EmLog:Tamper-Resistant System Logging for Constrained Devices with TEEs

Remote mobile and embedded devices are used to deliver increasingly impactful services, such as medical rehabilitation and assistive technologies. Secure system logging is beneficial in these scenarios to aid audit and forensic investigations particularly if devices bring harm to end-users. Logs should be tamper-resistant in storage, during execution, and when retrieved by a trusted remote verifier. In recent years, Trusted Execution Environments (TEEs) have emerged as the go-to root of trust on constrained devices for isolated execution of sensitive applications. Existing TEE-based logging systems, however, focus largely on protecting server-side logs and offer little protection to constrained source devices. In this paper, we introduce EmLog -- a tamper-resistant logging system for constrained devices using the GlobalPlatform TEE. EmLog provides protection against complex software adversaries and offers several additional security properties over past schemes. The system is evaluated across three log datasets using an off-the-shelf ARM development board running an open-source, GlobalPlatform-compliant TEE. On average, EmLog runs with low run-time memory overhead (1MB heap and stack), 430--625 logs/second throughput, and five-times persistent storage overhead versus unprotected logs.Comment: Accepted at the 11th IFIP International Conference on Information Security Theory and Practice (WISTP '17

Cloud-Based Secure Logger for Medical Devices

A logger in the cloud capable of keeping a secure, time-synchronized and tamper-evident log of medical device and patient information allows efficient forensic analysis in cases of adverse events or attacks on interoperable medical devices. A secure logger as such must meet requirements of confidentiality and integrity of message logs and provide tamper-detection and tamper-evidence. In this paper, we propose a design for such a cloud-based secure logger using the Intel Software Guard Extensions (SGX) and the Trusted Platform Module (TPM). The proposed logger receives medical device information from a dongle attached to a medical device. The logger relies on SGX, TPM and standard encryption to maintain a secure communication channel even on an untrusted network and operating system. We also show that the logger is resilient against different kinds of attacks such as Replay attacks, Injection attacks and Eavesdropping attacks

Progger 3: A low-overhead, tamper-proof provenance system

Data provenance, which describes how data is accessed and used since the time it is created, is a valuable resource with a wide range of uses. It can be used simply to know who has accessed one's data, or be used in more complex scenarios such as detecting malware. One method for collecting data provenance is to observe system calls. This thesis presents Progger 3, a system that observes system calls on Linux in order to collect data provenance. There are several existing provenance systems that observe system calls, but they have limitations regarding security, efficiency, and usability. Progger 3 remedies many of these limitations. As a result, Progger 3 is a working implementation of a provenance system that can observe any system call, guarantee tamper-proof provenance collection as long as the kernel on the client is not compromised, and transfer the provenance to other systems with confidentiality and integrity, all with a relatively low performance overhead

Decentralized Documentation of Maritime Traffic Incidents to Support Conflict Resolution

For the investigation of major traffic accidents, larger vessels are obliged to install a voyage data recorder (VDR). However, not every vessel is equipped with a VDR, and the readout is often a manual process that is costly. In addition, not only ship-related information can be relevant for reconstructing traffic accidents, but also information from other entities such as meteorological services or port operators. Moreover, another major challenge is that entities tend to trust only their records, and not those of others as these could be manipulated in favor of the particular recording entity (e.g., to disguise any damage caused). This paper presents an approach to documenting arbitrary data from different entities in a trustworthy, decentralized, and tamper-proof manner to support the conflict resolution process. For this purpose, all involved entities in a traffic situation can contribute to the documentation by persisting their available data. Since maritime stakeholders are equipped with various sensors, a diverse and meaningful data foundation can be aggregated. The data is then signed by a mutually agreed upon timestamping authority (TSA). In this way, everyone can cryptographically verify whether the data has been subsequently changed. This approach was successfully applied in practice by documenting a vessel’s mooring maneuver

A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The concept of cloud computing offers measurable computational or information resources as a service over the Internet. The major motivation behind the cloud setup is economic benefits, because it assures the reduction in expenditure for operational and infrastructural purposes. To transform it into a reality there are some impediments and hurdles which are required to be tackled, most profound of which are security, privacy and reliability issues. As the user data is revealed to the cloud, it departs the protection-sphere of the data owner. However, this brings partly new security and privacy concerns. This work focuses on these issues related to various cloud services and deployment models by spotlighting their major challenges. While the classical cryptography is an ancient discipline, modern cryptography, which has been mostly developed in the last few decades, is the subject of study which needs to be implemented so as to ensure strong security and privacy mechanisms in today’s real-world scenarios. The technological solutions, short and long term research goals of the cloud security will be described and addressed using various classical cryptographic mechanisms as well as modern ones. This work explores the new directions in cloud computing security, while highlighting the correct selection of these fundamental technologies from cryptographic point of view

Protecting applications using trusted execution environments

While cloud computing has been broadly adopted, companies that deal with sensitive data are still reluctant to do so due to privacy concerns or legal restrictions. Vulnerabilities in complex cloud infrastructures, resource sharing among tenants, and malicious insiders pose a real threat to the confidentiality and integrity of sensitive customer data. In recent years trusted execution environments (TEEs), hardware-enforced isolated regions that can protect code and data from the rest of the system, have become available as part of commodity CPUs. However, designing applications for the execution within TEEs requires careful consideration of the elevated threats that come with running in a fully untrusted environment. Interaction with the environment should be minimised, but some cooperation with the untrusted host is required, e.g. for disk and network I/O, via a host interface. Implementing this interface while maintaining the security of sensitive application code and data is a fundamental challenge. This thesis addresses this challenge and discusses how TEEs can be leveraged to secure existing applications efficiently and effectively in untrusted environments. We explore this in the context of three systems that deal with the protection of TEE applications and their host interfaces: SGX-LKL is a library operating system that can run full unmodified applications within TEEs with a minimal general-purpose host interface. By providing broad system support inside the TEE, the reliance on the untrusted host can be reduced to a minimal set of low-level operations that cannot be performed inside the enclave. SGX-LKL provides transparent protection of the host interface and for both disk and network I/O. Glamdring is a framework for the semi-automated partitioning of TEE applications into an untrusted and a trusted compartment. Based on source-level annotations, it uses either dynamic or static code analysis to identify sensitive parts of an application. Taking into account the objectives of a small TCB size and low host interface complexity, it defines an application-specific host interface and generates partitioned application code. EnclaveDB is a secure database using Intel SGX based on a partitioned in-memory database engine. The core of EnclaveDB is its logging and recovery protocol for transaction durability. For this, it relies on the database log managed and persisted by the untrusted database server. EnclaveDB protects against advanced host interface attacks and ensures the confidentiality, integrity, and freshness of sensitive data.Open Acces

Building the Infrastructure for Cloud Security

Computer scienc

Confidentiality, integrity and non-repudiation in smartgrids

Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2011No actual contexto macroeconómico mundial é essencial a adopção de novas formas de geração de energia, alternativas à utilização de recursos fósseis, combinada com os objectivos de fiabilidade e qualidade dos fornecimentos e de indução de competitividade nos mercados. Torna-se necessário produzir, transportar e distribuir energia de forma sustentável sem prejudicar o ecossistema. A visão de uma infraestrutura com maior controlo, onde redes, produtores e consumidores têm papeis significativamente mais activos, está a provocar uma mudança de paradigma nas redes eléctricas e na sua gestão que se materializa no conceito das Smart Grids. Para obter um elevado nível de controlo de operação da rede, necessário para a concretização das funcionalidades prometidas pelas Smart Grids, a arquitectura terá que evoluir de modo a comportar um maior número de unidades remotas inteligentes, o desenvolvimento de novos sistemas técnicos e comerciais, o aumento de trocas de mensagens entre aplicações e a interligações entre diversas redes. Esta complexidade é bastante maior daquela que poderemos encontrar nas actuais infra-estruturas de sistemas de informação para a transmissão e distribuição de energia eléctrica e apresenta novos desafios no que diz respeito à disponibilidade da rede e, em particular, à sua segurança. Os novos equipamentos, aplicações, hardware, protocolos de comunicação, operação e administração da rede vão introduzir novas potenciais vulnerabilidades que podem ser exploradas por indivíduos mal intencionados ou simplesmente por erros de operação. Esta preocupação acerca da disponibilidade e segurança da rede de energia eléctrica do futuro evidenciam a importância que assumem a segurança e disponibilidade da infra-estrutura dos sistemas de informação e comunicações que a suportam. Este trabalho propõem-se analisar a confiabilidade das Smart Grids no que diz respeito aos seus aspectos de segurança de tecnologias de informação, incidindo em particular no projecto Português de Smart Grid denominado InovGrid. Este projecto de investigação irá descrever as funcionalidades da arquitectura InovGrid fazendo uma análise detalhada dos vectores de ataque e os riscos eminentes associados à sua implementação. Este estudo irá avaliar e propor soluções no domínio da autenticidade, confidencialidade e não-repudiação de informação numa arquitectura peculiar e heterogenia com a das Smart Grids.In the current global macroeconomic context is essential to adopt new ways of generating energy alternatives to fossil fuels, combined with the objectives of reliability and quality of delivery and induction of competitiveness in markets. It is necessary to produce, transport and distribute energy in a sustainable way without harming the ecosystem. The vision of an infrastructure with more control, where networks, producers and consumers have significantly more active roles, is causing a paradigm shift in electricity networks and their operations that is embodied in the concept of Smart Grids. To obtain a high level of control required to achieve the new features promised by Smart Grids, the architecture will need to comprise more intelligent remote terminal units, the development of new technical and commercial systems, the increase of the number of messages exchange between applications and also interconnections between enterprise networks. This complexity, far higher than found in present transmission and distribution infrastructures, will bring several challenges considering network reliability and security in particular. All the new devices, applications, hardware, communication protocols, network operations and administration will introduce potential vulnerabilities that might be explored by malicious users or simple by erroneous actions from a variety of external and internal sources. This concern about security and reliability of the future power grids increase the importance of the information technology and communications infrastructures and their security. This work proposes to analyze Smart Grid’s reliability regarding its information technology security but focusing the study in the Portuguese Smart Grid project implementation, named as InovGrid. It will describe the functionalities of the InovGrid architecture providing a detailed analysis of its attack vectors and the eminent risks associated with the implementation. It will propose and analysis solutions for confidentiality, authenticity and non-repudiation aspects in such peculiar and heterogeneous networks