p rotect io n root of trust for io in compromised
play

P ROTECT IO N : Root-of-Trust for IO in Compromised Platforms Aritra - PowerPoint PPT Presentation

Sep 29, 2022 •342 likes •773 views

P ROTECT IO N : Root-of-Trust for IO in Compromised Platforms Aritra Dhar, Enis Ulqinaku, Kari Kostiainen, Srdjan Capkun ETH Zurich NDSS 2020 | | Motivation Remote device 75 Heart beat 177 Insulin (U) 0.025 Basal rate (U/Hr) Low limit

  1. P ROTECT IO N : Root-of-Trust for IO in Compromised Platforms Aritra Dhar, Enis Ulqinaku, Kari Kostiainen, Srdjan Capkun ETH Zurich NDSS 2020 | |

  2. Motivation Remote device 75 Heart beat 177 Insulin (U) 0.025 Basal rate (U/Hr) Low limit (mg/dL) 60 105 High limit (mg/dL) Cancel Program NDSS 2020 | | 4/3/20 2

  3. Motivation Remote device 75 Heart beat 177 Insulin (U) 0.025 Basal rate (U/Hr) Low limit (mg/dL) 60 105 High limit (mg/dL) Cancel Program NDSS 2020 | | 4/3/20 3

  4. Remote Trusted path User IO devices Host Remote server NDSS 2020 Aritra Dhar | | 4/3/20 4

  5. Solution 1: Transaction Confirmation Device Remote device 75 Heart beat 177 Insulin (U) 0.025 Basal rate (U/Hr) Android Protected Confirmation Low limit (mg/dL) 60 You are going to program Heart beat 75 105 High limit (mg/dL) Insulin 177U Basal rate 0.025 U/Hr Low level 60 mg/dL High level 105 mg/dL Cancel Program And more …… NDSS 2020 Aritra Dhar | | 4/3/20 5

  6. Solution 2: Input Signing Remote device 75 Heart beat 177 Insulin (U) Heart beat 75 Insulin 177U 0.025 Basal rate (U/Hr) Basal rate 0.025 U/Hr Low level 60 mg/dL Low limit (mg/dL) High level 105 mg/dL 60 Trusted embedded 105 High limit (mg/dL) device Cancel Program NDSS 2020 Aritra Dhar | | 4/3/20 6

  7. Display manipulation attack Insulin 177 177 17 Insulin 7 1777 177 User sees 177 Device records 1777 Host sends 1777 • IntegriKey NDSS 2020 Aritra Dhar | | 4/3/20 7

  8. Observation 1 The lack of output integrity – the render of user inputs on the screen – compromises input integrity. NDSS 2020 Aritra Dhar | | 4/3/20 8

  9. Solution 3: Overlay Remote device Remote device 75 Heart beat Heart beat 177 Insulin (U) Insulin (U) 0.025 Basal rate (U/Hr) Basal rate (U/Hr) Low limit (mg/dL) Low limit (mg/dL) 60 105 High limit (mg/dL) High limit (mg/dL) Cancel Cancel Program Program NDSS 2020 Aritra Dhar | | 4/3/20 9

  10. Overlay: Output Manipulation Remote device Remote device Heart beat Insulin (U) Insulin (U) Heart rate Basal rate (U/Hr) Basal rate (U/Hr) Low limit (mg/dL) Low limit (mg/cc) High limit (mg/dL) High limit (mg/cc) Cancel Cancel Program Program NDSS 2020 Aritra Dhar | | 4/3/20 10

  11. Overlay: Output Manipulation Remote device 177 Insulin (U) Heart rate 75 Basal rate (U/Hr) 0.025 Low limit (mg/cc) 6000 10500 High limit (mg/cc) Program Cancel NDSS 2020 Aritra Dhar | | 4/3/20 11

  12. Observation 2 If the protected output is provided out-of-context , users are more likely not to verify it. Therefore input integrity can be violated. NDSS 2020 Aritra Dhar | | 4/3/20 12

  13. Overlay: Early Form Submission Attack Remote device 75 Heart beat 17 Insulin (U) Textbox in focus 0.025 Basal rate (U/Hr) • Fidelius • Trusted overlay from FPGA Low limit (mg/dL) 60 105 High limit (mg/dL) Program Cancel OS triggers click NDSS 2020 Aritra Dhar | | 4/3/20 13

  14. Observation 3 If not all the modalities of inputs are secured simultaneously, none of them can be fully secured. NDSS 2020 Aritra Dhar | | 4/3/20 14

  15. Requirements The lack of output integrity – the render of user inputs on the screen – compromises input integrity. Inter-dependency between Input and output NDSS 2020 Aritra Dhar | | 4/3/20 15

  16. Requirements If not all the modalities of inputs are secured simultaneously, none of them can be fully secured. All modalities of input NDSS 2020 Aritra Dhar | | 4/3/20 16

  17. Requirements If the protected output is provided out-of-context , users are more likely not to verify it. Therefore input integrity can be violated. Low cognitive load NDSS 2020 Aritra Dhar | | 4/3/20 17

  18. Requirements Low TCB and easy deploy NDSS 2020 Aritra Dhar | | 4/3/20 18

  19. Requirements NDSS 2020 Aritra Dhar | | 4/3/20 19

  20. ProtectIOn Low TCB + fast deployment Input modalities IOHub NDSS 2020 Aritra Dhar | | 4/3/20 20

  21. IO Integrity – Overlay Generation Remote device Insulin (U) Heart rate Basal rate (U/Hr) Simultaneous IO Low limit (mg/cc) High limit (mg/cc) Cancel Program <form action=“/some_action”, signature = “0x45AB…”, id = “0x0ab”> NDSS 2020 Aritra Dhar | | 4/3/20 21

  22. IO Integrity – Overlay Generation Simultaneous IO NDSS 2020 Aritra Dhar | | 4/3/20 22

  23. IO Integrity – Overlay Generation Remote device Verified UI from secure_site.io Insulin (U) Heart rate Basal rate (U/Hr) Simultaneous IO Low limit (mg/cc) High limit (mg/cc) Cancel Program NDSS 2020 Aritra Dhar | | 4/3/20 23

  24. IO Integrity – Input Remote device Verified UI from secure_site.io 75 Insulin (U) 177 Heart rate 0.025 Basal rate (U/Hr) Simultaneous IO Low limit (mg/cc) 60 105 High limit (mg/cc) Cancel Program NDSS 2020 Aritra Dhar | | 4/3/20 24

  25. Grabbing User Attention § Output Integrity: Low cognitive load § Several existing mechanisms Low cognitive load Put 1 in front of all inputs NDSS 2020 Aritra Dhar | | 4/3/20 25

  26. Grabbing User Attention § Output Integrity: Low cognitive load § Several existing mechanisms § Lightbox Low cognitive load Put 1 in front of all inputs NDSS 2020 Aritra Dhar | | 4/3/20 26

  27. Grabbing User Attention § Output Integrity: Low cognitive load § Several existing mechanisms § Lightbox Low cognitive load § Highlight Put 1 in front of all inputs NDSS 2020 Aritra Dhar | | 4/3/20 27

  28. Grabbing User Attention § Output Integrity: Low cognitive load § Several existing mechanisms § Lightbox Low cognitive load § Highlight § Freezing Put 1 in front of all inputs NDSS 2020 Aritra Dhar | | 4/3/20 28

  29. Grabbing User Attention § Output Integrity: Low cognitive load § Several existing mechanisms § Lightbox Low cognitive load § Highlight § Freezing § Combination Put 1 in front of all inputs NDSS 2020 Aritra Dhar | | 4/3/20 29

  30. Grabbing User Attention § Output Integrity: Low cognitive load § Several existing mechanisms § Lightbox Low cognitive load § Highlight § Freezing § Combination § How to determine when to engage? § Track pointer § Mouse movement on the overlay NDSS 2020 Aritra Dhar | | 4/3/20 30

  31. Prototype and TCB Low TCB Fast deployment 25.16M 20.92M 1.9K 2M 3.5K 71K 893 600K 121K 36.68M NDSS 2020 Aritra Dhar | | 4/3/20 31

  32. Performance § Display latency: 21.67 ms § ~46 fps § Mouse latency: 250 !" § Keyboard latency: 170 !" § Pointer detection accuracy: 0.997 NDSS 2020 Aritra Dhar | | 4/3/20 32

  33. Summary § Existing research § Drawbacks § Observations § Requirements for Trusted Path § ProtectIOn design § Prototype NDSS 2020 Aritra Dhar | | 4/3/20 33

  34. Thank you! Questions?

  35. Backup slides

  36. Prototype View User’s view on the monitor Focusing user’s attention Attacker’s view NDSS 2020 Aritra Dhar | | 4/3/20 36

  37. Other Trusted Path Solutions NDSS 2020 Aritra Dhar | | 4/3/20 37

  38. How to Build a Trusted Path § Server sends messages : HTML, JS … → " § All modalities of inputs → # § #$%&' → " → # § Host transforms them : Browser, GPU … + I → ["] § ,-.$/01-" : ", # → ["] § Host is a bad guy → " 1- " 4 § Output integrity → Users need to report back " / " 4 NDSS 2020 Aritra Dhar | | 4/3/20 38

  39. Definition: Violation of Input/output Integrity § Sever sends ! § Server knows ! § Given ! , correct input is " § Host sends ! # ≠ ! Output integrity § User sends " # ≠ " Input integrity NDSS 2020 Aritra Dhar | | 4/3/20 39

  40. Verification + $%&'()*%+() + # + " + . + /0# + / … ! # ! " ! . ! /0# ! / $%&'()*%+() $%&'()*%+() $%&'()*%+() Anything missing in the chain → IO integrity violation NDSS 2020 Aritra Dhar | | 4/3/20 40

  41. Overlay: Output Manipulation Remote device 177 Insulin (U) Heart rate 75 Basal rate (U/Hr) 0.025 Low limit (mg/cc) 6000 10500 High limit (mg/cc) Program Cancel NDSS 2020 Aritra Dhar | | 4/3/20 41

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Titan silicon root of trust for Google Cloud 1 Cloud Perspective: We need a Software

Titan silicon root of trust for Google Cloud 1 Cloud Perspective: We need a Software

Scott Johnson Dominic Rizzo Secure Enclaves Workshop 8/29/2018 Titan silicon root of trust for Google Cloud 1 Cloud Perspective: We need a Software infrastructure silicon root Datacenter of trust equipment Silicon root of trust 2

355 views • 24 slides
Do Don't t Trust t Your Eye: Ap Apple Graphics Is Compromised! Liang Chen (@chenliang0817)

Do Don't t Trust t Your Eye: Ap Apple Graphics Is Compromised! Liang Chen (@chenliang0817)

Do Don't t Trust t Your Eye: Ap Apple Graphics Is Compromised! Liang Chen (@chenliang0817) Marco Grassi (@marcograss) Qidan He (@flanker_hqd) CanSecWest Vancouver 2016 About Us Liang Chen Senior Security Researcher @ Tencent

1.21k views • 62 slides
Reflections on using C(++) Root Cause Analysis Abstractions Assumptions Trust sws1 1

Reflections on using C(++) Root Cause Analysis Abstractions Assumptions Trust sws1 1

Software and Web Security 1 Reflections on using C(++) Root Cause Analysis Abstractions Assumptions Trust sws1 1 There are only two kinds of programming languages: the ones people complain about and the ones nobody uses. Bjarne

527 views • 25 slides
Reflections on using C(++) Root Cause Analysis Abstractions Complexity Assumptions Trust hic

Reflections on using C(++) Root Cause Analysis Abstractions Complexity Assumptions Trust hic

Hacking in C Reflections on using C(++) Root Cause Analysis Abstractions Complexity Assumptions Trust hic 1 There are only two kinds of programming languages: the ones people complain about and the ones nobody uses. Bjarne

517 views • 28 slides
Root/Jailbreak Detection Evasion Study on iOS and Android Research Project 1 Motivation

Root/Jailbreak Detection Evasion Study on iOS and Android Research Project 1 Motivation

Dana Geist &amp; Marat Nigmatullin Root/Jailbreak Detection Evasion Study on iOS and Android Research Project 1 Motivation Compromised (rooted/jailbroken) devices are a major issue in the mobile security field. Security and business

718 views • 28 slides
TPM Genie Attacking the Hardware Root of Trust For Less Than $50 Introduction Jeremy Boone

TPM Genie Attacking the Hardware Root of Trust For Less Than $50 Introduction Jeremy Boone

TPM Genie Attacking the Hardware Root of Trust For Less Than $50 Introduction Jeremy Boone @uffeux Principal Consultant @ NCC Group Focus on hardware and embedded systems security Previously: 10 years product security @

1.41k views • 54 slides
PRESS ROOT TO PRESS ROOT TO CONTINUE: PRESS ROOT TO PRESS ROOT TO CONTINUE: PRESS ROOT TO

PRESS ROOT TO PRESS ROOT TO CONTINUE: PRESS ROOT TO PRESS ROOT TO CONTINUE: PRESS ROOT TO

Mario Vuksan &amp; Tomislav PericinBlackHat USA 2013, Las Vegas PRESS ROOT TO PRESS ROOT TO CONTINUE: PRESS ROOT TO PRESS ROOT TO CONTINUE: PRESS ROOT TO PRESS ROOT TO PRESS ROOT TO PRESS ROOT TO CONTINUE: CONTINUE: CONTINUE: CONTINUE:

690 views • 45 slides
Certicate Transparency Root Explorer Nikita Korzhitskii Niklas Carlsson Web Public Key

Certicate Transparency Root Explorer Nikita Korzhitskii Niklas Carlsson Web Public Key

Certicate Transparency Root Explorer Nikita Korzhitskii Niklas Carlsson Web Public Key Infrastructure (WebPKI) Root certificates of trusted Certificate Authorities e.g. GlobalSign Root CA, Amazon Root CA, GoDaddy Root CA Root 1 Root 2

347 views • 19 slides
Identity Fraud Valuing Compromised Data Identity Fraud Valuing Compromised Data 2008 Chicago

Identity Fraud Valuing Compromised Data Identity Fraud Valuing Compromised Data 2008 Chicago

Identity Fraud Valuing Compromised Data Identity Fraud Valuing Compromised Data 2008 Chicago Federal Reserve Payments Conference Jeff Schmidt, MBA, CISSP jschmidt@jschmidt.org j @j g (Most) Security problems are actually The

500 views • 11 slides
Social Protection and Labor Social Protection and Labor Social Protection and Labor Social

Social Protection and Labor Social Protection and Labor Social Protection and Labor Social

LD B AN ORLD B ANK T H E W ORL T HE W O KS S OCIAL L P ROTECT TION AND L L ABOR S T NKS TRATEGY 20 0122022 S O OCIAL P R D L ABOR R S TRAT ROTECT ION AND TEGY 2012 2022 Core Messages Core Messages 0122022 Social

973 views • 27 slides
Scaling the Root A study of the impact on the DNS root system of increasing the size and

Scaling the Root A study of the impact on the DNS root system of increasing the size and

Scaling the Root A study of the impact on the DNS root system of increasing the size and volatility of the root zone Jaap Akkerhuis Lyman Chapin Patrik Fltstrm Glenn Kowack Bill Manning Lars-Johan Liman Summary of Findings Root Scaling

558 views • 20 slides
Breaking Samsung's Root of Trust: Exploiting Samsung S10 S-Boot Jeffxx #BHUSA @BLACKHATEVENTS

Breaking Samsung's Root of Trust: Exploiting Samsung S10 S-Boot Jeffxx #BHUSA @BLACKHATEVENTS

Breaking Samsung's Root of Trust: Exploiting Samsung S10 S-Boot Jeffxx #BHUSA @BLACKHATEVENTS Jeff Chao (Jeffxx) Researcher at TrapaSecurity Ex-senior Researcher at TeamT5 Member of HITCON CTF Team Member of Chroot Focus on

1.35k views • 75 slides
Breaking Samsung's Root of Trust: Exploiting Samsung S10 S-Boot Jeffxx #BHUSA @BLACKHATEVENTS

Breaking Samsung's Root of Trust: Exploiting Samsung S10 S-Boot Jeffxx #BHUSA @BLACKHATEVENTS

Breaking Samsung's Root of Trust: Exploiting Samsung S10 S-Boot Jeffxx #BHUSA @BLACKHATEVENTS Jeff Chao (Jeffxx) Researcher at TrapaSecurity Ex-senior Researcher at TeamT5 Member of HITCON CTF Team Member of Chroot Focus on

1.05k views • 77 slides
Root Cause Analysis 1 Root Cause Analysis Root Cause Analysis is a method that is used to

Root Cause Analysis 1 Root Cause Analysis Root Cause Analysis is a method that is used to

Root Cause Analysis 1 Root Cause Analysis Root Cause Analysis is a method that is used to address a problem or non-conformance, in order to get to the root cause of the problem. It is used so we can correct or eliminate the cause,

389 views • 28 slides
Compromised Social Network Accounts Detection and Incentives Manuel Egele Dept. of Electrical

Compromised Social Network Accounts Detection and Incentives Manuel Egele Dept. of Electrical

Compromised Social Network Accounts Detection and Incentives Manuel Egele Dept. of Electrical &amp; Computer Engineering Boston University megele@bu.edu As Seen on Twitter 2 Why Compromised Accounts? Historically, attackers create fake

528 views • 18 slides
Square Root of Not: Square Root of Not: . . . A Major Difference Between Square Root of

Square Root of Not: Square Root of Not: . . . A Major Difference Between Square Root of

Quantum Mechanics Quantum Logic Alternative Quantum . . . Square Root of Not: . . . Square Root of Not: Square Root of Not: . . . A Major Difference Between Square Root of Not Is . . . Why Factoring Large . . . Fuzzy and Quantum

381 views • 17 slides
Heart rate modelling as a potential physical fitness assessment for runners and cyclists Dimitri

Heart rate modelling as a potential physical fitness assessment for runners and cyclists Dimitri

Heart rate modelling as a potential physical fitness assessment for runners and cyclists Dimitri de Smet , Marc Francaux, Julien M. Hendrickx and Michel Verleysen Universit catholique de Louvain Belgium Machine Learning and Data Mining for

307 views • 28 slides
Analysis of the Relationship Between Physiological Signals and Vehicle Maneuvers During a

Analysis of the Relationship Between Physiological Signals and Vehicle Maneuvers During a

Multimodal Signal Processing (MSP) lab The University of Texas at Dallas Erik Jonsson School of Engineering and Computer Science Analysis of the Relationship Between Physiological Signals and Vehicle Maneuvers During a Naturalistic Driving Study

455 views • 23 slides
Linear and Quadratic Functions Michael Freeze MAT 151 UNC Wilmington Summer 2013 1 / 15

Linear and Quadratic Functions Michael Freeze MAT 151 UNC Wilmington Summer 2013 1 / 15

Linear and Quadratic Functions Michael Freeze MAT 151 UNC Wilmington Summer 2013 1 / 15 Section 1.1 :: Slopes and Equations of Lines 2 / 15 Exercise Heart Rate To achieve the maximum benefit for the heart when exercising, your heart rate

672 views • 15 slides
Realizing the next growth wave for semiconductors A new

Realizing the next growth wave for semiconductors A new

Realizing the next growth wave for semiconductors A new approach to enable innova;ve startups Daniel Armbrust Stanford EE380 January 14, 2015

580 views • 46 slides
Advancing the Use of Mobile Technologies for Data Capture &amp; Improved Clinical Trials John

Advancing the Use of Mobile Technologies for Data Capture &amp; Improved Clinical Trials John

September 14, 2018 Advancing the Use of Mobile Technologies for Data Capture &amp; Improved Clinical Trials John Hubbard, Healthcare Strategic Advisory Board (SAB), Genstar Capital Barry Peterson, Independent Consultant Cheryl Grandinetti, FDA

536 views • 30 slides
Second Wednesdays | 1:00 2:15 pm ET www.fs.fed.us/research/urban-webinars This meeting is

Second Wednesdays | 1:00 2:15 pm ET www.fs.fed.us/research/urban-webinars This meeting is

Second Wednesdays | 1:00 2:15 pm ET www.fs.fed.us/research/urban-webinars This meeting is being recorded. If you do not wish to be recorded, please disconnect now. USDA is an equal opportunity provider and employer. Kevin Schronce Amber

401 views • 22 slides
Lecture 1: Introduction Ravi Netravali http://web.cs.ucla.edu/~ravi/ Todays Agenda

Lecture 1: Introduction Ravi Netravali http://web.cs.ucla.edu/~ravi/ Todays Agenda

CS CS219: Web and Mobile Systems Lecture 1: Introduction Ravi Netravali http://web.cs.ucla.edu/~ravi/ Todays Agenda Overview of topics Logistics Class structure Grading Research project Expectations and goals Using

601 views • 39 slides
Data Preparation INFO-4604, Applied Machine Learning University of Colorado Boulder October 18,

Data Preparation INFO-4604, Applied Machine Learning University of Colorado Boulder October 18,

Data Preparation INFO-4604, Applied Machine Learning University of Colorado Boulder October 18, 2018 Prof. Michael Paul Data Preprocessing Preprocessing refers to the step of of processing your raw data in a way that makes it suitable for use

687 views • 30 slides

More recommend