Remote Attestation of IoT Devices via SMARM: Shuffled Measurements - - PowerPoint PPT Presentation

remote attestation of iot devices via smarm shuffled
SMART_READER_LITE
LIVE PREVIEW

Remote Attestation of IoT Devices via SMARM: Shuffled Measurements - - PowerPoint PPT Presentation

Dec 28, 2022 222 likes •645 views

Remote Attestation of IoT Devices via SMARM: Shuffled Measurements Against Roving Malware Xavier Carpent, Norrathep (Oak) Rattanavipanon , Gene Tsudik nrattana@uci.edu SPROUT Lab: sprout.ics.uci.edu University of California, Irvine 1

slide-1
SLIDE 1

Remote Attestation of IoT Devices via SMARM: Shuffled Measurements Against Roving Malware

Xavier Carpent, Norrathep (Oak) Rattanavipanon, Gene Tsudik nrattana@uci.edu SPROUT Lab: sprout.ics.uci.edu University of California, Irvine

1
slide-2
SLIDE 2

Internet-of-things (IoT)

2
slide-3
SLIDE 3 3
slide-4
SLIDE 4

Remote Attestation (RA)

  • An approach for detecting malware on devices
  • Two-party interaction between:
  • Verifier: trusted entity
  • Prover: potentially infected and remote IoT device
  • Goal: to verify internal state of prover
4
slide-5
SLIDE 5

(1) Challenge (3) Response (2) Authenticate challenge and measure memory (4) Verify response

Verifier Prover

5
slide-6
SLIDE 6

Adversarial Model [DAC’15]

  • Remote adversary
  • Exploits vulnerabilities to inject malware
  • Local adversary
  • Manipulates communication channel
  • Physical adversary
  • Non-Invasive: mounts hardware side-channel attacks
  • Invasive: physically changes hardware
6
slide-7
SLIDE 7

Adversarial Model [DAC’15]

  • Remote adversary
  • Exploits vulnerabilities to inject malware
  • Local adversary
  • Manipulates communication channel
  • Physical adversary
  • Non-Invasive: mounts hardware side-channel attacks
  • Invasive: physically changes hardware
7
slide-8
SLIDE 8

RA Techniques

  • Hardware-based RA
  • Dedicated hardware support (e.g. TPM or Intel-SGX)
  • Overkill for lower-end IoT devices
  • Software-based RA
  • Relies on precise timing measurement
  • Unrealistic assumptions for IoT except peripheral/legacy

devices

  • Hybrid RA
  • SW/HW co-design
  • Minimal hardware impact
  • Good fit for IoT devices
8
slide-9
SLIDE 9

Examples of hybrid RA

  • SMART [NDSS’08]: RA for low-end micro-controllers
  • Some of key properties:
  • Secure storage (for key, code and monotonic counter)
  • Atomic execution: measurement process runs without interruption
  • HYDRA [WiSec’17]
  • Emulation of SMART on devices capable of running micro-kernels
  • Based on formally verified seL4 micro-kernel
  • Hardware-assisted secure boot (only hardware feature)
9
slide-10
SLIDE 10

RA vs Safety-Critical Operations

SMART-BASED MSP430 @ 8MHZ 4.5 seconds to measure 48KB of flash HYDRA-BASED ODROID @ 2GHZ 7 seconds to measure 1GB of RAM

Atomicity negatively impacts device’s availability to critical app.

10
slide-11
SLIDE 11

Why Atomicity is Needed?

  • Remove atomicity -> vulnerable to the following attack:

1 2 3 4 5 6

Memory Blocks

11
slide-12
SLIDE 12

Why Atomicity is Needed?

  • Remove atomicity -> vulnerable to the following attack:

1 2 3 4 5 6

Memory Blocks

1 2 3 4 5 6

11
slide-13
SLIDE 13

Why Atomicity is Needed?

  • Remove atomicity -> vulnerable to the following attack:

1 2 3 4 5 6

Memory Blocks

11
slide-14
SLIDE 14

Why Atomicity is Needed?

  • Remove atomicity -> vulnerable to the following attack:

1 2 3 4 5 6

Memory Blocks

Roving Malware

Conflict

  • Atomicity and real-time/safety-critical needs.
  • Also, minimize hardware cost

Measurement result reflects malware-free state!

11
slide-15
SLIDE 15

Target Devices for Our Solution

  • Simple IoT devices
  • Single-core processor
  • No memory protection mechanism
  • Run two tasks
  • Measurement task
  • Safety-critical/real-time task
  • Hybrid RA architecture
12
slide-16
SLIDE 16

Our Solution

  • SMARM: Shuffled Measurement Against Roving Malware
  • Idea: measure memory in random and secret order
  • Allow block-level interrupts
13
slide-17
SLIDE 17

Our Solution

  • SMARM: Shuffled Measurement Against Roving Malware
  • Idea: measure memory in random and secret order
  • Allow block-level interrupts

1 2 3 4 5 6

Permutation = {3, 2, 5, 6, 1, 4}

13
slide-18
SLIDE 18

Our Solution

  • SMARM: Shuffled Measurement Against Roving Malware
  • Idea: measure memory in random and secret order
  • Allow block-level interrupts

1 2 3 4 5 6

Permutation = {3, 2, 5, 6, 1, 4}

13
slide-19
SLIDE 19

Our Solution

  • SMARM: Shuffled Measurement Against Roving Malware
  • Idea: measure memory in random and secret order
  • Allow block-level interrupts

1 2 3 4 5 6

Permutation = {3, 2, 5, 6, 1, 4}

13
slide-20
SLIDE 20

Our Solution

  • SMARM: Shuffled Measurement Against Roving Malware
  • Idea: measure memory in random and secret order
  • Allow block-level interrupts

1 2 3 4 5 6

Permutation = {3, 2, 5, 6, 1, 4}

13
slide-21
SLIDE 21

Our Solution

  • SMARM: Shuffled Measurement Against Roving Malware
  • Idea: measure memory in random and secret order
  • Allow block-level interrupts

1 2 3 4 5 6

Permutation = {3, 2, 5, 6, 1, 4}

13
slide-22
SLIDE 22

Our Solution

  • SMARM: Shuffled Measurement Against Roving Malware
  • Idea: measure memory in random and secret order
  • Allow block-level interrupts

1 2 3 4 5 6

Permutation = {3, 2, 5, 6, 1, 4}

13
slide-23
SLIDE 23

Our Solution

  • SMARM: Shuffled Measurement Against Roving Malware
  • Idea: measure memory in random and secret order
  • Allow block-level interrupts

1 2 3 4 5 6

Permutation = {3, 2, 5, 6, 1, 4}

13
slide-24
SLIDE 24

Our Solution

  • SMARM: Shuffled Measurement Against Roving Malware
  • Idea: measure memory in random and secret order
  • Allow block-level interrupts
  • Similar to some of SW-based RA approaches
  • Memory is measured in random but not secret!
  • Security = precise timing of measurement
  • Security of our solution = that of hybrid RA: attestation key +

random/secret permutation

14
slide-25
SLIDE 25

Roving malware’s knowledge?

1 2 3 4 5 6

Permutation = {3, 2, 5, 6, 1, 4}

Type Knowledge of How to obtain

15
slide-26
SLIDE 26

Roving malware’s knowledge?

1 2 3 4 5 6

Permutation = {3, 2, 5, 6, 1, 4}

Type Knowledge of How to obtain KFV Future volume Time when measurement starts

15
slide-27
SLIDE 27

Roving malware’s knowledge?

1 2 3 4 5 6

Permutation = {3, 2, 5, 6, 1, 4}

Type Knowledge of How to obtain KFV Future volume Time when measurement starts

15
slide-28
SLIDE 28

Roving malware’s knowledge?

1 2 3 4 5 6

Permutation = {3, 2, 5, 6, 1, 4}

Type Knowledge of How to obtain KFV Future volume Time when measurement starts KFC Future coverage HW/SW side-channel

15
slide-29
SLIDE 29

Roving malware’s knowledge?

1 2 3 4 5 6

Permutation = {3, 2, 5, 6, 1, 4}

Type Knowledge of How to obtain KFV Future volume Time when measurement starts KFC Future coverage HW/SW side-channel

15
slide-30
SLIDE 30

Roving malware’s knowledge?

1 2 3 4 5 6

Permutation = {3, 2, 5, 6, 1, 4}

Type Knowledge of How to obtain KFV Future volume Time when measurement starts KFC Future coverage HW/SW side-channel KFO Future order Leakage of permutation

15
slide-31
SLIDE 31

Roving malware’s knowledge?

1 2 3 4 5 6

Permutation = {3, 2, 5, 6, 1, 4}

Type Knowledge of How to obtain KFV Future volume Time when measurement starts KFC Future coverage HW/SW side-channel KFO Future order Leakage of permutation

15
slide-32
SLIDE 32

Best Strategy of KFV Roving malware

❖ Assume malware is contained in one memory block ❖ Knows how many blocks have/have not been measured ❖ Can interrupt right after measurement of each block

Best strategy: interrupt and relocate

16
slide-33
SLIDE 33

Probability of Malware Evasion

16
slide-34
SLIDE 34

SMARM Implementation

17
slide-35
SLIDE 35

SMARM Implementation (without secure storage)

18
slide-36
SLIDE 36

Related Work

❖ ERASMUS [DATE’17], SeED [WiSec’17]

❖ Self-measurements ❖ Schedule measurement to whenever Prover is available ❖ Require secure clock

❖ Temporal Consistency [AsiaCCS’18]

❖ Allow interrupts by locking memory ❖ Require hardware support for locking memory

❖ Reconciling RA and Safety-Critical Operation on IoT Devices [DAC’18]

❖ Survey techniques that aim to resolve this conflict

19
slide-37
SLIDE 37

Conclusion

  • Investigate conflict arisen from reconciling real-time needs and

security properties in RA

  • Enforcing atomicity → harmful to safety-critical applications
  • Simply removing atomicity → vulnerable to attacks from roving malware
  • Our solution: SMARM
  • Goal: relax atomicity + (probabilistically) detect roving malware
  • Measure memory in random and secret order
  • Require multiple measurements to ensure high detection rate
  • + Allow interrupts in measurement process
  • + No hardware change/optionally secure storage
20
slide-38
SLIDE 38

Q/A

21
slide-39
SLIDE 39

41% 10,636% n = 2048 t = 0.006s

39

n = 32 t = 0.4s 0.8% 40%

slide-40
SLIDE 40

Our Solution

  • SMARM: Shuffled Measurement Against Roving Malware
  • Idea: measure memory in random and secret order
  • Allow block-level interrupts

1 2 3 4 5 6

Permutation = {3, 2, 5, 6, 1, 4}

40
slide-41
SLIDE 41

Our Solution

  • SMARM: Shuffled Measurement Against Roving Malware
  • Idea: measure memory in random and secret order
  • Allow block-level interrupts

1 2 3 4 5 6

Permutation = {3, 2, 5, 6, 1, 4}

Get Caught!

41
slide-42
SLIDE 42

Our Solution

  • SMARM: Shuffled Measurement Against Roving Malware
  • Idea: measure memory in random and secret order
  • Allow block-level interrupts

1 2 3 4 5 6

Permutation = {3, 2, 5, 6, 1, 4}

Successfully Escape

42