3,468 research outputs found
Remote attestation mechanism for embedded devices based on physical unclonable functions
Remote attestation mechanisms are well studied in the high-end computing environments; however, the same is not true for embedded devices-especially for smart cards. With ever changing landscape of smart card technology and advancements towards a true multi-application platform, verifying the current state of the smart card is significant to the overall security of such proposals. The initiatives proposed by GlobalPlatform Consumer Centric Model (GP-CCM) and User Centric Smart Card Ownership Model (UCOM) enables a user to download any application as she desire-depending upon the authorisation of the application provider. Before an application provider issues an application to a smart card, verifying the current state of the smart card is crucial to the security of the respective application. In this paper, we analyse the rationale behind the remote attestation mechanism for smart cards, and the fundamental features that such a mechanism should possess. We also study the applicability of Physical Unclonable Functions (PUFs) for the remote attestation mechanism and propose two algorithms to achieve the stated features of remote attestation. The proposed algorithms are implemented in a test environment to evaluate their performance. © 2013 The authors and IOS Press. All rights reserved
FPGA based remote code integrity verification of programs in distributed embedded systems
The explosive growth of networked embedded systems has made ubiquitous and pervasive computing a reality. However, there are still a number of new challenges to its widespread adoption that include scalability, availability, and, especially, security of software. Among the different challenges in software security, the problem of remote-code integrity verification is still waiting for efficient solutions. This paper proposes the use of reconfigurable computing to build a consistent architecture for generation of attestations (proofs) of code integrity for an executing program as well as to deliver them to the designated verification entity. Remote dynamic update of reconfigurable devices is also exploited to increase the complexity of mounting attacks in a real-word environment. The proposed solution perfectly fits embedded devices that are nowadays commonly equipped with reconfigurable hardware components that are exploited to solve different computational problems
Public Evidence from Secret Ballots
Elections seem simple---aren't they just counting? But they have a unique,
challenging combination of security and privacy requirements. The stakes are
high; the context is adversarial; the electorate needs to be convinced that the
results are correct; and the secrecy of the ballot must be ensured. And they
have practical constraints: time is of the essence, and voting systems need to
be affordable and maintainable, and usable by voters, election officials, and
pollworkers. It is thus not surprising that voting is a rich research area
spanning theory, applied cryptography, practical systems analysis, usable
security, and statistics. Election integrity involves two key concepts:
convincing evidence that outcomes are correct and privacy, which amounts to
convincing assurance that there is no evidence about how any given person
voted. These are obviously in tension. We examine how current systems walk this
tightrope.Comment: To appear in E-Vote-Id '1
Tree-formed Verification Data for Trusted Platforms
The establishment of trust relationships to a computing platform relies on
validation processes. Validation allows an external entity to build trust in
the expected behaviour of the platform based on provided evidence of the
platform's configuration. In a process like remote attestation, the 'trusted'
platform submits verification data created during a start up process. These
data consist of hardware-protected values of platform configuration registers,
containing nested measurement values, e.g., hash values, of loaded or started
components. Commonly, the register values are created in linear order by a
hardware-secured operation. Fine-grained diagnosis of components, based on the
linear order of verification data and associated measurement logs, is not
optimal. We propose a method to use tree-formed verification data to validate a
platform. Component measurement values represent leaves, and protected
registers represent roots of a hash tree. We describe the basic mechanism of
validating a platform using tree-formed measurement logs and root registers and
show an logarithmic speed-up for the search of faults. Secure creation of a
tree is possible using a limited number of hardware-protected registers and a
single protected operation. In this way, the security of tree-formed
verification data is maintained.Comment: 15 pages, 11 figures, v3: Reference added, v4: Revised, accepted for
publication in Computers and Securit
Chip and Skim: cloning EMV cards with the pre-play attack
EMV, also known as "Chip and PIN", is the leading system for card payments
worldwide. It is used throughout Europe and much of Asia, and is starting to be
introduced in North America too. Payment cards contain a chip so they can
execute an authentication protocol. This protocol requires point-of-sale (POS)
terminals or ATMs to generate a nonce, called the unpredictable number, for
each transaction to ensure it is fresh. We have discovered that some EMV
implementers have merely used counters, timestamps or home-grown algorithms to
supply this number. This exposes them to a "pre-play" attack which is
indistinguishable from card cloning from the standpoint of the logs available
to the card-issuing bank, and can be carried out even if it is impossible to
clone a card physically (in the sense of extracting the key material and
loading it into another card). Card cloning is the very type of fraud that EMV
was supposed to prevent. We describe how we detected the vulnerability, a
survey methodology we developed to chart the scope of the weakness, evidence
from ATM and terminal experiments in the field, and our implementation of
proof-of-concept attacks. We found flaws in widely-used ATMs from the largest
manufacturers. We can now explain at least some of the increasing number of
frauds in which victims are refused refunds by banks which claim that EMV cards
cannot be cloned and that a customer involved in a dispute must therefore be
mistaken or complicit. Pre-play attacks may also be carried out by malware in
an ATM or POS terminal, or by a man-in-the-middle between the terminal and the
acquirer. We explore the design and implementation mistakes that enabled the
flaw to evade detection until now: shortcomings of the EMV specification, of
the EMV kernel certification process, of implementation testing, formal
analysis, or monitoring customer complaints. Finally we discuss
countermeasures
"On the Road" - Reflections on the Security of Vehicular Communication Systems
Vehicular communication (VC) systems have recently drawn the attention of
industry, authorities, and academia. A consensus on the need to secure VC
systems and protect the privacy of their users led to concerted efforts to
design security architectures. Interestingly, the results different project
contributed thus far bear extensive similarities in terms of objectives and
mechanisms. As a result, this appears to be an auspicious time for setting the
corner-stone of trustworthy VC systems. Nonetheless, there is a considerable
distance to cover till their deployment. This paper ponders on the road ahead.
First, it presents a distillation of the state of the art, covering the
perceived threat model, security requirements, and basic secure VC system
components. Then, it dissects predominant assumptions and design choices and
considers alternatives. Under the prism of what is necessary to render secure
VC systems practical, and given possible non-technical influences, the paper
attempts to chart the landscape towards the deployment of secure VC systems
- …