As embedded Linux systems become more prevalent, they also become more attractive targets for offline attacks. These attacks, which bypass real-time system defenses, can expose sensitive data and compromise system integrity. In this article, we’ll discuss the problem of offline attacks and explore the challenges involved protecting embedded software from this type of attack. 

Problem of Offline Attacks

An offline attack occurs when an attacker gains access to data like user information, cryptographic secrets, or proprietary code. They can then analyze or manipulate this data without interacting with the system in real time. Since attackers work outside the live environment, they have more time to crack passwords, reverse engineer software, and steal technology. All of this happens without alerting the system’s defenses. 

An offline attack targeting confidentiality is designed to expose sensitive information that should remain private. In this type of attack, the attacker gains access to data that is typically hidden from users, such as sensitive files, authentication credentials, or proprietary code, and then reviews the contents offline. The primary objective is to reveal information that would otherwise be inaccessible. If proprietary designs or software are exposed, competitors could copy them, or malicious actors could alter them, resulting in a loss of market share or intellectual property. Additionally, the exposure of customer data or encryption keys can result in data breaches, loss of trust, and potential legal repercussions.

An offline attack targeting integrity aims to modify or tamper with data, software, or system files without the system's awareness. In this type of attack, the attacker gains access to important components like firmware, binaries, or configuration files and then alters them offline. Once compromised files are reintegrated into the system, the malicious changes can cause functionality disruptions, security vulnerabilities, or even full system compromise. Additionally, malicious modifications can result in unauthorized control over the devices, posing significant security risks and damaging the trust between vendors and their customers. 

Impact of Offline Attacks Against Embedded Systems 

Embedded Linux-based devices are attractive targets for offline attacks due to their widespread use in critical applications, limited hardware resources, and often less stringent security measures compared to traditional Linux systems. Many embedded devices lack robust mechanisms for detecting tampered files or unauthorized data access, making it easier for attackers to exploit them without triggering immediate alarms. Additionally, these devices are frequently deployed in environments where physical access is possible, such as industrial settings, IoT devices, or remote installations, increasing the likelihood of an attacker obtaining data for offline analysis. If firmware or software integrity is compromised, the consequences can be severe, especially in systems that control critical infrastructure, medical devices, or automotive components. The combination of physical accessibility, minimal detection capabilities, and critical functionality make embedded Linux devices a prime target for offline attacks. 

Challenges in Protecting Embedded Linux from Offline Attacks 

One effective technique for defending your Embedded Linux software from offline attack is to apply cryptographic protections to your persistent storage. For example, an Embedded Linux system can be configured to utilize an encrypted and integrity-checked root filesystem; if an attacker then extracts the root filesystem from your device, all data will be encrypted, ensuring it remains confidential. Alternatively, if an attacker tries to maliciously modify and then re-integrate the root filesystem, the system’s integrity-checking facility will reject the modifications. However, deploying this type of solution involves overcoming a variety of technical challenges. We will examine a few of them here. 

Secure Key Storage 

Encryption and integrity protections normally depend on cryptographic keys, which the system uses for security operations such as decryption and hash verification. An attacker that successfully extracts a key from your device can then use it to bypass your cryptographic protections. This scenario occurs, for example, if keys are stored in plaintext form in flash memory that is readable by the attacker. Therefore, keys must be stored in a way that prevents an attacker from accessing them. While keys themselves may be encrypted and then safely stored in attacker-readable storage, the parent key used to decrypt such keys still must persist in plaintext, and securely reside in a location an attacker cannot reach. This requirement for secure key storage motivates the need for auxiliary security hardware such as e-Fuses, SoC security blocks, Trusted Platform Modules (TPMs), Hardware Security Modules (HSMs), or Trusted Execution Environments (TEEs), and integration with software. Addressing this challenge can require a considerable engineering investment.

Device-Unique Keys 

Even with hardware-based secure key storage, unintended key disclosure remains a possibility. Side-channel attacks, physical attacks and insider threats all remain means by which an attacker could still obtain an embedded system’s cryptographic keys. This can become an even more significant problem if the embedded system vendor provisioned all devices using the same key, because then an attacker can compromise not just a single device, but all devices of that class. Thus, security is generally increased by provisioning each device with a unique key, so that the damage an attacker can do by discovering one key can be contained to just one device. 

Unfortunately, the need for per-device unique keys complicates the provisioning process for the embedded device. Because every device relies on a unique key to encrypt its software image, every software image programmed to persistent storage will ultimately be different. This implies that the embedded software team cannot provide a single, ready-made image (or key) that can simply be written to the device during provisioning. Instead, the device provisioning process must expand to include steps to program a per-device unique key, and to uniquely encrypt the software image. Further, when the root encryption key is encapsulated within a hardware security perimeter, such that it cannot be accessed outside the device, such as with TPMs, HSMs, and TEEs, then the encryption process must execute on-device (since the encryption key would not be available outside the device). 

The need to develop software that permits an embedded system to securely self-encrypt with a per-device unique key during initial provisioning further increases the engineering burden involved defending against offline attacks.

Unsuitability of Interactive Credentials 

The complexities posed by the need for secure key storage can be bypassed by not storing the root cryptographic secret on the embedded device at all. Instead, if device encryption and decryption were based on a password entered by the user, then an attacker would be unable to directly extract the password from the device in an offline attack, since the password is not stored anywhere on the device. However, this approach poses its own challenges.  

For many embedded devices, the need for the user to re-input a secure password every time the device boots could seriously impact usability or even be unacceptable for the device’s intended use case (e.g., infrastructure required to reboot without human intervention). A password-based approach also introduces deployment challenges: either the device must be encrypted at the factory with a pre-defined password (which are difficult to keep secret), or the device must remain unprotected (making it vulnerable) until first delivered to the end user who then defines the password and activates the cryptographic protections. And there’s the fact that password-based protections are vulnerable to social engineering attacks in a way that keys typically are not. Therefore, either functional or security requirements can make a password-based approach non-viable, necessitating our acceptance of the added cost and complexity of a secure, on-device, key storage solution.

Update Support 

Storage encryption, integrity protection and secure key management during provisioning are not the end of the story when it comes to offline storage defense. If the Embedded Linux system must support field updates (as is common), then it must also extend offline confidentiality and integrity to cover future software updates. Secure key management systems that rely on per-device, unique keys that never leave the device must provide on-device support for encrypting new updates on-the-fly, since the software update provider would not have the key and thus could not encrypt the update itself. Integrity-protection facilities would likewise need to handle new software installation on the deployed device, ruling out integrity solutions reliant on the concept of immutable embedded software (such as read-only root filesystems). 

The need to accommodate software updates while also preserving data secrecy and integrity can further increase the engineering time and cost required to handle offline attacks.  

Testing 

Integrating defenses against offline attacks into your Embedded Linux system carries an additional test burden and a few unique challenges. Because every embedded device deployed from the factory is programmed with a unique encrypted image, verification methods, such as comparison against a known-good image, lose their feasibility. Storage provisioning errors introduced during the encryption step could require more effort to detect and resolve, since you’re dealing with corrupted data in ciphertext form. The embedded system vendor becomes responsible for testing the effectiveness of security mechanisms itself, to provide assurance that it can indeed defend against the attack vectors it was designed to address. Implementing such security testing can require specific domain expertise in offensive cyber (of which there has been a global shortage).

Conclusion 

Defending embedded Linux systems from offline attacks involves overcoming significant technical and strategic challenges, from managing per-device keys to ensuring secure updates. While many existing solutions for encryption and secure key storage are readily available, the primary difficulty lies in integrating them effectively without compromising functionality. Many organizations struggle not due to a lack of known solutions but because of the time and expertise required for proper implementation. For those grappling with these challenges, turnkey solutions like Kevlar Embedded Security from Star Lab deliver powerful, battle-tested defenses against offline attacks, dramatically reducing integration time and complexity.