Time Protection: the Missing OS Abstraction

Timing channels enable data leakage that threatens the security of computer systems, from cloud platforms to smartphones and browsers executing untrusted third-party code. Preventing unauthorised information flow is a core duty of the operating system, however, present OSes are unable to prevent timing channels. We argue that OSes must provide time protection in addition to the established memory protection. We examine the requirements of time protection, present a design and its implementation in the seL4 microkernel, and evaluate its efficacy as well as performance overhead on Arm and x86 processors

Practical Traffic Analysis Attacks on Secure Messaging Applications

Instant Messaging (IM) applications like Telegram, Signal, and WhatsApp have become extremely popular in recent years. Unfortunately, such IM services have been targets of continuous governmental surveillance and censorship, as these services are home to public and private communication channels on socially and politically sensitive topics. To protect their clients, popular IM services deploy state-of-the-art encryption mechanisms. In this paper, we show that despite the use of advanced encryption, popular IM applications leak sensitive information about their clients to adversaries who merely monitor their encrypted IM traffic, with no need for leveraging any software vulnerabilities of IM applications. Specifically, we devise traffic analysis attacks that enable an adversary to identify administrators as well as members of target IM channels (e.g., forums) with high accuracies. We believe that our study demonstrates a significant, real-world threat to the users of such services given the increasing attempts by oppressive governments at cracking down controversial IM channels. We demonstrate the practicality of our traffic analysis attacks through extensive experiments on real-world IM communications. We show that standard countermeasure techniques such as adding cover traffic can degrade the effectiveness of the attacks we introduce in this paper. We hope that our study will encourage IM providers to integrate effective traffic obfuscation countermeasures into their software. In the meantime, we have designed and deployed an open-source, publicly available countermeasure system, called IMProxy, that can be used by IM clients with no need for any support from IM providers. We have demonstrated the effectiveness of IMProxy through experiments

Comparative Analysis of Leakage Tools on Scalable Case Studies

International audienceQuantitative security techniques have been proven effective to measure the security of systems against various types of attackers. However, such techniques are often tested against small-scale academic examples. In this paper we use analyze two scalable, real life privacy case studies: the privacy of the energy consumption data of the users of a smart grid network and the secrecy of the voters' voting preferences with different types of voting protocols. We analyze both case studies with three state-of-the-art information leakage computation tools: LeakWatch, Moped-QLeak, and our tool QUAIL equipped with a new trace analysis algorithm. We highlight the relative advantages and drawbacks of the tools and compare their usability and effectiveness in analyzing the case studies

Evaluación de la seguridad de sistemas embebidos ante ataques EMA

Los sistemas embebidos de bajo consumo y alto rendimiento, cuya principal aplicación son los dispositivos portátiles tales como: teléfonos móviles, tabletas, consolas de juego, reproductores de música, lectores de libros etc. han experimentado un tremendo auge en los últimos años. Estos dispositivos, además de contener información confidencial (contraseñas, fotos, números de teléfono…) permiten, en su gran mayoría, realizar operaciones bajo redes inalámbricas poco seguras: como transacciones, envío de datos, acceso a cuentas personales etc. Por tanto, se hace imprescindible el análisis del nivel de seguridad alcanzado por estos dispositivos. Sin embargo, a la espera de futuros desarrollos de la estadística, todavía no existe un marco de evaluación de la seguridad totalmente satisfactorio e internacionalmente reconocido. Así por primera vez en este trabajo se evalúa la seguridad relativa de varios microprocesadores representativos del mercado de aplicaciones embebidas de bajo consumo, comparando su respuesta ante un ataque por canal lateral electromagnético. Los dispositivos seleccionados para su evaluación son: 8051 con arquitectura de 8 bits evolucionada (C8051F303 de Silicon Labs). ARM7TDMI-S de 32 bits (LPC2124 de NXP). Dos ARMCortexM3 de 32 bits nunca antes analizados ante ataques por canal lateral: con diseño de alto rendimiento (LPC1769 de NXP) y bajo consumo (STM32L152 de STMicroelectronics). Para la realización de los experimentos se desarrolla un setup propio de medida, altamente automatizado, robusto ante vibraciones y con una capacidad de muestreo superior a lo publicado hasta ahora en la bibliografía. También se propone una nueva métrica para comparar la respuesta de los dispositivos ante ataques por canal lateral, y que se apoya en la correlación estadística. Uno de los elementos cruciales en un ataque por canal lateral electromagnético es el dispositivo o sonda de medida. Las publicaciones de autores que sugieren la utilización de algún tipo de sonda, no aportan datos concluyentes. Este trabajo compara de forma novedosa la respuesta de tres tipos de sondas: dos fabricadas y comercializadas por Electrometrics EM6995 y Langer MFA-R y una tercera fabricada ad-hoc, y manualmente. Como resultado se concluye que cualquier tipo de sonda es factible de ser usada en un ataque electromagnético, aunque son mejores aquellas de alta precisión como la MFA-R de cabeza milimétrica y preamplificador integrado, que sin embargo requieren una preparación y un setup más elaborado. Como resultado final del estudio, se concluye que los dispositivos actuales ARM Cortex M3, ofrecen una seguridad inherente muy superior a la de otros microprocesadores de diseño menos elaborado, y en consecuencia es recomendable usarlos para aquellas aplicaciones cuyos requisitos de seguridad sean elevados. -------------The low power and high performance embedded systems used in mobile devices like mobile phones, tablet computers, music readers, handheld game consoles, book readers… have achieved a great success in the last years. These devices contain confidence information (keys, photographs, telephone numbers…) and usually let us doing operations over unsafe wireless networks: banking transactions, sending data, accessing to personal accounts etc. In consequence, the analysis of the security level reached by these devices is indispensable. However, there isn’t a satisfactory and internationally recognized methodology to assess security. For first time, this work assesses the relative security of several representative low power embedded microprocessors, comparing their response against Electromagnetic Side Channel Attack. The selected devices for this evaluation are: 8051 with new 8 bits architecture (Silicon Labs C8051F303). ARM7TDMI-S of 32 bits (NXP LPC2124). Two 32 bits ARMCortexM3 never before analysed against Side Channel Attacks: with high performance (NXP LPC1769) and low power specifications (STMicroelectronics STM32L152). A measurement setup has been developed to carry out this study. It’s highly automatized, robustly against vibrations and with a higher sampling rate than rest of setups showed in bibliography. Also, a new metric is proposed. It allows to compare device response against correlation side channel attack using statistical correlation. One of the essential elements of an electromagnetic side channel attack is the near field probe. The authors, whose studies suggest the use of some type of probe, do not include conclusion results. This work compares the response of three probes in a new way: Electrometrics EM6995, Langer MFA-R and ones handmade. It concludes that any type of probe is useful in an electromagnetic attack, although the use of high precision probes is recommended. For example, the MFA-R with tiny head and integrated preamplifier. Nevertheless, it requires more training and a precise setup. This study finds out that the updated devices ARM Cortex M3, have a very high security, higher than traditional ones. Therefore, the use of this type of devices in sensitive applications is advisable