[PPT] - Temporal Consistency of Integrity-Ensuring Computations and PowerPoint Presentation

SLIDE 1

Temporal Consistency of Integrity-Ensuring Computations and Applications to Embedded Systems Security

Xavier Carpent Norrathep (Oak) Rattanavipanon Gene Tsudik

University of California, Irvine SRI International

Karim Eldefrawy

SLIDE 2

Agenda

Problem Statement
Remote Attestation
Temporal Consistency: Definition & Motivation
Temporal Consistency Methods
Implementation and Experiments
Conclusions + Future Work

2 June 5, 2018 AsiaCCS'18

SLIDE 3

Problem Statement

3 June 5, 2018 AsiaCCS'18

SLIDE 4

Integrity-Ensuring Computation

Output can be used to validate integrity of input data
Examples of F : cryptographic hash functions, message authentication codes

(MAC)

4

Integrity-ensurin g function (F)

Input

Output

June 5, 2018 AsiaCCS'18

SLIDE 5

Integrity-Ensuring Computation

5

Output must be temporally consistent: ❖Must faithfully reflect exact state of all of input data at some point (or interval) in time Computation on large input data: ❖Not instantaneous; input may change while computation takes place

June 5, 2018 AsiaCCS'18

SLIDE 6

Integrity-Ensuring Computation

6

Sender

F F

=? =? (1) (2)

✓

Receiver

F

✘

F

June 5, 2018 AsiaCCS'18

Changes (red dots) in input happen in middle

f F

SLIDE 7

Integrity-Ensuring Computation

7

Sender

F F

=? (1) (2)

✓

Receiver

F

=

F

Never existed as a whole and might be non-sensical

June 5, 2018 AsiaCCS'18

SLIDE 8

Integrity-Ensuring Computation

8 Especially, when performed on simple embedded (IoT) devices with safety-critical applications. Use-case: Remote Attestation Output must be temporally consistent: ❖ Must faithfully reflect exact state of all

f input data at some point (or

interval) in time ฀ Atomicity of computation of F guarantees temporal consistency (assume singe CPU) Computation on large input data: ❖ Not instantaneous; input may change while computation takes place ฀ Atomic computation of F might be impractical and/or unsafe

June 5, 2018 AsiaCCS'18

SLIDE 9

Overview of Remote Attestation

9 June 5, 2018 AsiaCCS'18

SLIDE 10

Remote Attestation (RA)

Security service for remotely assessing integrity of firmware/software

in embedded devices

Verifier – trusted entity
Prover – potentially infected remote embedded device

10

(1) Challenge (3) Response (4) Verify response and determine presence of malware

n Prover

Verifier Prover

(2) Measure memory

Integrity-ensuring function: (H)MAC

r signature

June 5, 2018 AsiaCCS'18

SLIDE 11

Example of RA for Embedded Devices

SMART [NDSS’12,DATE’14]

HW/SW co-design for RA targeting

micro-controller unit (MCU)

Minimal change in MCU

Property HW/SW Immutability ROM Exclusive Access to K MCU Access Control No Leak Static Analysis

Controlled Invocation

MCU Access Control Uninterruptibility Disabled Interrupts

11 June 5, 2018 AsiaCCS'18

SLIDE 12

Example of RA for Embedded Devices

SMART [NDSS’12,DATE’14]

HW/SW co-design for RA targeting

micro-controller unit (MCU)

Minimal change in MCU

Property HW/SW Immutability ROM Exclusive Access to K MCU Access Control No Leak Static Analysis

Atomicity

MCU Access Control Disabled Interrupts

12

Temporal consistency is achieved via atomicity but … … Atomicity makes SMART impractical for safety-critical devices

June 5, 2018 AsiaCCS'18

SLIDE 13

Property HW/SW Immutability ROM Exclusive Access to K MCU Access Control No Leak Static Analysis

Atomicity

MCU Access Control Disabled Interrupts

Example of RA for Embedded Devices

SMART [NDSS’12,DATE’14]

HW/SW co-design for RA targeting

micro-controller unit (MCU)

Minimal change in MCU

TrustLite [EuroSys’14]

13

Property HW/SW Immutability ROM Exclusive Access to K MPU No Leak CPU Exception Engine Controlled Invocation CPU Exception Engine + OS Secure Interrupts CPU Exception Engine

Allow secure interrupt during

attestation

Use execution-aware memory

protection unit to enforce access control Temporal consistency is achieved via atomicity but … … Atomicity makes SMART impractical for safety-critical devices

June 5, 2018 AsiaCCS'18

SLIDE 14

Property HW/SW Immutability ROM Exclusive Access to K MCU Access Control No Leak Static Analysis

Atomicity

MCU Access Control Disabled Interrupts

Example of RA for Embedded Devices

SMART [NDSS’12,DATE’14]

HW/SW co-design for RA targeting

micro-controller unit (MCU)

Minimal change in MCU

TrustLite [EuroSys’14]

14

Property HW/SW Immutability ROM Exclusive Access to K MPU No Leak CPU Exception Engine Controlled Invocation CPU Exception Engine + OS Secure Interrupts CPU Exception Engine

Allow secure interrupt during

attestation

Use execution-aware memory

protection unit to enforce access control Temporal consistency is achieved via atomicity but … … Atomicity makes SMART impractical for safety-critical devices Allowing attestation to be interruptible helps with safety-critical devices but … … Temporal consistency may not be achieved in TrustLite

Our goal: resolve this conflict

June 5, 2018 AsiaCCS'18

SLIDE 15

Modeling Temporal Consistency in Remote Attestation

SLIDE 16

Modeling Temporal Consistency in Remote Attestation

16

F

June 5, 2018 AsiaCCS'18

SLIDE 17

Modeling Temporal Consistency in Remote Attestation

Block size of F = memory block size, e.g., 512 bits for HMAC-SHA256
F is a sequential function: process each block once and in order
Content of blocks may change during execution of F

17

F

June 5, 2018 AsiaCCS'18

SLIDE 18

Attestation Task

Modeling Temporal Consistency in Remote Attestation

18

write

Task A

F

June 5, 2018 AsiaCCS'18

SLIDE 19

Types of Malware

Migratory Malware

Transient Malware
Ability: erase itself at any point during

computation of F

Goal: escape detection
Detection: R is consistent at start of

computation

19

R is consistent at time t and R corresponds to benign state → no malware was present at time t

Detection: R is consistent at any time

throughout computation

June 5, 2018 AsiaCCS'18

SLIDE 20

Mechanisms for Ensuring Temporal Consistency

20 June 5, 2018 AsiaCCS'18

SLIDE 21

Strawman Approach

21

June 5, 2018 AsiaCCS'18

SLIDE 22

Mechanism 1: All-Lock

22

Timelin e

June 5, 2018 AsiaCCS'18

SLIDE 23

Mechanism 2: Dec-Lock

23

Timelin e

June 5, 2018 AsiaCCS'18

SLIDE 24

Mechanism 3: Inc-Lock

24

Timelin e

June 5, 2018 AsiaCCS'18

SLIDE 25

Mechanism 4: Cpy-Lock

25

June 5, 2018 AsiaCCS'18

SLIDE 26

Malware Detection Summary

26

Mechanism Migratory Malware Transient Malware No-Lock No No All-Lock Yes Yes Dec-Lock Yes Yes Inc-Lock Yes No Cpy-Lock Yes Yes

June 5, 2018 AsiaCCS'18

SLIDE 27

Inconsistency Detection

Alternative to enforce consistency
Memory is not locked during computation of F …
…But attestation task is alerted when memory is modified during computation of F
Pro:
No need to handle memory access violations
No interference with execution of other tasks
Con:
Inconsistency may always happen (even by benign task) → consistency is never achieved

27 June 5, 2018 AsiaCCS'18

SLIDE 28

Implementation and Evaluation

SLIDE 29

Implementation

Memory locking requires hardware support
Dynamically configurable memory protection unit (MPU) → TyTan [DAC’15]
Memory management unit (MMU) → HYDRA [WiSec’17]
Implement mechanisms on HYDRA
Evaluate run-time on I.MX6-SabreLite and ODROID-XU4

29

I.MX6-SabreLite ODROID-XU4

June 5, 2018 AsiaCCS'18

SLIDE 30

Primitive Operations on 16MB Memory Size

30

Lock, unlock and copy are at least 10 times faster than MAC

June 5, 2018 AsiaCCS'18

SLIDE 31

Primitive Operations on 16MB Memory Size

31

Larger block size → faster lock and unlock process

June 5, 2018 AsiaCCS'18

SLIDE 32

Mechanisms Ensuring Temporal Consistency

32

Block size = 4KB Block size = 64KB

Overhead is at most 8% Overhead becomes < 0.1%

June 5, 2018 AsiaCCS'18

SLIDE 33

Conclusions & Future Work

Discrepancy between theoretical assumptions and implementations of

cryptographic integrity-ensuring function

Input may change during computation
Output is not temporally consistent with input
Model consistency in context of remote attestation
Propose various mechanisms based on memory locking to ensure

consistency

Implement and evaluate them on two commodity platforms
Future work includes:
Implementation of our mechanisms on different RA architecture (e.g., TyTan)
Software-based (or minimal hardware-based) mechanisms ensuring consistency

33 June 5, 2018 AsiaCCS'18

SLIDE 34

Questions?

Contact: nrattana@uci.edu Our lab: sprout.ics.uci.edu

34 June 5, 2018 AsiaCCS'18

SLIDE 35

Uninterruptability vs Memory Locking

35

June 5, 2018 AsiaCCS'18

SLIDE 36

Memory Access Violations

36

June 5, 2018 AsiaCCS'18

SLIDE 37

HYDRA Architecture

37

seL4 Microkernel Attestation Process (PAttest) Task 1 Task 2 Task 3 Task 4 Hardware-Enforced Secure Boot

Initialize Check for integrity and then initialize

User-space

▪ Has highest priority ▪ Has access to all memory blocks ▪ Distribute memory access capabilities (caps) during init ▪ Can change/revoke caps at run-time

June 5, 2018 AsiaCCS'18

SLIDE 38

Integrity-Ensuring Computation

38

Sender

F F

=? =? (1): (2):

✓

Receiver

F

✘

F

June 5, 2018 AsiaCCS'18

Changes (red dots) in input happen in middle

f F