Software Grand Exposure: SGX Cache Attacks Are Practical

Side-channel information leakage is a known limitation of SGX. Researchers have demonstrated that secret-dependent information can be extracted from enclave execution through page-fault access patterns. Consequently, various recent research efforts are actively seeking countermeasures to SGX side-channel attacks. It is widely assumed that SGX may be vulnerable to other side channels, such as cache access pattern monitoring, as well. However, prior to our work, the practicality and the extent of such information leakage was not studied. In this paper we demonstrate that cache-based attacks are indeed a serious threat to the confidentiality of SGX-protected programs. Our goal was to design an attack that is hard to mitigate using known defenses, and therefore we mount our attack without interrupting enclave execution. This approach has major technical challenges, since the existing cache monitoring techniques experience significant noise if the victim process is not interrupted. We designed and implemented novel attack techniques to reduce this noise by leveraging the capabilities of the privileged adversary. Our attacks are able to recover confidential information from SGX enclaves, which we illustrate in two example cases: extraction of an entire RSA-2048 key during RSA decryption, and detection of specific human genome sequences during genomic indexing. We show that our attacks are more effective than previous cache attacks and harder to mitigate than previous SGX side-channel attacks

Usable Security for Wireless Body-Area Networks

We expect wireless body-area networks of pervasive wearable devices will enable in situ health monitoring, personal assistance, entertainment personalization, and home automation. As these devices become ubiquitous, we also expect them to interoperate. That is, instead of closed, end-to-end body-worn sensing systems, we envision standardized sensors that wirelessly communicate their data to a device many people already carry today, the smart phone. However, this ubiquity of wireless sensors combined with the characteristics they sense present many security and privacy problems. In this thesis we describe solutions to two of these problems. First, we evaluate the use of bioimpedance for recognizing who is wearing these wireless sensors and show that bioimpedance is a feasible biometric. Second, we investigate the use of accelerometers for verifying whether two of these wireless sensors are on the same person and show that our method is successful as distinguishing between sensors on the same body and on different bodies. We stress that any solution to these problems must be usable, meaning the user should not have to do anything but attach the sensor to their body and have them just work. These methods solve interesting problems in their own right, but it is the combination of these methods that shows their true power. Combined together they allow a network of wireless sensors to cooperate and determine whom they are sensing even though only one of the wireless sensors might be able to determine this fact. If all the wireless sensors know they are on the same body as each other and one of them knows which person it is on, then they can each exploit the transitive relationship to know that they must all be on that person’s body. We show how these methods can work together in a prototype system. This ability to operate unobtrusively, collecting in situ data and labeling it properly without interrupting the wearer’s activities of daily life, will be vital to the success of these wireless sensors

Network virtualization as an integrated solution for emergency communication

In this paper the Virtual Private Ad Hoc Networking (VPAN) platform is introduced as an integrated networking solution for many applications that require secure transparent continuous connectivity using heterogeneous devices and network technologies. This is done by creating a virtual logical self-organizing network on top of existing network technologies reducing complexity and maintaining session continuity right from the start. One of the most interesting applications relies in the field of emergency communication with its specific needs which will be discussed in this paper and matched in detail against the architecture and features of the VPAN platform. The concept and dynamics are demonstrated and evaluated with measurements done on real hardware

Mission-Critical Communications from LMR to 5G: a Technology Assessment approach for Smart City scenarios

Radiocommunication networks are one of the main support tools of agencies that carry out actions in Public Protection & Disaster Relief (PPDR), and it is necessary to update these communications technologies from narrowband to broadband and integrated to information technologies to have an effective action before society. Understanding that this problem includes, besides the technical aspects, issues related to the social context to which these systems are inserted, this study aims to construct scenarios, using several sources of information, that helps the managers of the PPDR agencies in the technological decisionmaking process of the Digital Transformation of Mission-Critical Communication considering Smart City scenarios, guided by the methods and approaches of Technological Assessment (TA).As redes de radiocomunicações são uma das principais ferramentas de apoio dos órgãos que realizam ações de Proteção Pública e Socorro em desastres, sendo necessário atualizar essas tecnologias de comunicação de banda estreita para banda larga, e integra- las às tecnologias de informação, para se ter uma atuação efetiva perante a sociedade . Entendendo que esse problema inclui, além dos aspectos técnicos, questões relacionadas ao contexto social ao qual esses sistemas estão inseridos, este estudo tem por objetivo a construção de cenários, utilizando diversas fontes de informação que auxiliem os gestores destas agências na tomada de decisão tecnológica que envolve a transformação digital da Comunicação de Missão Crítica considerando cenários de Cidades Inteligentes, guiado pelos métodos e abordagens de Avaliação Tecnológica (TA)

Modeling the Use of an Airborne Platform for Cellular Communications Following Disruptions

In the wake of a disaster, infrastructure can be severely damaged, hampering telecommunications. An Airborne Communications Network (ACN) allows for rapid and accurate information exchange that is essential for the disaster response period. Access to information for survivors is the start of returning to self-sufficiency, regaining dignity, and maintaining hope. Real-world testing has proven that such a system can be built, leading to possible future expansion of features and functionality of an emergency communications system. Currently, there are no airborne civilian communications systems designed to meet the demands of the public following a natural disaster. A system allowing even a limited amount of communications post-disaster is a great improvement on the current situation, where telecommunications are frequently not available. It is technically feasible to use an airborne, wireless, cellular system quickly deployable to disaster areas and configured to restore some of the functions of damaged terrestrial telecommunications networks. The system requirements were presented, leading to the next stage of the planned research, where a range of possible solutions were examined. The best solution was selected based on the earlier, predefined criteria. The system was modeled, and a test ii system built. The system was tested and redesigned when necessary, to meet the requirements. The research has shown how the combination of technology, especially the recent miniaturizations and move to open source software for cellular network components can allow sophisticated cellular networks to be implemented. The ACN system proposed could enable connectivity and reduce the communications problems that were experienced following Hurricane Sandy and Katrina. Experience with both natural and man-made disasters highlights the fact that communications are useful only to the extent that they are accessible and useable by the population

A Wearable System that Knows Who Wears It

Body-area networks of pervasive wearable devices are increasingly used for health monitoring, personal assistance, entertainment, and home automation. In an ideal world, a user would simply wear their desired set of devices with no configuration necessary: the devices would discover each other, recognize that they are on the same person, construct a secure communications channel, and recognize the user to which they are attached. In this paper we address a portion of this vision by offering a wearable system that unobtrusively recognizes the person wearing it. Because it can recognize the user, our system can properly label sensor data or personalize interactions. \par Our recognition method uses bioimpedance, a measurement of how tissue responds when exposed to an electrical current. By collecting bioimpedance samples using a small wearable device we designed, our system can determine that (a)the wearer is indeed the expected person and (b) the device is physically on the wearer\u27s body. Our recognition method works with 98% balanced-accuracy under a cross-validation of a day\u27s worth of bioimpedance samples from a cohort of 8 volunteer subjects. We also demonstrate that our system continues to recognize a subset of these subjects even several months later. Finally, we measure the energy requirements of our system as implemented on a Nexus S smart phone and custom-designed module for the Shimmer sensing platform

Localization Services for Online Common Operational Picture and Situation Awareness

Many operations, be they military, police, rescue, or other field operations, require localization services and online situation awareness to make them effective. Questions such as how many people are inside a building and their locations are essential. In this paper, an online localization and situation awareness system is presented, called Mobile Urban Situation Awareness System (MUSAS), for gathering and maintaining localization information, to form a common operational picture. The MUSAS provides multiple localization services, as well as visualization of other sensor data, in a common frame of reference. The information and common operational picture of the system is conveyed to all parties involved in the operation, the field team, and people in the command post. In this paper, a general system architecture for enabling localization based situation awareness is designed and the MUSAS system solution is presented. The developed subsystem components and forming of the common operational picture are summarized, and the future potential of the system for various scenarios is discussed. In the demonstration, the MUSAS is deployed to an unknown building, in an ad hoc fashion, to provide situation awareness in an urban indoor military operation.Peer reviewe

EmergenSIG: an integrated location-based system for emergency management

Several solutions have been proposed for emergencies scenarios. These solutions include real-time data communication, location-aware, coordination, and decision-making support systems. In this context, this dissertation presents a location-awareness system fully oriented to emergency scenarios, called EmergenSIG. This approach provides and gathers important field information from an occurrence (emergency situation) and shares it to all the different agents. They include police, firefighters, medical emergency teams, among others, mobilized to the same operations theater (OT). Therefore, allowing a faster and integrated response to all the involved agents, enhancing the emergency management of the occurrence. The core of this proposal is based on a low cost solution oriented to the agents on the field (EmergenSIG mobile application), which interacts with the EmergenSIG Web application, oriented to the civil protection entities, through REST Web services. EmergenSIG focuses on medical emergencies and wildfires. It was evaluated and demonstrated in different mobile devices considering different screen sizes following a usercentered design. The system was also been evaluated and validated by real entities and civil protection agents on simulated emergency scenarios.Várias soluções têm sido propostas para cenários de emergências médicas . Estas soluções incluem comunicações de dados em tempo real ,sensíveis á localização , coordenação e sistemas de apoio à tomada de decisão. Neste contexto, esta dissertação apresenta um sistema sensível à localização totalmente orientada para cenários de emergência, chamada EmergenSIG. Esta abordagem proporciona e reúne importantes informações de uma ocorrência (situação de emergência) compartilhando-a para todos os diferentes agentes. Nos quais se incluem a polícia, bombeiros, equipas de emergência médica, entre outros, que se mobilizaram para o mesmo teatro de operações (TO). Portanto, permite uma resposta mais rápida e integrada para todos os agentes envolvidos, aumentando a eficácia da gestão da emergência de uma ocorrência. O cerne desta proposta é baseada numa solução de baixo custo direcionada para os agentes no terreno (aplicação móvel EmergenSIG), que interage com o aplicativo Web EmergenSIG, orientada para as entidades da proteção civil, através de serviços Web REST. O EmergenSIG centra-se em emergências médicas e incêndios florestais. Foi avaliada e demonstrada em diferentes dispositivos móveis, considerando diferentes tamanhos de ecrã e seguindo um design centrado no utilizador. O sistema também foi avaliado e validado por entidades reais e agentes da proteção civil em cenários de emergência simulados