moving hardware from security through obscurity to secure
play

Moving Hardware from Security through Obscurity to Secure by Design - PowerPoint PPT Presentation

Jan 27, 2024 •316 likes •743 views

Moving Hardware from Security through Obscurity to Secure by Design Profe fess ssor or Ryan Kastner er Dept. of Computer ter Science e and Engineer ineering ing Unive vers rsity ity of Californi ornia, a, San Diego

  1. Moving Hardware from “Security through Obscurity” to “Secure by Design” Profe fess ssor or Ryan Kastner er Dept. of Computer ter Science e and Engineer ineering ing Unive vers rsity ity of Californi ornia, a, San Diego kastner.ucs er.ucsd.e .edu

  4. Classic System Design Software is OS Software and applications Hardware is simple, Processor unchanging, correct, and secure

  5. Classic View of System Security Applications Programming Software Language Compiler/OS/Firmware Instruction Set Processor Microarchitecture Functional Units Logic Gates Transistors

  6. Modern View of System Security Applications Boot VMM Apps Programming Language OS RTOS Lib Compiler/OS/Firmware Secure Instruction Set NoC Debug Resources Microarchitecture L2 Radio Functional Units L1 L1 Crypto Mem Logic Gates CPU CPU I/O Transistors

  7. Modern View of System Security Many Stakeholders: With different goals and objectives Boot VMM Apps Distributed Authority: Multiple OS, VM, OS RTOS Lib VMM, Access Control Secure HW/SW Coupling: NoC Debug Resources Hardware Accelerators, SW/FW Managed Resources L2 Radio Shared Resources: IP Cores, Memories, L1 L1 Crypto Mem Communication, I/O CPU CPU I/O

  8. Hardware Security Vulnerabilities Malicious code Design flaws Boot VMM Apps case 1: … OS RTOS Lib case 2: … … S ecure NoC Debug Res ources case n: … L2 Radio Untrusted IP L1 L1 Mem Crypto Crypto CPU CPU I/ O Timing channel Power EM radiation channel

  9. Design Complexity Hardware Design # Transistors Lines of Verilog Similar SW: LOC Intel 4004 2.3K 1.25K Simple App: 10K Centaur Media Unit 430K 570K Space Shuttle: 400K Intel Pentium 4 41M 1M F22 Raptor: 1.7M MIT Raw 100M 34K Pacemaker: 80K Oracle SPARC M7 10B ??? nVidia Pascal 15B ??? Xilinx Virtex Ultrascale 20B ???

  10. Security is Expensive  ~1 defect/error per 10 lines of code.  The Art of Good Design , Mike Keating, Synopsys  RedHat Linux: Best Effort Safety (EAL 4+)  $30-$40 per LOC  Integrity RTOS: Design for Formal Evaluation (EAL 6+)  $10,000 per LOC  More evaluation of process, not end artifact

  11. Hardware Security Proof Techniques Proof by Obfuscation Proof by Intimidation Proof by Exhaustion Proof by Handwaving

  12. Our Research  Develop a secure hardware design flow that  Formally specifies security properties ,  Identifies security vulnerabilities , and  Quantifies security threats .  Focus on security properties related to confidentiality, integrity, isolation, separation, and side channels . Source: Intel & Tortuga Logic

  13. Confidentiality Hardware Block System Resources: Radio Secure Resources Untrusted App Secret Data Debug (Crypto Key) Input Output

  14. Integrity Hardware Block System Resources: Untrusted 3 rd Radio Party IP Core Secure Resources Untrusted App Debug Input Output

  15. Availability (Timing Channels) Hardware Block System Resources: Untrusted 3 rd Radio (DoS) Party IP Core Secure Resources Untrusted App Debug Input Output

  16. Mixed-Trust Domains Hardware Block System Resources: Untrusted 3 rd Radio (DoS) Party IP Core Secure Resources Mixed Trust Resources Untrusted App Trusted IP Debug Core Input Output

  17. CIA + Mixed-Trust Confidentiality Integrity Hardware Block Hardware Block System System Resources: Resources: Untrusted Radio Radio 3 rd Party IP Core Secure Secure Resources Resources Untrusted Untrusted App App Secret Data Debug Debug (Crypto Key) Input Input Output Output Availability Mixed-Trust Hardware Block System Hardware Block System Resources: Resources: Untrusted Radio (DoS) Untrusted 3 rd 3 rd Party IP Radio (DoS) Party IP Core Secure Core Secure Mixed Trust Resources Resources Resources Untrusted Untrusted App App Trusted IP Debug Debug Core Input Output Input Output Information flow analysis solves all of these problems

  18. Noninterference “ One group of users, using a certain set of commands, is noninterfering with another group of users if what the first group does with those commands has no effect on what the second group of users can see ” [Goguen & Meseguer’ 82] . HIGH LOW

  19. Information Flow: Inverter 0/U 0/T a o 0 1 0 1 1 0 1/T 1/U 0 0

  20. Gate Level Information Flow Tracking Partial Truth Table GLIFT AND a b o 0 T 1 T 0 T a o b 0 U 1 U 0 U 0 U 1 T 0 U o t a t Affects? 0 T 1 U 0 T b t Trusted/ Untrusted? 0 U/T : Untrusted /Trusted ‘0’ 1 U/T : Untrusted /Trusted ‘1’ The output is marked as “untrusted” when at least one “untrusted” input can influence the output

  21. Does this low level tracking help? Simple assumption that “bad inputs” always leads to “bad outputs” is overly conservative 1-bit Counter D Q 010101… RESET CLK

  22. Safely Resetting the Counter Simple assumption that “bad inputs” always leads to “bad outputs” is overly conservative 1-bit Counter D Q 010101… RESET CLK

  23. Formalizing GLIFT “Original” Logic GLIFT Analysis Logic Automatically generate a b a b b a t t logic that tracks labels Tracking logic is compositional Captures timing channels, o and real time constraints Security constraints can be expressed as hardware assertions o t [ASPLOS09, DAC10, TCAD11, TIFS12, … ]

  24. GLIFT Logic Composition a b s b b s s a a s t t t t s o a b s o o t [DAC10]

  25. GLIFT Logic Generation Flow Automatic synthesis from HDL

  26. Hardware Security Design Flow * Speaker has significant financial interest

  27. Crypto Core Does my key leak? Key Add Round Sub Key Expand Key Bytes Cipher text Message Mix Columns Shift Rows Control outputs Control Inputs Control Logic

  28. Crypto Core in Verilog Does my key leak? module crypto ( clk, reset, load_i, decrypt_i, data_i, key_i, ready_o, data_o ); input [127:0] data_i; input [127:0] key_i; output [127:0] data_o; input clk, reset, load_i, decrypt_i; output ready_o; How do we express this and test it? assert iflow ( key_i =/=> data_o ); assert iflow ( key_i =/=> ready_o );

  29. Crypto Core Does my key leak? YES Key Add Round Sub Key Expand Key Bytes Cipher text Message Mix Columns Shift Rows Control outputs Control Inputs Control Logic How severe is the problem?

  30. Quantitative Information Flow Tracking 1,1 information and average success of attack Entropy 1,0 Normalized entropy, average mutual Mutual information 0,9 Success of attack 0,8 0,7 0,6 0,5 0,4 0,3 0,2 0,1 0,0 R-to-L L-to-R L-to-R always Power ladder Montgomery Constant RSA architectures (1 ~ 6) [ICCAD15] Baolei Mao, Wei Hu, Alric Althoff, Janarbek Matai, Jason Oberg, Dejun Mu, Timothy Sherwood, and Ryan Kastner “ Quantifying Timing-Based Information Flow in Cryptographic Hardware “

  31. Challenges + Opportunities: Joint Analysis  Gate Level Information Flow Tracking (GLIFT)  Proving non-interference  Identifying possible flows  Quantitative measure  Numerous statistical & information theoretic metrics  Precise measurement of information flow  Detecting harmful flows and security vulnerabilities Key Add Sub Key Expan Round Bytes Cipher d Key text Message Shift Mix Columns Rows Yes Control outputs Control 31.6 bits Inputs Control Logic

  32. Challenges + Opportunities: Joint Analysis GLIFT: Boot VMM Apps assert iflow(key =/=> control); Fail Mutual Information: mi(key, control) = 31.6; OS RTOS Lib GLIFT: Secure NoC Debug Resources assert iflow(secure_resources =/=> io); Fail L2 Radio Mutual Information: mi(secure_resources, io) = 0.1 L1 L1 Crypto Mem Core0 Core1 I/O GLIFT: assert iflow(apps =/=> secure_resources); Pass Mutual Information: mi(apps, secure_resources) = 0;

  33. Challenges + Opportunities: Measurement  Methods for efficiently calculating security metrics  Achieve a more accurate estimation of security metrics while collecting as few samples as possible.  Density estimation  Multivariate estimation  Hardware accelerated techniques

  34. Challenges + Opportunities: Language  Languages for specifying security properties  A security specification language for describing the security properties about the hardware design  What variables are important to secure?  What locations are easily visible?  What is your risk tolerance? AES interconnect Key Mem

  35. Challenges + Opportunities: Language Assertion: Key only flows through AES assert iflow (key =/=> $all_outputs ignoring aes.$all_outputs)  If assertion holds, key only flows to outputs through AES first  Real design: 10M gates AES interconnect Key Mem

  36. Challenges + Opportunities: Language Assertion: Key only flows through AES assert iflow (key =/=> $all_outputs ignoring aes.$all_outputs)  If assertion holds, key only flows to outputs through AES first  Real design: 10M gates AES interconnect Key Mem

  37. Challenges + Opportunities: Language Assertion: Key only flows through AES assert iflow (key =/=> $all_outputs ignoring aes.$all_outputs)  If assertion holds, key only flows to outputs through AES first  Real design: 10M gates AES interconnect Key Mem

Recommend

Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

SP SPACE ACE 201 2016 Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security Security: : New Front New Frontiers iers Swarup Bhunia Professor Electrical & Computer Engineering SPACE | Dec 2016 1

607 views • 29 slides
Secure Drupal Development Steven Van den Hout Steven Van den Hout

Secure Drupal Development Steven Van den Hout Steven Van den Hout

Secure Drupal Development Steven Van den Hout Steven Van den Hout @stevenvdhout http://dgo.to/@svdhout SECURE? 1 IS D DRUPAL AL S IS OPEN SOURCE SECURE? MANY EYES MAKE FOR SECURE CODE - Security by obscurity - Open

641 views • 51 slides
The IBM 4758 Secure Cryptographic Coprocessor Hardware Architecture and Physical Security Steve

The IBM 4758 Secure Cryptographic Coprocessor Hardware Architecture and Physical Security Steve

The IBM 4758 Secure Cryptographic Coprocessor Hardware Architecture and Physical Security Steve Weingart Senior Engineer (561) 392 6100 c1shw@us.ibm.com Secure Systems and Smart Cards IBM T.J. Watson Research Center Hawthorne, NY 4758 PCI

386 views • 11 slides
Android Security CS 4720 Mobile Application Development CS 4720 Security through Obscurity

Android Security CS 4720 Mobile Application Development CS 4720 Security through Obscurity

Android Security CS 4720 Mobile Application Development CS 4720 Security through Obscurity It used to be that phones had so little connectivity to devices other than the phone network that security wasn't a huge deal Phone number

660 views • 15 slides
Hardware Security Group at Lab-STICC 8 faculties and 12 PhD students / postdocs / ATER /

Hardware Security Group at Lab-STICC 8 faculties and 12 PhD students / postdocs / ATER /

Hardware Security Group at Lab-STICC 8 faculties and 12 PhD students / postdocs / ATER / engineers Hardware security for embedded systems: memory and communication protection Arithmetic Tradeoffs on Performance/Cost/Security secure

310 views • 14 slides
Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted

Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted

Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted Cryptographic Protocols Estonian Winter School in Computer Science 2016 Motivation 2 Two Areas Cryptographic Protocols Secure Hardware strong security

759 views • 52 slides
Why secure the OS? Works directly on the hardware but can be adapted during runtime Operating

Why secure the OS? Works directly on the hardware but can be adapted during runtime Operating

Why secure the OS? Works directly on the hardware but can be adapted during runtime Operating System Security Data and process are directly visible Application security can be circumvented from lower layers = > good scope

103 views • 8 slides
Hardware Security Modules: Attacks and Secure Configuration Graham Steel Graham Steel April

Hardware Security Modules: Attacks and Secure Configuration Graham Steel Graham Steel April

Hardware Security Modules: Attacks and Secure Configuration Graham Steel Graham Steel April 2014 Graham Steel - HSM Attacks and Secure Configuration April 2014 - 2/ 56 Secure Hardware History Military: WW2 Enigma machines - captured

667 views • 56 slides
Secure upgrade of hardware security modules in bank networks Riccardo Focardi 1 Flaminia Luccio

Secure upgrade of hardware security modules in bank networks Riccardo Focardi 1 Flaminia Luccio

Secure upgrade of hardware security modules in bank networks Riccardo Focardi 1 Flaminia Luccio 1 1 Universit` a Ca Foscari di Venezia, Italy { focardi,luccio } @dsi.unive.it ARSPA-WITS10 Paphos, Cyprus March 27-28, 2010 Work

1.25k views • 69 slides
hocos SLT Programs hardware-oriented computer science Why This Presentation? Lectures must

hocos SLT Programs hardware-oriented computer science Why This Presentation? Lectures must

Steganography for Our Research Hardware Security DeepFake Detection Foci and Your Secure Opportunities Memristive Composition Cryptography Fault attacks and Ilia Polian Stochastic countermeasures Hardware-oriented Computer Science

706 views • 24 slides
Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just:

Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just:

Why W3C needs to Remain Neutral and Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just: Image source: halfelf.org It is about decentralizing ID validation and key storage (my religion)

522 views • 16 slides
HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware & a so0ware

HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware & a so0ware

HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware & a so0ware pentester Who am I ? Julien Moinard - Electronic engineer @opale-security (French company) - Security consultant, Hardware & SoDware pentester -

803 views • 40 slides
Securing Systems with Insecure Hardware Kaveh Razavi About VUSec ~20 members Software

Securing Systems with Insecure Hardware Kaveh Razavi About VUSec ~20 members Software

Securing Systems with Insecure Hardware Kaveh Razavi About VUSec ~20 members Software protections Binary and malware analysis Fuzzing Network security Hardware and OS security 2 Assuming secure software, what is

984 views • 72 slides
Hardware Security Smartcards and other TamperResistant Modules Markus G. Kuhn Computer

Hardware Security Smartcards and other TamperResistant Modules Markus G. Kuhn Computer

Hardware Security Smartcards and other TamperResistant Modules Markus G. Kuhn Computer Laboratory http://www.cl.cam.ac.uk/~mgk25/ Applications of Tamper Resistant Modules Security of cryptographic applications is based on secure

564 views • 23 slides
Secure Hardware HOW CAN WE PROTECT OUR HARDWARE ??? HOW CAN OUR HARDWARE PROTECT ITSELF ??? 1

Secure Hardware HOW CAN WE PROTECT OUR HARDWARE ??? HOW CAN OUR HARDWARE PROTECT ITSELF ??? 1

Secure Hardware HOW CAN WE PROTECT OUR HARDWARE ??? HOW CAN OUR HARDWARE PROTECT ITSELF ??? 1 OReilly 2 Trusted or Trustworthy? An object is trusted if and only if it operates as expected An object is trustworthy if and only if it is

707 views • 45 slides
CrypTech October 2018 Barcelona Hardware Security Module From Wikipedia: A hardware security

CrypTech October 2018 Barcelona Hardware Security Module From Wikipedia: A hardware security

CrypTech October 2018 Barcelona Hardware Security Module From Wikipedia: A hardware security module (HSM) is a physical computing device that safeguards and manages digital keys for strong authentication and provides crypto processing. These

977 views • 34 slides
Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication:

Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication:

SSL 1 Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication: basic, digest often supplemented by cookies access control via network addresses multi-layered: SHTTP (secure HTTP) = just

713 views • 32 slides
Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems

Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems

5/27/2017 Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems all key resources are kept inside of the OS protected by hardware (mode, memory management) 13I. Secure Sessions processes cannot

253 views • 9 slides
Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all

Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all

5/20/2018 Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all key resources are kept inside of the OS protected by hardware (mode, memory management) 13I. Secure sessions processes cannot

129 views • 9 slides
Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three points of failure in any secure network: Technology (hardware and software) Technology Support (ITS) End Users (USD students and employees)

359 views • 23 slides
Cryptech The Open Hardware Security Module Platform Joachim Strmbergson ::1 Assured AB

Cryptech The Open Hardware Security Module Platform Joachim Strmbergson ::1 Assured AB

Cryptech The Open Hardware Security Module Platform Joachim Strmbergson ::1 Assured AB https://github.com/secworks IT security Embedded systems ASIC, FPGA Biometrics Open Crypto Hardware CPU design Assembly hacking Hardware Security

896 views • 50 slides
How to build efficient HW that verifiably prevents illegal information flows? 1 Secure HDLs

How to build efficient HW that verifiably prevents illegal information flows? 1 Secure HDLs

How to build efficient HW that verifiably prevents illegal information flows? 1 Secure HDLs Idea: add security annotations to hardware description language SecVerilog = Verilog + security types [ASPLOS15, ASPLOS17,

998 views • 23 slides
Web Security: Web Security: Secure Electronic Transaction Secure Electronic Transaction

Web Security: Web Security: Secure Electronic Transaction Secure Electronic Transaction

Web Security: Web Security: Secure Electronic Transaction Secure Electronic Transaction Cunsheng Cunsheng Ding Ding HKUST, Hong Kong, CHI NA HKUST, Hong Kong, CHI NA Secure Elect ronic Transact ions An applicat ion-layer secur it y

483 views • 24 slides
for hardware or embedded security Erik Poll Digital Security Radboud University Nijmegen 1

for hardware or embedded security Erik Poll Digital Security Radboud University Nijmegen 1

Attacker Models for hardware or embedded security Erik Poll Digital Security Radboud University Nijmegen 1 Security-sensitive hardware: examples 2 Naive attacker model Attacks on communication channels exploiting lousy crypto or insecure

904 views • 45 slides

More recommend