A Minimalist Approach to Remote Attestation Aurlien Francillon - - PowerPoint PPT Presentation

a minimalist approach to remote attestation
SMART_READER_LITE
LIVE PREVIEW

A Minimalist Approach to Remote Attestation Aurlien Francillon - - PowerPoint PPT Presentation

Jun 07, 2023 274 likes •454 views

A Minimalist Approach to Remote Attestation Aurlien Francillon Eurecom Quan Nguyen, Kasper B. Rasmussen, Gene Tsudik UC Irvine Overview Motivation Definition of Remote Attestation From Definition to Properties From Properties

slide-1
SLIDE 1

A Minimalist Approach to Remote Attestation

Aurélien Francillon

Eurecom

Quan Nguyen, Kasper B. Rasmussen, Gene Tsudik

UC Irvine

slide-2
SLIDE 2
  • Motivation
  • Definition of Remote Attestation
  • From Definition to Properties
  • From Properties to Features
  • Conclusion

Overview

27-Mar-2014 Aurélien Francillon / EURECOM 1

slide-3
SLIDE 3

Embedded Systems

27-Mar-2014 Aurélien Francillon / EURECOM 2

RFID Sensors SmartCards Connected devices Industrial systems

slide-4
SLIDE 4

Remote attestation:

  • The act of remotely verifying the state of a device

Remote Attestation

27-Mar-2014 Aurélien Francillon / EURECOM 3

Requires guarantees that Prover is not lying

slide-5
SLIDE 5

Remote attestation can rely on:

  • Static root of trust (TPM, Secure boot, ...)

– Only attests initial state of software

  • Dynamic root of trust (TXT, ARM TrustZone, SMART, ...)
  • Software-based attestation
  • Hybrids of the above (Sancus,..)

Remote attestation is a popular field

  • Many publications and deployed systems
  • Some for tiny devices

Remote Attestation Examples

27-Mar-2014 Aurélien Francillon / EURECOM 4

slide-6
SLIDE 6

Lack of agreement about what is remote attestation and its required properties We define remote attestation and its minimum requirements. We then apply this to the case of:

  • Low-end microcontrollers: HW can be modified
  • Software attacks
  • Basic hardware interaction (not really hardware

attacks)

Remote Attestation Problem

27-Mar-2014 Aurélien Francillon / EURECOM 5

slide-7
SLIDE 7

An attestation protocol P = (Setup, Attest, Verify):

  • k = Setup(1κ)

a setup procedure to generate a shared key

  • α = Attest(k, s)

Key, Device state => Attestation token

  • verdict = Verify(k, s’, α)

Key, Expected state, Token => Yes/No

The Definition

27-Mar-2014 Aurélien Francillon / EURECOM 6

slide-8
SLIDE 8

Remote Attestation

slide-9
SLIDE 9

We define game, as:

  • Prover has q attempts to generate states that differ from its

real state and submit them to Attest() oracle

  • Eventually returns an α to the verifier

Game outputs 1 iff Verify(k, s, α) = 1 The protocol is Att-Forgery-secure if:

  • Probabilistic polynomial time prover Prov
  • Large enough κ

The Att-Forgery Game

27-Mar-2014 Aurélien Francillon / EURECOM 8

slide-10
SLIDE 10

From the definition we see that

  • Only attest can compute α
  • α = Attest(k, s) captures the device state

This leads to 2 attack types

  • Adversary knows k, simulates attest, computes α
  • Returned α does not correspond to prover’s actual

state

Requirements and Attacks

27-Mar-2014 Aurélien Francillon / EURECOM 9

slide-11
SLIDE 11
  • Exclusive Access

– Only Attest(k,s), can access k

  • No Leaks

– Only α should depend on k – No side channels or information leakages

  • Immutability
  • Un-interruptibility
  • Controlled Invocation

Properties

27-Mar-2014 Aurélien Francillon / EURECOM 10

slide-12
SLIDE 12
  • High-level properties  Features
  • Features are implementation choices and
  • constraints. We chose them so as to:

– Have minimal impact on the system – Be necessary and sufficient to guaranty security properties

  • However we claim minimality of properties, which

are design independent, not Features

From Properties to Features

27-Mar-2014 Aurélien Francillon / EURECOM 11

slide-13
SLIDE 13
  • Key: Hardware protection from software access
  • No Leaks

– Memory erasure, side-channel resistance?

  • Immutability

– Attest code resides in ROM

  • Uninterruptibility

– Attest is atomic, IRQ disabled…

  • Controlled Invocation

– Execution only from valid entry points, hardware support

Features

27-Mar-2014 Aurélien Francillon / EURECOM 12

slide-14
SLIDE 14

In-depth systematic treatment of remote attestation, from which we derived:

  • definitions and global security goals
  • derived properties
  • which are mapped into required features

Helps identify limitations and shortcomings of current designs:

  • Many attacks discovered by checking manually
  • See long version of the paper

Future work

  • perform formal verification / proofs of real systems

Conclusion

27-Mar-2014 Aurélien Francillon / EURECOM 13

slide-15
SLIDE 15

Conclusion

27-Mar-2014 Aurélien Francillon / EURECOM 14

Questions ?

slide-16
SLIDE 16

Extra slides

27-Mar-2014 Aurélien Francillon / EURECOM 15

slide-17
SLIDE 17
  • Exclusive Access

– If adversary learns key,

  • No Leaks

– Information about k

  • Immutability

– Changing the code could be fatal

  • Uninterruptibility

– Moving malicious code during attestation

  • Controlled Invocation

– Invoking attest by skipping parts of it

Minimality of properties

27-Mar-2014 Aurélien Francillon / EURECOM 16