a minimalist approach to remote attestation
play

A Minimalist Approach to Remote Attestation Aurlien Francillon - PowerPoint PPT Presentation

Jun 07, 2023 •274 likes •452 views

A Minimalist Approach to Remote Attestation Aurlien Francillon Eurecom Quan Nguyen, Kasper B. Rasmussen, Gene Tsudik UC Irvine Overview Motivation Definition of Remote Attestation From Definition to Properties From Properties

  1. A Minimalist Approach to Remote Attestation Aurélien Francillon Eurecom Quan Nguyen, Kasper B. Rasmussen, Gene Tsudik UC Irvine

  2. Overview • Motivation • Definition of Remote Attestation • From Definition to Properties • From Properties to Features • Conclusion 27-Mar-2014 Aurélien Francillon / EURECOM 1

  3. Embedded Systems SmartCards Connected devices Sensors RFID Industrial systems 27-Mar-2014 Aurélien Francillon / EURECOM 2

  4. Remote Attestation Remote attestation: • The act of remotely verifying the state of a device Requires guarantees that Prover is not lying 27-Mar-2014 Aurélien Francillon / EURECOM 3

  5. Remote Attestation Examples Remote attestation can rely on: • Static root of trust (TPM, Secure boot, ...) – Only attests initial state of software • Dynamic root of trust (TXT, ARM TrustZone, SMART, ...) • Software-based attestation • Hybrids of the above (Sancus,..) Remote attestation is a popular field • Many publications and deployed systems • Some for tiny devices 27-Mar-2014 Aurélien Francillon / EURECOM 4

  6. Remote Attestation Problem Lack of agreement about what is remote attestation and its required properties We define remote attestation and its minimum requirements. We then apply this to the case of: • Low-end microcontrollers: HW can be modified • Software attacks • Basic hardware interaction (not really hardware attacks) 27-Mar-2014 Aurélien Francillon / EURECOM 5

  7. The Definition An attestation protocol P = (Setup, Attest, Verify): • k = Setup(1 κ ) a setup procedure to generate a shared key • α = Attest(k, s) Key, Device state => Attestation token • verdict = Verify(k, s’, α) Key, Expected state, Token => Yes/No 27-Mar-2014 Aurélien Francillon / EURECOM 6

  8. Remote Attestation

  9. The Att-Forgery Game We define game, as: • Prover has q attempts to generate states that differ from its real state and submit them to Attest() oracle • Eventually returns an α to the verifier Game outputs 1 iff Verify(k, s, α) = 1 The protocol is Att-Forgery-secure if: • Probabilistic polynomial time prover Prov • Large enough κ 27-Mar-2014 Aurélien Francillon / EURECOM 8

  10. Requirements and Attacks From the definition we see that • Only attest can compute α • α = Attest(k, s) captures the device state This leads to 2 attack types • Adversary knows k, simulates attest, computes α • Returned α does not correspond to prover’s actual state 27-Mar-2014 Aurélien Francillon / EURECOM 9

  11. Properties • Exclusive Access – Only Attest(k,s) , can access k • No Leaks – Only α should depend on k – No side channels or information leakages • Immutability • Un-interruptibility • Controlled Invocation 27-Mar-2014 Aurélien Francillon / EURECOM 10

  12. From Properties to Features • High-level properties  Features • Features are implementation choices and constraints. We chose them so as to: – Have minimal impact on the system – Be necessary and sufficient to guaranty security properties • However we claim minimality of properties, which are design independent, not Features 27-Mar-2014 Aurélien Francillon / EURECOM 11

  13. Features • Key: Hardware protection from software access • No Leaks – Memory erasure, side-channel resistance? • Immutability – Attest code resides in ROM • Uninterruptibility – Attest is atomic, IRQ disabled… • Controlled Invocation – Execution only from valid entry points, hardware support 27-Mar-2014 Aurélien Francillon / EURECOM 12

  14. Conclusion In-depth systematic treatment of remote attestation, from which we derived: • definitions and global security goals • derived properties • which are mapped into required features Helps identify limitations and shortcomings of current designs: • Many attacks discovered by checking manually • See long version of the paper Future work • perform formal verification / proofs of real systems 27-Mar-2014 Aurélien Francillon / EURECOM 13

  15. Conclusion Questions ? 27-Mar-2014 Aurélien Francillon / EURECOM 14

  16. Extra slides 27-Mar-2014 Aurélien Francillon / EURECOM 15

  17. Minimality of properties • Exclusive Access – If adversary learns key, • No Leaks – Information about k • Immutability – Changing the code could be fatal • Uninterruptibility – Moving malicious code during attestation • Controlled Invocation – Invoking attest by skipping parts of it 27-Mar-2014 Aurélien Francillon / EURECOM 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Fusing Hybrid Remote Attestation with a Formally Verified Microkernel: Lessons Learned Karim

Fusing Hybrid Remote Attestation with a Formally Verified Microkernel: Lessons Learned Karim

Fusing Hybrid Remote Attestation with a Formally Verified Microkernel: Lessons Learned Karim Eldefrawy, Norrathep Rattanavipanon , Gene Tsudik June 28, 2017 nrattana@uci.edu http://sprout.ics.uci.edu IoT/CPS/ES IoT/CPS/ES IoT/CPS/ES Remote

451 views • 33 slides
Measuring Semantic Integrity for Remote Attestation Fabrizio Baiardi 1 Diego Cilea 2 Daniele

Measuring Semantic Integrity for Remote Attestation Fabrizio Baiardi 1 Diego Cilea 2 Daniele

Introduction Proposed Solution: VIMS Conclusion Measuring Semantic Integrity for Remote Attestation Fabrizio Baiardi 1 Diego Cilea 2 Daniele Sgandurra 2 Francesco Ceccarelli 3 1 Polo G. Marconi - La Spezia, Universit di Pisa, Italy 2

378 views • 33 slides
Remote Attestation of IoT Devices via SMARM: Shuffled Measurements Against Roving Malware Xavier

Remote Attestation of IoT Devices via SMARM: Shuffled Measurements Against Roving Malware Xavier

Remote Attestation of IoT Devices via SMARM: Shuffled Measurements Against Roving Malware Xavier Carpent, Norrathep (Oak) Rattanavipanon , Gene Tsudik nrattana@uci.edu SPROUT Lab: sprout.ics.uci.edu University of California, Irvine 1

644 views • 42 slides
Obtaining Provably Secure Services from Formally Verified Remote Attestation Gene Tsudik 1 Joint

Obtaining Provably Secure Services from Formally Verified Remote Attestation Gene Tsudik 1 Joint

Obtaining Provably Secure Services from Formally Verified Remote Attestation Gene Tsudik 1 Joint work with: Ivan De Oliveira Nunes 1 , Karim Eldefrawy 2 , Norrathep Rattanavipanon 1 University of California Irvine 1 , SRI International 2 1 In

847 views • 48 slides
BARRETT: BlockchAin Regulated REmote aTTestation Michail Bampatsikos, Christoforos Ntantogian,

BARRETT: BlockchAin Regulated REmote aTTestation Michail Bampatsikos, Christoforos Ntantogian,

BARRETT: BlockchAin Regulated REmote aTTestation Michail Bampatsikos, Christoforos Ntantogian, Christos Xenakis, Stelios C. A. Thomopoulos ACKNOWLEDGEMENT: The research of the authors M. Bampatsikos and S. C. A. Thomopoulos is supported by Stavros

187 views • 15 slides
HYDRA: HYbrid Design for Remote Attestation (Using a Formally Verified Microkernel) Karim

HYDRA: HYbrid Design for Remote Attestation (Using a Formally Verified Microkernel) Karim

HYDRA: HYbrid Design for Remote Attestation (Using a Formally Verified Microkernel) Karim Eldefrawy , Norrathep Rattanavipanon, Gene Tsudik HRL Labs UC Irvine UC Irvine (Currently at SRI) July 18, 2017 karim.eldefrawy@sri.com IoT/CPS/ES 2

1.07k views • 41 slides
Towards an implementation in LambdaProlog of the two level Minimalist Foundation A. Fiori, C.

Towards an implementation in LambdaProlog of the two level Minimalist Foundation A. Fiori, C.

Towards an implementation in LambdaProlog of the two level Minimalist Foundation A. Fiori, C. Sacerdoti Coen Hagenberg, 14/08/2018 The Minimalist Type Theory (MTT) of Maietti and Sambin The Classical World One minimalist foundation: FOL +

544 views • 16 slides
MMap (Memory Mapping) Simple, minimalist approach to scale up computation Mahdi Roozbahani

MMap (Memory Mapping) Simple, minimalist approach to scale up computation Mahdi Roozbahani

Class Website CX4242: MMap (Memory Mapping) Simple, minimalist approach to scale up computation Mahdi Roozbahani Lecturer, Computational Science and Engineering, Georgia Tech When should you use Spark/Hadoop, AWS, Azure? And when should you

531 views • 16 slides
BEHAVIORAL HEALTH AGENCY (BHA)- LICENSING, ATTESTATION, AND DEEMING Attestation for Substance

BEHAVIORAL HEALTH AGENCY (BHA)- LICENSING, ATTESTATION, AND DEEMING Attestation for Substance

BEHAVIORAL HEALTH AGENCY (BHA)- LICENSING, ATTESTATION, AND DEEMING Attestation for Substance Use Disorder (SUD) Services DOH agrees that an attestation process for SUD services should be an option The attestation process for SUD

474 views • 8 slides
1990s : Maximalist vs. Minimalist approach Compartamos arose from the NGO Gente Nueva

1990s : Maximalist vs. Minimalist approach Compartamos arose from the NGO Gente Nueva

Expertise for Transparency in Microfinance SC-F ORUM 2016-03 I NCLUSIVE F INANCE Bern, Switzerland 3rd of March, 2016 Aldo Moauro ITALY |ECUADOR |KENYA |MEXICO |KYRGYZ REPUBLIC |PHILIPPINES |BOLIVIA 1990s : Maximalist vs. Minimalist

252 views • 10 slides
PSA APIs An overview Attestation API 1.0.1 we are in the process of dropping a new

PSA APIs An overview Attestation API 1.0.1 we are in the process of dropping a new

PSA APIs An overview Attestation API 1.0.1 we are in the process of dropping a new release which allows signing using symmetric attestation keys (using COSE Mac0) Fully documented in ARM IHI 0085 TF-M master is slightly behind the

542 views • 17 slides
Secure Swarm Attestation for IoT Networks Ada Diop (Orange Labs - Tlcom SudParis)

Secure Swarm Attestation for IoT Networks Ada Diop (Orange Labs - Tlcom SudParis)

Secure Swarm Attestation for IoT Networks Ada Diop (Orange Labs - Tlcom SudParis) 12/02/2019 interne France Tlcom - Orange Trust in Remote Devices: example A sensor sends the following message over a Bluetooth, BLE or Thread

528 views • 19 slides
Building Secure Decentralized Applications the DECENT Way Haofan Zheng Xiaowei Chu University

Building Secure Decentralized Applications the DECENT Way Haofan Zheng Xiaowei Chu University

Building Secure Decentralized Applications the DECENT Way Haofan Zheng Xiaowei Chu University of California, Santa Cruz Owen Arden Remote Attestation A process for the enclave to gain the trust of a remote service, so that the remote

212 views • 18 slides
Attestation (RATS/EAT) Overview Laurence Lundblade February 2020 Entity Attestation Good

Attestation (RATS/EAT) Overview Laurence Lundblade February 2020 Entity Attestation Good

Attestation (RATS/EAT) Overview Laurence Lundblade February 2020 Entity Attestation Good Devices Token Chip & device manufacturer Banking risk engine IoT backend Device ID (e.g. serial number) Boot state, debug state

956 views • 34 slides
VANCOUVER WELCOMES YOU! MINIMALIST METONYMY RESOLUTION THE ROAD MAP THE PROBLEM + BRIEF HISTORY

VANCOUVER WELCOMES YOU! MINIMALIST METONYMY RESOLUTION THE ROAD MAP THE PROBLEM + BRIEF HISTORY

MILAN GRITTA, MOHAMMAD TAHER PILEHVAR, NUT LIMSOPATHAM, NIGEL COLLIER VANCOUVER WELCOMES YOU! MINIMALIST METONYMY RESOLUTION THE ROAD MAP THE PROBLEM + BRIEF HISTORY PREWIN MODEL RELOCAR FEATURE SELECTION MINIMALIST NN NEW DATASET RESULTS

479 views • 19 slides
Minimalist Grammars Formalisme en Dependency Structures Sjoerd Dost Myrthe Tielman Logical

Minimalist Grammars Formalisme en Dependency Structures Sjoerd Dost Myrthe Tielman Logical

The Minimalist Program Minimalist Grammars Merge Onion Dependency Structures Block Degree Nestedness Minimalist Grammars Formalisme en Dependency Structures Sjoerd Dost Myrthe Tielman Logical Methods in NLP 03/05/12 Dost, Tielman

812 views • 48 slides
A T T E S T A T T E S T A T T E S T Application (Java) Database 1 2 3 Database B C A E

A T T E S T A T T E S T A T T E S T Application (Java) Database 1 2 3 Database B C A E

A T T E S T A T T E S T A T T E S T Application (Java) Database 1 2 3 Database B C A E D F I G H J L M K O R N P S Q D2 D1 D3 D4 A T T E S T A T T E S T Testing Exposing externally visible internal stats /

485 views • 34 slides
CS 4110 Probabilistic Programming Probabilistic Programming It's not about writing software.

CS 4110 Probabilistic Programming Probabilistic Programming It's not about writing software.

CS 4110 Probabilistic Programming Probabilistic Programming It's not about writing software. Probabilistic Programming Probabilistic programming is a tool for statistical modeling. OR A probabilistic programming language is a plain old

688 views • 41 slides
Causal Inference and Experimentation Macartan Humphreys mh2245@columbia.edu November 15, 2011

Causal Inference and Experimentation Macartan Humphreys mh2245@columbia.edu November 15, 2011

Causal Inference Design Road Map Analysis Estimands and Estimators Troubleshooting Prospects and Limitations Causal Inference and Experimentation Macartan Humphreys mh2245@columbia.edu November 15, 2011 Macartan Humphreys

627 views • 51 slides
- pm characteristic of field 0 / O w H ( a t b Y ' = at t b t Hypergraph . , E ) vertex ( V

- pm characteristic of field 0 / O w H ( a t b Y ' = at t b t Hypergraph . , E ) vertex ( V

1%20 FIELD I t I t . t 1 = O . . - pm characteristic of field 0 / O w H ( a t b Y ' = at t b t Hypergraph . , E ) vertex ( V set bertie laniary V E PCV ) E " IV Hh edges v IE km STERNER 'S TAM .m4I Uniform hypergraph : Hedge

302 views • 17 slides
Policy-Sealed Data: A New Abstraction for Building Trusted Cloud Services Nuno Santos 1 , Rodrigo

Policy-Sealed Data: A New Abstraction for Building Trusted Cloud Services Nuno Santos 1 , Rodrigo

Max Planck Institute for Software Systems Policy-Sealed Data: A New Abstraction for Building Trusted Cloud Services Nuno Santos 1 , Rodrigo Rodrigues 2 , Krishna P. Gummadi 1 , Stefan Saroiu 3 MPI-SWS 1 , CITI / Universidade Nova Lisboa 2 ,

373 views • 20 slides
Making Adversaries Stick to their Word Presented by Chuan He 1 Talk Outline Introduction

Making Adversaries Stick to their Word Presented by Chuan He 1 Talk Outline Introduction

Attested Append-Only Memory: Making Adversaries Stick to their Word Presented by Chuan He 1 Talk Outline Introduction and Motivation Attested Append-Only Memory (A2M) A2M Protocols Evaluation Conclusion 2 Motivation

433 views • 21 slides
Trustees What is a Trustee? The Book of Discipline State Law THE BOOK OF DISCIPLINE 2016

Trustees What is a Trustee? The Book of Discipline State Law THE BOOK OF DISCIPLINE 2016

Baltimore-Washington Conference of the United Methodist Church Trustees What is a Trustee? The Book of Discipline State Law THE BOOK OF DISCIPLINE 2016 2533. Board of Trustees Powers and Limitations 1. Subject to the direction of

544 views • 27 slides
COVID-19 Office Hours RCC (Relay Conference Captioning) Participants can access real-time

COVID-19 Office Hours RCC (Relay Conference Captioning) Participants can access real-time

COVID-19 Office Hours RCC (Relay Conference Captioning) Participants can access real-time captioning for this webinar here: www.ncdhhs.gov/coronavirus https://www.captionedtext.com November 6, 2020 /client/event.aspx?EventID=463

522 views • 11 slides

More recommend