53 research outputs found
TrustZone based attestation in secure runtime verification for embedded systems
Dissertação de mestrado integrado em Engenharia InformáticaARM TrustZone é um “Ambiente de Execução Confiável” disponibilizado em processadores da ARM, que
equipam grande parte dos sistemas embebidos. Este mecanismo permite assegurar que componentes
críticos de uma aplicação executem num ambiente que garante a confidencialidade dos dados e integridade
do código, mesmo que componentes maliciosos estejam instalados no mesmo dispositivo. Neste projecto
pretende-se tirar partido do TrustZone no contexto de uma framework segura de monitorização em tempo
real de sistemas embebidos. Especificamente, pretende-se recorrer a components como o ARM Trusted
Firmware, responsável pelo processo de secure boot em sistemas ARM, para desenvolver um mecanismo
de atestação que providencie garantias de computação segura a entidades remotas.ARM TrustZone is a security extension present on ARM processors that enables the development of hardware
based Trusted Execution Environments (TEEs). This mechanism allows the critical components of an
application to execute in an environment that guarantees data confidentiality and code integrity, even when a
malicious agent is installed on the device. This projects aims to harness TrustZone in the context of a secure
runtime verification framework for embedded devices. Specifically, it aims to harness existing components,
namely ARM Trusted Firmware, responsible for the secure boot process of ARM devices, to implement an
attestation mechanism that provides proof of secure computation to remote parties.This work has been partially supported by the Portuguese Foundation for Science and
Technology (FCT), project REASSURE (PTDC/EEI-COM/28550/2017), co-financed by
the European Regional Development Fund (FEDER), through the North Regional Operational Program (NORTE 2020)
An Evaluation of the State-of-the-Art Software and Hardware Implementations of BIKE
NIST is conducting a process for the standardization of post-quantum
cryptosystems, i.e., cryptosystems that are resistant to attacks by both
traditional and quantum computers and that can thus substitute the traditional
public-key cryptography solutions which are expected to be broken by quantum
computers in the next decades. This manuscript provides an overview and a
comparison of the existing state-of-the-art implementations of the BIKE QC-MDPC
code-based post-quantum KEM, a candidate in NIST's PQC standardization process.
We consider both software, hardware, and mixed hardware-software
implementations and evaluate their performance and, for hardware ones, their
resource utilization.Comment: Accepted for presentation at PARMA-DITAM 2023: 14th Workshop on
Parallel Programming and Run-Time Management Techniques for Many-core
Architectures / 12th Workshop on Design Tools and Architectures for Multicore
Embedded Computing Platforms, January 17, 202
Faster ECC over F2571 (feat. PMULL)
In this paper, we show efficient elliptic curve cryptography implementations for B-571 over ARMv8. We improve the previous binary field multiplication with finely aligned multiplication and incomplete reduction techniques by taking advantages of advanced 64-bit polynomial multiplication (\texttt{PMULL}) supported by ARMv8. This approach shows performance enhancements by a factor of 1.34 times than previous binary field implementations. For the point addition and doubling, the special types of multiplication, squaring and addition operations are combined
together and optimized, where one reduction operation is optimized in each case. The scalar multiplication is implemented in constant-time
Montgomery ladder algorithm, which is secure against timing attacks. Finally the proposed implementations achieved 759,630/331,944 clock cycles for random/fixed scalar multiplications for B-571 over ARMv8, respectively
Binary Field Multiplication on ARMv8
In this paper, we show efficient implementations of binary field multiplication over ARMv8.
We exploit an advanced 64-bit polynomial multiplication (\texttt{PMULL}) supported by ARMv8
and conduct multiple levels of asymptotically faster Karatsuba multiplication.
Finally, our method conducts binary field multiplication within 57 clock cycles for B-251.
Our proposed method on ARMv8 improves the performance by a factor of times than previous techniques on ARMv7
Multiprecision Multiplication on ARMv8
Peer reviewe
Capacity: Cryptographically-Enforced In-Process Capabilities for Modern ARM Architectures (Extended Version)
In-process compartmentalization and access control have been actively
explored to provide in-place and efficient isolation of in-process security
domains. Many works have proposed compartmentalization schemes that leverage
hardware features, most notably using the new page-based memory isolation
feature called Protection Keys for Userspace (PKU) on x86. Unfortunately, the
modern ARM architecture does not have an equivalent feature. Instead, newer ARM
architectures introduced Pointer Authentication (PA) and Memory Tagging
Extension (MTE), adapting the reference validation model for memory safety and
runtime exploit mitigation. We argue that those features have been
underexplored in the context of compartmentalization and that they can be
retrofitted to implement a capability-based in-process access control scheme.
This paper presents Capacity, a novel hardware-assisted intra-process access
control design that embraces capability-based security principles. Capacity
coherently incorporates the new hardware security features on ARM that already
exhibit inherent characteristics of capability. It supports the life-cycle
protection of the domain's sensitive objects -- starting from their import from
the file system to their place in memory. With intra-process domains
authenticated with unique PA keys, Capacity transforms file descriptors and
memory pointers into cryptographically-authenticated references and completely
mediates reference usage with its program instrumentation framework and an
efficient system call monitor. We evaluate our Capacity-enabled NGINX web
server prototype and other common applications in which sensitive resources are
isolated into different domains. Our evaluation shows that Capacity incurs a
low-performance overhead of approximately 17% for the single-threaded and
13.54% for the multi-threaded webserver.Comment: Accepted at ACM CCS 202
SafeDB: Spark Acceleration on FPGA Clouds with Enclaved Data Processing and Bitstream Protection
This paper proposes SafeDB: Spark Acceleration on FPGA Clouds with Enclaved Data Processing and Bitstream Protection. SafeDB provides a comprehensive and systematic hardware-based security framework from the bitstream protection to data confidentiality, especially for the cloud environment. The AES key shared between FPGA and client for the bitstream encryption is generated in hard-wired logic using PKI and ECC. The data security is assured by the enclaved processing with encrypted data, meaning that the encrypted data is processed inside the FPGA fabric. Thus, no one in the system is able to look into clients\u27 data because plaintext data are not exposed to memory and/or memory-mapped space. SafeDB is resistant not only to the side channel attack but to the attacks from malicious insiders. We have constructed an 8-node cluster prototype with Zynq UltraScale+ FPGAs to demonstrate the security, performance, and practicability
The Lazarus Effect: Healing Compromised Devices in the Internet of Small Things
We live in a time when billions of IoT devices are being deployed and
increasingly relied upon. This makes ensuring their availability and
recoverability in case of a compromise a paramount goal. The large and rapidly
growing number of deployed IoT devices make manual recovery impractical,
especially if the devices are dispersed over a large area. Thus, there is a
need for a reliable and scalable remote recovery mechanism that works even
after attackers have taken full control over devices, possibly misusing them or
trying to render them useless.
To tackle this problem, we present Lazarus, a system that enables the remote
recovery of compromised IoT devices. With Lazarus, an IoT administrator can
remotely control the code running on IoT devices unconditionally and within a
guaranteed time bound. This makes recovery possible even in case of severe
corruption of the devices' software stack. We impose only minimal hardware
requirements, making Lazarus applicable even for low-end constrained
off-the-shelf IoT devices. We isolate Lazarus's minimal recovery trusted
computing base from untrusted software both in time and by using a trusted
execution environment. The temporal isolation prevents secrets from being
leaked through side-channels to untrusted software. Inside the trusted
execution environment, we place minimal functionality that constrains untrusted
software at runtime.
We implement Lazarus on an ARM Cortex-M33-based microcontroller in a full
setup with an IoT hub, device provisioning and secure update functionality. Our
prototype can recover compromised embedded OSs and bare-metal applications and
prevents attackers from bricking devices, for example, through flash wear out.
We show this at the example of FreeRTOS, which requires no modifications but
only a single additional task. Our evaluation shows negligible runtime
performance impact and moderate memory requirements.Comment: In Proceedings of the 15th ACM Asia Conference on Computer and
Communications Security (ASIA CCS 20
Cache-Attacks on the ARM TrustZone implementations of AES-256 and AES-256-GCM via GPU-based analysis
The ARM TrustZone is a security extension which is used in recent Samsung flagship smartphones to create a Trusted Execution Environment (TEE) called a Secure World, which runs secure processes (Trustlets). The Samsung TEE includes cryptographic key storage and functions inside the Keymaster trustlet.
The secret key used by the Keymaster trustlet is derived by a hardware device and is inaccessible to the Android OS. However, the ARM32 AES implementation used by the Keymaster is vulnerable to side channel cache-attacks.
The Keymaster trustlet uses AES-256 in GCM mode, which makes mounting a cache attack against this target much harder. In this paper we show that it is possible to perform a successful cache attack against this AES implementation, in AES-256/GCM mode, using widely available hardware. Using a laptop\u27s GPU to parallelize the analysis, we are able to extract a raw AES-256 key with 7 minutes of measurements and under a minute of analysis time and an AES-256/GCM key with 40 minutes of measurements and 30 minutes of analysis
- …