new crypto fundamentals in riot peter kietzmann
play

New Crypto-fundamentals in RIOT Peter Kietzmann - PowerPoint PPT Presentation

Nov 24, 2022 •424 likes •918 views

New Crypto-fundamentals in RIOT Peter Kietzmann peter.kietzmann@haw-hamburg.de 3rd get-together of the friendly Operating System for the Internet of Things September 13, 2018 Crypto-Fundamentals??? IoT requires security. . . ... as we

  1. New Crypto-fundamentals in RIOT Peter Kietzmann peter.kietzmann@haw-hamburg.de 3rd get-together of the friendly Operating System for the Internet of Things September 13, 2018

  2. “Crypto-Fundamentals”??? IoT requires security. . . ... as we just learned in “Usable Security for RIOT and the Internet of Things”

  3. “Crypto-Fundamentals”??? IoT requires security. . . Low-cost “COTS” devices. . . ... as we just learned in “Usable Security . . . usually don’t provide secure hardware for RIOT and the Internet of Things” such as Trusted Platform Module, Intel SGX or ARM TrustZone to reduce cost

  4. “Crypto-Fundamentals”??? IoT requires security. . . Low-cost “COTS” devices. . . ... as we just learned in “Usable Security . . . usually don’t provide secure hardware for RIOT and the Internet of Things” such as Trusted Platform Module, Intel SGX or ARM TrustZone to reduce cost Lack of computational power. . . . . . and the absence of secure hardware require efficient software implementations to fit device constraints

  5. “Crypto-Fundamentals”??? IoT requires security. . . Low-cost “COTS” devices. . . ... as we just learned in “Usable Security . . . usually don’t provide secure hardware for RIOT and the Internet of Things” such as Trusted Platform Module, Intel SGX or ARM TrustZone to reduce cost Security protocols require. . . Lack of computational power. . . . . . certain resources such as high quality . . . and the absence of secure hardware random numbers, salts, cryptographic keys require efficient software implementations to fit device constraints

  6. “Crypto-Fundamentals”??? IoT requires security. . . Low-cost “COTS” devices. . . ... as we just learned in “Usable Security . . . usually don’t provide secure hardware for RIOT and the Internet of Things” such as Trusted Platform Module, Intel SGX or ARM TrustZone to reduce cost Security protocols require. . . Lack of computational power. . . . . . certain resources such as high quality . . . and the absence of secure hardware random numbers, salts, cryptographic keys require efficient software implementations to fit device constraints We introduce software fundamentals to address crypto requirements

  7. P hysical U nclonable F unctions Input Output (Challenge) (Response) Function

  8. P hysical U nclonable F unctions ◮ Digital fingerprint based on Input Output (Challenge) (Response) manufacturing process variations ◮ Extracted response identifies a device Function like human fingerprint ◮ The ”secret” is hidden in physical structure → Hard to predict or clone ◮ A variety of PUFs exist based on: Component delays, magnetism, optics, uninitialized memory pattern, ... Note: Like biometric data, PUF responses are affected by noise

  9. PUF Applications & Parameters Applications Quality Parameters Noise ◮ RNG, PRNG seeding, ... ◮ Intra-device variations Identity ◮ Identification, authentication ◮ Reproducible ◮ Secret key generation or ◮ Unique storage ◮ Unpredictable ◮ Unique app–to–device binding ◮ Unclonable (i.e., secure boot)

  10. Literature & Recent Work A. Schaller: “Lightweight Protocols and Applications for Memory-Based Intrinsic Physically Unclonable Functions Found on Commercial Off-The-Shelf Devices” (2017) Secure applications based on PUFs evaluated on multiple COTS “A. Van Herrewege et al.: Secure PRNG Seeding on Commercial Off-the-Shelf Microcontrollers” (2013) SRAM analysis of different COTS for PRNG seeding under varying environmental conditions “Y. Dodis et al.: Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data” (2008) Provide secure techniques to generate crypto-keys from noisy responses “C. B¨ osch et al.:Efficient Helper Data Key Extractor on FPGAs” (2008) Design and evaluation of key extractors on FPGAs “J. Delvaux et al.: Attacking PUF-Based Pattern Matching Key Generators via Helper Data Manipulation” (2012) Propose attacks and recovery from PUF-constructed keys

  11. No lightweight, open source, operating system integration? We implement SRAM based PUFs in RIOT for PRNG seeding and key generation

  12. Outline A Brief Introduction to PUFs SRAM Memory Analysis of Standard RIOT Devices A Seeder for Pseudo Random Number Generators Cryptographic Key Generation from Noisy PUF Responses Current Implementation Progress in RIOT Next Steps, Future Plans, ...

  13. SRAM Memory Analysis of Standard RIOT Devices

  14. Experiment Setup ◮ Periodically power-on device and read SRAM blocks after boot → Power-down time > RAM hold-time ◮ Transistor variations lead to different cell states on startup → Unique pattern + noise ◮ Results depend on SRAM technologies, circuit and environment → Should be evaluated individually

  15. Intra-Device Analysis 50 reads; 1kB SRAM; 5 SAMD21; Ambient Temperature H min = − � n 1 )) · 100% i =1 log 2 (max( p i 0 , p i Quantify randomness by min. entropy: n n : memory length, p 0 / 1 : low/high probabilities W ( a ) = �{ a i � = 0 } 1 ≤ i ≤ n � · 100% Quantify bias by hamming weight: n Device A B C D E Min. Entropy 4.16 % 5.46 % 5.28 % 4.68 % 5.48 % Hamming Weight 50.7 ± 3 % 49.5 ± 3 % 51.3 ± 6 % 49.8 ± 4 % 53.1 ± 3 % → The SRAM memory is not biased and contains a random component

  16. Inter-Device Analysis 50 reads; 1kB SRAM; 5 SAMD21; Ambient Temperature Quantify uniqueness by fractional hamming distance: D ( a , b ) = �{ a i � = b i } 1 ≤ i ≤ n � · 100% n Device Pair A–B A–C A–D A–E Hamming Distance 49.2 ± 4 % 49.5 ± 3 % 50.1 ± 3 % 50.4 ± 4 % → The SRAM pattern do not correlate between devices

  17. A Seeder for Pseudo Random Number Generators

  18. Seeder Architecture ◮ Module hooks into startup before ROM RAM kernel init Bootloader ◮ Patterns of uninitialized SRAM are hashed by Entropy Extraction DEK Hash Hash Function seed ◮ 32-bit result is stored in pre-reserved RAM Kernel Init Modules Init (PRNG) section ◮ Seeds PRNG after kernel init Application

  19. SRAM Memory Length Min. Seed Entropy; Varying SRAM Lengths; Ambient Temperature 30 25 Entropy [Bit] 20 MEGA2560 15 SAMD21 CC2538 10 STM32F4 5 10 2 10 3 SRAM length [Bytes] → Approximately 31 Bit entropy @ 1kB SRAM is a good fit

  20. Seed Distribution Frac. Hamming Distances of Seeds; 1kB SRAM; Ambient Temperature 5 5 5 5 CC2538 STM32F4 MEGA2560 SAMD21 4 4 4 4 Probability Probability Probability Probability 3 3 3 3 2 2 2 2 1 1 1 1 0.0 0.2 0.4 0.6 0.8 1.0 0.0 0.2 0.4 0.6 0.8 1.0 0.0 0.2 0.4 0.6 0.8 1.0 0.0 0.2 0.4 0.6 0.8 1.0 Frac. Hamming Distance Frac. Hamming Distance Frac. Hamming Distance Frac. Hamming Distance Distances follow a normal distribution with expectation value around 0.5 → We consider seeds as independent

  21. Reset Detection ◮ The SRAM needs to be uninitialized to provide highest intra-device entropy → device needs start from power-off ◮ That’s not the “development” case where programmers press reset ◮ We implement a reset detection mechanism to report soft-resets ◮ A 32-bit marker is written to a specific location ◮ During the next reboot we test it’s presence

  22. Talk Progress A Brief Introduction to PUFs SRAM Memory Analysis of Standard RIOT Devices A Seeder for Pseudo Random Number Generators Cryptographic Key Generation from Noisy PUF Responses Current Implementation Progress in RIOT Next Steps, Future Plans, ...

  23. Motivation Problem: 1. PUF responses are error-prone 2. PUF responses are not distributed uniformly Requirement: 1. We need reproducible PUF responses 2. We want to produce uniformly distributed secrets Solution: 1. Remove errors from PUF measurements 2. Map the high-entropy input to a uniformly distributed output

  24. Fuzzy Extractor Mechanism Secure Sketch: Randomness Extractors: ◮ Reliably reconstruct response from a ◮ One way hash function to compress noisy measurement high entropy output ◮ Uses error correction codes ◮ The input sequence needs min. entropy

  25. Fuzzy Extractor Mechanism Secure Sketch: Randomness Extractors: ◮ Reliably reconstruct response from a ◮ One way hash function to compress noisy measurement high entropy output ◮ Uses error correction codes ◮ The input sequence needs min. entropy Deployment Enrollment: Reconstruction: ◮ Encoding and helper data generation ◮ Decodes corrupted input sequence ◮ Uses a reference PUF response ◮ Uses a noisy PUF measurement ◮ Executed in trusted environment ◮ Executed on the device after startup

  26. Fuzzy Extractor Design Code Golay Repetition Offset Encoder Encoder Helper Enrollment PUF Oneway Key MLE Hash

  27. Fuzzy Extractor Design Code Golay Repetition Offset Encoder Encoder Helper Enrollment PUF Oneway Key MLE Hash

  28. Fuzzy Extractor Design Code Golay Repetition Offset Encoder Encoder Helper Enrollment PUF Oneway Key MLE Hash

  29. Fuzzy Extractor Design Code Golay Repetition Offset Encoder Encoder Helper Enrollment PUF Oneway Key MLE Hash

  30. Fuzzy Extractor Design Code Golay Repetition Offset Encoder Encoder Helper Enrollment PUF Oneway Key MLE Hash

  31. Fuzzy Extractor Design Code Golay Repetition Offset Encoder Encoder Helper Enrollment PUF Oneway Key MLE Hash

Recommend

Bachelor PO RIOT in the Internet of Things Cenk Gndogan, Peter Kietzmann , Sebastian

Bachelor PO RIOT in the Internet of Things Cenk Gndogan, Peter Kietzmann , Sebastian

Bachelor PO RIOT in the Internet of Things Cenk Gndogan, Peter Kietzmann , Sebastian Meiling, Thomas C. Schmidt iNET AG, Dept. Informatik, HAW Hamburg IoT Motivation What is RIOT? Projects and Events What is IoT? Der Name

621 views • 22 slides
RIOT in the Internet of Things Cenk Gndogan, Peter Kietzmann, Thomas C. Schmidt iNET AG, Dept.

RIOT in the Internet of Things Cenk Gndogan, Peter Kietzmann, Thomas C. Schmidt iNET AG, Dept.

Bachelor Project RIOT in the Internet of Things Cenk Gndogan, Peter Kietzmann, Thomas C. Schmidt iNET AG, Dept. Informatik HAW Hamburg TODAY (1) RIOT Introduction (2) Setup Work Environment (3) Project Introduction (4) Recent and

821 views • 22 slides
Bluetooth Mesh under the Microscope: How much ICN is Inside? Hauke Petersen, Peter Kietzmann,

Bluetooth Mesh under the Microscope: How much ICN is Inside? Hauke Petersen, Peter Kietzmann,

Bluetooth Mesh under the Microscope: How much ICN is Inside? Hauke Petersen, Peter Kietzmann, Cenk G undo gan, Thomas C. Schmidt and Matthias W ahlisch peter.kietzmann@haw-hamburg.de 6th ACM Conference on Information-Centric Networking

639 views • 44 slides
Using Rust on RIOT OS Christian M. Ams uss <ca@etonomy.org> 2019-09-05 RIOT Summit,

Using Rust on RIOT OS Christian M. Ams uss <ca@etonomy.org> 2019-09-05 RIOT Summit,

Using Rust on RIOT OS Christian M. Ams uss <ca@etonomy.org> 2019-09-05 RIOT Summit, Helsinki Outline The Rust language and ecosystem Rust on embedded systems Rust on RIOT Simple things: functions and variables fn

804 views • 24 slides
Globalizing Player Accounts with MySQL at Riot Games Tyler Turk Riot Games, Inc. About Me

Globalizing Player Accounts with MySQL at Riot Games Tyler Turk Riot Games, Inc. About Me

Globalizing Player Accounts with MySQL at Riot Games Tyler Turk Riot Games, Inc. About Me Senior Infrastructure Engineer Player Platform at Riot Games Father of three Similar talk at re:Invent last year 2 Accounts Team Responsible for

503 views • 34 slides
RIOT and CAN Vincent Dupont OTA keys RIOT Summit September 25-26, 2017 Vincent Dupont (OTA

RIOT and CAN Vincent Dupont OTA keys RIOT Summit September 25-26, 2017 Vincent Dupont (OTA

RIOT and CAN Vincent Dupont OTA keys RIOT Summit September 25-26, 2017 Vincent Dupont (OTA keys) RIOT and CAN RIOT Summit 2017 1 / 34 Who am I? What is OTA keys? Me: Embedded software engineer: 6 years, 3 at OTA keys RIOT: 1.5 year

1.09k views • 64 slides
Crypto Fundamentals Dr. Mohammed Shafiul Alam Khan Assistant Professor Institute of Information

Crypto Fundamentals Dr. Mohammed Shafiul Alam Khan Assistant Professor Institute of Information

Crypto Fundamentals Dr. Mohammed Shafiul Alam Khan Assistant Professor Institute of Information Technology (IIT), University of Dhaka (DU) shafiul@du.ac.bd December 10, 2017 M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 1 / 31

596 views • 32 slides
The friendly operating system for the IoT by Thomas Eichinger (on behalf of the RIOT community)

The friendly operating system for the IoT by Thomas Eichinger (on behalf of the RIOT community)

The friendly operating system for the IoT by Thomas Eichinger (on behalf of the RIOT community) OpenIoT Summit NA 2017 Why? How? What is RIOT? Why? How? What is RIOT? Why a software platform for the IoT? Linux, Arduino, bare metal?

341 views • 33 slides
CRYPTO HERE, CRYPTO THERE, CRYPTO, CRYPTO EVERYWHERE WORLD AQUATIC HEALTH CONFERENCE

CRYPTO HERE, CRYPTO THERE, CRYPTO, CRYPTO EVERYWHERE WORLD AQUATIC HEALTH CONFERENCE

CRYPTO HERE, CRYPTO THERE, CRYPTO, CRYPTO EVERYWHERE WORLD AQUATIC HEALTH CONFERENCE WILLIAMSBURG, VA THURSDAY, OCTOBER 17 TH , 2019 JOHN KELLY, PE IOWA DEPARTMENT OF PUBLIC HEALTH DISCLAIMER THIS PRESENTATION: IS INTENDED FOR

843 views • 40 slides
Integrated Riot Investigation Team 22(3)(b) 22(3)(b) 22(3)(b) September 2011 Integrated Riot

Integrated Riot Investigation Team 22(3)(b) 22(3)(b) 22(3)(b) September 2011 Integrated Riot

Integrated Riot Investigation Team 22(3)(b) 22(3)(b) 22(3)(b) September 2011 Integrated Riot Investigation Team Infrastructure Instantly set up an integrated investigative response Acquired full facilities and equipment - IT

578 views • 24 slides
Fundamentals of Lattice-Based Cryptography Chris Peikert University of Michigan 2nd Crypto

Fundamentals of Lattice-Based Cryptography Chris Peikert University of Michigan 2nd Crypto

Fundamentals of Lattice-Based Cryptography Chris Peikert University of Michigan 2nd Crypto Innovation School Shanghai, China 13 December 2019 1 / 23 Talk Outline 1 Lattices and hard problems 2 The SIS and LWE problems; basic applications 3

970 views • 94 slides
NaCls crypto box in hardware Michael Hutter, J urgen Schilling, Peter Schwabe, and Wolfgang

NaCls crypto box in hardware Michael Hutter, J urgen Schilling, Peter Schwabe, and Wolfgang

NaCls crypto box in hardware Michael Hutter, J urgen Schilling, Peter Schwabe, and Wolfgang Wieser Cryptography Research, TU Graz (IAIK), Radboud University Nijmegen September 14, 2015 CHES 2015, Saint-Malo, France NaCl and crypto box

394 views • 36 slides
a legal case study 57 AD Riot @ Temple 57 AD Riot @ Temple INITIAL INTERVIEW 57 AD Riot @

a legal case study 57 AD Riot @ Temple 57 AD Riot @ Temple INITIAL INTERVIEW 57 AD Riot @

Paul: a legal case study 57 AD Riot @ Temple 57 AD Riot @ Temple INITIAL INTERVIEW 57 AD Riot @ Temple INITIAL INTERVIEW BACKGROUND 57 AD Riot @ Temple INITIAL INTERVIEW If you want to know where ones If you want to know where ones

645 views • 62 slides
Building secure player experiences at Riot Games David Rook 1 2 3 4 5 Riot Application

Building secure player experiences at Riot Games David Rook 1 2 3 4 5 Riot Application

Building secure player experiences at Riot Games David Rook 1 2 3 4 5 Riot Application Security tl;dr not this Riot Application Security Automation Rioters Bug Bounty ESLint Security Rules ESLint Security Rules Dependency Scanner PoC

402 views • 37 slides
RIOT AND CIVIL COMMOTION A CHALLENGING ACT? 2 March 2016 Philip Adamis, Associate, BLM T:

RIOT AND CIVIL COMMOTION A CHALLENGING ACT? 2 March 2016 Philip Adamis, Associate, BLM T:

RIOT AND CIVIL COMMOTION A CHALLENGING ACT? 2 March 2016 Philip Adamis, Associate, BLM T: 020 7029 4269 E: philip.adamis@blmlaw.com LONDON 2011 RIOT (DAMAGES) ACT 1886 Riot (Damages) Act 1886 Fit for purpose? Insurers and

474 views • 23 slides
Timing Attacks and Countermeasures Peter Schwabe June 10, 2016 Summer school on real-world

Timing Attacks and Countermeasures Peter Schwabe June 10, 2016 Summer school on real-world

Timing Attacks and Countermeasures Peter Schwabe June 10, 2016 Summer school on real-world crypto and privacy ibenik, Croatia Secure Crypto Research over the past decades has produced several secure crypto algorithms: AES-256 block

1.04k views • 85 slides
League of Legends Retrospective: One Year Later Who am I? President & Co-Founder of Riot

League of Legends Retrospective: One Year Later Who am I? President & Co-Founder of Riot

League of Legends Retrospective: One Year Later Who am I? President & Co-Founder of Riot Games Executive Producer of League of Legends Who is Riot Games? > 120 employees Offices: Los Angeles Dublin World class

607 views • 58 slides
TRAVIS GEORGE SENIOR PRODUCER ABOUT ME TRAVIS GEORGE SR. PRODUCER AT RIOT GAMES PRODUCT

TRAVIS GEORGE SENIOR PRODUCER ABOUT ME TRAVIS GEORGE SR. PRODUCER AT RIOT GAMES PRODUCT

TRAVIS GEORGE SENIOR PRODUCER ABOUT ME TRAVIS GEORGE SR. PRODUCER AT RIOT GAMES PRODUCT OWNER OF LEAGUE OF LEGENDS ARMORED BEAR ABOUT RIOT GAMES 500+ OFFICES IN FOUNDED SANTA MONICA, SEPT . 2006 EMPLOYEES ST. LOUIS, DUBLIN,

950 views • 54 slides
Fundamentals of Computer Security Spring 2015 Radu Sion Intro Encryption Hash Functions A

Fundamentals of Computer Security Spring 2015 Radu Sion Intro Encryption Hash Functions A

Fundamentals of Computer Security Spring 2015 Radu Sion Intro Encryption Hash Functions A Message From Our Sponsors Computer Security Fundamentals Fundamentals System/Network Security, crypto How do things work Why How to

824 views • 26 slides
Crypto Wont Save You Either Peter Gutmann University of Auckland Sound Advice from the USG

Crypto Wont Save You Either Peter Gutmann University of Auckland Sound Advice from the USG

Crypto Wont Save You Either Peter Gutmann University of Auckland Sound Advice from the USG Saw Something, Said Something Saw Something, Said Something (ctd) Youre not paranoid, they really are out to get you BULLRUN Funded to the tune

976 views • 71 slides
Communications Channels CS 118 Computer Network Fundamentals Peter Reiher Lecture 3 CS 118

Communications Channels CS 118 Computer Network Fundamentals Peter Reiher Lecture 3 CS 118

Communications Channels CS 118 Computer Network Fundamentals Peter Reiher Lecture 3 CS 118 Page 1 Winter 2016 Review: Comm. as shared state Communication is less than most think Just syntax not semantics or intent Information

795 views • 76 slides
Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Bart Jacobs

Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Bart Jacobs

Crypto intro Crypto intro Symmetric crypto Symmetric crypto Achieving security goals with symmetric crypto Radboud University Nijmegen Achieving security goals with symmetric crypto Radboud University Nijmegen e-Passport example

269 views • 7 slides
Actors for the Internet of Things Pushing CAF to RIOT Raphael Hiesgen

Actors for the Internet of Things Pushing CAF to RIOT Raphael Hiesgen

Actors for the Internet of Things Pushing CAF to RIOT Raphael Hiesgen raphael.hiesgen@haw-hamburg.de Internet Technologies Group Hamburg University of Applied Sciences Agenda 1. General Background 2. Actors for the IoT 3. CAF on RIOT 4.

692 views • 38 slides
Speech to RIOT Jasper, how is the temperature? Jasper, re-order paper towels. Jasper, set a

Speech to RIOT Jasper, how is the temperature? Jasper, re-order paper towels. Jasper, set a

Jasper, turn on the fan. Jasper, what's on my calendar today? Speech to RIOT Jasper, how is the temperature? Jasper, re-order paper towels. Jasper, set a timer for 20 minutes. Jasper, play music. Speech to RIOT

509 views • 14 slides

More recommend