892 research outputs found
Monitoring the health and integrity of Wireless Sensor Networks
Wireless Sensor Networks (WSNs) will play a major role in the Internet of Things collecting the data that will support decision-making and enable the automation of many applications. Nevertheless, the introduction of these devices into our daily life raises serious concerns about their integrity. Therefore, at any given point, one must be able to tell whether or not a node has been compromised. Moreover, it is crucial to understand how the compromise of a particular node or set of nodes may affect the network operation.
In this thesis, we present a framework to monitor the health and integrity of WSNs that allows us to detect compromised devices and comprehend how they might impact a network’s performance. We start by investigating the use of attestation to identify malicious nodes and advance the state of the art by exploring limitations of existing mechanisms. Firstly, we tackle effectiveness and scalability by combining attestation with measurements inspection and show that the right combination of both schemes can achieve high accuracy whilst significantly reducing power consumption. Secondly, we propose a novel stochastic software-based attestation approach that relaxes a fundamental and yet overlooked assumption made in the literature significantly reducing time and energy consumption while improving the detection rate of honest devices.
Lastly, we propose a mathematical model to represent the health of a WSN according to its abilities to perform its functions. Our model combines the knowledge regarding compromised nodes with additional information that quantifies the importance of each node. In this context, we propose a new centrality measure and analyse how well existing metrics can rank the importance each sensor node has on the network connectivity. We demonstrate that while no measure is invariably better, our proposed metric outperforms the others in the vast majority of cases.Open Acces
Proof of Luck: an Efficient Blockchain Consensus Protocol
In the paper, we present designs for multiple blockchain consensus primitives
and a novel blockchain system, all based on the use of trusted execution
environments (TEEs), such as Intel SGX-enabled CPUs. First, we show how using
TEEs for existing proof of work schemes can make mining equitably distributed
by preventing the use of ASICs. Next, we extend the design with proof of time
and proof of ownership consensus primitives to make mining energy- and
time-efficient. Further improving on these designs, we present a blockchain
using a proof of luck consensus protocol. Our proof of luck blockchain uses a
TEE platform's random number generation to choose a consensus leader, which
offers low-latency transaction validation, deterministic confirmation time,
negligible energy consumption, and equitably distributed mining. Lastly, we
discuss a potential protection against up to a constant number of compromised
TEEs.Comment: SysTEX '16, December 12-16, 2016, Trento, Ital
Recommended from our members
When Firmware Modifications Attack: A Case Study of Embedded Exploitation
The ability to update firmware is a feature that is found in nearly all modern embedded systems. We demonstrate how this feature can be exploited to allow attackers to inject malicious firmware modifications into vulnerable embedded devices. We discuss techniques for exploiting such vulnerable functionality and the implementation of a proof of concept printer malware capable of network reconnaissance, data exfiltration and propagation to general purpose computers and other embedded device types. We present a case study of the HP-RFU (Remote Firmware Update) LaserJet printer firmware modification vulnerability, which allows arbitrary injection of malware into the printer’s firmware via standard printed documents. We show vulnerable population data gathered by continuously tracking all publicly accessible printers discovered through an exhaustive scan of IPv4 space. To show that firmware update signing is not the panacea of embedded defense, we present an analysis of known vulnerabilities found in third-party libraries in 373 LaserJet firmware images. Prior research has shown that the design flaws and vulnerabilities presented in this paper are found in other modern embedded systems. Thus, the exploitation techniques presented in this paper can be generalized to compromise other embedded systems
LIRA-V:Lightweight Remote Attestation for Constrained RISC-V Devices
This paper presents LIRA-V, a lightweight system for performing remote
attestation between constrained devices using the RISC-V architecture. We
propose using read-only memory and the RISC-V Physical Memory Protection (PMP)
primitive to build a trust anchor for remote attestation and secure channel
creation. Moreover, we propose a bi-directional attestation protocol for
trusted device-to-device communication, which is subjected to formal symbolic
verification using Scyther. We present the design, implementation and
evaluation of LIRA-V using an off-the-shelf {RISC-V} microcontroller and
present performance results to demonstrate its suitability. To our knowledge,
we present the first remote attestation mechanism suitable for constrained
RISC-V devices, with applications to the Internet of Things (IoT) and Cyber
Physical Systems (CPS).Comment: Accepted at IEEE SafeThings (in conjunction with IEEE Security &
Privacy '21
Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves
Intel Software Guard Extension (SGX) offers software applications enclave to
protect their confidentiality and integrity from malicious operating systems.
The SSL/TLS protocol, which is the de facto standard for protecting
transport-layer network communications, has been broadly deployed for a secure
communication channel. However, in this paper, we show that the marriage
between SGX and SSL may not be smooth sailing.
Particularly, we consider a category of side-channel attacks against SSL/TLS
implementations in secure enclaves, which we call the control-flow inference
attacks. In these attacks, the malicious operating system kernel may perform a
powerful man-in-the-kernel attack to collect execution traces of the enclave
programs at page, cacheline, or branch level, while positioning itself in the
middle of the two communicating parties. At the center of our work is a
differential analysis framework, dubbed Stacco, to dynamically analyze the
SSL/TLS implementations and detect vulnerabilities that can be exploited as
decryption oracles. Surprisingly, we found exploitable vulnerabilities in the
latest versions of all the SSL/TLS libraries we have examined.
To validate the detected vulnerabilities, we developed a man-in-the-kernel
adversary to demonstrate Bleichenbacher attacks against the latest OpenSSL
library running in the SGX enclave (with the help of Graphene) and completely
broke the PreMasterSecret encrypted by a 4096-bit RSA public key with only
57286 queries. We also conducted CBC padding oracle attacks against the latest
GnuTLS running in Graphene-SGX and an open-source SGX-implementation of mbedTLS
(i.e., mbedTLS-SGX) that runs directly inside the enclave, and showed that it
only needs 48388 and 25717 queries, respectively, to break one block of AES
ciphertext. Empirical evaluation suggests these man-in-the-kernel attacks can
be completed within 1 or 2 hours.Comment: CCS 17, October 30-November 3, 2017, Dallas, TX, US
Secure Code Update for Embedded Devices via Proofs of Secure Erasure
Abstract. Remote attestation is the process of verifying internal state of a remote embedded device. It is an important component of many security protocols and applications. Although previously proposed re-mote attestation techniques assisted by specialized secure hardware are effective, they not yet viable for low-cost embedded devices. One no-table alternative is software-based attestation, that is both less costly and more efficient. However, recent results identified weaknesses in some proposed software-based methods, thus showing that security of remote software attestation remains a challenge. Inspired by these developments, this paper explores an approach that relies neither on secure hardware nor on tight timing constraints typi-cal of software-based technqiques. By taking advantage of the bounded memory/storage model of low-cost embedded devices and assuming a small amount of read-only memory (ROM), our approach involves a new primitive – Proofs of Secure Erasure (PoSE-s). We also show that, even though it is effective and provably secure, PoSE-based attestation is not cheap. However, it is particularly well-suited and practical for two other related tasks: secure code update and secure memory/storage erasure. We consider several flavors of PoSE-based protocols and demonstrate their feasibility in the context of existing commodity embedded devices.
GuardNN: Secure DNN Accelerator for Privacy-Preserving Deep Learning
This paper proposes GuardNN, a secure deep neural network (DNN) accelerator,
which provides strong hardware-based protection for user data and model
parameters even in an untrusted environment. GuardNN shows that the
architecture and protection can be customized for a specific application to
provide strong confidentiality and integrity protection with negligible
overhead. The design of the GuardNN instruction set reduces the TCB to just the
accelerator and enables confidentiality protection without the overhead of
integrity protection. GuardNN also introduces a new application-specific memory
protection scheme to minimize the overhead of memory encryption and integrity
verification. The scheme shows that most of the off-chip meta-data in today's
state-of-the-art memory protection can be removed by exploiting the known
memory access patterns of a DNN accelerator. GuardNN is implemented as an FPGA
prototype, which demonstrates effective protection with less than 2%
performance overhead for inference over a variety of modern DNN models
- …