450 research outputs found
C-FLAT: Control-FLow ATtestation for Embedded Systems Software
Remote attestation is a crucial security service particularly relevant to
increasingly popular IoT (and other embedded) devices. It allows a trusted
party (verifier) to learn the state of a remote, and potentially
malware-infected, device (prover). Most existing approaches are static in
nature and only check whether benign software is initially loaded on the
prover. However, they are vulnerable to run-time attacks that hijack the
application's control or data flow, e.g., via return-oriented programming or
data-oriented exploits. As a concrete step towards more comprehensive run-time
remote attestation, we present the design and implementation of Control- FLow
ATtestation (C-FLAT) that enables remote attestation of an application's
control-flow path, without requiring the source code. We describe a full
prototype implementation of C-FLAT on Raspberry Pi using its ARM TrustZone
hardware security extensions. We evaluate C-FLAT's performance using a
real-world embedded (cyber-physical) application, and demonstrate its efficacy
against control-flow hijacking attacks.Comment: Extended version of article to appear in CCS '16 Proceedings of the
23rd ACM Conference on Computer and Communications Securit
Attestation Mechanisms for Trusted Execution Environments Demystified
Attestation is a fundamental building block to establish trust over software
systems. When used in conjunction with trusted execution environments, it
guarantees the genuineness of the code executed against powerful attackers and
threats, paving the way for adoption in several sensitive application domains.
This paper reviews remote attestation principles and explains how the modern
and industrially well-established trusted execution environments Intel SGX, Arm
TrustZone and AMD SEV, as well as emerging RISC-V solutions, leverage these
mechanisms.Comment: This publication incorporates results from the VEDLIoT project, which
received funding from the European Union's Horizon 2020 research and
innovation programme under grant agreement No 957197. arXiv admin note:
substantial text overlap with arXiv:2204.0679
Binary Exploitation in Industrial Control Systems: Past, Present and Future
Despite being a decades-old problem, binary exploitation still remains a serious issue in computer security. It is mainly due to the prevalence of memory corruption errors in programs written with notoriously unsafe but yet indispensable programming languages like C and C++. For the past 30 years, the nip-and-tuck battle in memory between attackers and defenders has been getting more technical, versatile, and automated. With raised bar for exploitation in common information technology (IT) systems owing to hardened mitigation techniques, and with unintentionally opened doors into industrial control systems (ICS) due to the proliferation of industrial internet of things (IIoT), we argue that we will see an increased number of cyber attacks leveraging binary exploitation on ICS in the near future. However, while this topic generates a very rich and abundant body of research in common IT systems, there is a lack of systematic study targeting this topic in ICS. The present work aims at filling this gap and serves as a comprehensive walkthrough of binary exploitation in ICS. Apart from providing an analysis of the past cyber attacks leveraging binary exploitation on ICS and the ongoing attack surface transition, we give a review of the attack techniques and mitigation techniques on both general-purpose computers and embedded devices. At the end, we conclude this work by stressing the importance of network-based intrusion detection, considering the dominance of resource-constrained real-time embedded devices, low-end embedded devices in ICS, and the limited ability to deploy arbitrary defense mechanism directly on these devices
Determining the performance costs in establishing cryptography services as part of a secure endpoint device for the Industrial Internet of Things
Endpoint devices are integral in the realisation of any industrial cyber-physical system (ICPS) application. As part of the work of promoting safer and more secure industrial Internet of Things (IIoT) networks and devices, the Industrial Internet Consortium (IIC) and the OpenFog Consortium have developed security framework specifications detailing security techniques and technologies that should be employed during the design of an IIoT network. Previous work in establishing cryptographic services on platforms intended for wireless sensor networks (WSN) and the Internet of Things (IoT) has concluded that security mechanisms cannot be implemented using software libraries owing to the lack of memory and processing resources, the longevity requirements of the processor platforms, and the hard real-time requirements of industrial operations. Over a decade has passed since this body of knowledge was created, however, and IoT processors have seen a vast improvement in the available operating and memory resources while maintaining minimal power consumption. This study aims to update the body of knowledge regarding the provision of security services on an IoT platform by conducting a detailed analysis regarding the performance of new generation IoT platforms when running software cryptographic services. The research considers execution time, power consumption and memory occupation and works towards a general, implementable design of a secure, IIoT edge device. This is realised by identifying security features recommended for IIoT endpoint devices; identifying currently available security standards and technologies for the IIoT; and highlighting the trade-offs that the application of security will have on device size, performance, memory requirements and monetary cost.Dissertation (MSc)--University of Pretoria, 2017.Electrical, Electronic and Computer EngineeringMScUnrestricte
MicroTEE: Designing TEE OS Based on the Microkernel Architecture
ARM TrustZone technology is widely used to provide Trusted Execution
Environments (TEE) for mobile devices. However, most TEE OSes are implemented
as monolithic kernels. In such designs, device drivers, kernel services and
kernel modules all run in the kernel, which results in large size of the
kernel. It is difficult to guarantee that all components of the kernel have no
security vulnerabilities in the monolithic kernel architecture, such as the
integer overflow vulnerability in Qualcomm QSEE TrustZone and the TZDriver
vulnerability in HUAWEI Hisilicon TEE architecture. This paper presents
MicroTEE, a TEE OS based on the microkernel architecture. In MicroTEE, the
microkernel provides strong isolation for TEE OS's basic services, such as
crypto service and platform key management service. The kernel is only
responsible for providing core services such as address space management,
thread management, and inter-process communication. Other fundamental services,
such as crypto service and platform key management service are implemented as
applications at the user layer. Crypto Services and Key Management are used to
provide Trusted Applications (TAs) with sensitive information encryption, data
signing, and platform attestation functions. Our design avoids the compromise
of the whole TEE OS if only one kernel service is vulnerable. A monitor has
also been added to perform the switch between the secure world and the normal
world. Finally, we implemented a MicroTEE prototype on the Freescale i.MX6Q
Sabre Lite development board and tested its performance. Evaluation results
show that the performance of cryptographic operations in MicroTEE is better
than it in Linux when the size of data is small.Comment: 8 pages, 8 figure
- …