust defenses depend on trusted firmware and trusted servers which in turn rely on a key set of hardware features.


Software attacks

These are the most common attacks where someone finds a way of using existing code to get access to restricted resources.

It could be due to a software bug or to unexpected call sequences that are open to whole classes of exploits such as Return-Orientated-Programming.

Counter-measures

Cryptography (communication attacks)

The term cryptography refers to a broad set of techniques which aim to secure communication against adversaries seeking to learn about the communicated content or to alter it. Cryptographic defense methods have several goals:

  • Assuring the confidentiality of the content to be kept.
  • Assuring the integrity of the exchanged information, so no one can make undetected changes. 
  • Assuring the authenticity of the exchanged information, so the receiving party can be assured of the origin of the content.
  • Assuring non-repudiation, so certain actions are non-deniable.

These goals are achieved by cryptographic algorithms employing pieces of secret data known as “keys”. These keys can be of varying length, which determines the "strength" of the cryptographic system. Exposure of a secret key means that the assurances described above cannot be provided. Cryptographic algorithms need to be computationally complex enough that it is infeasible to “break them” (that is, to expose the used secret key) through any practical means.

The Arm security technologies provide software and hardware implementations of several cryptographic algorithms.


Isolation (Software attacks)

The primary method of protection against software attacks is to establish isolation between the various system components. Sensitive data and resources are isolated from general access which limits the amount of damage during an attack. Isolation can also reduce recovery time following an attack by maintaining the integrity of system recovery code. Isolation is achieved by employing mechanisms to control levels of access to data, firmware, and peripherals:

  • Multiple processors.
  • A memory protection unit (MPU).
  • Arm TrustZone for ARMv8-M.

Security Services (lifecycle attacks)

An IC (and later a device) passes through many stages in its production lifecycle. Starting with silicon fabrication and device assembly before moving on to the distribution chain where further value may be added in several deployment contexts (for example, consumer, enterprise or infrastructure usage scenarios, potentially as part of a managed service), re-purposing, decommissioning, diagnostic and more. 

For a device to be trusted by stakeholders such as users and service operators, trust has to be established as early as possible in the lifecycle and maintained throughout. For services to thrive, trust between entities in the device production value chain must be maximized. 

Arm addresses the need for early trust establishment and continued maintenance through technology, allowing the chain of trust to be established as early as pre-silicon and for it to be kept throughout the various stages of the production lifecycle.


Tamper mitigation (physical attacks)

Anti-tampering safeguards provide resilience to physical attacks. Anti-tampering methods include:

  • Write the secure portion of the software to be resilient, avoiding information leakage from timing and providing resistance to fault injection.
  • Securely disable the secondary interfaces.
  • Protect the cryptography block against side-channel attacks.
  • Secure the memory system using obfuscation and redundancy.
  • Use a hardened CPU such as SecurCore that contains measures against side-channel attacks, fault injection and probing.
  • Employ sensors to monitor and report attacks to the server.