1,276 research outputs found
ScaRR: Scalable Runtime Remote Attestation for Complex Systems
The introduction of remote attestation (RA) schemes has allowed academia and
industry to enhance the security of their systems. The commercial products
currently available enable only the validation of static properties, such as
applications fingerprint, and do not handle runtime properties, such as
control-flow correctness. This limitation pushed researchers towards the
identification of new approaches, called runtime RA. However, those mainly work
on embedded devices, which share very few common features with complex systems,
such as virtual machines in a cloud. A naive deployment of runtime RA schemes
for embedded devices on complex systems faces scalability problems, such as the
representation of complex control-flows or slow verification phase.
In this work, we present ScaRR: the first Scalable Runtime Remote attestation
schema for complex systems. Thanks to its novel control-flow model, ScaRR
enables the deployment of runtime RA on any application regardless of its
complexity, by also achieving good performance. We implemented ScaRR and tested
it on the benchmark suite SPEC CPU 2017. We show that ScaRR can validate on
average 2M control-flow events per second, definitely outperforming existing
solutions.Comment: 14 page
A survey on cyber security for smart grid communications
A smart grid is a new form of electricity network with high fidelity power-flow control, self-healing, and energy reliability and energy security using digital communications and control technology. To upgrade an existing power grid into a smart grid, it requires significant dependence on intelligent and secure communication infrastructures. It requires security frameworks for distributed communications, pervasive computing and sensing technologies in smart grid. However, as many of the communication technologies currently recommended to use by a smart grid is vulnerable in cyber security, it could lead to unreliable system operations, causing unnecessary expenditure, even consequential disaster to both utilities and consumers. In this paper, we summarize the cyber security requirements and the possible vulnerabilities in smart grid communications and survey the current solutions on cyber security for smart grid communications. © 2012 IEEE
Remote attestation mechanism for embedded devices based on physical unclonable functions
Remote attestation mechanisms are well studied in the high-end computing environments; however, the same is not true for embedded devices-especially for smart cards. With ever changing landscape of smart card technology and advancements towards a true multi-application platform, verifying the current state of the smart card is significant to the overall security of such proposals. The initiatives proposed by GlobalPlatform Consumer Centric Model (GP-CCM) and User Centric Smart Card Ownership Model (UCOM) enables a user to download any application as she desire-depending upon the authorisation of the application provider. Before an application provider issues an application to a smart card, verifying the current state of the smart card is crucial to the security of the respective application. In this paper, we analyse the rationale behind the remote attestation mechanism for smart cards, and the fundamental features that such a mechanism should possess. We also study the applicability of Physical Unclonable Functions (PUFs) for the remote attestation mechanism and propose two algorithms to achieve the stated features of remote attestation. The proposed algorithms are implemented in a test environment to evaluate their performance. © 2013 The authors and IOS Press. All rights reserved
Deploying Virtual Machines on Shared Platforms
In this report, we describe mechanisms for secure deployment of virtual machines on shared platforms looking into a telecommunication cloud use case, which is also presented in this report. The architecture we present focuses on the security requirements of the major stakeholders’ part of the scenario we present. This report comprehensively covers all major security aspects including different security mechanisms and protocols, leveraging existing standards and state-of-the art wherever applicable. In particular, our architecture uses TCG technologies for trust establishment in the deployment of operator virtual machines on shared resource platforms. We also propose a novel procedure for securely launching and cryptographically binding a virtual machine to a target platform thereby protecting the operator virtual machine and its related credentials
CYCLOSA: Decentralizing Private Web Search Through SGX-Based Browser Extensions
By regularly querying Web search engines, users (unconsciously) disclose
large amounts of their personal data as part of their search queries, among
which some might reveal sensitive information (e.g. health issues, sexual,
political or religious preferences). Several solutions exist to allow users
querying search engines while improving privacy protection. However, these
solutions suffer from a number of limitations: some are subject to user
re-identification attacks, while others lack scalability or are unable to
provide accurate results. This paper presents CYCLOSA, a secure, scalable and
accurate private Web search solution. CYCLOSA improves security by relying on
trusted execution environments (TEEs) as provided by Intel SGX. Further,
CYCLOSA proposes a novel adaptive privacy protection solution that reduces the
risk of user re- identification. CYCLOSA sends fake queries to the search
engine and dynamically adapts their count according to the sensitivity of the
user query. In addition, CYCLOSA meets scalability as it is fully
decentralized, spreading the load for distributing fake queries among other
nodes. Finally, CYCLOSA achieves accuracy of Web search as it handles the real
query and the fake queries separately, in contrast to other existing solutions
that mix fake and real query results
RADIS: Remote Attestation of Distributed IoT Services
Remote attestation is a security technique through which a remote trusted
party (i.e., Verifier) checks the trustworthiness of a potentially untrusted
device (i.e., Prover). In the Internet of Things (IoT) systems, the existing
remote attestation protocols propose various approaches to detect the modified
software and physical tampering attacks. However, in an interoperable IoT
system, in which IoT devices interact autonomously among themselves, an
additional problem arises: a compromised IoT service can influence the genuine
operation of other invoked service, without changing the software of the
latter. In this paper, we propose a protocol for Remote Attestation of
Distributed IoT Services (RADIS), which verifies the trustworthiness of
distributed IoT services. Instead of attesting the complete memory content of
the entire interoperable IoT devices, RADIS attests only the services involved
in performing a certain functionality. RADIS relies on a control-flow
attestation technique to detect IoT services that perform an unexpected
operation due to their interactions with a malicious remote service. Our
experiments show the effectiveness of our protocol in validating the integrity
status of a distributed IoT service.Comment: 21 pages, 10 figures, 2 table
- …