Hardware Security Evaluation Platform for MCU-Based Connected Devices: Application to Healthcare IoT

Hardware security-based threats are often ignored or poorly considered by embedded system developers who focus on their system's functional specifications. Most embedded systems utilize software-based security mechanisms such as right management or cryptography, nevertheless they can be easily defeated by hardware attacks if no specific care is given during the development of the software. Consequently, it is necessary to provide software developers with efficient tools to assist in designing robust embedded systems against hardware security threats. In this work, we focus on medical embedded systems including a microcontroller unit (MCU) running the main application. We firstly show that the software running on the MCU is vulnerable against hardware attacks; then, we present an evaluation platform dedicated to MCU-based design to evaluate and secure software early in the design phase. We finally present preliminary results obtained with this platform, considering the side channel resilience of modern MCUs.

[1]  Thomas Korak,et al.  On the Effects of Clock and Power Supply Tampering on Two Microcontroller Platforms , 2014, 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[2]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[3]  Sylvain Pelissier,et al.  Practical Fault Attack against the Ed25519 and EdDSA Signature Schemes , 2017, 2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[4]  Alessandro Barenghi,et al.  Fault Injection Attacks on Cryptographic Devices: Theory, Practice, and Countermeasures , 2012, Proceedings of the IEEE.

[5]  R. Tourki,et al.  Implementation of CPA analysis against AES design on FPGA , 2012, 2012 International Conference on Communications and Information Technology (ICCIT).

[6]  William J Buchanan,et al.  Power analysis attacks on the AES-128 S-box using differential power analysis (DPA) and correlation power analysis (CPA) , 2017 .

[7]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[8]  Patricia A. H. Williams,et al.  Cybersecurity vulnerabilities in medical devices: a complex environment and multifaceted problem , 2015, Medical devices.

[9]  Anandi T. Thakar,et al.  Survey of IoT enables healthcare devices , 2017, 2017 International Conference on Computing Methodologies and Communication (ICCMC).

[10]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.