SECURITY THREATS ANALYSIS OF MICROCONTROLLERS

Authors

  • Vadim Malinovskyi Vinnytsia National technical University
  • Leonid Kupershtein Vinnytsia National technical University

DOI:

https://doi.org/10.31649/1999-9941-2022-55-3-21-32

Keywords:

cyber protection, cyber threat, information security, vulnerability, microcontroller

Abstract

In the article the materials of individual studies of the main security problems in microcontrollers operating as part of control systems of both general and specialized devices were considered and analyzed. In particular, the main trends of security threats were analyzed and the main attacks vectors were presented. Foreign and domestic experience of manifestation of unauthorized influences and cyber threats in the main most critical places of microcontroller architecture is analyzed. The analysis showed that the basic places of security threats and interventions to the microcontroller are: registers, stack, LPA, memory (EEPROM and Flash), input-output ports, circuits and interfaces for data transfer to the MC, circuits for additional functionality for connecting to external peripheral devices and channels for connecting the clock oscillator. In addition, explorations were carried out on the main threats of the microcontroller system memory, namely: interference with direct memory access, access to control registers and access to the microcontroller buffer, buffer stack overflow, remote code execution, external access and attacks on secondary channels (including via external data lines in the MC), changing the order of addressing in the MC, changing / replacing the values of addresses and stack numbering, interfering with the work of data registers and indicating the state of the input / output ports of the microcontroller. A number of protection mechanisms for microcontrollers have also been studied, which together can reduce the risks of unauthorized actions on the microcontroller system. These include: cyclic code redundancy control, power monitoring and resource monitoring, the using of isolation and control of the functionality of the clock system, control of the integrity and reliability of the memory contents, control of external physical and electrical parameters of the microcontroller, virtualization of the main computing process and its multi-level redundancy and restoration of previous states, the using of cryptographic systems and data processing algorithms, the using of multi-level software and hardware isolation.

Author Biographies

Vadim Malinovskyi, Vinnytsia National technical University

candidate of technical sciences, associate professor of information protection department

Leonid Kupershtein, Vinnytsia National technical University

candidate of technical sciences, associate professor of information protection department

References

V. A. Luzhetskyi, A. D. Kozhukhivskyi, O. P. Voitovych, Osnovy informatsiinoi bezpeky. Vinny-tsia: VNTU, 2013, 221 p. [in Ukrainian].

Kontseptsiia tekhnichnoho zakhystu informatsii v haluzi zviazku Ukrainy. [Online]. Available: https://zakon.rada.gov.ua/laws/show/1126-97-%D0%BF#Text. Accessed on: August 15, 2022.

John R. Vacca, Computer and Information Security Handbook. Burlington, USA: Morgan Kauf-mann Publishers, 2017, 1280 p.

S.H. Antonov, S.M. Klymov, “Metodyka otsenky ryskov narushenyia ustoichyvosty funktsyony-rovanyia prohrammno-apparatnыkh kompleksov v uslovyiakh ynformatsyonno-tekhnycheskykh vozdeistvyi”, Nadezhnost, Tom 17, №1, 32-39 рр. 2017 [in Russian].

Software Security Guidance. [Online]. Available: https://www.intel.com/content/www/us /en/developer/topic-technology/software-security-guidance/overview.html. Accessed on: Au-gust 15, 2022.

V. S . Kharchenko, Internet of Things for Industry and Human Application. In Volumes 1-3. Vol-ume 1. Fundamentals and Technologies. Ministry of Education and Science of Ukraine, National Aerospace University KhAI, 2019, 605p.

V. V. Sklyar, V. V. Yatskiv, N. G. Yatskiv, Dependability and Security Internet of Things: Practi-cum. Ministry of Education and Science of Ukraine, National Aerospace University “KhAI”, Ternopil National Economic University, 2019, 98 p.

Cisco cybersecurity reports [Online]. Available: https://www.cisco.com/c/en_hk/products/security/ security-reports.html. Accessed on: August 15, 2022.

Meltdown and Spectre: Which systems are affected by Meltdown? [Online]. Available: https://meltdownattack.com/#faq-systems-meltdown. Accessed on: August 15, 2022.

The Anatomy of Security Microcontrollers for IoT Applications. [Online]. Available: https://www.digikey.com/en/articles/the-anatomy-of-security-microcontrollers-for-iot-applications. Accessed on: August 15, 2022.

Speculative Processor Vulnerability. [Online] Available: https://developer.arm.com/Arm% 20Security%20Center/Speculative%20Processor%20Vulnerability. Accessed on: August 15, 2022.

Cache Speculation Side-channels white paper. ARM Developer Forum. Specification. [Online]. Available: https://developer.arm.com/documentation/102816/0205. Accessed on: March 8, 2022.

Kernel Side-Channel Attack using Speculative Store Bypass - CVE-2018-3639 [Online]. Availa-ble: https://access.redhat.com/security/vulnerabilities/ssbd. Accessed on: March 8, 2022.

ISO/IEC, «Information technology − Security techniques-Information security risk management» ISO/IEC FIDIS 27005:2008. [Online]. Available: https://www.iso.org/standard/42107.html. Ac-cessed on: August 15, 2022.

. Modern security for microcontrollers. [Online]. Available: https://get.meriac.com/docs/eSAME-MicrocontrollerSecurity.pdf. Accessed on: August 15, 2022.

S. Yegulalp. Rowhammer hardware bug threatens to smash notebook security. [Online]. Availa-ble: https://www.infoworld.com/article/2894497/rowhammer-hardware-bug-threatens-to-smash-notebook-security.html. Accessed on: August 15, 2022.

K. Bains, J. Halbert, C. Mozak, T. Schoenborn and etc., “Row hammer refresh command”, U.S. Patent Appl. 2014/0059287 A1, Feb. 27, 2014. [Online]. Available: https://patents.google.com/patent/US 20140059287. Accessed on: August 15, 2022.

Cisco Systems security advisory. Row Hammer Privilege Escalation Vulnerability. [Online]. Available: https://training.ti.com/core-cybersecurity-concepts-and-their-relation-microcontroller-security-hardware Accessed on: August 15, 2022.

Core cybersecurity concepts and their relation to microcontroller security hardware. [Online]. Available: https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20150309-rowhammer.html. Accessed on: August 15, 2022.

S. Govindavajhala, A. W. Appel. “Using Memory Errors to Attack a Virtual Machine”. [Online]. Available: https://www.cs.princeton.edu/~appel/papers/memerr.pdf. html. Accessed on: August 15, 2022.

Yuan Xiao, Yinqian Zhang, Radu Teodorescu, Speechminer: a Framework for investigating and measuring speculative execution vulnerabilities. [Online]. Available: https://arxiv.org/pdf/ 1912.00329.pdf. Accessed on: August 15, 2022.

Introduction to STM32 microcontrollers security. [Online]. Available: https://www.st.com/resource /en/application_note/dm00493651-introduction-to-stm32-microcontrollers-security-stmicroelectronics.pdf. Accessed on: August 15, 2022.

Downloads

Abstract views: 161

Published

2022-11-02

How to Cite

[1]
V. Malinovskyi and L. Kupershtein, “SECURITY THREATS ANALYSIS OF MICROCONTROLLERS”, ІТКІ, vol. 55, no. 3, pp. 21–32, Nov. 2022.

Issue

Vol. 55 No. 3 (2022): Information technology and computer engineering

Section

Information technology and coding theory

Metrics

Downloads

Download data is not yet available.