lightweight and flexible trust assessment modules for the
play

Lightweight and Flexible Trust Assessment Modules for the Internet - PowerPoint PPT Presentation

Aug 09, 2023 •125 likes •636 views

empty Lightweight and Flexible Trust Assessment Modules for the Internet of Things Jan Tobias Mhlberg , Job Noorman and Frank Piessens jantobias.muehlberg@cs.kuleuven.be iMinds-DistriNet, KU Leuven, Celestijnenlaan 200A, B-3001 Belgium

  1. empty Lightweight and Flexible Trust Assessment Modules for the Internet of Things Jan Tobias Mühlberg , Job Noorman and Frank Piessens jantobias.muehlberg@cs.kuleuven.be iMinds-DistriNet, KU Leuven, Celestijnenlaan 200A, B-3001 Belgium QA&Test @ Bilbao, October 2015 1 /24 Jan Tobias Mühlberg Trust Assessment Modules for the IoT

  2. empty COSIC and DistriNet: Who we are. COSIC (Bart Preneel, Ingrid Verbauwhede) • Cryptographic primitives R IJNDAEL (AES), L ANE (SHA-3 candidate) • Secure and compact hardware design SPONGENT (lightweight hash), Side-channel attacks DistriNet (Frank Piessens) • Low-level vulnerabilities and countermeasures Still very relevant in the IoT • Protected module architectures Software isolation with a minimal TCB • Fully abstract/secure compilation Enable security reasoning at high-level languages 2 /24 Jan Tobias Mühlberg Trust Assessment Modules for the IoT

  3. empty Lightweight and Flexible Trust Assessment Modules for the Internet of Things Jan Tobias Mühlberg , Job Noorman and Frank Piessens jantobias.muehlberg@cs.kuleuven.be iMinds-DistriNet, KU Leuven, Celestijnenlaan 200A, B-3001 Belgium QA&Test @ Bilbao, October 2015 3 /24 Jan Tobias Mühlberg Trust Assessment Modules for the IoT

  4. empty Motivation: Security of IoT Nodes TI MSP430: designed for low cost and low power consumption • Runs 4.5 years on a single AAA cell and almost 13 years on an AA battery [Sea08] 4 /24 Jan Tobias Mühlberg Trust Assessment Modules for the IoT

  5. empty Motivation: Security of IoT Nodes TI MSP430: designed for low cost and low power consumption • Runs 4.5 years on a single AAA cell and almost 13 years on an AA battery [Sea08] Safety and security? • No MMU, no hierarchical protection domains, etc. • Successful attacker has full control over a node: • Modify all code and data • Perform I/O 4 /24 Jan Tobias Mühlberg Trust Assessment Modules for the IoT

  6. empty Motivation: Security of IoT Nodes TI MSP430: designed for low cost and low power consumption • Runs 4.5 years on a single AAA cell and almost 13 years on an AA battery [Sea08] Safety and security? • No MMU, no hierarchical protection domains, etc. • Successful attacker has full control over a node: • Modify all code and data • Perform I/O • DoS, forge sensor readings or node identity 4 /24 Jan Tobias Mühlberg Trust Assessment Modules for the IoT

  7. empty Motivation: Security of IoT Nodes TI MSP430: designed for low cost and low power consumption • Runs 4.5 years on a single AAA cell and almost 13 years on an AA battery [Sea08] Safety and security? • No MMU, no hierarchical protection domains, etc. • Successful attacker has full control over a node: • Modify all code and data • Perform I/O • DoS, forge sensor readings or node identity • Even without an attacker: bugs and software ageing 4 /24 Jan Tobias Mühlberg Trust Assessment Modules for the IoT

  8. empty Motivation: Security of IoT Nodes TI MSP430: designed for low cost and low power consumption • Runs 4.5 years on a single AAA cell and almost 13 years on an AA battery [Sea08] Safety and security? • No MMU, no hierarchical protection domains, etc. • Successful attacker has full control over a node: • Modify all code and data • Perform I/O • DoS, forge sensor readings or node identity • Even without an attacker: bugs and software ageing • Trustworthiness of a node is hard to assess! Testing? Formal verification? Observation? 4 /24 Jan Tobias Mühlberg Trust Assessment Modules for the IoT

  9. empty Motivation: Security of IoT Nodes TI MSP430: designed for low cost and low power consumption • Runs 4.5 years on a single AAA cell and almost 13 years on an AA battery [Sea08] Safety and security? • No MMU, no hierarchical protection domains, etc. • Successful attacker has full control over a node: • Modify all code and data • Perform I/O • DoS, forge sensor readings or node identity • Even without an attacker: bugs and software ageing • Trustworthiness of a node is hard to assess! Testing? Formal verification? Observation? • Protected Module Architectures can help (Intel SGX, ARM TrustZone, SMART, TrustLite, Sancus) 4 /24 Jan Tobias Mühlberg Trust Assessment Modules for the IoT

  10. empty Motivation: Sancus Sancus [NAD + 13] enables strong isolation, attestation and communication for embedded software components: • Implements Program Counter Based Access Control [SPP10] for Software Modules (SMs) on single-address-space architectures Ip SM protected data section SM text section Entry point Memory Unprotected Code & constants Unprotected Unprotected Protected data K N , SP , SM SM metadata Protected storage area K N Layout Keys 5 /24 Jan Tobias Mühlberg Trust Assessment Modules for the IoT

  11. empty Motivation: Sancus Sancus [NAD + 13] enables strong isolation, attestation and communication for embedded software components: • Implements Program Counter Based Access Control [SPP10] for Software Modules (SMs) on single-address-space architectures Ip Public and protected sections SM protected data section SM text section Entry point Memory Unprotected Code & constants Unprotected Unprotected Protected data K N , SP , SM SM metadata Protected storage area K N Layout Keys 5 /24 Jan Tobias Mühlberg Trust Assessment Modules for the IoT

  12. empty Motivation: Sancus Sancus [NAD + 13] enables strong isolation, attestation and communication for embedded software components: • Implements Program Counter Based Access Control [SPP10] for Software Modules (SMs) on single-address-space architectures Ip Module layout SM protected data section SM text section Entry point Memory Unprotected Code & constants Unprotected Unprotected Protected data K N , SP , SM SM metadata Protected storage area K N Layout Keys 5 /24 Jan Tobias Mühlberg Trust Assessment Modules for the IoT

  13. empty Motivation: Sancus Sancus [NAD + 13] enables strong isolation, attestation and communication for embedded software components: • Implements Program Counter Based Access Control [SPP10] for Software Modules (SMs) on single-address-space architectures Ip Module identity SM protected data section SM text section Entry point Memory Unprotected Code & constants Unprotected Unprotected Protected data K N , SP , SM SM metadata Protected storage area K N Layout Keys 5 /24 Jan Tobias Mühlberg Trust Assessment Modules for the IoT

  14. empty Motivation: Sancus Sancus [NAD + 13] enables strong isolation, attestation and communication for embedded software components: • Implements Program Counter Based Access Control [SPP10] for Software Modules (SMs) on single-address-space architectures Ip Module entry point SM protected data section SM text section Entry point Memory Unprotected Code & constants Unprotected Unprotected Protected data K N , SP , SM SM metadata Protected storage area K N Layout Keys 5 /24 Jan Tobias Mühlberg Trust Assessment Modules for the IoT

  15. empty Motivation: Sancus Sancus [NAD + 13] enables strong isolation, attestation and communication for embedded software components: • Implements Program Counter Based Access Control [SPP10] for Software Modules (SMs) on single-address-space architectures Ip Module keys SM protected data section SM text section Entry point Memory Unprotected Code & constants Unprotected Unprotected Protected data K N , SP , SM SM metadata Protected storage area K N Layout Keys 5 /24 Jan Tobias Mühlberg Trust Assessment Modules for the IoT

  16. empty Motivation: Sancus Sancus [NAD + 13] enables strong isolation, attestation and communication for embedded software components: • Implements Program Counter Based Access Control [SPP10] for Software Modules (SMs) on single-address-space architectures • Provides efficient cryptographic primitives and key handling • Reference implementation based on the openMSP430 6 /24 Jan Tobias Mühlberg Trust Assessment Modules for the IoT

  17. empty Motivation: Sancus Sancus [NAD + 13] enables strong isolation, attestation and communication for embedded software components: • Implements Program Counter Based Access Control [SPP10] for Software Modules (SMs) on single-address-space architectures • Provides efficient cryptographic primitives and key handling • Reference implementation based on the openMSP430 Some drawbacks: • Isolation vs. shared memory communication [BNMP15] • Re-implementing an existing set of applications as SMs is often not straight-forward 6 /24 Jan Tobias Mühlberg Trust Assessment Modules for the IoT

  18. empty Motivation: Sancus Sancus [NAD + 13] enables strong isolation, attestation and communication for embedded software components: • Implements Program Counter Based Access Control [SPP10] for Software Modules (SMs) on single-address-space architectures • Provides efficient cryptographic primitives and key handling • Reference implementation based on the openMSP430 Some drawbacks: • Isolation vs. shared memory communication [BNMP15] • Re-implementing an existing set of applications as SMs is often not straight-forward Can we use Sancus SMs to implement light-weight and secure inspection components that integrate seamlessly with existing deployment scenarios? 6 /24 Jan Tobias Mühlberg Trust Assessment Modules for the IoT

  19. empty Trust Assessment Modules Idea • Securely deploy a protected inspection module to assess the state of an IoT node 7 /24 Jan Tobias Mühlberg Trust Assessment Modules for the IoT

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Beneficiary Flexible Trust Tulsa Estate Planning Forum November 11, 2014 Roadmap

The Beneficiary Flexible Trust Tulsa Estate Planning Forum November 11, 2014 Roadmap

The Beneficiary Flexible Trust Tulsa Estate Planning Forum November 11, 2014 Roadmap Situations in which a Beneficiary Flexible Trust Makes Sense Goals and Attributes vs. Inherent Limitations Beneficiary Flexible Trust Agreement

622 views • 31 slides
Contiki: A Lightweight and Flexible Operating System for Tiny Networked Sensors Protothreads:

Contiki: A Lightweight and Flexible Operating System for Tiny Networked Sensors Protothreads:

Contiki: A Lightweight and Flexible Operating System for Tiny Networked Sensors Protothreads: Simplifying Event-Driven Programming of Memory-Constrained Embedded Systems SensorWare Fibers Mantis Exokernel Nemesis Contiki Open source

432 views • 10 slides
Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1.

Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1.

Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1. About Think Lightweight 2. What are Lightweight Structures? 3. Industry Applications 4. Product Line Review 5. Think Lightweight Component

832 views • 43 slides
Smooth and Flexible ERP Migration between Heterogeneous ERP Systems/ERP Modules Lars Frank

Smooth and Flexible ERP Migration between Heterogeneous ERP Systems/ERP Modules Lars Frank

Smooth and Flexible ERP Migration between Heterogeneous ERP Systems/ERP Modules Lars Frank Copenhagen Business School The two types of ACID properties: 1. Traditional ACID properties may be viewed as a DBMS guarantee to users that they are

475 views • 18 slides
THE BASICS IN ACTION UBC DIETETICS PROGRAM Module 2 of 2 SCOPE OF THESE MODULES Modules 1 &

THE BASICS IN ACTION UBC DIETETICS PROGRAM Module 2 of 2 SCOPE OF THESE MODULES Modules 1 &

HOME TUBE FEEDING THE BASICS IN ACTION UBC DIETETICS PROGRAM Module 2 of 2 SCOPE OF THESE MODULES Modules 1 & 2 address the following Nutrition Care Process steps Intervention Monitoring and Evaluation Assessment and Diagnosis are

492 views • 18 slides
TPM Meets DRE: Reducing the Trust Base for Electronic Voting Using Trusted Platform Modules

TPM Meets DRE: Reducing the Trust Base for Electronic Voting Using Trusted Platform Modules

TPM Meets DRE: Reducing the Trust Base for Electronic Voting Using Trusted Platform Modules Russell A. Fink, Alan T. Sherman, and Richard Carback Direct Recording Electronic (DRE) Higher usability compared to paper ballot Multi-language

299 views • 15 slides
Rapid Prototyping of Wireless Physical Layer Modules Using Flexible Software/Hardware Design Flow

Rapid Prototyping of Wireless Physical Layer Modules Using Flexible Software/Hardware Design Flow

Rapid Prototyping of Wireless Physical Layer Modules Using Flexible Software/Hardware Design Flow James Chacko jjc652@drexel.edu Cem Sahin cs486@drexel.edu Doug Pfeil dsp36@drexel.edu wireless.ece.drexel.edu Dr. Nagarajan Kandasamy

468 views • 26 slides
HOME TUBE FEEDING BASICS UBC DIETETICS PROGRAM Module 1 of 2 SCOPE OF THESE MODULES Modules 1

HOME TUBE FEEDING BASICS UBC DIETETICS PROGRAM Module 1 of 2 SCOPE OF THESE MODULES Modules 1

HOME TUBE FEEDING BASICS UBC DIETETICS PROGRAM Module 1 of 2 SCOPE OF THESE MODULES Modules 1 & 2 address the following Nutrition Care Process steps Intervention Monitoring and Evaluation Assessment and Diagnosis are not explicitly

586 views • 34 slides
Prototyping a Lightweight Trust Architecture to Fight Phishing David Chau 6 October 2005

Prototyping a Lightweight Trust Architecture to Fight Phishing David Chau 6 October 2005

Prototyping a Lightweight Trust Architecture to Fight Phishing David Chau 6 October 2005 Prototyping a Lightweight Trust Architecture to Fight Phishing David Chau 6 October 2005 6.UAP LTA Presentation Thanks to my collaborators Ben

421 views • 24 slides
Lightweight Software Process Assessment and Improvement Tom Feliz tom.feliz@tektronix.com

Lightweight Software Process Assessment and Improvement Tom Feliz tom.feliz@tektronix.com

11/15/2012 Lightweight Software Process Assessment and Improvement Tom Feliz tom.feliz@tektronix.com Author Biography Tom Feliz is a Senior Software Design Engineer and Software Quality Lead at Tektronix. He has been engineering software

363 views • 12 slides
The lightweight beam for Heavyweight applications The impact of this lightweight steel beam will

The lightweight beam for Heavyweight applications The impact of this lightweight steel beam will

The lightweight beam for Heavyweight applications The impact of this lightweight steel beam will revolutionise the international high-rise construction industry Tony Zaccarini and Dr Patrick OBrien The lightweight beam for Heavyweight

417 views • 12 slides
Social Impact Assessment Preserving trust in the Internet of Things Lilian Edwards, Derek

Social Impact Assessment Preserving trust in the Internet of Things Lilian Edwards, Derek

From Privacy Impact Assessment to Social Impact Assessment Preserving trust in the Internet of Things Lilian Edwards, Derek McAuley, and Laurence Diver Universities of Strathclyde, Nottingham, and Edinburgh The problem space : trust in the IoT

367 views • 5 slides
The lightweight beam for Heavyweight applications The impact of this lightweight beam concept

The lightweight beam for Heavyweight applications The impact of this lightweight beam concept

The lightweight beam for Heavyweight applications The impact of this lightweight beam concept will revolutionise the aviation industry Tony Zaccarini and Dr Patrick OBrien The lightweight beam for Heavyweight applications Patent Applied For

479 views • 12 slides
Inkjet-/ 3D-/4D-Printed Wireless Ultrabroadband Modules for IoT, SmartAg and Smart City

Inkjet-/ 3D-/4D-Printed Wireless Ultrabroadband Modules for IoT, SmartAg and Smart City

Inkjet-/ 3D-/4D-Printed Wireless Ultrabroadband Modules for IoT, SmartAg and Smart City Applications Manos M. Tentzeris Ken Byers Professor in Flexible Electronics School of Electrical and Computer Engineering, Georgia Institute of Technology,

380 views • 36 slides
GraphHopper Route Optimization Stefan Schrder What is GraphHopper? Fast and Flexible

GraphHopper Route Optimization Stefan Schrder What is GraphHopper? Fast and Flexible

GraphHopper Route Optimization Stefan Schrder What is GraphHopper? Fast and Flexible Directions API Lightweight API to solve heavy routing problems Brief history 04/2012 Peter Karich published OS GraphHopper routing based on

478 views • 26 slides
The Illusion of Method: Challenges of Model-Based Safety Assessment Oleg Lisagor Linling Sun

The Illusion of Method: Challenges of Model-Based Safety Assessment Oleg Lisagor Linling Sun

The Illusion of Method: Challenges of Model-Based Safety Assessment Oleg Lisagor Linling Sun Tim Kelly Overview Why do we trust safety assessment? Why do we trust FTA? Can we trust current MBSA techniques on the same basis? What do we need

196 views • 18 slides
Programs, and Java 1 Objectives To Know the basics To write a simple Java program To

Programs, and Java 1 Objectives To Know the basics To write a simple Java program To

Chapter 1 Introduction to Computers, Programs, and Java 1 Objectives To Know the basics To write a simple Java program To know error types To Know basic syntax of a Java program 2 Programs Computer programs , known as software

473 views • 36 slides
Hot Topics Affecting the Financial Services Industry Developments in US and UK Financial Services

Hot Topics Affecting the Financial Services Industry Developments in US and UK Financial Services

Hot Topics Affecting the Financial Services Industry Developments in US and UK Financial Services Enforcement Daniel L. Stein Guy Wilkes Partner Partner +1 212 506 2646 +44 20 3130 3355 dstein@mayerbrown.com gwilkes@mayerbrown.com June 6,

639 views • 33 slides
Law & the Courts Ch. 13 The Nature of Law At a very basic level, the law has to

Law & the Courts Ch. 13 The Nature of Law At a very basic level, the law has to

Law & the Courts Ch. 13 The Nature of Law At a very basic level, the law has to distinguish & categorize the many ways people can harm each other Examples Important distinctions: 1. Civil vs. criminal law 2. State vs.

234 views • 21 slides
CSE543 - Introduction to Computer and Network Security Module: Authentication Professor Trent

CSE543 - Introduction to Computer and Network Security Module: Authentication Professor Trent

932 views • 53 slides
SIP Working Group IETF 72 chaired by Keith Drage, Dean Willis Note Well

SIP Working Group IETF 72 chaired by Keith Drage, Dean Willis Note Well

SIP Working Group IETF 72 chaired by Keith Drage, Dean Willis Note Well AnysubmissiontotheIETFintendedbytheContributorforpublicationasallorpartofanIETFInternet-Draft

234 views • 9 slides
Reviewing for privacy in Internet and Web standard-setting Nick Doty UC Berkeley, School of

Reviewing for privacy in Internet and Web standard-setting Nick Doty UC Berkeley, School of

Reviewing for privacy in Internet and Web standard-setting Nick Doty UC Berkeley, School of Information Outline 1. Internet standards at IETF & W3C 2. History of security and privacy reviews 3. Reactions to Snowden 4. Future directions What

550 views • 14 slides
Network Selection for Public WLANS Farid Adrangi Intel Corp. Farooq Bari AT&T

Network Selection for Public WLANS Farid Adrangi Intel Corp. Farooq Bari AT&T

Network Selection for Public WLANS Farid Adrangi Intel Corp. Farooq Bari AT&T Wireless Background An increasing public WLAN deployment by WISP, 3G, and fixed broadband operators In roaming situations, a WLAN access network

146 views • 12 slides
Saratoga : scalable, speedy data delivery for sensor networks Lloyd Wood Research Fellow Centre

Saratoga : scalable, speedy data delivery for sensor networks Lloyd Wood Research Fellow Centre

Saratoga : scalable, speedy data delivery for sensor networks Lloyd Wood Research Fellow Centre for Communication Systems Research, University of Surrey, Guildford, GU2 7XH 30 June 2011 Private sensor networks Must deliver sensor data

351 views • 6 slides

More recommend