obtaining provably secure services from formally verified
play

Obtaining Provably Secure Services from Formally Verified Remote - PowerPoint PPT Presentation

Jan 20, 2024 •357 likes •847 views

Obtaining Provably Secure Services from Formally Verified Remote Attestation Gene Tsudik 1 Joint work with: Ivan De Oliveira Nunes 1 , Karim Eldefrawy 2 , Norrathep Rattanavipanon 1 University of California Irvine 1 , SRI International 2 1 In

  1. Obtaining Provably Secure Services from Formally Verified Remote Attestation Gene Tsudik 1 Joint work with: Ivan De Oliveira Nunes 1 , Karim Eldefrawy 2 , Norrathep Rattanavipanon 1 University of California Irvine 1 , SRI International 2 1

  2. In this talk, I’m skipping: • Talk Outline • Background on IoT/CPS devices • Detailed motivation for securing devices 2

  3. IoT (In)Security 3

  4. Low-end IoT/CPS Devices (amoebas of the computing world) ● Designed for: Low Cost , Low Energy , Small Size, High Scale ● Memory: Program ( ≈ 32kB) and Data ( ≈ 2-16 kB) ● Single core CPU (8-16MHz; 8 or 16 bits) ● Simple Communication Interfaces for IO (a few kbps) ● Examples: TI MSP-430, AVR ATMega32 (Arduino) 4

  5. Attack/Compromise Detection vs. Prevention • Prevention is hard & expensive: • Simple devices can not perform fancy crypto, run anti-malware, verify certificates, etc. • Detection is the next best thing: • Goal: Remotely measure internal state of device and detect anomalous/compromised states 5

  6. Remote Attestation (RA) • A general approach for detecting malware presence on devices • Two-party interaction between: • Verifier : trusted entity • Prover : potentially infected and untrusted remote IoT device • Goal: measure current internal state of prover 6

  7. RA Interaction Verifier Prover Adversary might be in full control of Prover’s software state (1) Challenge (2) Authenticated memory measurement (via some integrity (3) Response ensuring function) (2) typically (4) Verify implemented as a MAC response over prover’s memory 7

  8. Adversarial Model [DAC’15] A. Remote malware adversary • Exploits various vulnerabilities to inject malware from afar • Exploits scale/popularity, probably not narrowly targeted B. Local communication adversary • Eavesdrops on, and manipulates, communication channel(s) • Note: A can lead to B… C. Physical adversary (up close and personal) • Non-Invasive: mounts hardware side-channel attacks • Invasive: (1) read-only, (2) hw-modifying 8

  9. RA Techniques • Hardware-based • Effective, but… • Dedicated hardware support (e.g., a TPM) • Expensive & overkill for lower-end devices • Software-based • Relies on precise timing measurement and no real-time accomplices • Unrealistic assumptions for remote prover except for peripheral/legacy devices • Hybrid • SW/HW co-design • Minimal hardware impact • Best fit for resource constrained IoT devices? • Examples : SMART, TrustLite, TyTaN, SeED, HYDRA, ERASMUS, SMARM 9

  10. Why bother with formally verified RA? • FV promises higher confidence and concrete security guarantees (towards provable security for concrete implementations) • Current RA techniques do not offer concrete assurances and rigor stemming from FV to guarantee security of designs and their implementations • Since existing techniques are not systematically designed from abstract models, soundness and security are hard to argue formally • Subtle issues are easy to miss (indeed they have been!) • Verification of hybrid (HW/SW) designs is both important and challenging 10

  11. Overview of VRASED: A Formally Verified RA Architecture 11

  12. Verification Approach 1) Define end-to-end (general) secure RA property Secure RA 2) Break it down into multiple sub-properties 3) Prove that sub-properties together imply end-to-end Sub-Property Sub-Property Sub-Property RA security 1 2 3 4) Implement VRASED HW/SW design 5) Prove that each HW/SW module satisfies each sub- property Based on (1-5), VRASED SW HW HW implementation satisfies secure RA property VRASED Implementation 12

  13. Notation 13

  14. RA Security 14

  15. Intuition behind sub-properties Authenticated memory Safe Execution: measurement requires a key è - Key not leaked during If this key is leaked, the scheme is execution of trusted code broken - Malware cannot “escape” detection Potential Malware residing inside the device should not access the key 15

  16. HW Implementation HW-Mod monitors a set of 7 CPU signals (wires) triggering a reset if any sub- property is violated 16

  17. Subset of Linear Temporal Logic (LTL): 17

  18. Example 1: Sub-module Verification Sub-property: Key Access Control 18 18

  19. Example 2: Sub-module Verification Sub-property: Atomicity + Controlled Invocation 19

  20. SW Implementation ● Most of SW is due to HMAC ● Use verified HMAC (SHA2-256-based) implementation from HACL* ● HACL*: a cryptographic library written and verified using F* ○ Functional correctness (according to the primitive’s spec) ○ Memory Safety ○ Secret Independence ● Low* (subset of F*) can be automatically translated to C J. Zinzindohoué, K. Bhargavan, J. Protzenko and B. Beurdouche HACL*: A Verified Modern Cryptographic Library ACM CCS 2017 20

  21. What else can we do with VRASED? & What is RA actually good for? 21

  22. RA alone is not enough! What to do when malware is remotely detected on Prover? • Physically re-flash Prover? Inconvenient… • Remotely update Prover software? * How to ensure that software is indeed updated and starts correctly? Malware can always lie. • Maybe reset Prover? Erase its memory? * Same issues 22

  23. Extending VRASED • PoU: Proof of software update • PoE: Proof of memory erasure • PoR: Proof of system-wide reset PURE : Architecture for Proofs of Update, Reset and Erasure Main feature: proof of subsequent malware-free state on Prover 23

  24. Overview of PURE Approach ● For each security service: ○ State generic protocol definition ○ State security definition ○ Extend VRASED to obtain that service ○ Prove that construction is secure according to security definition as long as VRASED is secure ■ Using reductions from VRASED security game ● Side-goal: Minimize mods to VRASED ● Start with PoR, then PoU, and PoE 24

  25. PoR: Formal Definition 25

  26. PoR: Security Definition 26

  27. PoR: SW Implementation ● Extend VRASED SW to support PoR functionality ● New SW is called “TCB” ' PoR code (PoR.C): Compute HMAC on challenge and reset. Reset is enforced by VRASED HW. Unmodified VRASED SW 27

  28. PoR: HW Implementation ● Add one new HW sub-module satisfying the following: ● Reads as: “After PoR code is invoked (when PC = fst(PoR.C)), PC does not reach the last TCB instruction before a system reset is triggered.” ● Since VRASED triggers a reset whenever PC leaves the TCB from any instruction other than lst(TCB)... ● ...it must reset or stay inside TCB forever. ● But, it cannot stay inside TCB forever since HMAC is proven to terminate ● Therefore, it must reset! 28

  29. Verified HW sub-module LTL Specification: Recall Controlled Invocation: HW FSM: § Normally VRASED only allows exiting TCB from the last instruction; otherwise reset! § This FSM will disallow that, if the TCB call is for a PoR, i.e., if PC = fst(PoR.C) § Closes the only exit door => the only option is reset! 29

  30. Verifier Prover NOTE: (4) can be done by unprivileged software. Why? (1) Challenge (2) Call PoR to compute : H = HMAC(K,Challenge||RST) (3) After (2), device must reset before resuming normal operation (4) After rebooting, read H (5) Response: H (6) Verify response: from persistent storage and HMAC(K,Challenge||RST)=?= H send it back 30

  31. PoR: Construction (more formally) 31

  32. PoR Proof ● Reduction from VRASED RA security to PoR security ● Intuition: ○ If there is an Adv that wins PoR-game without calling PoR code, same Adv can be used to win VRASED RA-game. ○ Therefore, Adv must call PoR code. ○ However, PURE LTL specification enforces that whenever PoR code is invoked, a system-wide reset must eventually happen, before PoR result becomes accessible. 32

  33. Proofs of Software Update • Verifier wants to install new software (SW) on Prover: 1 - Verifier sends SW to Prover, along with memory region (MEM) where to install it, and a challenge. 2 - Untrusted (non-RA) code is responsible for installing SW in MEM. 3 - Prover runs Attestation on MEM and replies with the result. 4 – If result is valid for MEM == SW, Verifier is assured that SW was successfully installed in MEM on Prover. 33

  34. Verifier Prover Step (2) can be done by untrusted software. (1) Challenge, SW, (2) Install SW on MEM MEM i.e., write MEM = SW (memcpy) (3) Response: H (3) Attest contents of MEM: H = HMAC(K,Challenge||MEM) (4) Verify response: HMAC(K,Challenge||SW)=?= H 34

  35. PoU: Formal Definition 35

  36. PoU: Security Definition 36

  37. PoU Construction & Verification Construction: ● Use untrusted software to perform a software update ● Then call VRASED to compute a measurement on updated software Verification: ● No modification to VRASED HW/SW => no verification effort for actual implementation ● Only need reduction from VRASED RA to PoU 37

  38. PoU Construction (more formally) 38

  39. Proofs of Memory Erasure • Special case of PoU • Can be viewed as an update to “all zeros”: {000...0} • To erase a region n Prover’s memory: 1. Verifier sends erasure request to Prover along with the memory region (MEM) to erase and a challenge. 2. Untrusted (non-RA) code writes “zeros” to MEM. 3. Prover runs Attestation on MEM and replies with the result If Prover’s result is valid, i.e., H = HMAC(K,Challenge||000...0) , Verifier knows 4. that MEM was successfully erased. 39

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Towards an Open-Source, Formally-Verified Secure Processor Srini Devadas Massachusetts

Towards an Open-Source, Formally-Verified Secure Processor Srini Devadas Massachusetts

Towards an Open-Source, Formally-Verified Secure Processor Srini Devadas Massachusetts Institute of Technology Architectural Isolation of Processes Fundamental to maintaining correctness and privacy! 2 Performance Dictates

959 views • 43 slides
Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified

Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified

Roberto Guanciale Mads Dam Hamed Nemati Christoph Baumann Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified Platforms Caches Excluded Formally Verified from the analysis Platforms Caches Excluded

675 views • 64 slides
Provably secure hash functions - do we care? Krystian Matusiewicz Technical University of Denmark

Provably secure hash functions - do we care? Krystian Matusiewicz Technical University of Denmark

Computational Complexity Provably-secure constructions Problems with provably-secure constructions Attempts at practical constructions Provably secure hash functions - do we care? Krystian Matusiewicz Technical University of Denmark Quo Vadis

874 views • 20 slides
Formally verified constraint solvers Catherine Dubois 1 Sourour Elloumi 1 Arnaud Gotlieb 2 1.

Formally verified constraint solvers Catherine Dubois 1 Sourour Elloumi 1 Arnaud Gotlieb 2 1.

Formally verified constraint solvers Catherine Dubois 1 Sourour Elloumi 1 Arnaud Gotlieb 2 1. CEDRIC-ENSIIE, Evry, France 2. Certus V&V Center, SIMULA RESEARCH LAB., Lysaker, Norway Dagstuhl Seminar 15381 1 / 23 Formally verified

501 views • 28 slides
Micro-Policies Formally Verified, Tag-Based Security Monitors Arthur Azevedo de Amorim Maxime

Micro-Policies Formally Verified, Tag-Based Security Monitors Arthur Azevedo de Amorim Maxime

Micro-Policies Formally Verified, Tag-Based Security Monitors Arthur Azevedo de Amorim Maxime Dns Nick Giannarakis Ctlin Hricu Benjamin C. Pierce Antal Spector-Zabusky Andrew Tolmach May 20, 2015 1 How can we design secure

900 views • 79 slides
Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified Cryptographic Web Applications in WASM May. 22 st , 2019 1 / 22 in WebAssembly Jonathan Protzenko Microsoft Research Benjamin Beurdouche INRIA

1.5k views • 57 slides
Provably secure compilation of side-channel countermeasures: the case of cryptographic

Provably secure compilation of side-channel countermeasures: the case of cryptographic

Provably secure compilation of side-channel countermeasures: the case of cryptographic constant-time Gilles Barthe Benjamin Grgoire Vincent Laporte CSF18, 2018-07-12 Vincent Laporte et alii Provably secure compilation of

501 views • 25 slides
A Formally Verified Quadratic Unification Algorithm J.-L. Ruiz-Reina, J.-A. Alonso, M.-J. Hidalgo

A Formally Verified Quadratic Unification Algorithm J.-L. Ruiz-Reina, J.-A. Alonso, M.-J. Hidalgo

A Formally Verified Quadratic Unification Algorithm J.-L. Ruiz-Reina, J.-A. Alonso, M.-J. Hidalgo and F .-J. Mart n-Mateos Computational Logic Group Dept. of Computer Science and Artificial Intelligence University of Seville A Formally

356 views • 32 slides
Towards Formally Verified Theorem Provers Ramana Kumar Computer Laboratory, University of

Towards Formally Verified Theorem Provers Ramana Kumar Computer Laboratory, University of

Towards Formally Verified Theorem Provers Ramana Kumar Computer Laboratory, University of Cambridge Twenty Years of the QED Manifesto Vienna Summer of Logic, 2014 HOL Verified Goals of the Project An implementation of HOL Light 1. that runs

428 views • 13 slides
VigNAT: A Formally Verified NAT Arseniy Zaostrovnykh, Solal Pirelli, Luis Pedrosa, Katerina

VigNAT: A Formally Verified NAT Arseniy Zaostrovnykh, Solal Pirelli, Luis Pedrosa, Katerina

VigNAT: A Formally Verified NAT Arseniy Zaostrovnykh, Solal Pirelli, Luis Pedrosa, Katerina Argyraki, George Candea Formally verify a stateful NF with competitive performance and reasonable human effort 2 Formally verify a stateful NF with

836 views • 81 slides
Towards a Provably Secure DoS-Resilient Key Exchange Protocol with PFS 1 L. Kuppusamy * J.

Towards a Provably Secure DoS-Resilient Key Exchange Protocol with PFS 1 L. Kuppusamy * J.

Introduction Contributions Conclusion Towards a Provably Secure DoS-Resilient Key Exchange Protocol with PFS 1 L. Kuppusamy * J. Rangasamy * D. Stebila * C. Boyd * J.M. Gonzlez Nieto * * Information Security Institute Queensland

943 views • 22 slides
Formally Verified Differential Dynamic Logic (in Isabelle/HOL and Coq) Brandon Bohrer ,

Formally Verified Differential Dynamic Logic (in Isabelle/HOL and Coq) Brandon Bohrer ,

Formally Verified Differential Dynamic Logic (in Isabelle/HOL and Coq) Brandon Bohrer , Vincent Rahli, Ivana Vukotic, Marcus Vlp, Andr Platzer Thanks to: Johannes Hlzl, Fabian Immler, Tobias Nipkow, et. al. + Coquelicot team

540 views • 38 slides
A Formally Verified Symmetry Breaking Tool for SAT David E. Narv aez den9562@rit.edu

A Formally Verified Symmetry Breaking Tool for SAT David E. Narv aez den9562@rit.edu

A Formally Verified Symmetry Breaking Tool for SAT David E. Narv aez den9562@rit.edu Rochester Institute of Technology Rochester, NY, USA FMCAD-18 Student Forum David E. Narv aez (RIT) Formally Verified Symmetry Breaking Tool FMCAD-18

215 views • 6 slides
Provably Secure Execution Platforms - Lecture Four: A Simple Separation Kernel and Its

Provably Secure Execution Platforms - Lecture Four: A Simple Separation Kernel and Its

Provably Secure Execution Platforms - Lecture Four: A Simple Separation Kernel and Its Verification Mads Dam KTH Royal Institute of Technology BISS spring school, Bertinoro 2018 The Goal Hypervisor Context switch: Fixed round-robin

1.16k views • 67 slides
Provably Secure Higher-Order Masking of AES Matthieu Rivain Emmanuel Prouff CryptoExperts

Provably Secure Higher-Order Masking of AES Matthieu Rivain Emmanuel Prouff CryptoExperts

Provably Secure Higher-Order Masking of AES Matthieu Rivain Emmanuel Prouff CryptoExperts Oberthur CHES 2010, Santa Barbara, Aug. 20 th CHES 2010 Provably Secure Higher-Order Masking of AES Outline 1 Introduction Higher-Order

1.1k views • 77 slides
Provably Secure Execution Platforms - Lecture One: Introduction Mads Dam KTH Royal Institute

Provably Secure Execution Platforms - Lecture One: Introduction Mads Dam KTH Royal Institute

Provably Secure Execution Platforms - Lecture One: Introduction Mads Dam KTH Royal Institute of Technology Thanks to Roberto Guanciale, Musard Balliu, Christoph Baumann, Hamed Nemati, Oliver Schwarz, Victor Do, Christian Gehrmann, Jonas

1.41k views • 114 slides
Legislating for No More Bad Investments Philip Sutton, Strategist Talk outline

Legislating for No More Bad Investments Philip Sutton, Strategist Talk outline

Legislating for No More Bad Investments Philip Sutton, Strategist Talk outline Introduction to the NMBI Act for passage by State and Territory governments Change paradigm (going for the package) The campaign for the

450 views • 10 slides
The First Law of Thermodynamics Thermodynamic Work The First Law of Thermodynamics Applications

The First Law of Thermodynamics Thermodynamic Work The First Law of Thermodynamics Applications

The First Law of Thermodynamics Thermodynamic Work The First Law of Thermodynamics Applications of the First Law of Thermodynamics Homework

831 views • 10 slides
Charleston Neighborhood Associa3on May 2017 Membership Mee3ng Livability Under Siege CNA

Charleston Neighborhood Associa3on May 2017 Membership Mee3ng Livability Under Siege CNA

Charleston Neighborhood Associa3on May 2017 Membership Mee3ng Livability Under Siege CNA Residents Percep3on of Livability Peninsula Charleston has passed the 3pping point of tourism volume resul3ng in excessive nuisance crimes and

363 views • 24 slides
Climate Action in Colorado: How to engage in legislative & regulatory spaces What's up at the

Climate Action in Colorado: How to engage in legislative & regulatory spaces What's up at the

Climate Action in Colorado: How to engage in legislative & regulatory spaces What's up at the Legislature: bills, the recess, and how to get engaged in the legislative process HB20-1095: Local Governments Water Elements in Master Plans

132 views • 10 slides
Data Collection with the DE-12 Camera Nikolaus Grigorieff Brandeis University & TSRI

Data Collection with the DE-12 Camera Nikolaus Grigorieff Brandeis University & TSRI

Data Collection with the DE-12 Camera Nikolaus Grigorieff Brandeis University & TSRI Exposure Series 1 2 3 8 electrons/ 2 8 electrons/ 2 8 electrons/ 2 Rotavirus DLP Mapping Rotations Exposure 1 2 Longest vectors

773 views • 19 slides
Study of the ionosphere irregularities caused by Space Weather activity on the base of GNSS

Study of the ionosphere irregularities caused by Space Weather activity on the base of GNSS

14th International Ionospheric Effects Symposium May 12-14, 2015 Study of the ionosphere irregularities caused by Space Weather activity on the base of GNSS measurements Iurii Cherniak Space Radio Research Center, University of Warmia and

379 views • 18 slides
CSE543 Computer and Network Security Module: Cloud Computing Professor Trent Jaeger Systems and

CSE543 Computer and Network Security Module: Cloud Computing Professor Trent Jaeger Systems and

994 views • 63 slides
Parallel Gauss Sieve Algorithm : Solving the Ideal T.Takagi Lattice Challenge of 128 dimensions

Parallel Gauss Sieve Algorithm : Solving the Ideal T.Takagi Lattice Challenge of 128 dimensions

Parallel Gauss Sieve Algorithm T.Ishiguro, S.Kiyomoto, Y.Miyake, Parallel Gauss Sieve Algorithm : Solving the Ideal T.Takagi Lattice Challenge of 128 dimensions Outline Background Proposed Tsukasa Ishiguro 1 Shinsaku Kiyomoto 1 Algorithm

528 views • 32 slides

More recommend