hydra hybrid design for remote attestation
play

HYDRA: HYbrid Design for Remote Attestation (Using a Formally - PowerPoint PPT Presentation

May 01, 2023 •645 likes •1.07k views

HYDRA: HYbrid Design for Remote Attestation (Using a Formally Verified Microkernel) Karim Eldefrawy , Norrathep Rattanavipanon, Gene Tsudik HRL Labs UC Irvine UC Irvine (Currently at SRI) July 18, 2017 karim.eldefrawy@sri.com IoT/CPS/ES 2

  1. HYDRA: HYbrid Design for Remote Attestation (Using a Formally Verified Microkernel) Karim Eldefrawy , Norrathep Rattanavipanon, Gene Tsudik HRL Labs UC Irvine UC Irvine (Currently at SRI) July 18, 2017 karim.eldefrawy@sri.com

  2. IoT/CPS/ES 2

  3. Low/Medium-end Embedded Systems ★ CPU ★ Clock ★ Program and data memory ★ In addition to: Comm interfaces (USB, ○ CAN, Serial, WiFi, Ethernet …) Analog to digital converters ○ 3

  4. Remote Attestation (RA) ★ Remote verification of internal state of a prover by a verifier Secure updates, deletion/erasure and resetting ○ ★ Challenge-response protocol between ○ Trusted Verifier : powerful entity ○ Untrusted Prover : embedded device 1) challenge 2) checksum Verifier Prover (e.g. MAC or Signature) 3) 4) verify response 4

  5. Design of RA ★ Hardware-only Attestation Secure hardware (e.g., TPM) ○ ○ Overkill for medium/low-end IoT/embedded devices ★ Software-only Attestation ○ A.k.a. timing-based attestation ○ Does not support multi-hop communication ○ Underlying assumptions (seriously) challenged [1] ★ Hybrid Attestation Minimal hardware support for secure RA ○ [1] C. Castellucia, et al. On the difficulty of Software-Based Attestation of Embedded Devices, CCS 2009. 5

  6. Design of RA ★ Hardware-only Attestation Secure hardware (e.g., TPM) ○ ○ Overkill for medium/low-end IoT/embedded devices ★ Software-only Attestation ○ A.k.a. timing-based attestation ○ Does not support multi-hop communication ○ Underlying assumptions (seriously) challenged [1] ★ Hybrid Attestation Minimal hardware support for secure RA ○ [1] C. Castellucia, et al. On the difficulty of Software-Based Attestation of Embedded Devices, CCS 2009. 6

  7. Adversary Model ○ Remote: exploits vulnerabilities and injects malware over the network. Local: located sufficiently close to prover and can ○ eavesdrop on, and manipulate the communication channel. ○ Physical: has full (local) physical access to prover and its hardware and can perform physical attacks, e.g., use side channel to extract and/or modify keys and values in memory. 7

  8. SMART ** First hybrid design of remote attestation for low-end microcontrollers (MCUs) ** K. Eldefrawy, et al. SMART: Secure & Minimal Architecture for (Establishing a Dynamic) Root ofTrust, NDSS’12. 8

  9. Low/Medium-end Embedded Systems ★ CPU ★ Clock ★ Program and data memory ★ In addition to: Comm interfaces (USB, ○ CAN, Serial, WiFi, Ethernet …) Analog to digital converters ○ 9

  10. SMART Properties 1) Exclusive Access to Key 2) No Leaks 3) Immutability 4) Uninterruptability 5) Controlled Invocation K. Eldefrawy, et al. Secure & Minimal Architecture for (Establishing a Dynamic) Root of Trust, NDSS 2012. A. Francillon, et al. A Minimalist Approach to Remote Attestation, DATE 2014. 10

  11. SMART Properties 1) Exclusive Access to Key 2) No Leaks 3) Immutability 4) Uninterruptability 5) Controlled Invocation Hardware Requirement ★ ROM ★ MCU (bus) access controls 11

  12. SMART Properties 1) Exclusive Access to Key 2) No Leaks 3) Immutability 4) Uninterruptability 5) Controlled Invocation Hardware Requirement ★ ROM ★ MCU (bus) access controls Can be emulated using a formally verified software component 12

  13. Hybrid RA Design using seL4 13

  14. seL4 What is it? ● Formal verification of the OS kernel Spec Impl Binary ○ ● Capability-based access control ● Formally proven access control enforcement 14

  15. seL4 What is it? Why? ● Formal verification of the OS ● Emulate hardware-enforced kernel access controls in SMART Spec Impl Binary ○ ● Provide isolation of Attestation ● Capability-based access control Process ● Formally proven access control enforcement 15

  16. seL4 What is it? Why? ● Formal verification of the OS ● Emulate hardware-enforced kernel access controls in SMART Spec Impl Binary ○ ● Provide isolation of Attestation ● Capability-based access control Process ● Formally proven access control enforcement How? Map SMART properties into seL4 configuration 16

  17. Deriving Configuration SMART Properties Att Process Config. ★ E/A to key ★ Exclusive Access (E/A) to key ★ E/A to virtual address ★ No leaks space ★ Immutability ★ E/A to executable ★ Uninterruptability ★ Secure boot of seL4 and ★ Controlled invocation attestation process ★ Highest priority ★ E/A to Thread Control 17 Block (TCB)

  18. Our Approach - HYDRA ★ Run Attestation Process ( PR Att ) as initial user-space process ○ Contains capabilities to all objects, e.g. IPC, memory pages, and threads ○ Runs with highest scheduling priority ○ Manages the rest of user-space 18

  19. Our Approach - HYDRA ★ Run Attestation Process ( PR Att ) as initial user-space process ○ Contains capabilities to all objects, e.g. IPC, memory pages and threads ○ Runs with highest scheduling priority ○ Manages the rest of user-space ★ Only spawn new process that does not contain capabilities to PR Att ’s: ○ Executable/Key ○ Working virtual memory ○ TCB 19

  20. seL4 Kernel 2 4 PR Att Verifier 3 RAM/Flash 5 PR 1 Bootloader verifies and starts seL4 microkernel 1 1 PR 2 Kernel verifies and passes control to PR Att 2 PR Att spawns PR 1 and PR 2 3 Verifier sends an attestation request to PR Att 4 PR Att performs att. and reports back to verifier 5 MM I/O Clock ROM Secure Boot 20

  21. Implementation ➢ Prototype on I.MX6-SabreLite and Odroid-XU4 https://boundarydevices.com/product/sabre-lite-imx6-sbc/ http://www.hardkernel.com/main/products/prdt_info.php ➢ Existing secure boot (High Assurance Boot - HAB) mechanism in Sabre Lite 21

  22. Performance 1/3 HYDRA with HYDRA w/o HYDRA w/o seL4 Kernel net and libs net stack net and libs Only Lines of Code 105,360 68,490 11,938 9,142 Exec Size 574KB 476KB N/A 215KB Operations 1MB of Memory 20KB of Memory (I.MX5-SabreLite Number of Cycles Percentage Number of Cycles Percentage at 1GHz) VerifyRequest 1,604 0.01% 1,604 0.29% Retrieve Memory 3,221,307 10.7% 45,624 8.21% MacMemory 26,880,057 89.29% 508,334 91.5% Total 30,102,968 100% 555,562 100% 22

  23. Performance 2/3 23

  24. Performance 3/3 24

  25. Lessons Learned 25

  26. Challenges when using seL4 Formal verification of seL4 assumes: ★ Proper initialization of the kernel ○ Motivate using hardware-enforced secure boot 26

  27. Challenges when using seL4 Formal verification of seL4 assumes: ★ Proper initialization of the kernel ○ Motivate using hardware-enforced secure boot ★ Correct behavior of the underlying hardware Sol: Run seL4 on top of a formally verified processor ○ ○ But does such hardware exist? Not yet … but possible in the future, e.g. CHERI ISA [1] based on ○ Bluespec SystemVerilog [2] [1] R. N. Watson, et al. Capability hardware enhanced risc instructions: Cheri instruction-set architecture, 2016. [2] R. Nikhil and K. Czeck, BSV by Example. CreateSpace Independent Publishing Platform, 2010 27

  28. Platform Specific Secure Boot ★ Requires configurable/programmable secure boot ○ Not easy to find in commercial development boards ★ SabreLite’s High Assurance Boot (HAB) ○ Based on a digital signature scheme ○ Configurable through ROM APIs 28

  29. seL4 seL4 + seL4 + Signature Signature 29 Rod Ziolkowski, i.MX Applications Processor Trust Architecture, 2013

  30. Ensuring Freshness of Attestation Requests ★ Computational Denial-of-Service from: ○ Bogus requests ○ Delay, replay or reordering attacks ★ Solution: Verify requests! Requires timestamp generated by a reliable read-only clock. ○ ○ Read-only property can be enforced using seL4’s capability. ○ Reliable property requires a (semi-synchronous) real-time clock. F. Brasser, et al. Remote Attestation for Low-End Embedded Devices: the Prover’s Perspective, DAC 2016. 30

  31. Ensuring Freshness of Attestation Requests ★ No real-time clock driver implementation in Sabre Lite. ★ Workaround by generating pseudo-timestamp using a counter + a secondary storage When PR Att starts, it loads T 0 that was saved before the last reboot. ○ ○ When the first request arrives, compare its timestamp ( T 1 ) with T 0 Verify request. If success, keep track of T 1 and start counter. ○ ○ TS = T 1 + counter value Periodically store TS ○ 31

  32. In Summary ❖ First hybrid design for Remote Attestation using a formally verified microkernel (seL4) Emulate certain properties that were previously only realizable using ➢ hardware features ❖ Prototype on two commercially available platforms ❖ Challenges seL4 assumptions ➢ Secure boot ➢ Timestamp generation ➢ 32

  33. Questions?

  34. References 34

  35. seL4 Kernel PR Att RAM/Flash K Attes t MM I/O Timer ROM Secure Boot 35

  36. seL4 Kernel PR Att RAM/Flash K Attes t T 0 MM I/O Timer ROM Secure Boot 36

  37. seL4 Kernel @ T 1 Verifie PR Att r RAM/Flash K Attes t T 0 MM I/O Timer ROM Secure Boot 37

  38. seL4 Kernel Verifie PR Att r RAM/Flash K Attes t T 1 T 0 MM I/O Timer ROM Secure Boot 38

  39. seL4 Kernel Verifie PR Att r RAM/Flash K Attes t T 1 T 0 TS = T 1 + Timer MM I/O Timer ROM Secure Boot 39

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Fusing Hybrid Remote Attestation with a Formally Verified Microkernel: Lessons Learned Karim

Fusing Hybrid Remote Attestation with a Formally Verified Microkernel: Lessons Learned Karim

Fusing Hybrid Remote Attestation with a Formally Verified Microkernel: Lessons Learned Karim Eldefrawy, Norrathep Rattanavipanon , Gene Tsudik June 28, 2017 nrattana@uci.edu http://sprout.ics.uci.edu IoT/CPS/ES IoT/CPS/ES IoT/CPS/ES Remote

451 views • 33 slides
A Minimalist Approach to Remote Attestation Aurlien Francillon Eurecom Quan Nguyen, Kasper B.

A Minimalist Approach to Remote Attestation Aurlien Francillon Eurecom Quan Nguyen, Kasper B.

A Minimalist Approach to Remote Attestation Aurlien Francillon Eurecom Quan Nguyen, Kasper B. Rasmussen, Gene Tsudik UC Irvine Overview Motivation Definition of Remote Attestation From Definition to Properties From Properties

452 views • 17 slides
Measuring Semantic Integrity for Remote Attestation Fabrizio Baiardi 1 Diego Cilea 2 Daniele

Measuring Semantic Integrity for Remote Attestation Fabrizio Baiardi 1 Diego Cilea 2 Daniele

Introduction Proposed Solution: VIMS Conclusion Measuring Semantic Integrity for Remote Attestation Fabrizio Baiardi 1 Diego Cilea 2 Daniele Sgandurra 2 Francesco Ceccarelli 3 1 Polo G. Marconi - La Spezia, Universit di Pisa, Italy 2

378 views • 33 slides
Remote Attestation of IoT Devices via SMARM: Shuffled Measurements Against Roving Malware Xavier

Remote Attestation of IoT Devices via SMARM: Shuffled Measurements Against Roving Malware Xavier

Remote Attestation of IoT Devices via SMARM: Shuffled Measurements Against Roving Malware Xavier Carpent, Norrathep (Oak) Rattanavipanon , Gene Tsudik nrattana@uci.edu SPROUT Lab: sprout.ics.uci.edu University of California, Irvine 1

644 views • 42 slides
Obtaining Provably Secure Services from Formally Verified Remote Attestation Gene Tsudik 1 Joint

Obtaining Provably Secure Services from Formally Verified Remote Attestation Gene Tsudik 1 Joint

Obtaining Provably Secure Services from Formally Verified Remote Attestation Gene Tsudik 1 Joint work with: Ivan De Oliveira Nunes 1 , Karim Eldefrawy 2 , Norrathep Rattanavipanon 1 University of California Irvine 1 , SRI International 2 1 In

847 views • 48 slides
BARRETT: BlockchAin Regulated REmote aTTestation Michail Bampatsikos, Christoforos Ntantogian,

BARRETT: BlockchAin Regulated REmote aTTestation Michail Bampatsikos, Christoforos Ntantogian,

BARRETT: BlockchAin Regulated REmote aTTestation Michail Bampatsikos, Christoforos Ntantogian, Christos Xenakis, Stelios C. A. Thomopoulos ACKNOWLEDGEMENT: The research of the authors M. Bampatsikos and S. C. A. Thomopoulos is supported by Stavros

187 views • 15 slides
Introducing the Hydra Software Hydra is professional Internet management software that manages

Introducing the Hydra Software Hydra is professional Internet management software that manages

Introducing the Hydra Software Hydra is professional Internet management software that manages users based on the radius protocol as well as provides a variety of reports for connecting users to the network . In a general definition, Hydra can

234 views • 11 slides
Hydra: : a Python Framework a Python Framework Hydra for Parallel Computing for Parallel

Hydra: : a Python Framework a Python Framework Hydra for Parallel Computing for Parallel

Hydra: : a Python Framework a Python Framework Hydra for Parallel Computing for Parallel Computing Waide Tristram Karen Bradshaw 3 rd November 2009 Hydra in hour hour Hydra in An Opportunity Why Python and CSP? Aim

491 views • 22 slides
Hybrid Polynomial Prediction Hybrid Polynomial Prediction The remote host can dynamically

Hybrid Polynomial Prediction Hybrid Polynomial Prediction The remote host can dynamically

Special Course on Networked Virtual February 12, 2004 Environments Hybrid Polynomial Prediction Hybrid Polynomial Prediction The remote host can dynamically choose the order of The remote host can dynamically choose the order of

111 views • 9 slides
BEHAVIORAL HEALTH AGENCY (BHA)- LICENSING, ATTESTATION, AND DEEMING Attestation for Substance

BEHAVIORAL HEALTH AGENCY (BHA)- LICENSING, ATTESTATION, AND DEEMING Attestation for Substance

BEHAVIORAL HEALTH AGENCY (BHA)- LICENSING, ATTESTATION, AND DEEMING Attestation for Substance Use Disorder (SUD) Services DOH agrees that an attestation process for SUD services should be an option The attestation process for SUD

474 views • 8 slides
Distributed Attestation for Device Swarms in IoTs Under the Guidance of Prof. Vinay Ribeiro and

Distributed Attestation for Device Swarms in IoTs Under the Guidance of Prof. Vinay Ribeiro and

Distributed Attestation for Device Swarms in IoTs Under the Guidance of Prof. Vinay Ribeiro and Prof. Kolin Paul Samuel Wedaj(2014CSZ8390) Background: 2 The term Internet of things was first coined in 1999 A hybrid network of

601 views • 25 slides
PSA APIs An overview Attestation API 1.0.1 we are in the process of dropping a new

PSA APIs An overview Attestation API 1.0.1 we are in the process of dropping a new

PSA APIs An overview Attestation API 1.0.1 we are in the process of dropping a new release which allows signing using symmetric attestation keys (using COSE Mac0) Fully documented in ARM IHI 0085 TF-M master is slightly behind the

542 views • 17 slides
Secure Swarm Attestation for IoT Networks Ada Diop (Orange Labs - Tlcom SudParis)

Secure Swarm Attestation for IoT Networks Ada Diop (Orange Labs - Tlcom SudParis)

Secure Swarm Attestation for IoT Networks Ada Diop (Orange Labs - Tlcom SudParis) 12/02/2019 interne France Tlcom - Orange Trust in Remote Devices: example A sensor sends the following message over a Bluetooth, BLE or Thread

528 views • 19 slides
Building Secure Decentralized Applications the DECENT Way Haofan Zheng Xiaowei Chu University

Building Secure Decentralized Applications the DECENT Way Haofan Zheng Xiaowei Chu University

Building Secure Decentralized Applications the DECENT Way Haofan Zheng Xiaowei Chu University of California, Santa Cruz Owen Arden Remote Attestation A process for the enclave to gain the trust of a remote service, so that the remote

212 views • 18 slides
Attestation (RATS/EAT) Overview Laurence Lundblade February 2020 Entity Attestation Good

Attestation (RATS/EAT) Overview Laurence Lundblade February 2020 Entity Attestation Good

Attestation (RATS/EAT) Overview Laurence Lundblade February 2020 Entity Attestation Good Devices Token Chip & device manufacturer Banking risk engine IoT backend Device ID (e.g. serial number) Boot state, debug state

956 views • 34 slides
Migrating from Fedora 3 to 4 Now With More Hydra Goals for the Session Understand the basic

Migrating from Fedora 3 to 4 Now With More Hydra Goals for the Session Understand the basic

Migrating from Fedora 3 to 4 Now With More Hydra Goals for the Session Understand the basic conceptual models underlying Fedora 3/CMA, Fedora 4, and PCDM Work through a rudimentary migration exercise with Hydra/Fedora-Migrate Explore

906 views • 63 slides
Linux Boot Camp Jenna MacCarley, Peter Pearson, Shashank Goyal 9/19/2015 Carnegie Mellon

Linux Boot Camp Jenna MacCarley, Peter Pearson, Shashank Goyal 9/19/2015 Carnegie Mellon

Carnegie Mellon Linux Boot Camp Jenna MacCarley, Peter Pearson, Shashank Goyal 9/19/2015 Carnegie Mellon Connecting SSH Windows users: PuTTY (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html) Mac/Linux users: Use ssh

703 views • 27 slides
TrustOTP: Transforming Smartphones into Secure One-Time Password

TrustOTP: Transforming Smartphones into Secure One-Time Password

TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens He Sun, Kun Sun, Yuewu Wang, and Jiwu Jing Presented by Fengwei

474 views • 26 slides
Prak%kum The Bioinforma%cs Lab Week 1: Installing a Linux

Prak%kum The Bioinforma%cs Lab Week 1: Installing a Linux

Prak%kum The Bioinforma%cs Lab Week 1: Installing a Linux OS Stefan Seemayer Boot CD prepara%on Can boot from USB s%ck (on most

68 views • 6 slides
Experiences booting one million virtual machines (and a few tools we developed) Ron Minnich Don

Experiences booting one million virtual machines (and a few tools we developed) Ron Minnich Don

Experiences booting one million virtual machines (and a few tools we developed) Ron Minnich Don Rudish 08961 - Scalable Computing R & D Eurosys 2010 Minnich, Rudish, Gentile, Armstrong, Wylie, Pedretti, Thompson Experiences booting one

692 views • 38 slides
Redundant Booting with U-Boot Welcome to the Redundancy Theater Playhouse Thomas Rini 1 2

Redundant Booting with U-Boot Welcome to the Redundancy Theater Playhouse Thomas Rini 1 2

Redundant Booting with U-Boot Welcome to the Redundancy Theater Playhouse Thomas Rini 1 2 Overview Historically how redundancy has been developed and implemented What we have today And have had for a while What we hope to have

428 views • 10 slides
BI BIOS S an and d Se Secu cure e Bo Boot t Attacks acks Unc ncover ered ed Advanced

BI BIOS S an and d Se Secu cure e Bo Boot t Attacks acks Unc ncover ered ed Advanced

BI BIOS S an and d Se Secu cure e Bo Boot t Attacks acks Unc ncover ered ed Advanced Threat Research, Intel Security John Loucaides (presenting) In n The he Be Begi ginnin nning Was as The he Leg egacy acy BI BIOS.. S..

1.27k views • 100 slides
HOST Secure Boot I ECE 525 Secure Boot Introduction Embedded system security can be partitioned

HOST Secure Boot I ECE 525 Secure Boot Introduction Embedded system security can be partitioned

HOST Secure Boot I ECE 525 Secure Boot Introduction Embedded system security can be partitioned into two categories: Security issues associated with the design Security issues associated with the system and application data once the

1.13k views • 25 slides
Class Structure Last time: Fast Learning, Exploration/Exploitation Part 1 This Time: Fast

Class Structure Last time: Fast Learning, Exploration/Exploitation Part 1 This Time: Fast

Lecture 12: Fast Reinforcement Learning Part II 2 Emma Brunskill CS234 Reinforcement Learning. Winter 2018 2 With many slides from or derived from David Silver, Worked Examples New Lecture 12: Fast Reinforcement Learning Part II 3 Emma Brunskill

1.04k views • 70 slides

More recommend