second year review wp3 overview hw sw based methods
play

Second year review WP3 overview HW/SW-based methods Trento - PowerPoint PPT Presentation

Sep 20, 2022 •211 likes •705 views

Second year review WP3 overview HW/SW-based methods Trento October 17th, 2008 Goal Investigate the combination of hardware- and software based software protection techniques in order to implement the remote entrusting principle 2

  1. Second year review WP3 overview HW/SW-based methods Trento – October 17th, 2008

  2. Goal Investigate the combination of hardware- and software based software protection techniques in order to implement the remote entrusting principle 2

  3. Participants • Team: • KUL (WP leader) Team: - Bart PRENEEL Bart PRENEEL - Jan CAPPAERT Jan CAPPAERT - Sebastian FAUST Sebastian FAUST - Thomas HERLEA Thomas HERLEA - Dries SCHELLEKENS Dries SCHELLEKENS - Brecht WYSEUR Brecht WYSEUR 3

  4. Participants • KUL (WP leader) • Gemalto • Team: Team: • Jean-Daniel AUSSEL Jean-Daniel AUSSEL • Jerome D’ANNOVILLE Jerome D’ANNOVILLE • Christian Cudonnec Christian Cudonnec 4

  5. Participants • KUL (WP leader) • Gemalto • UNITN - Team: Team: - Paolo TONELLA Paolo TONELLA - Mariano CECCATO Mariano CECCATO - Jasvir NAGRA Jasvir NAGRA - Milla DALLA PREDA Milla DALLA PREDA - Amitabh SAXENA Amitabh SAXENA 5

  6. Participants • KUL (WP leader) • Gemalto • UNITN • POLITO • Team: Team: • Stefano DI CARLO Stefano DI CARLO • Alberto SCIONTI Alberto SCIONTI 6

  7. Participants • KUL (WP leader) • Gemalto • UNITN • POLITO • Team: • SPIIRAS Team: • Igor KOTENKO Igor KOTENKO • Vasily DESNITSKY Vasily DESNITSKY 7

  8. T asks D3.2 M0 M3 M6 M9 M12 M15 M18 M21 M24 M27 M30 M33 M36 T3.1 T3.1 T3.2 T3.2 T3.3 T3.3 T3.4 T3.4 T3.5 T3.5 8

  9. T ask 3.2 M11 M12 M13 M14 M15 M16 M17 M18 M19 M20 M21 M22 M23 M24 M25 M26 T3.1 T3.1 T3.2 T3.2 T3.3 T3.3 T3.4 T3.4 T3.5 T3.5 9

  10. T3.2 T3.2 Hardware/Software Co-Obfuscation Use of light-weight hardware to ensure software confidentiality and software integrity • TPM, Smart card, … Developments • TPM assisted remote software entrusting (KUL) • FPGA-based remote entrusting (POLITO) • HW Barrier Slicing (UNITN) 10

  11. T3.2 T3.2 T3.2 Hardware/Software Co-Obfuscation TPM Assisted Remote Software Entrusting (KUL) Trusted computing approach: remote attestation Option Memory Hardware ROMs OS Network OS Application CRTM BIOS loader root of trust in integrity New OS trusted measurem Component TPM component ent measuri ng root of reporting trust in storing integrity values logging reporting 11 methods

  12. T3.2 T3.2 T3.2 Hardware/Software Co-Obfuscation TPM Assisted Remote Software Entrusting (KUL) Disadvantages of timing based attestation techniques • Constraints on verification function implementation • predictable execution time (interrupts, supervisor mode) • time-optimal • Known hardware configuration → hardware replacement attack • Network delays need to be incorporated → proxy attacks Minimal trade-off: assist software attestation with TPM features. 12

  13. T3.2 T3.2 T3.2 Hardware/Software Co-Obfuscation TPM Assisted Remote Software Entrusting (KUL) Enhanced solution: TPM tick stamping Untrusted Untrusted Trusted platform Trusted platform platform platform c := cksum(TS 1 ,M) c := cksum(TS 1 ,M) n TS 1 TS 1 := Sign TPM (n||t 1 ) M M M M TPM TPM TS 2 := Sign TPM (c||t 2 ) TS 2 h := hash(TS 2 ,P) h := hash(TS 2 ,P) h P P P P t 2 – t 1 < Δ t expected 13

  14. T3.2 T3.2 T3.2 Hardware/Software Co-Obfuscation TPM Assisted Remote Software Entrusting (KUL) Extensions: assistance for trusted OS loader • Include HW specifications (CPUID) in Tag • Simulate verification function at boot-time Publication • Dries Schellekens, and Brecht Wyseur, and Bart Preneel, “Remote Attestation on Legacy Operating Systems with Trusted Platform Modules”, In 1 st International Workshop on Run Time Enforcement for Mobile and Distributed Systems (REM 2007) • Dries Schellekens, and Brecht Wyseur, and Bart Preneel, “Remote Attestation on Legacy Operating Systems with Trusted Platform Modules”, Special Issue on Science of Computer Programming, 2008 14

  15. T3.2 T3.2 T3.2 Hardware/Software Co-Obfuscation FPGA-based remote entrusting (POLITO) • CLIENT System Architecture APPLICATION uses available services exported by the DRIVER • DRIVER manages communication between the application server and the authentication hardware • AUTHENTICATION MONITOR manages the application code hashing and encrypting operations 15

  16. T3.2 T3.2 T3.2 Hardware/Software Co-Obfuscation FPGA-based remote entrusting (POLITO) 1. At startup of the client application, a session key is established, using a key agreement protocol between the application server and the client machine. Optionally, the session key can be updated during the execution of the program. 2. The session key is used to computed a signature of the client application. 3. The server periodically sends to the hardware monitor an Authentication Request, and waits for the computed signature 4. The client receives the requests (on a socket interface implemented in the driver module) and forwards it to the hardware monitor 5. The hardware monitor computes the hash of the memory pages’ content related to the client application (code segment) directly accessing the computer’s memory and without relying on any system call. The only used information is the name of the target application used to determine the position of the application in memory 6. The hardware module computes the signature for the considered memory pages using the session key, and sends it to the server via the driver’s socket 7. The server compares the two signatures and determines whether it can already deliver the service to the client or not 16

  17. T3.2 T3.2 T3.2 Hardware/Software Co-Obfuscation FPGA-based remote entrusting (POLITO) Application Client Server session key agreement FPGA request hash sign sk (mem) service mem 17

  18. T3.2 T3.2 T3.2 Hardware/Software Co-Obfuscation Distributed Architecture (UNITN) Networ k Program P Trusted host Un-trusted host Card Reader Virtual secure channel 18

  19. T3.2 T3.2 T3.2 Hardware/Software Co-Obfuscation Program Transformation (UNITN) Un-trusted host: Smart card: • • X ∈ s |unsafe The barrier-slice is run • • The slice is fed with any input coming X uses are removed from the program from the host • They are replaced by a query to get the • Validity of the host is evaluated actual value from the card • • X values are provided as required X defs are replaced by synchronization statements • Synchronization with the host Smart card Un-trusted host 19

  20. T3.2 T3.2 T3.2 Hardware/Software Co-Obfuscation Empirical results (UNITN) Original Barrier slice client 858 120 14% Memory Network Threads 20

  21. T3.2 T3.2 T3.2 Hardware/Software Co-Obfuscation Empirical results (UNITN) • Barrier slicing is used to separate the security sensitive part of the application • Both centralized and distributed architectures are able to verify the client healthy execution • The distributed architecture has better scalability 15% memory 25% threads 8% network • The slice is small and can fit in a smart card (14% of the application) Mariano Ceccato, Jasvir Nagra, Paolo Tonella, “Distributed Trust Verification to Increase Application Performance”, In 16 th Euromicro Conference on Parallel, Distributed and Network-Based Processing, 2008 21

  22. Task 3.3 M11 M12 M13 M14 M15 M16 M17 M18 M19 M20 M21 M22 M23 M24 M25 M26 T3.1 T3.1 T3.2 T3.2 T3.3 T3.3 T3.4 T3.4 T3.5 T3.5 22

  23. T3.3 T3.3 T3.3 – Encrypted Code Execution (KUL - GEMALTO) Computing with Encrypted Data • State of the art study (Goldwasser- micali, Paillier cryptosystems, Boneh) B. Wyseur, M. Deng, and T. Herlea, “A Survey of Homomorphic Encryption Schemes”, COSIC internal report, 15 pages, 2007  Deliverable 3.3 (M30) • Relation with White-Box Remote Program Execution (T2.4) 23 Smart Dongle

  24. T3.3 T3.3 T3.3 Encrypted code execution Secure with hardware (GEMALTO) • Scope Study the opportunity to use a new hardware as a candidate platform for the project/task • Platform: USB Dongle: Smartcard + flash memory • Purpose: - Use the platform in the context of the T3.3 - Host the monitor locally in the USB Dongle 24

  25. T3.3 T3.3 T3.3 Encrypted code execution Secure with hardware (GEMALTO) • Evolution of the USB Dongle: no more hub Flash Memory USB Controller Connector SIM card 25

  26. T3.3 T3.3 T3.3 Encrypted code execution Secure with hardware (GEMALTO) Controlle Flash r Memory • USB Dongle: Partition CDROM Private Smart Card + CTRL Flash memory UICC ISO 7816 Smart Card 26

  27. T3.3 T3.3 T3.3 Encrypted code execution Secure with hardware (GEMALTO) • USB Dongle main features:  No installation, Zero footprint  Smartcard  Levels of trust - CD-ROM partition: no persistent tampering - Secure channel - Thumbprint mechanism to secure the application 27

  28. T3.3 T3.3 Untrusted computer Server Smartcard Trusted Application Service: Data Access Keys Cryptography Memory Thumbprints Property Monitor Analyzer Log service Application maintenance Releases Mgt Provide Report, or update shutdown propertie service s 28

  29. T3.3 T3.3 T3.3 Encrypted code execution Secure with hardware (GEMALTO) • Smart card entrusting of terminal applications Smart Card Untrusted Computer Trusted Application Service: Data Access Cryptography Properties Report Properties Monitor Analyzer Update Properties Keys Memory thumbprints Provide or shutdown service 29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

First year review WP4 overview Trento - September 24th, 2007 Goal of WP4 Trust and Security

First year review WP4 overview Trento - September 24th, 2007 Goal of WP4 Trust and Security

First year review WP4 overview Trento - September 24th, 2007 Goal of WP4 Trust and Security Analysis of the various SW-based and combined HW/SW-based methods for the RE-TRUST problem 2 Participants UNITN (WP leader) Team:

699 views • 27 slides
5-Year Review OCP Monitoring Program 5 Year Review Annual Review Five Year Review

5-Year Review OCP Monitoring Program 5 Year Review Annual Review Five Year Review

OFFICIAL COMMUNITY PLAN 5-Year Review OCP Monitoring Program 5 Year Review Annual Review Five Year Review Snapshot of progress Trends and forecasts 17 annual indicators Identification of policy implications for

925 views • 40 slides
Clustering ! Hierarchical methods ! Model-based methods ! Density-based methods 1 2 What is

Clustering ! Hierarchical methods ! Model-based methods ! Density-based methods 1 2 What is

Preview ! Introduction Lecture 10 ! Partitioning methods Clustering ! Hierarchical methods ! Model-based methods ! Density-based methods 1 2 What is Clustering? Examples of Clustering Applications ! Cluster: a collection of data objects !

301 views • 8 slides
Year-end results For the year ended 31 December 2016 Overview Financial review Portfolio review

Year-end results For the year ended 31 December 2016 Overview Financial review Portfolio review

Year-end results For the year ended 31 December 2016 Overview Financial review Portfolio review Summary Appendix KWE proven business model Unlocking value of under-resourced real estate Real estate operators 1. 2. Bottom up Active

875 views • 56 slides
A Review of Formal Methods : 200514170 : (T4) (T4)

A Review of Formal Methods : 200514170 : (T4) (T4)

A Review of Formal Methods : 200514170 : (T4) (T4) Contents INTRODUCTION INTRODUCTION DEFINITION AND OVERVIEW OF FORMAL METHODS SPECIFICATION METHODS LIFE CYCLES AND

317 views • 19 slides
First year review WP3 overview Trento - September 24th, 2007 Goal Investigate the combination

First year review WP3 overview Trento - September 24th, 2007 Goal Investigate the combination

First year review WP3 overview Trento - September 24th, 2007 Goal Investigate the combination of hardware- and software based software protection techniques in order to implement the remote entrusting principle Participants Team:

477 views • 37 slides
ST ST3 3 Ex Exper pert R t Review view Pane anel July 13, 2015 Ridership Forecasting

ST ST3 3 Ex Exper pert R t Review view Pane anel July 13, 2015 Ridership Forecasting

ST ST3 3 Ex Exper pert R t Review view Pane anel July 13, 2015 Ridership Forecasting Methods Overview Introduction Methods Base year development Incremental stages Relationship to other models and estimates

400 views • 11 slides
2019 USPS-R Fiscal Year-End Review 2019 Fiscal Year-End Review Please remember to follow the

2019 USPS-R Fiscal Year-End Review 2019 Fiscal Year-End Review Please remember to follow the

2019 USPS-R Fiscal Year-End Review 2019 Fiscal Year-End Review Please remember to follow the USPS-R Fiscal Year End Checklist when completing your fiscal year end process. 2 Pre-Closing-Overview Life Insurance Premium-NC1 Payments

807 views • 59 slides
Cross-cutting topics Part 1: SPPI Time-based methods Dorothee Blang Destatis Kat

Cross-cutting topics Part 1: SPPI Time-based methods Dorothee Blang Destatis Kat

Cross-cutting topics Part 1: SPPI Time-based methods Dorothee Blang Destatis Kat Pegler ONS Gert-Jan van Steeg - CBS Overview Introduction to time-based methods Weaknesses with methods UK application of methods and

376 views • 22 slides
Presentation FOR THE YEAR ENDED 30 JUNE 2017 1 1 Contents Group Review Portfolio Overview

Presentation FOR THE YEAR ENDED 30 JUNE 2017 1 1 Contents Group Review Portfolio Overview

Annual Results Presentation FOR THE YEAR ENDED 30 JUNE 2017 1 1 Contents Group Review Portfolio Overview FY17 Financial Review Case Studies Market Overview Looking Ahead Q&amp;A 2 Grit Team Presenters Bronwyn Corbett Chief

691 views • 52 slides
UOIT Third Year Review Part 1: The Process Part 2: Documentation 1 3 rd Year Review

UOIT Third Year Review Part 1: The Process Part 2: Documentation 1 3 rd Year Review

UOITFA Third Year Review Workshop 2019-05-21 UOIT Third Year Review Part 1: The Process Part 2: Documentation 1 3 rd Year Review Article 19 of the Collective Agreement Give feedback and advice to tenure- stream Faculty Members at

492 views • 11 slides
Tree-based Methods Here we describe tree-based methods for regression and classification.

Tree-based Methods Here we describe tree-based methods for regression and classification.

Tree-based Methods Here we describe tree-based methods for regression and classification. These involve stratifying or segmenting the predictor space into a number of simple regions. Since the set of splitting rules used to segment the

1.08k views • 55 slides
Tree-based Methods Here we describe tree-based methods for regression and classification.

Tree-based Methods Here we describe tree-based methods for regression and classification.

Tree-based Methods Here we describe tree-based methods for regression and classification. These involve stratifying or segmenting the predictor space into a number of simple regions. Since the set of splitting rules used to segment the

785 views • 51 slides
Scalable Methods for the Analysis of Network-Based Data MURI Project: University of California,

Scalable Methods for the Analysis of Network-Based Data MURI Project: University of California,

Scalable Methods for the Analysis of Network-Based Data MURI Project: University of California, Irvine Annual Review Meeting December 8 th 2009 Principal Investigator: Padhraic Smyth Todays Meeting Goals Review our research

553 views • 32 slides
Transition Year Overview November 2019 Transition Year Transition Year is a one year school

Transition Year Overview November 2019 Transition Year Transition Year is a one year school

Transition Year Overview November 2019 Transition Year Transition Year is a one year school based programme between Junior and Senior Cycle . It is designed to act as a bridge between the two by facilitating the smooth transition from

374 views • 11 slides
Year-End Closing Procedures Overview Calendar Year-End Closing Review New field in VENSCN

Year-End Closing Procedures Overview Calendar Year-End Closing Review New field in VENSCN

2015 Calendar Year-End Closing Procedures Overview Calendar Year-End Closing Review New field in VENSCN &amp; VENLOAD New extract program for 1099s Different Reference Materials TIN Error document IRS 2108A document TIN

351 views • 21 slides
Optimal round VSS with a non-interactive Dealer: VSS as a special case of VSR Yvo Desmedt The

Optimal round VSS with a non-interactive Dealer: VSS as a special case of VSR Yvo Desmedt The

Optimal round VSS with a non-interactive Dealer: VSS as a special case of VSR Yvo Desmedt The University of Texas at Dallas, USA and University College London,UK May 31, 2016 Yvo Desmedt c This is joint work with Kirill Morozov (Tokyo

762 views • 36 slides
Shielding Network Function on a Multi-Operator System using SGX FINSE May 9, 2018 Enio Marku

Shielding Network Function on a Multi-Operator System using SGX FINSE May 9, 2018 Enio Marku

Shielding Network Function on a Multi-Operator System using SGX FINSE May 9, 2018 Enio Marku Joint work with Gergely Biczok Outline Introduction Motivation Methodology Current work Future work 2 Introduction Phd at

784 views • 25 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer ESC 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

476 views • 33 slides
Process: From Question to Solution Develop Questions (Accomplished in a summer work session with

Process: From Question to Solution Develop Questions (Accomplished in a summer work session with

11/29/16 Science Program Review Board Update November 2016 Dr. Kevin McColgan STEM Coordinator Monica Bowman High School Science Teacher WHY National Research Council 2012 Findings on the State of Science Education and a

203 views • 7 slides
GILL, GODLONTON &amp; GERRANS The Insurers obligations in relation to the rights of third

GILL, GODLONTON &amp; GERRANS The Insurers obligations in relation to the rights of third

GILL, GODLONTON &amp; GERRANS The Insurers obligations in relation to the rights of third parties with specific reference to Life and motor-vehicle insurance policies. (Prepared by Herbert Mutasa-LLB (Hons) Zim, LLM (Insurance and Banking)

106 views • 7 slides
Masters thesis by Kristoffer Vinther Sorting Algorithms The Problem Given a set of

Masters thesis by Kristoffer Vinther Sorting Algorithms The Problem Given a set of

Masters thesis by Kristoffer Vinther Sorting Algorithms The Problem Given a set of elements, put them in non-decreasing order. Motivation Very commonly used as a subroutine in other algorithms (such as graph-, geometric-, and

401 views • 38 slides
Improving motivation and Do you ever wonder classroom participation with if your students:

Improving motivation and Do you ever wonder classroom participation with if your students:

Improving motivation and Do you ever wonder classroom participation with if your students: student response system technology. Are paying attention? Brian Rivest and Aaron Fried Are understanding what you have just discussed? Feel

340 views • 4 slides
ABILIT LINGUISTICHE PER IL CORSO DI LAUREA IN BIOLOGIA (1 anno, A.A. 2018-19) POWER POINT

ABILIT LINGUISTICHE PER IL CORSO DI LAUREA IN BIOLOGIA (1 anno, A.A. 2018-19) POWER POINT

ABILIT LINGUISTICHE PER IL CORSO DI LAUREA IN BIOLOGIA (1 anno, A.A. 2018-19) POWER POINT PRESENTATION 6 (12 e 15 aprile) Information about course on my home page: unica.it Facolt Facolt di Studi Umanistici Elenco docenti

1.04k views • 60 slides

More recommend