secure swarm attestation for iot networks
play

Secure Swarm Attestation for IoT Networks Ada Diop (Orange Labs - - PowerPoint PPT Presentation

Mar 15, 2023 •330 likes •528 views

Secure Swarm Attestation for IoT Networks Ada Diop (Orange Labs - Tlcom SudParis) 12/02/2019 interne France Tlcom - Orange Trust in Remote Devices: example A sensor sends the following message over a Bluetooth, BLE or Thread

  1. Secure Swarm Attestation for IoT Networks Aïda Diop (Orange Labs - Télécom SudParis) 12/02/2019 interne France Télécom - Orange

  2. Trust in Remote Devices: example  A sensor sends the following message over a Bluetooth, BLE or Thread network: Name : temperature ; Value: 23.5; Units: Celsius ; Timestamp: 152647893,3  Can it be trusted ? Interne Orange interne France Télécom - Orange

  3. Trust in Remote Devices: example  Problem 1 : Network adversary can read and tamper with communications Interne Orange interne France Télécom - Orange

  4. Trust in Remote Devices: example  Problem 1 : network adversary can read and tamper with communications  Solution : communication over authenticated channel Interne Orange interne France Télécom - Orange

  5. Trust in Remote Devices: example  Problem 2 : Malware Injection: change state of devices, modify behaviour. Interne Orange interne France Télécom - Orange

  6. Trust in Remote Devices: example  Problem 2: IoT Malware attacks https://www.cbsnews.com/news/stuxnet-computer-worm-opens-new-era-of-warfare-04-06-2012/ https://dyn.com/blog/dyn-analysis-summary-of-friday-october-21-attack/ Interne Orange interne France Télécom - Orange

  7. Remote Attestation  Problem 2 : Malware Injection  Solution : Remote Attestation – Interactive protocol between a prover and a verifier. – Verifier attests of the current state of the prover. Attestation report Verifier Prover Internal state measurement Interne Orange interne France Télécom - Orange

  8. Remote Attestation  Properties: – Authenticity : protocol represents the real state of the system. – Freshness : protocol represents the current state of the system. Verifier Prover Root of trust Internal state measurement Interne Orange interne France Télécom - Orange

  9. Hardware VS Software-based Attestation  Hardware-based attestation: – Hardware module: Trusted Platform Module (TPM) ; – Platform Configuration Registers (PCRs) stores platform «state» measurement; – Stores cryptographic secrets in hardware; – Limitations: – Requires a root of trust for measurement; – Expensive hardware for low-power devices; – Attestation measurement during initial software loading only.  Software-based attestation: – No secret stored on prover’s platform; – Limitations: – Unrealistic security assumptions: passive adversary; – Weak security guarantees; – Verifier must always the know the exact configuration of the device; – Requires authenticated channel (e.g. physical connection). Interne Orange interne France Télécom - Orange

  10. Hybrid Attestation  Minimal hardware requirement: – Read-only memory (ROM) that stores cryptographic keys and the attestation protocol. – Memory-protection unit (MPU) that controls access to the restricted data in the ROM. Prover Verifier Challenge c Verification code Secure storage attReport = H(mem, c) Application code  Practical implementations: SMART[1] & TrustLite[2] Interne Orange interne France Télécom - Orange

  11. Remote Attestation: application to IoT  Problems: – Single prover – single verifier scenario: efficiency and scalability issues. – Unfeasible to attest millions of devices one device at a time.  Solution : Swarm attestation . Attestation report Verifier Prover Internal state measurement Interne Orange interne France Télécom - Orange

  12. Swarm Attestation: Model Attestation process where all devices in the network collaborate to produce a single attestation report for the verifier. Verifier Attest(attReport) = 0 or 1 attReport = D1 attReport = D2 attReport+(s1) attReport+(s2) attReport = attReport = attReport = D4 D5 D3 attReport+(s3) attReport+(s4) attReport+(s5) Interne Orange interne France Télécom - Orange

  13. Swarm Attestation: Properties  Functionality : – Network topology: static, quasi-static or dynamic; – Architecture: software – hardware – hybrid; – Attestation model: interactive VS non-interactive.  Security & Privacy : – Authenticity & Integrity of the attestation process; – Adversary type: network adversary, remote malware injection, or physical adversary; – Adversary’s power: read communication, modify attestation, falsify internal state; – Underlying cryptographic primitive: symmetric or asymmetric scheme.  Implementation : – Topology of the network: computational complexity, memory footprint; – Simulation criteria: number of devices, underlying hardware. Interne Orange interne France Télécom - Orange

  14. Swarm Attestation: Attacks  Network attacker: – Eavesdrop on communication routes in the swarm; – Read/re-order partial attestation result; – Drop attestation report packets in the network.  Remote attacker : – Corrupt devices offline in order to « trick » secure boot; – Inject malware in devices in the swarm; – Perform DoS attacks on devices/provers therefore compromising the overall attestation process.  Physical attacker : – Physically remove a device from the swarm therefore compromising result of the swarm attestation; – Retrieve cryptographic keys from a target device thus generating valid attestation for said device. Interne Orange interne France Télécom - Orange

  15. Swarm Attestation: Solutions  Scalable Secure Embedded Device Attestation ( SEDA )[3]: – First swarm attestation solution based on hybrid model; – Offline phase: device initalisation – Online phase: attestation generation.  Lightweight swarm attestation ( LISA )[4]: – Lightweight alternative to SEDA; – Provides classification of swarm attestation models.  Secure non-interactive attestation for embedded devices ( SeED )[5]: – Non-interactive attestation protocol; – Mitigates against DoS attacks.  Scalable attestation protocol to detect software and physical attacks ( SCAPI )[6]: – Mitigates against physical attacks.  Secure and scalable aggregate network attestation ( SANA )[7]: – Attestation protocol based on asymmetric primitives (aggregated signatures verifiable in constant time); – Formal security proof. Interne Orange interne France Télécom - Orange

  16. Swarm Attestation Solutions: Limitations  Scalability . Attestation aggregation done by first computing the verification function (MAC or signature) on individual software binaries, and then aggregating said functions (either using the built-in aggregation mechanism (e.g. SANA), or using an XOR) for all devices in the swarm.  Privacy . No existing attestation protocol that caters to privacy concerns. (Limitation for use cases such as VaNET).  Security . – Mitigation techniques against DoS attacks against the prover are still limited; – Only SANA provides a formal security proof.  Performance . Need for a model that finds a trade- off between devices’ computational capabilities and security needs. Interne Orange interne France Télécom - Orange

  17. Direct Anonymous Attestation (DAA)  Direct Anonymous Attestation (DAA) . Introduced by Brickell et al. [8] EK, DAA DAA Issuer Prover Membership credential (group TPM key) Anonymous Signature of the Verifier attestation  Variant of a group signature scheme with efficient zero-knowledge proofs;  Secure hardware (TPM) to create and store cryptographic keys;  Privacy-preserving attestation scheme that conceals the identity of provers. Interne Orange interne France Télécom - Orange

  18. New Solution based on Direct Anonymous Attestation  DAA-based solution : – Avoid targeted attacks on device identity – application to networks such as Vehicular Ad-hoc Networks (VaNET); – Non-interactive attestation protocol that mitigates DoS attacks.  Scalability: – Construction based on aggregate signatures thus providing better efficiency and scalability.  Privacy: – Scheme does not reveal the structure of the network (conceals identities of individual devices).  Security: – Formal security proof and security based on standard cryptographic assumptions. Interne Orange interne France Télécom - Orange

  19. References  [1] Eldefrawy, K., Tsudik, G., Francillon, A., Perito, D.: SMART: secure and minimal architecture for (establishing dynamic) root of trust.  [2] Koeberl, P., Schulz, S., Sadeghi, A., Varadharajan, V.: Trustlite: a security architecture for tiny embedded devices.  [3] Asokan, N., Brasser, F.F., Ibrahim, A., Sadeghi, A., Schunter, M., Tsudik, G.Wachsmann, C.: SEDA: scalable embedded device attestation.  [4] Carpent, X., Defrawy, K.E., Rattanavipanon, N., Tsudik, G.: Lightweight swarm attestation: A tale of two lisa-s.  [5] Ibrahim, A., Sadeghi, A., Zeitouni, S.: Seed: secure non-interactive attestation for embedded devices.  [6] Kohnhauser, F., Buscher, N., Gabmeyer, S., Katzenbeisser, S.: SCAPI: a scalable attestation protocol to detect software and physical attacks.  [7] Ambrosin, M., Conti, M., Ibrahim, A., Neven, G., Sadeghi, A., Schunter, M.: SANA: secure and scalable aggregate network attestation.  [8] Ernest F. Brickell, Jan Camenisch, Liqun Chen: Direct anonymous attestation. Interne Orange interne France Télécom - Orange

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

MCUBoot Attestation David Brown What is MCUboot MCUboot Secure bootloader Its History

MCUBoot Attestation David Brown What is MCUboot MCUboot Secure bootloader Its History

MCUBoot Attestation David Brown What is MCUboot MCUboot Secure bootloader Its History Manages signed images Handles updates, maintaining security Currently, custom manifest (SUIT maybe some day) What is TF-M Reference

91 views • 8 slides
Obtaining Provably Secure Services from Formally Verified Remote Attestation Gene Tsudik 1 Joint

Obtaining Provably Secure Services from Formally Verified Remote Attestation Gene Tsudik 1 Joint

Obtaining Provably Secure Services from Formally Verified Remote Attestation Gene Tsudik 1 Joint work with: Ivan De Oliveira Nunes 1 , Karim Eldefrawy 2 , Norrathep Rattanavipanon 1 University of California Irvine 1 , SRI International 2 1 In

847 views • 48 slides
visualizing security boundaries in docker swarm overlay networks Mode for managing a cluster

visualizing security boundaries in docker swarm overlay networks Mode for managing a cluster

Marcel Brouwers July 3, 2017 Master of System and Network Engineering University of Amsterdam Supervisor: Esan Wit visualizing security boundaries in docker swarm overlay networks Mode for managing a cluster of docker nodes The Swarm

743 views • 31 slides
BEHAVIORAL HEALTH AGENCY (BHA)- LICENSING, ATTESTATION, AND DEEMING Attestation for Substance

BEHAVIORAL HEALTH AGENCY (BHA)- LICENSING, ATTESTATION, AND DEEMING Attestation for Substance

BEHAVIORAL HEALTH AGENCY (BHA)- LICENSING, ATTESTATION, AND DEEMING Attestation for Substance Use Disorder (SUD) Services DOH agrees that an attestation process for SUD services should be an option The attestation process for SUD

474 views • 8 slides
PSA APIs An overview Attestation API 1.0.1 we are in the process of dropping a new

PSA APIs An overview Attestation API 1.0.1 we are in the process of dropping a new

PSA APIs An overview Attestation API 1.0.1 we are in the process of dropping a new release which allows signing using symmetric attestation keys (using COSE Mac0) Fully documented in ARM IHI 0085 TF-M master is slightly behind the

542 views • 17 slides
Attestation (RATS/EAT) Overview Laurence Lundblade February 2020 Entity Attestation Good

Attestation (RATS/EAT) Overview Laurence Lundblade February 2020 Entity Attestation Good

Attestation (RATS/EAT) Overview Laurence Lundblade February 2020 Entity Attestation Good Devices Token Chip & device manufacturer Banking risk engine IoT backend Device ID (e.g. serial number) Boot state, debug state

956 views • 34 slides
SWARM INTELLIGENCE SWARM INTELLIGENCE Ross Moon CSCI 446: Artificial Intelligence OVERVIEW

SWARM INTELLIGENCE SWARM INTELLIGENCE Ross Moon CSCI 446: Artificial Intelligence OVERVIEW

SWARM INTELLIGENCE SWARM INTELLIGENCE Ross Moon CSCI 446: Artificial Intelligence OVERVIEW What is Swarm Intelligence Swarms in Nature Ants Birds Ant Colony Optimization Particle Swarm Optimization WHAT IS

518 views • 26 slides
Ubiquitous and Secure Networks and Services Ubiquitous and Secure Networks and Services

Ubiquitous and Secure Networks and Services Ubiquitous and Secure Networks and Services

Ubiquitous and Secure Networks and Services: SunSpot Development Platform Ubiquitous and Secure Networks and Services Ubiquitous and Secure Networks and Services Ubiquitous and Secure Networks and Services Ubiquitous and Secure Networks and

489 views • 25 slides
Optimization of swarm robotic inspection - Micro with different learning schemes Course project

Optimization of swarm robotic inspection - Micro with different learning schemes Course project

Optimization of swarm robotic inspection - Micro with different learning schemes Course project presentation Swarm Intelligence EPFL Lausanne Switzerland February the 6 2006 Vincent Cattin & Nils Raning The blade experiment A swarm of

462 views • 9 slides
Swarm Behavior in AI BY ANDREW YOUNG Swarm Behavior in Nature - Ants Pheromones - Bees

Swarm Behavior in AI BY ANDREW YOUNG Swarm Behavior in Nature - Ants Pheromones - Bees

Swarm Behavior in AI BY ANDREW YOUNG Swarm Behavior in Nature - Ants Pheromones - Bees Dancing Deciding - Particles Best outcome Ant Colony Optimization Concept Finding best, shortest, path V i,g = X r0,g + F(X r1,g

669 views • 17 slides
Ant Colony Optimization EDWIN WONG PHILLIP SUMMERS ROSALYN KU PATRICK XIE PIC 10C SPRING 2011

Ant Colony Optimization EDWIN WONG PHILLIP SUMMERS ROSALYN KU PATRICK XIE PIC 10C SPRING 2011

Ant Colony Optimization EDWIN WONG PHILLIP SUMMERS ROSALYN KU PATRICK XIE PIC 10C SPRING 2011 Swarm Intelligence Swarms Swarm of bees Ant colony as swarm of ants Flock of birds as swarm of birds Traffic as swarm of cars

523 views • 14 slides
Communication of Swarm Robots Lennart Manthey December 5, 2016 Lennart Manthey Swarm Robots

Communication of Swarm Robots Lennart Manthey December 5, 2016 Lennart Manthey Swarm Robots

Communication of Swarm Robots Lennart Manthey December 5, 2016 Lennart Manthey Swarm Robots December 5, 2016 1 / 27 Contents Swarm 1 GUARDIANS 2 Designing a Swarming Algorithm 3 Additional Behaviour 4 Conclusion 5 Lennart Manthey

470 views • 27 slides
Swarm Robotics an overview Vito Trianni, PhD Institute of Cognitive Sciences and

Swarm Robotics an overview Vito Trianni, PhD Institute of Cognitive Sciences and

Swarm Robotics an overview Vito Trianni, PhD Institute of Cognitive Sciences and Technologies National Research Council vito.trianni@istc.cnr.it swarm robotics swarm robotics studies robotic systems composed of a multitude

971 views • 70 slides
Swarm Swarm Intelligence Intelligence Systems Systems

Swarm Swarm Intelligence Intelligence Systems Systems

Swarm Swarm Intelligence Intelligence Systems Systems Christian Jacob Christian Jacob jacob@cpsc.ucalgary.ca Department of Computer Science University

692 views • 25 slides
1 Raid Patterns of Army Ants Raid Patterns of Army Ants An example of powerful,

1 Raid Patterns of Army Ants Raid Patterns of Army Ants An example of powerful,

Introduction What is swarm intelligence ? Swarm Intelligence (SI) is the property of a system whereby Swarm Intelligence: From Natural to the collective behaviors of (unsophisticated) agents interacting Artificial Systems locally with

453 views • 6 slides
Secure Routing for Mobile Ad hoc Networks Panagiotis Papadimitratos & Zygmunt J. Haas

Secure Routing for Mobile Ad hoc Networks Panagiotis Papadimitratos & Zygmunt J. Haas

Secure Routing for Mobile Ad hoc Networks Panagiotis Papadimitratos & Zygmunt J. Haas Presented by Leland Smith CS 6204, Spring 2005 1 Overview What are MANETs? Motivation Secure Routing Protocol Protocol Description

560 views • 15 slides
Mitigation Regulations Workshop Thursday, September 19, 2019 SEP Kelly McGowan, Program Manager

Mitigation Regulations Workshop Thursday, September 19, 2019 SEP Kelly McGowan, Program Manager

Mitigation Regulations Workshop Thursday, September 19, 2019 SEP Kelly McGowan, Program Manager Katie Andrle, NDOW Dan Huser, NDF Ethan Mower, NDA Kathleen Petter, NDSL Brief History NRS 232.162 provides authority for the Sagebrush

460 views • 11 slides
Certified Energy Savings Verifier CESV Certification Thomas K. Dreessen 2019 ACEF DDW

Certified Energy Savings Verifier CESV Certification Thomas K. Dreessen 2019 ACEF DDW

Certified Energy Savings Verifier CESV Certification Thomas K. Dreessen 2019 ACEF DDW Workshop Chairman & CEO 17 June 2019 EPS Capital Corp. Manila, Philippines Long Standing Energy Efficiency (EE) Barriers EE Projects (EEPs)

488 views • 12 slides
I t is not uncommon for patent offices to issue defective parties can initiate a reexamination on

I t is not uncommon for patent offices to issue defective parties can initiate a reexamination on

JAPAN: PATENT VALIDITY Lawyers familiar with US rules on patent invalidation may find some familiar parallels, and some key differences, in the Japanese system. Yoshinari Kishimoto of Sughrue Mion provides a comparative guide How to challenge

392 views • 3 slides
Sick and Vacation Leave Benefits Policies Work Group Report Committee of the Whole JUNE 14, 2017

Sick and Vacation Leave Benefits Policies Work Group Report Committee of the Whole JUNE 14, 2017

CITY OF MINNEAPOLIS Sick and Vacation Leave Benefits Policies Work Group Report Committee of the Whole JUNE 14, 2017 Charge to Work Group May 2016 Internal Audit report: P otential risks/costs related to extended use of sick and vacation

468 views • 9 slides
UPPAAL (Reading) Stefaan Kenis Overview o Introduction o Structure o User Interface o Properties

UPPAAL (Reading) Stefaan Kenis Overview o Introduction o Structure o User Interface o Properties

UPPAAL (Reading) Stefaan Kenis Overview o Introduction o Structure o User Interface o Properties o Performance o Future work Introduction o Universities of UPPsala (Sweden) and AALborg (Denmark) o Modeling, simulation and verification o

352 views • 12 slides
Detroit Integrated Transportation Campus Shane Goodman Construction Management AE Senior

Detroit Integrated Transportation Campus Shane Goodman Construction Management AE Senior

Detroit Integrated Transportation Campus Shane Goodman Construction Management AE Senior Thesis 2009 OUTLINE DITC Overview Prefab with Precast Brick Panels Modularization of Interior Walls Designing the Design Model Acknowledgments

642 views • 30 slides
Francisco General Hospital and Trauma Center Michael Bade Associate Vice Chancellor Campus

Francisco General Hospital and Trauma Center Michael Bade Associate Vice Chancellor Campus

UCSF Research and Academic Building at Zuckerberg San Francisco General Hospital and Trauma Center Michael Bade Associate Vice Chancellor Campus Architect University of California, San Francisco March 5, 2019 Site Plan: UCSF Research and

348 views • 4 slides
VC PRESENTATION TO THE GENERAL GATHERING OF WEDNESDAY 25 TH SEPTEMBER 2019 Motivations of the

VC PRESENTATION TO THE GENERAL GATHERING OF WEDNESDAY 25 TH SEPTEMBER 2019 Motivations of the

VC PRESENTATION TO THE GENERAL GATHERING OF WEDNESDAY 25 TH SEPTEMBER 2019 Motivations of the presentation 1. INES has reached a very pleasant position (programs, performance, projects, network and discipline). 2. Last years academic

235 views • 4 slides

More recommend