Security Through Amnesia: A Software-Based Solution to the Cold Boot Attack on Disk Encryption

Disk encryption has become an important security measure for a multitude of clients, including governments, corporations, activists, security-conscious professionals, and privacy-conscious individuals. Unfortunately, recent research has discovered an effective side channel attack against any disk mounted by a running machine\cite{princetonattack}. This attack, known as the cold boot attack, is effective against any mounted volume using state-of-the-art disk encryption, is relatively simple to perform for an attacker with even rudimentary technical knowledge and training, and is applicable to exactly the scenario against which disk encryption is primarily supposed to defend: an adversary with physical access. To our knowledge, no effective software-based countermeasure to this attack supporting multiple encryption keys has yet been articulated in the literature. Moreover, since no proposed solution has been implemented in publicly available software, all general-purpose machines using disk encryption remain vulnerable. We present Loop-Amnesia, a kernel-based disk encryption mechanism implementing a novel technique to eliminate vulnerability to the cold boot attack. We offer theoretical justification of Loop-Amnesia's invulnerability to the attack, verify that our implementation is not vulnerable in practice, and present measurements showing our impact on I/O accesses to the encrypted disk is limited to a slowdown of approximately 2x. Loop-Amnesia is written for x86-64, but our technique is applicable to other register-based architectures. We base our work on loop-AES, a state-of-the-art open source disk encryption package for Linux.Comment: 13 pages, 4 figure

From FPGA to ASIC: A RISC-V processor experience

This work document a correct design flow using these tools in the Lagarto RISC- V Processor and the RTL design considerations that must be taken into account, to move from a design for FPGA to design for ASIC

Implementación de una plataforma para tests de inyección de fallos mediante electromagnetismo contra SoCs basados en RISC-V

Trabajo de Fin de Grado en Ingeniería Informática, Facultad de Informática UCM, Departamento de Arquitectura de Computadores y Automática, Curso 2021/2022.The market of microcontrollers, CPUs, desktop and server computers has seen both numerous milestones achieved and new challenges arise in the last decade. With the RISCV ISA being introduced in 2010, a new set of possibilities and freedoms was unlocked. However, the overall necessity for security and resilient computers has increased, not only for consumer grade devices, but also for every other field. Hardware is oftentimes one of the most forgotten attack surfaces, due to several reasons like lack of ease-of-access, or the cost of research. In this document, we ask the question: “how well does the RISC-V architecture stand against physical harms?”. We also develop a novel device capable of doing Electromagnetic Fault Injection attacks while being a very affordable solution to build.El mercado de los microcontroladores, CPUs, ordenadores de escritorio y servidores ha alcanzado nuevas cotas y superado numerosos retos técnicos durante la última década. Con la aparición del conjunto de instrucciones RISC-V en 2010, llegó un nuevo mundo de posibilidades y libertades. Sin embargo, la necesidad creciente de ordenadores seguros y confiables también ha aumentado, tanto de cara al consumidor, como en otras partes de la industria. En numerosas ocasiones, los componentes hardware son los grandes olvidados a la hora de evaluar la seguridad de un sistema, debido a razones tales como la dificultad de acceder o manipular estos componentes, o el coste prohibitivo que conlleva modificar e investigar dichas partes. En este trabajo, se plantea la pregunta: «¿Cómo de bien resiste la arquitectura RISC-V frente a peligros físicos?». Para evaluar posibles respuestas, se desarrolla un dispositivo nóvel capaz de llevar a cabo ataques de inyección de fallos mediante electromagnetismo, con énfasis en obtener un dispositivo cuya fabricación sea asequible.Depto. de Arquitectura de Computadores y AutomáticaFac. de InformáticaTRUEunpu

Firmware Counterfeiting and Modification Attacks on Programmable Logic Controllers

Recent attacks on industrial control systems (ICSs), like the highly publicized Stuxnet malware, have perpetuated a race to the bottom where lower level attacks have a tactical advantage. Programmable logic controller (PLC) firmware, which provides a software-driven interface between system inputs and physically manifested outputs, is readily open to modification at the user level. Current efforts to protect against firmware attacks are hindered by a lack of prerequisite research regarding details of attack development and implementation. In order to obtain a more complete understanding of the threats posed by PLC firmware counterfeiting and the feasibility of such attacks, this research explores the vulnerability of common controllers to intentional firmware modifications. After presenting a general analysis process that takes advantage of various techniques and methodologies applied to similar scenarios, this work derives the firmware update validation method used for the Allen-Bradley ControlLogix PLC. A proof of concept demonstrates how to alter a legitimate firmware update and successfully upload it to a ControlLogix L61. Possible mitigation strategies discussed include digitally signed and encrypted firmware as well as preemptive and post-mortem analysis methods to provide protection. Results of this effort facilitate future research in PLC firmware security through direct example of firmware counterfeiting

Remote reconfiguration of FPGA-based wireless sensor nodes for flexible Internet of Things

Recently, sensor nodes in Wireless Sensor Networks (WSNs) have been using Field Programmable Gate Arrays (FPGA) for high-speed, low-power processing and reconfigurability. Reconfigurability enables adaptation of functionality and performance to changing requirements. This paper presents an efficient architecture for full remote reconfiguration of FPGA-based wireless sensors. The novelty of the work includes the ability to wirelessly upload new configuration bitstreams to remote sensor nodes using a protocol developed to provide full remote access to the flash memory of the sensor nodes. Results show that the FPGA can be remotely reconfigured in 1.35 s using a bitstream stored in the flash memory. The proposed scheme uses negligible amount of FPGA logic and does not require a dedicated microcontroller or softcore processor. It can help develop truly flexible IoT, where the FPGAs on thousands of sensor nodes can be reprogrammed or new configuration bitstreams uploaded without requiring physical access to the nodes. © 202

Prevention of Unauthorized Transport of Ore in Opencast Mines Using Automatic Number Plate Recognition

Security in mining is a primary concern, which mainly affects the production cost. An efficiently detecting and deterring theft will maximize the profitability of any mining organization. Many illegal transportation cases were registered in spite of rules imposed by central and state governments under Section 23 (c) of MMDR Act 1957. Use of an automated checkpoint gate based on license plate recognition and biometric fingerprint system for vehicle tracking enhances the security in mines. The method was tested on the number plates with various considerations like clean number plates, clean fingerprints, dusty and faded number plates, dusty fingerprints, and number plates captured by varying distance. By considering all the above conditions the pictures were processed by ANPR and bio-metric fingerprint modules. Vehicle license number plate was captured using a digital camera and the captured RGB image was converted to grayscale image. Thresholding was done to remove unwanted areas from the grayscale image. The characters of the number plate were segmented using Gabor filter. A track-sector matrix was generated by considering the number of pixels in each region and was matched with existing template to identify the character. The fingerprint scans the finger and matches with the template created at the time of fingerprint registration at the machine. The micro-controller accepted the processed output in binary form from ANPR and bio-metric fingerprint system. The micro-controller processed the binary output and the checkpoint gate was closed/open based on the output provided by the microcontroller to motor driver

Design and construction of a configurable full-field range imaging system for mobile robotic applications

Mobile robotic devices rely critically on extrospection sensors to determine the range to objects in the robot’s operating environment. This provides the robot with the ability both to navigate safely around obstacles and to map its environment and hence facilitate path planning and navigation. There is a requirement for a full-field range imaging system that can determine the range to any obstacle in a camera lens’ field of view accurately and in real-time. This paper details the development of a portable full-field ranging system whose bench-top version has demonstrated sub-millimetre precision. However, this precision required non-real-time acquisition rates and expensive hardware. By iterative replacement of components, a portable, modular and inexpensive version of this full-field ranger has been constructed, capable of real-time operation with some (user-defined) trade-off with precision