run time firmware integrity verification what if you can
play

Run-time firmware integrity verification: what if you cant trust - PowerPoint PPT Presentation

Nov 07, 2023 •27 likes •467 views

Run-time firmware integrity verification: what if you cant trust your network card? Loc Duflot , Yves-Alexis Perez , Benjamin Morin Agence Nationale de la Scurit des Systmes dInformation Introduction & reminder Last year...

  1. Run-time firmware integrity verification: what if you can’t trust your network card? Loïc Duflot , Yves-Alexis Perez , Benjamin Morin Agence Nationale de la Sécurité des Systèmes d’Information

  2. Introduction & reminder Last year... ◮ We demonstrated how it is possible for an attacker to take full control of a computer ◮ by exploiting a vulnerability in the network adapter, and ◮ adding a back-door in the OS kernel using DMA accesses ; ◮ the back-door opens a reverse shell when the kernel processes an ICMP message with a particular type. ◮ We showed a live demo, using a real world vulnerability ◮ the vulnerability lied in the ASF remote administration function of the network adapter of the target machine. ◮ it was unconditionally exploitable when the ASF function was acti- vated to any attacker that would be able to send UDP packets to the machine. SGDSN/ANSSI 2/40

  3. Introduction & reminder This is how it worked See http://www.ssi.gouv.fr/trustnetworkcard SGDSN/ANSSI 3/40

  4. Introduction & reminder And... We presented possible countermeasures, but none of them seemed really convincing: ◮ patching is the most obvious countermeasure, however ◮ you can only patch vulnerabilities you know of, ◮ patching applications on an OS isn’t simple at all (and not always done), patching firmwares is even harder, ◮ firmwares in ROM can’t be patched; ◮ I/O MMU s can help, but are not a 100% efficient (see later). This year we study what an efficient countermeasure would be. SGDSN/ANSSI 4/40

  5. Introduction & reminder Finding efficient countermeasures is critical In the last few years, people have been looking at firmware and embedded software: ◮ Basebands (Weinmann [17]) ◮ Network cards (Triulzi [15], Delugré [4]) ◮ Keyboard controllers (Chen [3], Gazet [6]) ◮ Chipsets (Ortega and Sacco [8]) Defending a system against such attacks is difficult as firmware are running out of the scope of the operating system. SGDSN/ANSSI 5/40

  6. Integrity verification Problem statement ◮ We have a machine (smartphone, computer, tablet PC) accessing the network through a network adapter. ◮ This network adapter is running a firmware ◮ We need to check the integrity of the firmware ◮ Firmware’s integrity must be checked ◮ at load time ◮ during run time SGDSN/ANSSI 6/40

  7. Integrity verification Load-time Verification at load-time ◮ Firmware load-time integrity can be checked using a TPM ◮ A TPM is a secure cryptographic chip present on most platforms, whose primary goal is to assure the integrity of a platform. ◮ Specific software (incl. embedded software) can be measured to detect changes to previous configurations. ◮ Peripherals’ firmware should be part of the components that are measured during the trusted boot pathway . ◮ Using Dynamic Root of Trusts can even solve race conditions at boot time. ◮ So we can pretty much consider that the problem is solved. But how can we check the integrity of the platform during its execution? SGDSN/ANSSI 7/40

  8. Integrity verification Run-time Verification at run-time ◮ Run-time integrity verification basically consists in checking that an untrusted target is running untampered ◮ The verification is performed by a trusted verifier during the exe- cution of the target ◮ Can be achieved with software-based remote attestation ◮ In this case, ◮ The target would be the network adapter ◮ The verifier would be the operating system SGDSN/ANSSI 8/40

  9. Integrity verification Run-time Remote firmware attestation [7] Remote device attestation is based on a challenge-response protocol 1. The verifier sends a random nonce to the target ◮ The nonce is used as a seed to prevent replay attacks SGDSN/ANSSI 9/40

  10. Integrity verification Run-time Remote firmware attestation [7] Remote device attestation is based on a challenge-response protocol 1. The verifier sends a random nonce to the target 2. The target computes a checksum over its entire memory and returns it to the verifier ◮ Data and unused code memory is erased with a predictable value ◮ Memory is read in a pseudo-random traversal to prevent checksum precomputation ◮ All interrupts are disabled during the computation of the checksum ◮ The device is reset after the checksum is returned SGDSN/ANSSI 9/40

  11. Integrity verification Run-time Remote firmware attestation [7] Remote device attestation is based on a challenge-response protocol 1. The verifier sends a random nonce to the target 2. The target computes a checksum over its entire memory and returns it to the verifier 3. The verifier checks the correctness of the result ◮ The verifier has a copy of the expected target’s memory content and compares the checksum returned by the target with its own computation ◮ The verifier also checks that the computation time is within fixed bounds SGDSN/ANSSI 9/40

  12. Integrity verification Run-time Remote firmware attestation [7] SGDSN/ANSSI 10/40

  13. Integrity verification Run-time Remote firmware attestation is difficult [2, 9, 5] Challenges ◮ A malware could keep a (compressed) copy of the legitimate firmware code in memory and redirect memory reads to compute the correct checksum Solutions ◮ Checksum computation time must be predictable and near-optimal in order to detect checksum computation overheads caused by memory redirects ◮ The verifier must know the exact target hardware configuration SGDSN/ANSSI 11/40

  14. Integrity verification Run-time Remote firmware attestation is difficult [2, 9, 5] Challenges ◮ A malware could keep a (compressed) copy of the legitimate firmware code in memory and redirect memory reads to compute the correct checksum ◮ Data memory is unpredictable and may contain malware code Solutions ◮ Checksum computation time must be predictable and near-optimal in order to detect checksum computation overheads caused by memory redirects ◮ The verifier must know the exact target hardware configuration ◮ Data memory is reset into a predictable state before attestation with pseudo-random values SGDSN/ANSSI 11/40

  15. Integrity verification Run-time Remote firmware attestation is very difficult Is remote firmware attestation adequate for complex devices such as network adapters? ◮ The assumption that the device cannot communicate with a third- party machine during computation may not hold (especially for a network adapter...) ◮ The checksum function imposes severe constraints ◮ It requires to reset the memory of the device and block all interrupts ◮ It can be time consuming for the device Firmware attestation might not be suited for devices with harsh time constraints SGDSN/ANSSI 12/40

  16. Integrity verification Run-time Host-based IPS ◮ Other approaches have been proposed to monitor the integrity of a system at a low level. ◮ By using a dedicated hardware coprocessor to monitor the integrity of the memory (Copilot [10]), ◮ By using an embedded microcontroller in the chipset (DeepWatch [1]), ◮ By embedding the verifier in System Mode Management (Hyper- Guard [12], HyperCheck [16]). ◮ However, these mechanisms are designed to protect the main op- erating system ◮ ... and it is unclear whether they can be used to monitor the in- tegrity of peripherals. ◮ ... moreover, some require a trusted network card for remote attes- tation, e.g. [16] SGDSN/ANSSI 13/40

  17. Integrity verification What next? Assumptions ◮ First, we need to assume that the host operating system is trusted ◮ I/O MMU can be used to protect the operating system kernel: DMAR:[DMA Write] Request device [08:00.0] fault addr 0 kernel: DMAR:[fault reason 05] PTE Write access is not set kernel: DRHD: handling fault status reg 2 kernel: DMAR:[DMA Write] Request device [08:00.0] fault addr 1282000 kernel: DRHD: handling fault status reg 2 kernel: DMAR:[fault reason 05] PTE Write access is not set ◮ ... however, a compromised network adapter may still attack other peripherals [13] SGDSN/ANSSI 14/40

  18. Integrity verification What next? So what do we do? The solution is (unfortunately) likely to be specific to the adapter. The kind of live verifications that we will be able to carry out will depend on the architecture of the controller we are considering. ◮ What kind of interface is available to the host? ◮ and what does this interface allow us to do? In the remainder, we consider the case of the Broadcom NetXtreme network adapter. SGDSN/ANSSI 15/40

  19. Broadcom NetXtreme architecture Specifications and documentation Case study on Broadcom NetXtreme architecture ◮ Broadcom provides a complete set of specifications of their network adapter for open source driver development. ◮ From last year’s study, we know that many interesting components of the network card are directly accessible to the host : ◮ registers (control, state, status, breakpoint registers) ◮ internal memory ◮ Everything is accessible in the MMIO region dedicated to interac- tions between the network card and the driver. SGDSN/ANSSI 16/40

  20. Broadcom NetXtreme architecture Specifications and documentation Internal architecture of NetXtreme network card SGDSN/ANSSI 17/40

  21. Broadcom NetXtreme architecture Specifications and documentation Full access to internal memory ◮ Access to internal memory is achieved by using a memory window to browse the content of the memory ◮ This mechanism provides direct access to the firmware running on the adapter SGDSN/ANSSI 18/40

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Run-time firmware integrity verification: what if you cant trust your network card?

Run-time firmware integrity verification: what if you cant trust your network card?

Run-time firmware integrity verification: what if you cant trust your network card? International Symposium on Recent Advances in Intrusion Detection Menlo Park, September 2011 Loc Duflot, Yves-Alexis Perez, Benjamin Morin ANSSI French

627 views • 37 slides
Is End-to-End Integrity Verification Really End- to-End? Ahmed Alhussen, Batyr Charyyev, and Engin

Is End-to-End Integrity Verification Really End- to-End? Ahmed Alhussen, Batyr Charyyev, and Engin

Is End-to-End Integrity Verification Really End- to-End? Ahmed Alhussen, Batyr Charyyev, and Engin Arslan Whats End-to-End Integrity Verification Data corruption may occur during transfers Faulty equipment, transient errors etc.

523 views • 13 slides
Enabling Efficient Batch Verification Enabling Efficient Batch Verification on Data Integrity for

Enabling Efficient Batch Verification Enabling Efficient Batch Verification on Data Integrity for

Enabling Efficient Batch Verification Enabling Efficient Batch Verification on Data Integrity for Cloud on Data Integrity for Cloud ChinLaung Lei Department of Electrical Engineering National Taiwan University 1 Outline Introduction

641 views • 41 slides
Toward Automated Info-Flow Integrity Verification (or, Fixing your security policy) Umesh

Toward Automated Info-Flow Integrity Verification (or, Fixing your security policy) Umesh

Toward Automated Info-Flow Integrity Verification (or, Fixing your security policy) Umesh Shankar (UC Berkeley) Trent Jaeger (Penn State / IBM) Reiner Sailer (IBM) The goal, with an example Integrity property: Trusted processes dont

317 views • 20 slides
Effective Validation of Firmware Enabling firmware development and validation to keep pace with

Effective Validation of Firmware Enabling firmware development and validation to keep pace with

Effective Validation of Firmware Enabling firmware development and validation to keep pace with hardware innovations. Tom Melham University of Oxford Problem Firmware today facing greater complexity and shorter schedules coded at low

478 views • 14 slides
Data Integrity Verification IIA Orange County Chapter November 13, 2015

Data Integrity Verification IIA Orange County Chapter November 13, 2015

Data Integrity Verification IIA Orange County Chapter November 13, 2015 1 Data Integrity Verification Excel Transformed My Data! BEFORE AFTER

483 views • 44 slides
Front-end Firmware Transition and Documentation Status/Plans/Proposals Kurtis Nishimura

Front-end Firmware Transition and Documentation Status/Plans/Proposals Kurtis Nishimura

Front-end Firmware Transition and Documentation Status/Plans/Proposals Kurtis Nishimura University of Hawaii December 14, 2012 US Firmware Meeting 1 v2 Firmware Version 2 firmware is largely done: New interface to the DAQ

273 views • 5 slides
Integrity Verification of Outsourced Frequent Itemset Mining with Deterministic Guarantee

Integrity Verification of Outsourced Frequent Itemset Mining with Deterministic Guarantee

Integrity Verification of Outsourced Frequent Itemset Mining with Deterministic Guarantee Boxiang Dong Ruilin Liu Wendy Hui Wang Department of Computer Science Stevens Institute of Technology Hoboken, NJ December 10, 2013

347 views • 24 slides
Efficient Memory Integrity Verification and Encryption for Secure Processors G. Edward Suh,

Efficient Memory Integrity Verification and Encryption for Secure Processors G. Edward Suh,

Efficient Memory Integrity Verification and Encryption for Secure Processors G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, Srinivas Devadas Massachusetts Institute of Technology New Security Challenges Current computer

411 views • 26 slides
Towards Optimizing Large-Scale Data Transfers with End-to-End Integrity Verification Raj

Towards Optimizing Large-Scale Data Transfers with End-to-End Integrity Verification Raj

Towards Optimizing Large-Scale Data Transfers with End-to-End Integrity Verification Raj Ke'muthu Argonne Na2onal Laboratory & University of Chicago Si Liu, Xian-He Sun, Illinois Ins2tute of Technology Eun-Sung Jung, Jongik University

215 views • 8 slides
KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR

KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR

KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR INTEGRITY INTEGRITY INTEGRITY INTEGRITY INTEGRITY INTEGRITY Blockchain & Security Ruth Crowell, Chief Executive Asia Pacific Precious Metals

460 views • 10 slides
Component Firmware http://outflux.net/slides/2014/lss/firmware.pdf Linux Security Summit, Chicago

Component Firmware http://outflux.net/slides/2014/lss/firmware.pdf Linux Security Summit, Chicago

Component Firmware http://outflux.net/slides/2014/lss/firmware.pdf Linux Security Summit, Chicago 2014 Kees Cook <keescook@chromium.org> (pronounced Case) Overview Wait, which firmware? Threats Update methods

311 views • 20 slides
DUNE DAQ Firmware David Cussans Firmware Meeting 16/Jan/20 You Inst Logo You Inst Logo Goal

DUNE DAQ Firmware David Cussans Firmware Meeting 16/Jan/20 You Inst Logo You Inst Logo Goal

DUNE DAQ Firmware David Cussans Firmware Meeting 16/Jan/20 You Inst Logo You Inst Logo Goal Demonstrate upstream DAQ functions in firmware before design review - Have implementation ready before May 2020 10-second buffer Hit

466 views • 13 slides
A Survey of Classical, Real-Time, and Time-Bounded Verification Jol Ouaknine Department of

A Survey of Classical, Real-Time, and Time-Bounded Verification Jol Ouaknine Department of

A Survey of Classical, Real-Time, and Time-Bounded Verification Jol Ouaknine Department of Computer Science Oxford University Quantitative Model Checking Winter School, February 2012 The Classical Theory of Verification Automata e T t a

1.6k views • 137 slides
Securing Industrial Control Systems An E2E Integrity Verification Approach Sye-Loong Keoh , Ken

Securing Industrial Control Systems An E2E Integrity Verification Approach Sye-Loong Keoh , Ken

Securing Industrial Control Systems An E2E Integrity Verification Approach Sye-Loong Keoh , Ken Wai-Kin Au School of Computing Science University of Glasgow Zhaohui Tang School of Infocomm Republic Polytechnic, Singapore 1 Introduction

576 views • 21 slides
WIB Firmware and Software Requirements Josh Klein CE Review March 10, 2020 Background

WIB Firmware and Software Requirements Josh Klein CE Review March 10, 2020 Background

WIB Firmware and Software Requirements Josh Klein CE Review March 10, 2020 Background ProtoDUNE WIB operated (and continuing) successfully FPGA was an Altera Aria V All-firmware design, included different firmware sets for

843 views • 47 slides
R1.9bn 521.4 cents R30.4bn R695m 11.3% 165 cents Fix Optimise Active

R1.9bn 521.4 cents R30.4bn R695m 11.3% 165 cents Fix Optimise Active

R1.9bn 521.4 cents R30.4bn R695m 11.3% 165 cents Fix Optimise Active shareholder model Growth 19.8% 19.4% 12.6% 12.4% 11.6% 11.3% 11.2% 11.0% 6.4% 3.3% Equipment Equipment Automotive

946 views • 46 slides
venue evidence from the UK market FCA Occasional Paper 16 Matteo Aquilina and Carla Ysusi

venue evidence from the UK market FCA Occasional Paper 16 Matteo Aquilina and Carla Ysusi

Are HFTs anticipating the order flow? Cross- venue evidence from the UK market FCA Occasional Paper 16 Matteo Aquilina and Carla Ysusi Algorithmic Trading: Perspectives from Mathematical Modelling Workshop London, 1 st March 2017 1 Disclaimer

587 views • 24 slides
In order for the Western Regional Air Partnership (WRAP) to flourish with the understanding and

In order for the Western Regional Air Partnership (WRAP) to flourish with the understanding and

In order for the Western Regional Air Partnership (WRAP) to flourish with the understanding and support of people in its states and tribal communities it is important to get the message out to opinion leaders. We have developed an excellent

358 views • 8 slides
ANNUAL ANN AL GENE GENERAL RAL MEE MEETING TING RICKARD RICKA RD GUST GUSTAFSON, PRESI

ANNUAL ANN AL GENE GENERAL RAL MEE MEETING TING RICKARD RICKA RD GUST GUSTAFSON, PRESI

ANNUAL ANN AL GENE GENERAL RAL MEE MEETING TING RICKARD RICKA RD GUST GUSTAFSON, PRESI AFSON, PRESIDENT DENT & CEO & CEO Mar arch 13 h 13, , 20 2019 19 1 FY18 IN RETROSPECTIVE 2 INDUSTRY DYNAMICS 3 WAY FORWARD 2

444 views • 25 slides
,/

,/

3 Class 4/19/2012 9:45:00 AM ,/ #%'E&'.

498 views • 21 slides
ConfigMATE General presentation of the system V ERSION 1.0 D ECEMBER 4, 2014 Introduction

ConfigMATE General presentation of the system V ERSION 1.0 D ECEMBER 4, 2014 Introduction

ConfigMATE General presentation of the system V ERSION 1.0 D ECEMBER 4, 2014 Introduction ConfigMATE is one of the standard solutions created by Global Technology Center (GTC) on behalf of the Spares Operations organization. The main target

525 views • 4 slides
Technical Support Appliance (TSA) Richard Fowkes TSS UK O ff ering Manager IBM Technical Support

Technical Support Appliance (TSA) Richard Fowkes TSS UK O ff ering Manager IBM Technical Support

Technical Support Appliance (TSA) Richard Fowkes TSS UK O ff ering Manager IBM Technical Support Appliance Impact & cost of system failure or down-time Helping our clients to achieve optimum availability and optimized asset management of

541 views • 19 slides
Devicetree Hardware Autoconfiguration Presented by Hans de Goede This work is licensed under a

Devicetree Hardware Autoconfiguration Presented by Hans de Goede This work is licensed under a

Devicetree Hardware Autoconfiguration Presented by Hans de Goede This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License Introducing myself Software Engineer working for Red Hat on USB, human input devices

389 views • 20 slides

More recommend