3,550 research outputs found
Very Low Cost Entropy Source Based on Chaotic Dynamics Retrofittable on Networked Devices to Prevent RNG Attacks
Good quality entropy sources are indispensable in most modern cryptographic
protocols. Unfortunately, many currently deployed networked devices do not
include them and may be vulnerable to Random Number Generator (RNG) attacks.
Since most of these systems allow firmware upgrades and have serial
communication facilities, the potential for retrofitting them with secure
hardware-based entropy sources exists. To this aim, very low-cost, robust, easy
to deploy solutions are required. Here, a retrofittable, sub 10$ entropy source
based on chaotic dynamics is illustrated, capable of a 32 kbit/s rate or more
and offering multiple serial communication options including USB, I2C, SPI or
USART. Operation is based on a loop built around the Analog to Digital
Converter (ADC) hosted on a standard microcontroller.Comment: 4 pages, 6 figures. Pre-print from conference proceedings; IEEE 21th
International Conference on Electronics, Circuits, and Systems (ICECS 2014),
pp. 175-178, Dec. 201
SGXIO: Generic Trusted I/O Path for Intel SGX
Application security traditionally strongly relies upon security of the
underlying operating system. However, operating systems often fall victim to
software attacks, compromising security of applications as well. To overcome
this dependency, Intel introduced SGX, which allows to protect application code
against a subverted or malicious OS by running it in a hardware-protected
enclave. However, SGX lacks support for generic trusted I/O paths to protect
user input and output between enclaves and I/O devices.
This work presents SGXIO, a generic trusted path architecture for SGX,
allowing user applications to run securely on top of an untrusted OS, while at
the same time supporting trusted paths to generic I/O devices. To achieve this,
SGXIO combines the benefits of SGX's easy programming model with traditional
hypervisor-based trusted path architectures. Moreover, SGXIO can tweak insecure
debug enclaves to behave like secure production enclaves. SGXIO surpasses
traditional use cases in cloud computing and makes SGX technology usable for
protecting user-centric, local applications against kernel-level keyloggers and
likewise. It is compatible to unmodified operating systems and works on a
modern commodity notebook out of the box. Hence, SGXIO is particularly
promising for the broad x86 community to which SGX is readily available.Comment: To appear in CODASPY'1
- …