184 research outputs found
A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components
The semiconductor industry is fully globalized and integrated circuits (ICs)
are commonly defined, designed and fabricated in different premises across the
world. This reduces production costs, but also exposes ICs to supply chain
attacks, where insiders introduce malicious circuitry into the final products.
Additionally, despite extensive post-fabrication testing, it is not uncommon
for ICs with subtle fabrication errors to make it into production systems.
While many systems may be able to tolerate a few byzantine components, this is
not the case for cryptographic hardware, storing and computing on confidential
data. For this reason, many error and backdoor detection techniques have been
proposed over the years. So far all attempts have been either quickly
circumvented, or come with unrealistically high manufacturing costs and
complexity.
This paper proposes Myst, a practical high-assurance architecture, that uses
commercial off-the-shelf (COTS) hardware, and provides strong security
guarantees, even in the presence of multiple malicious or faulty components.
The key idea is to combine protective-redundancy with modern threshold
cryptographic techniques to build a system tolerant to hardware trojans and
errors. To evaluate our design, we build a Hardware Security Module that
provides the highest level of assurance possible with COTS components.
Specifically, we employ more than a hundred COTS secure crypto-coprocessors,
verified to FIPS140-2 Level 4 tamper-resistance standards, and use them to
realize high-confidentiality random number generation, key derivation, public
key decryption and signing. Our experiments show a reasonable computational
overhead (less than 1% for both Decryption and Signing) and an exponential
increase in backdoor-tolerance as more ICs are added
A commodity trusted computing module
Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2008.Includes bibliographical references (p. 107-110).The Trusted Execution Module (TEM) is a high-level specification for a commodity chip that can execute user-supplied procedures in a trusted environment. The TEM draws inspiration from the Trusted Platform Module (TPM), the first security-related hardware that has gained massive adoption in the PC market. However, the TEM is capable of securely executing procedures expressing arbitrary computation, originating from a potentially untrusted party, whereas the TPM is limited to a set of cryptographic functions that is fixed at design-time. Despite its greater flexibility, the TEM design was implemented on the same inexpensive off-the-shelf hardware as the TPM, and it does not require any export-restricted technology. Furthermore, the TEM removes the expensive requirement of a secure binding to it host computer. This makes TEM a great candidate for the next-generation TPM. However, the TEM's guarantees of secure execution enable exciting applications that were far beyond the reach of TPM-powered systems. The applications include but are not limited to mobile agents, peer-to-peer multiplayer online games, and anonymous offline payments.by Victor Marius Costan.M.Eng
A User Centric Security Model for Tamper-Resistant Devices
In this thesis we propose a design for a ubiquitous and interoperable device based on the smart card architecture to meet the challenges of privacy, trust, and security for traditional and emerging technologies like personal computers, smart phones and tablets. Such a de- vice is referred a User Centric Tamper-Resistant Device (UCTD). To support the smart card architecture for the UCTD initiative, we propose the delegation of smart card owner- ship from a centralised authority (i.e. the card issuer) to users. This delegation mandated a review of existing smart card mechanisms and their proposals for modifications/improve- ments to their operation. Since the inception of smart card technology, the dominant ownership model in the smart card industry has been refer to as the Issuer Centric Smart Card Ownership Model (ICOM). The ICOM has no doubt played a pivotal role in the proliferation of the technology into various segments of modern life. However, it has been a barrier to the convergence of different services on a smart card. In addition, it might be considered as a hurdle to the adaption of smart card technology into a general-purpose security device. To avoid these issues, we propose citizen ownership of smart cards, referred as the User Centric Smart Card Ownership Model (UCOM). Contrary to the ICOM, it gives the power of decision to install or delete an application on a smart card to its user. The ownership of corresponding applications remains with their respective application providers along with the choice to lease their application to a card or not. In addition, based on the UCOM framework, we also proposed the Coopetitive Architecture for Smart Cards (CASC) that merges the centralised control of card issuers with the provision of application choice to the card user. In the core of the thesis, we analyse the suitability of the existing smart card architectures for the UCOM. This leads to the proposal of three major contributions spanning the smart card architecture, the application management framework, and the execution environment. Furthermore, we propose protocols for the application installation mechanism and the application sharing mechanism (i.e. smart card firewall). In addition to this, we propose a framework for backing-up, migrating, and restoring the smart card contents. Finally, we provide the test implementation results of the proposed protocols along with their performance measures. The protocols are then compared in terms of features and performance with existing smart cards and internet protocols. In order to provide a more detailed analysis of proposed protocols and for the sake of completeness, we performed mechanical formal analysis using the CasperFDR.EThOS - Electronic Theses Online ServiceGBUnited Kingdo
Secure and Trusted Execution:Past, Present, and Future - A Critical Review in the Context of the Internet of Things and Cyber-Physical Systems
International audienc
Mobile driving license system deployment model with security enhancement
The existing potential of mobile devices attract government to use mobile devices at the government level. Therefore, the ISO 18013-5 [1] standard for identity identification was developed. It provides a mechanism for obtaining and trusting driver’s license data. This paper describes an approach to deploy mobile driver’s license system and an approach to enhance security for data storage based on analysis of existing methods and models
Graph Based Reduction of Program Verification Conditions
Increasing the automaticity of proofs in deductive verification of C programs
is a challenging task. When applied to industrial C programs known heuristics
to generate simpler verification conditions are not efficient enough. This is
mainly due to their size and a high number of irrelevant hypotheses. This work
presents a strategy to reduce program verification conditions by selecting
their relevant hypotheses. The relevance of a hypothesis is determined by the
combination of a syntactic analysis and two graph traversals. The first graph
is labeled by constants and the second one by the predicates in the axioms. The
approach is applied on a benchmark arising in industrial program verification
Verifying the Mondex Case Study - The KeY Approach
The Mondex Case study is still the most substantial contribution
to the Grand Challenge repository. It has been the target of a
number of formal verification efforts. Those efforts
concentrated on correctness proofs for refinement steps of the
specification in various specification formalisms using
different verification tools. Here, the results of full
functional verification of a Javacard implementation of the case
study is reported. The functional behavior of the application
as well as the security properties to be proven were formalized
in JML and verified using the KeY tool, a
verification tool for deductive verifying Javacard code. The
implementation developed followed, as closely as possible, the
concrete layer of the case study\u27s original Z specification.
The result demonstrates that, with an appropriate specification
language and verification tool, it is possible to bridge the gap
between specification and implementation ensuring a fully
verified result. The complete material - source code, proofs
and binaries of the verification system - is available at
http://www.key-project.org/case_studies/mondex.htm
Mobile Resource Guarantees for Smart Devices
Abstract. We present the Mobile Resource Guarantees framework: a system for ensuring that downloaded programs are free from run-time violations of resource bounds. Certificates are attached to code in the form of efficiently checkable proofs of resource bounds; in contrast to cryptographic certificates of code origin, these are independent of trust networks. A novel programming language with resource constraints encoded in function types is used to streamline the generation of proofs of resource usage.
- …