for constrained iot devices
play

for Constrained IoT Devices Y. Jia, B. Liu, W. Jiang, B. Wu, C. Wang - PowerPoint PPT Presentation

Sep 03, 2023 •185 likes •352 views

Enhancing Remote Healthiness Attestation for Constrained IoT Devices Y. Jia, B. Liu, W. Jiang, B. Wu, C. Wang IEEE ICNP 2020 Madrid, Spain, October 13-16, 2020 HUAWEI TECHNOLOGIES CO., LTD. IoT Devices are keeping losing control IoT devices

  1. Enhancing Remote Healthiness Attestation for Constrained IoT Devices Y. Jia, B. Liu, W. Jiang, B. Wu, C. Wang IEEE ICNP 2020 Madrid, Spain, October 13-16, 2020 HUAWEI TECHNOLOGIES CO., LTD.

  2. IoT Devices are keeping losing control… IoT devices remain vulnerable … Hackers are lunching DDoS with IoT devices… Mirai attacks… Peak 1.7 Tbps IoT Devices

  3. Reasons behind the constantly vulnerabilities Shaping Market Constrained Resources… Hacking Hacker Unaffordable Security mechanisms IoT Hacked!

  4. Given that IoT devices are inevitably vulnerable , the question goes to: How could we timely identify hacked IoT devices? Remote Attestation

  5. Universal Remote Attestation Trusted STEP 1 Module BOOTUP Trusted Boot Power off Started Trusted boot mechanism Credentials Endorsed by Trusted Module Pull the Credentials STEP 2 With the Trusted Module endorsement Remote attestation IP Network Channel • Built by the manufacturer Running • Trusted by the Authorized Verifier • All in an out-of-band manner

  6. A dedicated Trust Module is way too heavy/expensive… Could it be evolved for the constrained IoTs? DICE(Device Identifier Composition Engine)

  7. The DICE(Device Identifier Composition Engine) Proposal • Initially proposed by Microsoft • Standardized by standardize 2 specifications of the DICE-based remote attestation • ① ② symmetric crypto DICE asymmetric crypto DICE Standardized by 2020 Standardized by 2018

  8. DICE with the Asymmetric crypto The higher the layer is, the more functions and attacking surface there will be. Bootup layer by layer DICE Engine Layer 0 Layer 1 Layer 2 Layer n BOOTUP [SK * ] [SK 0 ] [SK 1 ] [SK 2 ] [SK n ] … … Certificate 0 Certificate 1 Certificate 2 Certificate n PK 0 PK 1 PK 2 PK n … … Hash(L 0 ) Hash(L 1 ) Hash(L 2 ) Hash(L n ) Signed by SK * Signed by SK 0 Signed by SK 1 Signed by SK n-1 Device Side DTLS Handshake [Authentication] Verifier Side Certificate 0 Certificate 1 Certificate 2 Certificate n Certificate Certificate PK 0 PK 1 PK 2 PK n IDevID ROOT Hash(L 0 ) Hash(L 1 ) Hash(L 2 ) Hash(L n ) PK CA PK * … … Signed by SK * Signed by SK 0 Signed by SK 1 Signed by SK n-1 Signed by SK CA Signed by SK CA Database H0 | H1 | H2 | H3 | … | Hn Prerequisites Design Key: DICE Engine is developed and installed by the manufacturer; DICE Engine stores a SK(private key)/PK(public key) pair for the endorsement; • • The source code of the DICE Engine too tiny to be hacked ; DICE Engine will be shut down immediately once layer 0 booted up; • • DICE Engine is unconditionally trusted by the Verifier; The short running interval guarantees that the SK(private key) is only readable • • for the DICE Engine itself, and thus inaccessible by any other layers; The validation is based on the certificate-chain

  9. DICE with the Symmetric crypto The design principles are all the same as the Asymmetric crypto based DICE BOOTUP Layer n-1 Layer n DICE Layer 0 Layer 1 Layer 2 … … Secret 0 Secret 1 Secret n-1 Secret n UDS* Secret 2 Secret 1 =HMAC(Secret 0 , H(L 1 )) Secret 3 =HMAC(Secret 2 , H(L 3 )) Secret 2 =HMAC(Secret 1 , H(L 2 )) Secret 0 =HMAC(UDS, H(L 0 )) Secret n =HMAC(Secret n-1 , H(L n )) Firmware Version ID PSK=KDF(Secret n ) Device Side DTLS Handshake [Authentication] Verifier Side Consistency Database Validation Firmware Version H0 | H1 | H2 | H3 | … | Hn Database Algorithm PSK* PSK ID UDS The Algorithm is the same as the device boot up Key Points UDS : Unique Device Secret --- A Symmetric key • The UDS is shared with and trusted by verifiers • The validation is based on the Hash-chain

  10. NEVERTHELESS Replay Attacks are behind DICE…

  11. Threat: steal the credentials and then replay … NOTE : DICE DO NOT offer the capability of the secure storage Credentials e.g. TEE H323CD87LKUE7BGH… Impractical Hardware Level Protection Unconstrained IoT Devices ( Powered ) Steal the credential By access devices physical or remotely Constrained IoT Devices ( Battery ) Possible The credential is static … Software Level Protection Replay… Once stolen Credentials the replay attacks survives … 7LK5UE27B5GHFEG3Y…

  12. DICE+: Design Consideration Main Consideration Secure Direction 1 : Replay attack resilience Light-weight Direction 2 : adaptive for the constrained IoT Devices Accuracy Direction 3 : Fine-grained firmware attestation DICE+ UPGRADE… DICE

  13. Identifying the replay... Convert the Credential from STATIC to DYNAMIC ! Static Dynamic SEED Nonce Counter Timestamp

  14. DICE+: Design Details Evolution from the Symmetric crypto DICE BOOT Layer 1 Layer n … … DICE Layer 0 KEY 1 Secret 1 Secret n KEY n KEY 0 Secret 0 UDS CNT KEY 1 =H(KEY 0 ) KEY n =H(KEY n-1 ) KEY 0 =HMAC(UDS, CNT) CNT+1 Every time bootup Secret n =HMAC(KEY n-1 *, H(L n )) Secret 0 =HMAC(LUDS, H(L 0 )) Secret 1 =HMAC(KEY 0 , H(L 1 )) … … ID Firmware Version D = (Secret 0 , Secret 1 , Secret 2 , … , Secret n ) PSK=H(D) Device Side DTLS Handshake [Authentication] Verifier Side Consistency Database Validation Firmware Version H0 | H1 | H2 | H3 | … | Hn D D* Database Algorithm ID PSK* PSK UDS MAIN CHANGES The Algorithm is the same as the device boot up Seed involved: A counter is introduced in the DICE engine • OTHER OPTIMIZATIONS Symmetric crypto: remain the extreme light-weight overhead • KEY n CNT New algorithm : A parameter is introduced in every layer boot up •

  15. Conclusion: What DICE+ Improve? DICE+ CHALLENGE 2 : Computationally costly UPDATE 2 : Extreme constrained IoT Asymmetric crypto computation consumes energy • 1. energy consumptions reduce 1000x 2. chip size for security area can reduce ~60% Certificate-chain transfer consumes energy • DICE [Asymmetric] UPDATE 1 : Resilient for Replay CHALLENGE 1 : Replay Attack Verifiers can adjust the period of the validity of the seed • The static credentials are easy to replay… • Verifiers is able to identify the hacked devices that have • been imitated by the replay attacks . DICE [Symmetric] UPDATE 3 : Hacked Layer Identification CHALLENGE 3 : Coarse-grained attestation Verifiers are unable to identify the specific hacked layer Verifiers are able to identify in which layer the IoT devices • • have been hacked.

  16. THANKS! IEEE ICNP 2020 Madrid, Spain, October 13-16, 2020 HUAWEI TECHNOLOGIES CO., LTD.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Implementing Existing Management Protocols on Constrained Devices J urgen Sch onw alder

Implementing Existing Management Protocols on Constrained Devices J urgen Sch onw alder

Implementing Existing Management Protocols on Constrained Devices J urgen Sch onw alder IETF 81, Quebec, 2011-07-26 1 / 22 SNMP on Constrained Devices 1 SNMP on Constrained Devices 2 NETCONF on Constrained Devices (NETCONF Light) 3

340 views • 22 slides
Application Layer Protocols and Data Encoding for Constrained Devices W3C Web of Things

Application Layer Protocols and Data Encoding for Constrained Devices W3C Web of Things

Hauke Petersen Computer Systems and Telematics Breakout session on Application Layer Protocols and Data Encoding for Constrained Devices W3C Web of Things Workshop Contents 1) Constrained devices 2) Radio/Network technologies 3) Common

1.15k views • 7 slides
RNGs for Resource-Constrained Devices Werner Schindler Bundesamt fr Sicherheit in der

RNGs for Resource-Constrained Devices Werner Schindler Bundesamt fr Sicherheit in der

RNGs for Resource-Constrained Devices Werner Schindler Bundesamt fr Sicherheit in der Informationstechnik (BSI), Bonn, Germany Bochum, November 6, 2017 Outline Crypto for IoT: some general thoughts RNGs on resource-constrained

443 views • 22 slides
A Lightweight Secure Cyber Foraging Infrastructure for Resource-Constrained Devices Sachin Goyal

A Lightweight Secure Cyber Foraging Infrastructure for Resource-Constrained Devices Sachin Goyal

A Lightweight Secure Cyber Foraging Infrastructure for Resource-Constrained Devices Sachin Goyal and John Carter School of Computing University of Utah 1 Todays Computing Environments Small, embedded, mobile devices Ubiquitous

245 views • 22 slides
Lightweight S Stream C Cipher Scheme f for R Resource- Constrained I IoT D Devices WIMOB

Lightweight S Stream C Cipher Scheme f for R Resource- Constrained I IoT D Devices WIMOB

Lightweight S Stream C Cipher Scheme f for R Resource- Constrained I IoT D Devices WIMOB 2019 October 21st 23rd, 2019 Casa Convalescncia, Barcelona, Spain Authors: Hassan Noura, Raphal Couturier, CongDuc Pham and Ali Chehab

149 views • 13 slides
A Genetic Algorithm to Improve Linux Kernel Performance on Resource-Constrained Devices James T.

A Genetic Algorithm to Improve Linux Kernel Performance on Resource-Constrained Devices James T.

A Genetic Algorithm to Improve Linux Kernel Performance on Resource-Constrained Devices James T. Kukunas , Robert D. Cupper, and Gregory M. Kapfhammer Department of Computer Science Allegheny College, Pennsylvania, USA Late Breaking Abstracts

627 views • 23 slides
MOSDEN: An Internet of Things Middleware for Resource Constrained Mobile Devices Charith Perera,

MOSDEN: An Internet of Things Middleware for Resource Constrained Mobile Devices Charith Perera,

MOSDEN: An Internet of Things Middleware for Resource Constrained Mobile Devices Charith Perera, Prem Prakash Jayaraman, Arkady Zaslavsky, Peter Christen, Dimitrios Georgakopoulos 47TH HAWAII INTERNATIONAL CONFERENCE ON SYSTEM SCIENCES (HICSS),

543 views • 23 slides
Group-Signature Schemes on Constrained Devices Raphael Spreitzer and J orn-Marc Schmidt

Group-Signature Schemes on Constrained Devices Raphael Spreitzer and J orn-Marc Schmidt

Group-Signature Schemes on Constrained Devices Raphael Spreitzer and J orn-Marc Schmidt Institute for Applied Information Processing and Communications (IAIK) Graz University of Technology Inffeldgasse 16a, A-8010 Graz, Austria

335 views • 14 slides
Efficient Implementations of MQPKS Peter Czypek,Stefan Heyse, Enrico Thomae on Constrained

Efficient Implementations of MQPKS Peter Czypek,Stefan Heyse, Enrico Thomae on Constrained

Efficient Implementations of MQPKS on Constrained Devices Efficient Implementations of MQPKS Peter Czypek,Stefan Heyse, Enrico Thomae on Constrained Devices Peter Czypek, Stefan Heyse, Enrico Thomae CHES2012 11.09.2012 Ruhr-University Bochum |

958 views • 40 slides
for Resource-Constrained Environments Suku Nair, Subil Abraham, Omar Al Ibrahim HACNet Labs,

for Resource-Constrained Environments Suku Nair, Subil Abraham, Omar Al Ibrahim HACNet Labs,

11 Security Fusion: A New Security Architecture for Resource-Constrained Environments Suku Nair, Subil Abraham, Omar Al Ibrahim HACNet Labs, Southern Methodist University Resource-Constrained Devices

731 views • 17 slides
Mixed-Integer PDE-Constrained Optimization Frontiers in PDE-constrained Optimization Pelin Cay,

Mixed-Integer PDE-Constrained Optimization Frontiers in PDE-constrained Optimization Pelin Cay,

Mixed-Integer PDE-Constrained Optimization Frontiers in PDE-constrained Optimization Pelin Cay, Bart van Bloemen Waanders, Drew Kouri, Anna Thuenen and Sven Leyffer Lehigh University, Universit at Magdeburg, Argonne National Laboratory, and

874 views • 45 slides
A Nonlinear Trust Region Framework for PDE-Constrained Optimization Using

A Nonlinear Trust Region Framework for PDE-Constrained Optimization Using

Motivation PDE-Constrained Optimization ROM-Constrained Optimization Numerical Experiments Conclusion References A Nonlinear Trust Region Framework for PDE-Constrained Optimization Using Progressively-Constructed Reduced-Order Models

458 views • 34 slides
Context : Deployment of secure and reliable energy management devices Issues : Large

Context : Deployment of secure and reliable energy management devices Issues : Large

ANOMALY DETECTION USING HARDWARE PERFORMANCE COUNTERS ON A LARGE SCALE IOT DEPLOYMENT Context : Deployment of secure and reliable energy management devices Issues : Large scale deployment Resources constrained IoT devices

413 views • 3 slides
Constrained Network Access Constrained connections for new generation Situation Preliminary

Constrained Network Access Constrained connections for new generation Situation Preliminary

Constrained Network Access Constrained connections for new generation Situation Preliminary Access Offers due Feb 2015 Under the Access Code, WP must Complication make all reasonable endeavours to connect customers. Moving to fully

301 views • 6 slides
Cohesive Devices Cohesive devices Cohesive devices are like

Cohesive Devices Cohesive devices Cohesive devices are like

Cohesive Devices Cohesive devices Cohesive devices are like road signs. They keep the text running smoothly , making it clear which direc8on to

431 views • 7 slides
Some Remarks on Constrained Optimization Jos e Mario Mart nez www.ime.unicamp.br/

Some Remarks on Constrained Optimization Jos e Mario Mart nez www.ime.unicamp.br/

Some Remarks on Constrained Optimization Some Remarks on Constrained Optimization Jos e Mario Mart nez www.ime.unicamp.br/ martinez Department of Applied Mathematics, University of Campinas, Brazil 2011 Some Remarks on Constrained

530 views • 25 slides
Reversibility Processes in nature are always irreversible : far from equilibrium Reversible

Reversibility Processes in nature are always irreversible : far from equilibrium Reversible

Reversibility Processes in nature are always irreversible : far from equilibrium Reversible process: idealized process infinitely close to thermodynamic equilibrium (quasi-equilibrium) Necessary conditions for Reversibility 1. No work must be

158 views • 11 slides
Homogeneous First Order Equations Bernd Schr oder logo1 Bernd Schr oder Louisiana Tech

Homogeneous First Order Equations Bernd Schr oder logo1 Bernd Schr oder Louisiana Tech

Overview An Example Double Check Homogeneous First Order Equations Bernd Schr oder logo1 Bernd Schr oder Louisiana Tech University, College of Engineering and Science Homogeneous First Order Equations Overview An Example Double

705 views • 53 slides
Logistic Regression: MLE vs. OLS1 in Excel2013 29 Aug 2016 V0B V0B V0B Schield MLE vs.

Logistic Regression: MLE vs. OLS1 in Excel2013 29 Aug 2016 V0B V0B V0B Schield MLE vs.

Logistic Regression: MLE vs. OLS1 in Excel2013 29 Aug 2016 V0B V0B V0B Schield MLE vs. OLS1-Based Logistic Excel 2013 1 Schield MLE vs. OLS1-Based Logistic Excel 2013 2 Logistic Regression: Background & Goals MLE vs. OLS1 in Excel 2013

520 views • 19 slides
Foundations of Computing II Lecture 24: Biased Estimation Stefano Tessaro

Foundations of Computing II Lecture 24: Biased Estimation Stefano Tessaro

CSE 312 Foundations of Computing II Lecture 24: Biased Estimation Stefano Tessaro tessaro@cs.washington.edu 1 Parameter Estimation Workflow Parameter estimate Independent Distribution + % Algorithm samples # ' , , # * (#|%)

412 views • 19 slides
Absolute and Local Extrema Definition (Absolute Maximum) A function f has an absolute maximum at c

Absolute and Local Extrema Definition (Absolute Maximum) A function f has an absolute maximum at c

Absolute and Local Extrema Definition (Absolute Maximum) A function f has an absolute maximum at c S if f ( x ) f ( c ) x S . We call f ( c ) the absolute maximum of f on S . Alan H. SteinUniversity of Connecticut Absolute and

740 views • 60 slides
MATH 12002 - CALCULUS I 3.1: Maximum and Minimum Values Professor Donald L. White Department

MATH 12002 - CALCULUS I 3.1: Maximum and Minimum Values Professor Donald L. White Department

MATH 12002 - CALCULUS I 3.1: Maximum and Minimum Values Professor Donald L. White Department of Mathematical Sciences Kent State University D.L. White (Kent State University) 1 / 10 Absolute Maximum & Minimum Definition Let y = f ( x )

313 views • 10 slides
Locating Local Extrema Definitions: Locations . . . Definitions: . . . under Interval

Locating Local Extrema Definitions: Locations . . . Definitions: . . . under Interval

Need to Take into . . . Need for Guaranteed . . . Locating Local . . . Locating Local Extrema Definitions: Locations . . . Definitions: . . . under Interval Uncertainty: Definitions: Locating . . . Definitions: Locating . . . Multi-D Case

591 views • 16 slides
9. Max-min problems Let z = f ( x, y ) be a differentiatiable function. If f has a local min- imum

9. Max-min problems Let z = f ( x, y ) be a differentiatiable function. If f has a local min- imum

9. Max-min problems Let z = f ( x, y ) be a differentiatiable function. If f has a local min- imum or maximum at ( x 0 , y 0 ) then f x ( x 0 , y 0 ) = 0 and f y ( x 0 , y 0 ) are both zero. In this case the tangent plane is horizontal, since the

342 views • 4 slides

More recommend