BROWSE BY TECHNOLOGY



RTC SUPPLEMENTS


TECHNOLOGY CONNECTED

Maintaining Security for Wireless Connectivity

Securing Consumable Components in an Embedded System Design

Consumable components come with unique security challenges. Designed to be installed new and consumed through one or more cycles of product use before ultimately disposed and replaced, consumable components are incorporated into a variety of embedded systems—from medical devices to printers.

BY ROBERT VAN ROOYEN, BARR GROUP

  • Page 1 of 1
    Bookmark and Share

Article Media

Consumable Authentication

A secure communication protocol includes the following three areas: First, the base unit must be able to distinguish an authorized consumable from a clone. Second, the mechanism should have the ability to limit usage time and/or count uses of the consumable. Finally, the base unit should be allowed to reject spent consumables. In order to provide a concrete example, consider the design of a medical device as shown in Figure 1, which consists of a terminal with which a doctor interacts through a user interface and a limited-use surgical implement that interfaces directly with the patient.

Figure 1
Electrosurgical Implement and Terminal

When using the medical device as an example, it’s easy to see how vital it is for the terminal to be able to authenticate the consumable. Perhaps each consumable contains secret information known only to engineers working for the manufacturer of the system. Furthermore, each consumable might contain a serial number or encryption key that is unique. Of course, this means that these secrets must be carefully protected, whether they are sent over a communication channel or not. A determined (and well-funded) attacker, after all, can generally observe real-time communication over cables between the terminal and consumable, examine the contents of read-only memory areas, and disassemble executable code.

After the medical procedure is completed, the attached consumable must somehow be “marked” as used—either via the consumable itself during the procedure or through a command from the terminal afterwards. The first approach is generally more secure, but it’s not foolproof either. For example, say that a medical consumable is set to a limit of “single use,” defined as one successful session on a single patient. But what if that procedure involves several runs using the same consumable?

Finally, when the consumable has been used to its capacity and therefore should be disposed, the terminal should be able to reject an authentic product.

Even when the three elements above are in place, though, a designer must consider the possibility of certain well-known protocol attacks. For example, in a classic “replay attack”, the designer of a clone device could simply record the responses of an authentic and unspent consumable to the various commands from the terminal and replay those same messages from the clone. Alternatively, a third party might attach a spent consumable to the base unit by way of a special “black box” device that would intercept and sometimes alter otherwise genuine communication between the two endpoints as illustrated in Figure 2. This approach is commonly referred to as a “man-in-the-middle” attack.

Figure 2
Black Box

In order to prevent such attacks, an off-the-shelf authentication chip can be placed on the consumable to provide a tamper-proof private key management solution. These types of devices typically offer multiple security models, such as a random challenge/response, that are based on open cryptographic standards and can eliminate the need for a processor on the consumable. Some manufacturers offer implementations that use a single line for communication and power along with a ground reference, which can be a real advantage when the number of pins is at a premium on the consumable connection. Application specific data storage is also available and can be configured for “one-time programming” mode to track usage. This specific feature can be employed to prevent attackers from resetting the usage count on a spent consumable. Other methods of authentication could include monitoring the power consumption profile of the consumable and looking for uniquely identifiable behaviors.

The Art of Reverse Engineering

In order to protect yourself against an attack, it’s important to know the techniques attackers use in the first place. One of these techniques is known as a “chip rip”, whereby they physically remove the top of a chip and analyze its internal structure for data, such as a private security key. There are a variety of ways to prevent this type of attack: Some chip vendors offer “tamper proof” solutions for their products while contract manufacturers can use other mechanical defenses against this type of attack. Finally, a process called “chip sanding” can also be employed to eliminate any identifiable markings, thereby complicating the identification of the device.

Another effective method used by attackers is to connect a debugger to the system processor and step through code execution in order to determine a variety of vulnerabilities. This threat can be reduced by disabling the JTAG port,—through burning fuses or writing specific values to locations during device programming—or configuring the appropriate debug registers early in the boot process. It is also important to remove all debug connectors/pads along with any related test points. Detection is key to countering this type of attack, through the use of case interlocks, destructive enclosures, clock speed and/or voltage level monitoring, and validating the code image by the use of a digital signature. When an intrusion is detected, the system could potentially log and/or report the attack and optionally cease to operate.

Given the level of attacker sophistication, designers must avoid using simple methods like recording serial numbers of each consumable in a text file on internal or removable storage. This type of approach to security is easily exploited by less-sophisticated attackers. Other methods that involve security by obscurity are also generally easy to circumvent by experienced attackers. However, by carefully applying multiple levels of effective security measures, designers can slow down attackers and protect against a single point of entry if a specific tactic is weakened or broken.

Upgrading Security in the Field

As consumables become more and more profitable, there will be increased risk of reverse engineering. If there is sufficient economic incentive, a determined attacker will find the weakest link. To limit the manufacturer’s risk, it is critical to quickly retrofit additional security. If the exploit can be prevented by modifying only the consumables going forward, that is ideal. If the exploit can only be prevented by upgrading the terminal, then this must be planned for in advance. Ideally this could be accomplished through a software update, but that is not foolproof as the updates may not be applied by the end-user in a timely fashion.

Securing a software update requires three aspects: authentication, validation, and secure boot. Authenticating the new firmware before it is installed and validating it after it has been programmed into flash is key. So is having a secure boot strategy. This is a feature of the processor along with immutable and often multistage authenticated boot images that prevent unauthorized code from executing. Regardless of the software update delivery mechanisms (Internet, USB, SD Card, serial) and whether the end user or field technician performs the upgrade; these three aspects are critically important to preventing an attack.

Finally, the use of code image hashes, public key signatures, and signature authority certificates are common and proven methods to ensure authenticity. There are many providers of tools, processes, and hardware that take full advantage of this standards-based approach. In addition, researchers are constantly developing new and innovative ways to increase the level of security in a variety of settings while leveraging existing standards where possible. An example of this would be the creation of SHA-2, which is a cryptographic hash function definrd by the NSA and published by NIST as a US Federal Information Processing standard. It increases the number of output bits in SHA-1 from 160 to 256 bits and beyond in a variant based on roughly the same underlying mathematical concepts.

Pragmatic Example

As described in the previous section, one method of authenticating a consumable is to use an off-the-shelf 1-Wire authentication chip. 1-Wire is a device communication bus system originally designed by Dallas Semiconductor Corp. that provides low-speed data, signaling, and power over a single signal. This approach keeps the complexity and cost down on the consumable side and shifts the burden to the terminal side in terms of implementing a random challenge/response protocol. A high-level illustration shows the primary functional blocks in Figure 3.

Figure 3
Conceptual Illustration

In this example, a private key is permanently stored in the authentication chip during manufacturing and is unreadable from the 1-Wire interface or through physical tampering. A random challenge is generated by the processor on the terminal side and is submitted to the authentication chip over the 1-Wire interface. The consumable provides a response back to the terminal based on the private key. The response is then compared to an expected value that was computed by the terminal’s processor, using its protected copy of the same private key, which is a concept commonly referred to as “symmetric keys”. If the response matches the expected value, then the consumable is authenticated as genuine and normal system operation can continue. The terminal may also repeat this authentication process randomly to make sure that the device has not been swapped out with an unauthorized consumable during the course of a given treatment session.

If the selected processor does not provide any inherent security features, then a second authentication chip can be co-located on the terminal to provide the required functionality. Aside from a secure key storage solution, all of the needed features can alternatively be leveraged from off-the-shelf software libraries. However, keep in mind that this will have an impact on processor performance and memory footprint.

Once the device has been authenticated and before a treatment session begins, the processor checks that the current usage count on the authentication chip data store is below a defined threshold. If the threshold is exceeded, the terminal will not begin the treatment session and consequently inform the operator that a spent consumable has been attached. Otherwise, the terminal will increase the usage count on the consumable by using the “one-time programmable” feature (bits can only be set to ‘0’ once, so successive bits are used to implement a count) of the authentication chip and the treatment session will begin. On some systems, the threshold may be determined by using a time stamp with a duration limit as opposed to or in addition to a session counter.

In this example, it also may be important to encrypt patient and general communication data to/from the consumable. This can be accomplished with either the same private key, or a different key stored on the authentication chip. Depending on the type of data and rate of communication with the terminal, the consumable would likely require a dedicated local processor and/or custom hardware to implement the encryption and decryption algorithms. Conversely, the terminal would need to have sufficient resources to process the encrypted data in real time.

As consumables are becoming more and more profitable, they will continue to be attractive targets for would-be attackers—at the same time, the attacks themselves are becoming more sophisticated. All hope is not lost, though: Due diligence on the part of designers can go a long way toward preventing these attacks.

To prevent unauthorized cloning, a consumable must be authenticated as genuine through a secure communication protocol. In addition, the consumable must have a method for checking and updating its usage count and/or time stamps so that it cannot be placed in service beyond its intended life, which for most medical devices is a single “valid” use.

Employing counter-measures like removing debug connectors, tamper detection, and using tamper-proof components and/or other mechanical defenses can dramatically increase the level of difficulty for physical attacks.

Finally, to prevent unauthorized code from executing on the system, it’s important to consider retrofitting additional security. Authenticating new firmware before it is installed, validating it after it has been programmed into flash, and having a secure boot strategy are key.

Protecting a consumable against an attack may take extra effort and cost upfront, but it’s worth it when you consider the cost of a security breach. Consider all of the applicable risks such as safety, litigation, quality, terminal damage, support, reputation, and lost revenue. Can you afford to take this level of risk with your consumable?

Barr Group
Germantown, MD
(866) 653-6233
www.barrgroup.com