Authors: Michael Eisenbarth, Markus Nebel, comlet Distributed Systems GmbH, Prof. Dr. Manuel Duque-Anton, Kaiserslautern University of Applied Sciences The increasing interconnectedness of systems and the growing number of communication-enabled products exacerbate the risk of cyberattacks. On the other hand, distributed systems increasingly require technical capabilities and interfaces for performing software updates and remote maintenance. Since manufacturers typically perform remote maintenance of their devices and machines via the internet, and possibly through third parties\u2014for example, to carry out firmware updates or adjust settings for performance improvement\u2014a technically implemented and established trust relationship between the companies or partners is essential. Penetration tests are typically used to demonstrate system security and secure communication.<\/strong><\/p>\n Manual penetration tests are still commonly used to verify IT security. These tests represent a controlled attempt to penetrate a specific system or network from the outside. However, manual tests are quite time-consuming and expensive. One way to identify security vulnerabilities early and effectively is to integrate automated penetration tests into the development process. This allows the test results to be directly incorporated into the next development steps, enabling vulnerabilities to be addressed in a manageable manner.<\/p>\n For a successful penetration test, it is crucial that the tester can put themselves in the shoes of a potential attacker. Understanding an attacker's motivation is helpful in this regard, as it allows the tester to better assess the level of determination an attacker might bring to the task. Depending on the target audience of the product being tested, more or less extensive tests can then be conducted.<\/p>\n For the tester, it is essential to understand the fundamental techniques and procedures of an attacker. An attacker's motivation significantly determines the effectiveness of an attack. It can also provide insight into the resources available to the attacker. For example, attackers are not only interested in controlling a single home router or home automation system and its components, but rather in the computing power and internet bandwidth these devices possess. This bandwidth can then be used to build or expand a botnet, which can subsequently be sold on the black market for profit.<\/p>\n On the other hand, espionage or sabotage between different states, and less frequently within one's own state, is conceivable. Theoretically, unlimited financial resources, technical capabilities, and intelligence information are available. These attacks are highly specialized and often spare uninteresting systems to avoid detection. A well-known example of this is the Stuxnet virus.<\/p>\n A penetration test is a method for optimizing the security mechanisms of an IT system. During a penetration test, a tester assumes the role of a malicious attacker and attempts to penetrate the system under test or uncover potential vulnerabilities using their capabilities and techniques. Due to constantly advancing technological development, the technical capabilities and perspectives of a potential attacker also change. Therefore, security measures in information security must be continuously adapted to these new conditions. Consequently, a penetration test can only be considered a snapshot in time. Even minor changes to the tested system necessitate a new penetration test. Furthermore, in many cases, for economic reasons, a penetration test cannot cover all possible combinations of attack vectors.<\/p>\n At a\u00a0Blackbox penetration test<\/strong>\u00a0Initially, the tester has no information describing the internal structure of the system under test. The tester must obtain all the necessary information using various techniques.<\/p>\n In contrast to the black box penetration test, the\u00a0Whitebox tester<\/strong>\u00a0Already during the preparation phase, he is familiar with the system's structure and all its interrelationships. He has access to all information such as source code, network addresses, documentation, and architecture and flow diagrams, and can communicate with the developers.<\/p>\n Therefore, continuous and reusable whitebox tests during development are particularly suitable for meeting the above-mentioned requirements.<\/p>\n To efficiently automate security tests, a fundamental infrastructure, including a software framework, is necessary. We use a custom-developed software framework to implement system tests that are as generic as possible. This framework provides all the necessary conditions and tools. It consists of a predefined class hierarchy, where each specific test must implement the specified interfaces. Generic helper modules, such as a "TestExecutor" and "Logging Module" for recording test execution, can work with any specific test thanks to these interfaces. Regarding security, several tests have been specified that verify fundamental security mechanisms and ensure that they are correctly implemented and configured. These tests are divided into three categories.<\/p>\n To achieve the aforementioned goals, the corresponding security tests were implemented using the aforementioned test framework. These tests are automatically verified in each test phase, alongside the standard functional tests. Based on the insights gained during penetration testing, improvements can then be made directly to the program code or the configuration of the tested system, avoiding the need for significant redesigns that would arise if the system were only tested for potential vulnerabilities at the end of the development phase. Furthermore, the quality assurance of the development process can be enhanced with additional checks to verify the implementation of the developed solutions in the future.<\/p>\n However, it should be noted that these automated security tests are not intended to replace traditional manual or creative penetration tests, which should still be performed. Our practical experience with automated white-box penetration tests has shown us that the most important component of a professional penetration test remains the human expertise of the tester. Furthermore, it is only possible to assemble universally applicable tools for an embedded systems penetration testing lab to a limited extent, as each embedded system product uses unique hardware and software that typically deviates significantly from the usual standards of conventional computers.<\/p>\n Download the article as a PDF<\/strong><\/a><\/p>\n Do you want to bring yourself up to date with the latest technology?<\/strong><\/p>\n Then find out more\u00a0here<\/strong>\u00a0<\/a>Regarding training courses\/seminars\/workshops and individual coaching sessions offered by MircoConsult on the topic\u00a0Quality, Safety & Security<\/strong>.<\/p>\n Training & coaching on the other topics in our portfolio can be found here. here<\/a>.<\/strong><\/p>\n Valuable expertise on the topics of quality, safety & security is available.\u00a0here\u00a0<\/a><\/strong>Available for you to download free of charge.<\/p>\n
\n<\/strong><\/p>\nContribution \u2013 Embedded Software Engineering Congress 2017<\/h3>\n
The successful penetration test \u2013 The attacker's motivation<\/h2>\n
The penetration test \u2013 current state of practice<\/h2>\n
The automatable security test \u2013 necessary infrastructure<\/h2>\n
\n
Objectives Part 1: Review of the current system hardening (protection against unauthorized intrusion) for the following properties:<\/h2>\n
\n
Objectives Part 2: Post-Exploitation (Making Analysis More Difficult After Infiltration)<\/h2>\n
\n
Objectives Part 3: Black box (make external analysis more difficult)<\/h2>\n
\n
Conclusion<\/h2>\n
\nOur training courses & coaching sessions<\/h2>\n
\nQuality, Safety & Security \u2013 Expertise<\/h2>\n