6,790 research outputs found
Sphinx: A Secure Architecture Based on Binary Code Diversification and Execution Obfuscation
Sphinx, a hardware-software co-design architecture for binary code and
runtime obfuscation. The Sphinx architecture uses binary code diversification
and self-reconfigurable processing elements to maintain application
functionality while obfuscating the binary code and architecture states to
attackers. This approach dramatically reduces an attacker's ability to exploit
information gained from one deployment to attack another deployment. Our
results show that the Sphinx is able to decouple the program's execution time,
power and memory and I/O activities from its functionality. It is also
practical in the sense that the system (both software and hardware) overheads
are minimal.Comment: Boston Area Architecture 2018 Workshop (BARC18
Sphinx: a secure architecture based on binary code diversification and execution obfuscation
Sphinx, a hardware-software co-design architecture for binary code and runtime obfuscation. The Sphinx architecture uses binary code diversification and self-reconfigurable processing elements to maintain application functionality while obfuscating the binary code and architecture states to attackers. This approach dramatically reduces an attacker’s ability to exploit information gained from one deployment to attack another deployment. Our results show that the Sphinx is able to decouple the program’s execution time, power and memory and I/O activities from its functionality. It is also practical in the sense that the system (both software and hardware) overheads are minimal.Published versio
Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves
Intel Software Guard Extension (SGX) offers software applications enclave to
protect their confidentiality and integrity from malicious operating systems.
The SSL/TLS protocol, which is the de facto standard for protecting
transport-layer network communications, has been broadly deployed for a secure
communication channel. However, in this paper, we show that the marriage
between SGX and SSL may not be smooth sailing.
Particularly, we consider a category of side-channel attacks against SSL/TLS
implementations in secure enclaves, which we call the control-flow inference
attacks. In these attacks, the malicious operating system kernel may perform a
powerful man-in-the-kernel attack to collect execution traces of the enclave
programs at page, cacheline, or branch level, while positioning itself in the
middle of the two communicating parties. At the center of our work is a
differential analysis framework, dubbed Stacco, to dynamically analyze the
SSL/TLS implementations and detect vulnerabilities that can be exploited as
decryption oracles. Surprisingly, we found exploitable vulnerabilities in the
latest versions of all the SSL/TLS libraries we have examined.
To validate the detected vulnerabilities, we developed a man-in-the-kernel
adversary to demonstrate Bleichenbacher attacks against the latest OpenSSL
library running in the SGX enclave (with the help of Graphene) and completely
broke the PreMasterSecret encrypted by a 4096-bit RSA public key with only
57286 queries. We also conducted CBC padding oracle attacks against the latest
GnuTLS running in Graphene-SGX and an open-source SGX-implementation of mbedTLS
(i.e., mbedTLS-SGX) that runs directly inside the enclave, and showed that it
only needs 48388 and 25717 queries, respectively, to break one block of AES
ciphertext. Empirical evaluation suggests these man-in-the-kernel attacks can
be completed within 1 or 2 hours.Comment: CCS 17, October 30-November 3, 2017, Dallas, TX, US
Understanding and Countermeasures against IoT Physical Side Channel Leakage
With the proliferation of cheap bulk SSD storage and better batteries in the last few years we are experiencing an explosion in the number of Internet of Things (IoT) devices flooding the market, smartphone connected point-of-sale devices (e.g. Square), home monitoring devices (e.g. NEST), fitness monitoring devices (e.g. Fitbit), and smart-watches. With new IoT devices come new security threats that have yet to be adequately evaluated. We propose uLeech, a new embedded trusted platform module for next-generation power scavenging devices. Such power scavenging devices are already widely deployed. For instance, the Square point-of-sale reader uses the microphone/speaker interface of a smartphone for communications and as a power supply. Such devices are being used as trusted devices in security-critical applications, without having been adequately evaluated. uLeech can securely store keys and provide cryptographic services to any connected smartphone. Our design also facilitates physical side-channel security analysis by providing interfaces to facilitate the acquisition of power traces and clock manipulation attacks. Thus uLeech empowers security researchers to analyze leakage in next- generation embedded and IoT devices and to evaluate countermeasures before deployment. Even the most secure systems reveal their secrets through secret-dependent computation. Secret- dependent computation is detectable by monitoring a system’s time, power, or outputs. Common defenses to side-channel emanations include adding noise to the channel or making algorithmic changes to mitigate specific side-channels. Unfortunately, existing solutions are not automatic, not comprehensive, or not practical. We propose an isolation-based approach for eliminating power and timing side-channels that is automatic, comprehensive, and practical. Our approach eliminates side-channels by leveraging integrated decoupling capacitors to electrically isolate trusted computation from the adversary. Software has the ability to request a fixed- power/time quantum of isolated computation. By discretizing power and time, our approach controls the granularity of side-channel leakage; the only burden on programmers is to ensure that all secret-dependent execution differences converge within a power/time quantum. We design and implement three approaches to power/time-based quantization and isolation: a wholly-digital version, a hybrid version that uses capacitors for time tracking, and a full- custom version. We evaluate the overheads of our proposed controllers with respect to software implementations of AES and RSA running on an ARM- based microcontroller and hardware implementations AES and RSA using a 22nm process technology. We also validate the effectiveness and real-world efficiency of our approach by building a prototype consisting of an ARM microcontroller, an FPGA, and discrete circuit components. Lastly, we examine the root cause of Electromagnetic (EM) side-channel attacks on Integrated Circuits (ICs) to augment the Quantized Computing design to mitigate EM leakage. By leveraging the isolation nature of our Quantized Computing design, we can effectively reduce the length and power of the unintended EM antennas created by the wire layers in an IC
Securing Real-Time Internet-of-Things
Modern embedded and cyber-physical systems are ubiquitous. A large number of
critical cyber-physical systems have real-time requirements (e.g., avionics,
automobiles, power grids, manufacturing systems, industrial control systems,
etc.). Recent developments and new functionality requires real-time embedded
devices to be connected to the Internet. This gives rise to the real-time
Internet-of-things (RT-IoT) that promises a better user experience through
stronger connectivity and efficient use of next-generation embedded devices.
However RT- IoT are also increasingly becoming targets for cyber-attacks which
is exacerbated by this increased connectivity. This paper gives an introduction
to RT-IoT systems, an outlook of current approaches and possible research
challenges towards secure RT- IoT frameworks
Agile Calibration Process of Full-Stack Simulation Frameworks for V2X Communications
Computer simulations and real-world car trials are essential to investigate
the performance of Vehicle-to-Everything (V2X) networks. However, simulations
are imperfect models of the physical reality and can be trusted only when they
indicate agreement with the real-world. On the other hand, trials lack
reproducibility and are subject to uncertainties and errors. In this paper, we
will illustrate a case study where the interrelationship between trials,
simulation, and the reality-of-interest is presented. Results are then compared
in a holistic fashion. Our study will describe the procedure followed to
macroscopically calibrate a full-stack network simulator to conduct
high-fidelity full-stack computer simulations.Comment: To appear in IEEE VNC 2017, Torino, I
Component-Level Electronic-Assembly Repair (CLEAR) Synthetic Instrument Capabilities Assessment and Test Report
The role of synthetic instruments (SIs) for Component-Level Electronic-Assembly Repair (CLEAR) is to provide an external lower-level diagnostic and functional test capability beyond the built-in-test capabilities of spacecraft electronics. Built-in diagnostics can report faults and symptoms, but isolating the root cause and performing corrective action requires specialized instruments. Often a fault can be revealed by emulating the operation of external hardware. This implies complex hardware that is too massive to be accommodated in spacecraft. The SI strategy is aimed at minimizing complexity and mass by employing highly reconfigurable instruments that perform diagnostics and emulate external functions. In effect, SI can synthesize an instrument on demand. The SI architecture section of this document summarizes the result of a recent program diagnostic and test needs assessment based on the International Space Station. The SI architecture addresses operational issues such as minimizing crew time and crew skill level, and the SI data transactions between the crew and supporting ground engineering searching for the root cause and formulating corrective actions. SI technology is described within a teleoperations framework. The remaining sections describe a lab demonstration intended to show that a single SI circuit could synthesize an instrument in hardware and subsequently clear the hardware and synthesize a completely different instrument on demand. An analysis of the capabilities and limitations of commercially available SI hardware and programming tools is included. Future work in SI technology is also described
- …