p rotect io n root of trust for io in compromised
play

P ROTECT IO N : Root-of-Trust for IO in Compromised Platforms Aritra - PowerPoint PPT Presentation

Sep 29, 2022 •342 likes •773 views

P ROTECT IO N : Root-of-Trust for IO in Compromised Platforms Aritra Dhar, Enis Ulqinaku, Kari Kostiainen, Srdjan Capkun ETH Zurich NDSS 2020 | | Motivation Remote device 75 Heart beat 177 Insulin (U) 0.025 Basal rate (U/Hr) Low limit

  1. P ROTECT IO N : Root-of-Trust for IO in Compromised Platforms Aritra Dhar, Enis Ulqinaku, Kari Kostiainen, Srdjan Capkun ETH Zurich NDSS 2020 | |

  2. Motivation Remote device 75 Heart beat 177 Insulin (U) 0.025 Basal rate (U/Hr) Low limit (mg/dL) 60 105 High limit (mg/dL) Cancel Program NDSS 2020 | | 4/3/20 2

  3. Motivation Remote device 75 Heart beat 177 Insulin (U) 0.025 Basal rate (U/Hr) Low limit (mg/dL) 60 105 High limit (mg/dL) Cancel Program NDSS 2020 | | 4/3/20 3

  4. Remote Trusted path User IO devices Host Remote server NDSS 2020 Aritra Dhar | | 4/3/20 4

  5. Solution 1: Transaction Confirmation Device Remote device 75 Heart beat 177 Insulin (U) 0.025 Basal rate (U/Hr) Android Protected Confirmation Low limit (mg/dL) 60 You are going to program Heart beat 75 105 High limit (mg/dL) Insulin 177U Basal rate 0.025 U/Hr Low level 60 mg/dL High level 105 mg/dL Cancel Program And more …… NDSS 2020 Aritra Dhar | | 4/3/20 5

  6. Solution 2: Input Signing Remote device 75 Heart beat 177 Insulin (U) Heart beat 75 Insulin 177U 0.025 Basal rate (U/Hr) Basal rate 0.025 U/Hr Low level 60 mg/dL Low limit (mg/dL) High level 105 mg/dL 60 Trusted embedded 105 High limit (mg/dL) device Cancel Program NDSS 2020 Aritra Dhar | | 4/3/20 6

  7. Display manipulation attack Insulin 177 177 17 Insulin 7 1777 177 User sees 177 Device records 1777 Host sends 1777 • IntegriKey NDSS 2020 Aritra Dhar | | 4/3/20 7

  8. Observation 1 The lack of output integrity – the render of user inputs on the screen – compromises input integrity. NDSS 2020 Aritra Dhar | | 4/3/20 8

  9. Solution 3: Overlay Remote device Remote device 75 Heart beat Heart beat 177 Insulin (U) Insulin (U) 0.025 Basal rate (U/Hr) Basal rate (U/Hr) Low limit (mg/dL) Low limit (mg/dL) 60 105 High limit (mg/dL) High limit (mg/dL) Cancel Cancel Program Program NDSS 2020 Aritra Dhar | | 4/3/20 9

  10. Overlay: Output Manipulation Remote device Remote device Heart beat Insulin (U) Insulin (U) Heart rate Basal rate (U/Hr) Basal rate (U/Hr) Low limit (mg/dL) Low limit (mg/cc) High limit (mg/dL) High limit (mg/cc) Cancel Cancel Program Program NDSS 2020 Aritra Dhar | | 4/3/20 10

  11. Overlay: Output Manipulation Remote device 177 Insulin (U) Heart rate 75 Basal rate (U/Hr) 0.025 Low limit (mg/cc) 6000 10500 High limit (mg/cc) Program Cancel NDSS 2020 Aritra Dhar | | 4/3/20 11

  12. Observation 2 If the protected output is provided out-of-context , users are more likely not to verify it. Therefore input integrity can be violated. NDSS 2020 Aritra Dhar | | 4/3/20 12

  13. Overlay: Early Form Submission Attack Remote device 75 Heart beat 17 Insulin (U) Textbox in focus 0.025 Basal rate (U/Hr) • Fidelius • Trusted overlay from FPGA Low limit (mg/dL) 60 105 High limit (mg/dL) Program Cancel OS triggers click NDSS 2020 Aritra Dhar | | 4/3/20 13

  14. Observation 3 If not all the modalities of inputs are secured simultaneously, none of them can be fully secured. NDSS 2020 Aritra Dhar | | 4/3/20 14

  15. Requirements The lack of output integrity – the render of user inputs on the screen – compromises input integrity. Inter-dependency between Input and output NDSS 2020 Aritra Dhar | | 4/3/20 15

  16. Requirements If not all the modalities of inputs are secured simultaneously, none of them can be fully secured. All modalities of input NDSS 2020 Aritra Dhar | | 4/3/20 16

  17. Requirements If the protected output is provided out-of-context , users are more likely not to verify it. Therefore input integrity can be violated. Low cognitive load NDSS 2020 Aritra Dhar | | 4/3/20 17

  18. Requirements Low TCB and easy deploy NDSS 2020 Aritra Dhar | | 4/3/20 18

  19. Requirements NDSS 2020 Aritra Dhar | | 4/3/20 19

  20. ProtectIOn Low TCB + fast deployment Input modalities IOHub NDSS 2020 Aritra Dhar | | 4/3/20 20

  21. IO Integrity – Overlay Generation Remote device Insulin (U) Heart rate Basal rate (U/Hr) Simultaneous IO Low limit (mg/cc) High limit (mg/cc) Cancel Program <form action=“/some_action”, signature = “0x45AB…”, id = “0x0ab”> NDSS 2020 Aritra Dhar | | 4/3/20 21

  22. IO Integrity – Overlay Generation Simultaneous IO NDSS 2020 Aritra Dhar | | 4/3/20 22

  23. IO Integrity – Overlay Generation Remote device Verified UI from secure_site.io Insulin (U) Heart rate Basal rate (U/Hr) Simultaneous IO Low limit (mg/cc) High limit (mg/cc) Cancel Program NDSS 2020 Aritra Dhar | | 4/3/20 23

  24. IO Integrity – Input Remote device Verified UI from secure_site.io 75 Insulin (U) 177 Heart rate 0.025 Basal rate (U/Hr) Simultaneous IO Low limit (mg/cc) 60 105 High limit (mg/cc) Cancel Program NDSS 2020 Aritra Dhar | | 4/3/20 24

  25. Grabbing User Attention § Output Integrity: Low cognitive load § Several existing mechanisms Low cognitive load Put 1 in front of all inputs NDSS 2020 Aritra Dhar | | 4/3/20 25

  26. Grabbing User Attention § Output Integrity: Low cognitive load § Several existing mechanisms § Lightbox Low cognitive load Put 1 in front of all inputs NDSS 2020 Aritra Dhar | | 4/3/20 26

  27. Grabbing User Attention § Output Integrity: Low cognitive load § Several existing mechanisms § Lightbox Low cognitive load § Highlight Put 1 in front of all inputs NDSS 2020 Aritra Dhar | | 4/3/20 27

  28. Grabbing User Attention § Output Integrity: Low cognitive load § Several existing mechanisms § Lightbox Low cognitive load § Highlight § Freezing Put 1 in front of all inputs NDSS 2020 Aritra Dhar | | 4/3/20 28

  29. Grabbing User Attention § Output Integrity: Low cognitive load § Several existing mechanisms § Lightbox Low cognitive load § Highlight § Freezing § Combination Put 1 in front of all inputs NDSS 2020 Aritra Dhar | | 4/3/20 29

  30. Grabbing User Attention § Output Integrity: Low cognitive load § Several existing mechanisms § Lightbox Low cognitive load § Highlight § Freezing § Combination § How to determine when to engage? § Track pointer § Mouse movement on the overlay NDSS 2020 Aritra Dhar | | 4/3/20 30

  31. Prototype and TCB Low TCB Fast deployment 25.16M 20.92M 1.9K 2M 3.5K 71K 893 600K 121K 36.68M NDSS 2020 Aritra Dhar | | 4/3/20 31

  32. Performance § Display latency: 21.67 ms § ~46 fps § Mouse latency: 250 !" § Keyboard latency: 170 !" § Pointer detection accuracy: 0.997 NDSS 2020 Aritra Dhar | | 4/3/20 32

  33. Summary § Existing research § Drawbacks § Observations § Requirements for Trusted Path § ProtectIOn design § Prototype NDSS 2020 Aritra Dhar | | 4/3/20 33

  34. Thank you! Questions?

  35. Backup slides

  36. Prototype View User’s view on the monitor Focusing user’s attention Attacker’s view NDSS 2020 Aritra Dhar | | 4/3/20 36

  37. Other Trusted Path Solutions NDSS 2020 Aritra Dhar | | 4/3/20 37

  38. How to Build a Trusted Path § Server sends messages : HTML, JS … → " § All modalities of inputs → # § #$%&' → " → # § Host transforms them : Browser, GPU … + I → ["] § ,-.$/01-" : ", # → ["] § Host is a bad guy → " 1- " 4 § Output integrity → Users need to report back " / " 4 NDSS 2020 Aritra Dhar | | 4/3/20 38

  39. Definition: Violation of Input/output Integrity § Sever sends ! § Server knows ! § Given ! , correct input is " § Host sends ! # ≠ ! Output integrity § User sends " # ≠ " Input integrity NDSS 2020 Aritra Dhar | | 4/3/20 39

  40. Verification + $%&'()*%+() + # + " + . + /0# + / … ! # ! " ! . ! /0# ! / $%&'()*%+() $%&'()*%+() $%&'()*%+() Anything missing in the chain → IO integrity violation NDSS 2020 Aritra Dhar | | 4/3/20 40

  41. Overlay: Output Manipulation Remote device 177 Insulin (U) Heart rate 75 Basal rate (U/Hr) 0.025 Low limit (mg/cc) 6000 10500 High limit (mg/cc) Program Cancel NDSS 2020 Aritra Dhar | | 4/3/20 41

Recommend

Titan silicon root of trust for Google Cloud 1 Cloud Perspective: We need a Software

Titan silicon root of trust for Google Cloud 1 Cloud Perspective: We need a Software

Scott Johnson Dominic Rizzo Secure Enclaves Workshop 8/29/2018 Titan silicon root of trust for Google Cloud 1 Cloud Perspective: We need a Software infrastructure silicon root Datacenter of trust equipment Silicon root of trust 2

355 views • 24 slides
Do Don't t Trust t Your Eye: Ap Apple Graphics Is Compromised! Liang Chen (@chenliang0817)

Do Don't t Trust t Your Eye: Ap Apple Graphics Is Compromised! Liang Chen (@chenliang0817)

Do Don't t Trust t Your Eye: Ap Apple Graphics Is Compromised! Liang Chen (@chenliang0817) Marco Grassi (@marcograss) Qidan He (@flanker_hqd) CanSecWest Vancouver 2016 About Us Liang Chen Senior Security Researcher @ Tencent

1.21k views • 62 slides
Reflections on using C(++) Root Cause Analysis Abstractions Assumptions Trust sws1 1

Reflections on using C(++) Root Cause Analysis Abstractions Assumptions Trust sws1 1

Software and Web Security 1 Reflections on using C(++) Root Cause Analysis Abstractions Assumptions Trust sws1 1 There are only two kinds of programming languages: the ones people complain about and the ones nobody uses. Bjarne

527 views • 25 slides
Reflections on using C(++) Root Cause Analysis Abstractions Complexity Assumptions Trust hic

Reflections on using C(++) Root Cause Analysis Abstractions Complexity Assumptions Trust hic

Hacking in C Reflections on using C(++) Root Cause Analysis Abstractions Complexity Assumptions Trust hic 1 There are only two kinds of programming languages: the ones people complain about and the ones nobody uses. Bjarne

517 views • 28 slides
Root/Jailbreak Detection Evasion Study on iOS and Android Research Project 1 Motivation

Root/Jailbreak Detection Evasion Study on iOS and Android Research Project 1 Motivation

Dana Geist &amp; Marat Nigmatullin Root/Jailbreak Detection Evasion Study on iOS and Android Research Project 1 Motivation Compromised (rooted/jailbroken) devices are a major issue in the mobile security field. Security and business

718 views • 28 slides
TPM Genie Attacking the Hardware Root of Trust For Less Than $50 Introduction Jeremy Boone

TPM Genie Attacking the Hardware Root of Trust For Less Than $50 Introduction Jeremy Boone

TPM Genie Attacking the Hardware Root of Trust For Less Than $50 Introduction Jeremy Boone @uffeux Principal Consultant @ NCC Group Focus on hardware and embedded systems security Previously: 10 years product security @

1.41k views • 54 slides
PRESS ROOT TO PRESS ROOT TO CONTINUE: PRESS ROOT TO PRESS ROOT TO CONTINUE: PRESS ROOT TO

PRESS ROOT TO PRESS ROOT TO CONTINUE: PRESS ROOT TO PRESS ROOT TO CONTINUE: PRESS ROOT TO

Mario Vuksan &amp; Tomislav PericinBlackHat USA 2013, Las Vegas PRESS ROOT TO PRESS ROOT TO CONTINUE: PRESS ROOT TO PRESS ROOT TO CONTINUE: PRESS ROOT TO PRESS ROOT TO PRESS ROOT TO PRESS ROOT TO CONTINUE: CONTINUE: CONTINUE: CONTINUE:

690 views • 45 slides
Certicate Transparency Root Explorer Nikita Korzhitskii Niklas Carlsson Web Public Key

Certicate Transparency Root Explorer Nikita Korzhitskii Niklas Carlsson Web Public Key

Certicate Transparency Root Explorer Nikita Korzhitskii Niklas Carlsson Web Public Key Infrastructure (WebPKI) Root certificates of trusted Certificate Authorities e.g. GlobalSign Root CA, Amazon Root CA, GoDaddy Root CA Root 1 Root 2

347 views • 19 slides
Identity Fraud Valuing Compromised Data Identity Fraud Valuing Compromised Data 2008 Chicago

Identity Fraud Valuing Compromised Data Identity Fraud Valuing Compromised Data 2008 Chicago

Identity Fraud Valuing Compromised Data Identity Fraud Valuing Compromised Data 2008 Chicago Federal Reserve Payments Conference Jeff Schmidt, MBA, CISSP jschmidt@jschmidt.org j @j g (Most) Security problems are actually The

500 views • 11 slides
Social Protection and Labor Social Protection and Labor Social Protection and Labor Social

Social Protection and Labor Social Protection and Labor Social Protection and Labor Social

LD B AN ORLD B ANK T H E W ORL T HE W O KS S OCIAL L P ROTECT TION AND L L ABOR S T NKS TRATEGY 20 0122022 S O OCIAL P R D L ABOR R S TRAT ROTECT ION AND TEGY 2012 2022 Core Messages Core Messages 0122022 Social

973 views • 27 slides
Scaling the Root A study of the impact on the DNS root system of increasing the size and

Scaling the Root A study of the impact on the DNS root system of increasing the size and

Scaling the Root A study of the impact on the DNS root system of increasing the size and volatility of the root zone Jaap Akkerhuis Lyman Chapin Patrik Fltstrm Glenn Kowack Bill Manning Lars-Johan Liman Summary of Findings Root Scaling

558 views • 20 slides
Breaking Samsung's Root of Trust: Exploiting Samsung S10 S-Boot Jeffxx #BHUSA @BLACKHATEVENTS

Breaking Samsung's Root of Trust: Exploiting Samsung S10 S-Boot Jeffxx #BHUSA @BLACKHATEVENTS

Breaking Samsung's Root of Trust: Exploiting Samsung S10 S-Boot Jeffxx #BHUSA @BLACKHATEVENTS Jeff Chao (Jeffxx) Researcher at TrapaSecurity Ex-senior Researcher at TeamT5 Member of HITCON CTF Team Member of Chroot Focus on

1.35k views • 75 slides
Breaking Samsung's Root of Trust: Exploiting Samsung S10 S-Boot Jeffxx #BHUSA @BLACKHATEVENTS

Breaking Samsung's Root of Trust: Exploiting Samsung S10 S-Boot Jeffxx #BHUSA @BLACKHATEVENTS

Breaking Samsung's Root of Trust: Exploiting Samsung S10 S-Boot Jeffxx #BHUSA @BLACKHATEVENTS Jeff Chao (Jeffxx) Researcher at TrapaSecurity Ex-senior Researcher at TeamT5 Member of HITCON CTF Team Member of Chroot Focus on

1.05k views • 77 slides
Root Cause Analysis 1 Root Cause Analysis Root Cause Analysis is a method that is used to

Root Cause Analysis 1 Root Cause Analysis Root Cause Analysis is a method that is used to

Root Cause Analysis 1 Root Cause Analysis Root Cause Analysis is a method that is used to address a problem or non-conformance, in order to get to the root cause of the problem. It is used so we can correct or eliminate the cause,

389 views • 28 slides
Compromised Social Network Accounts Detection and Incentives Manuel Egele Dept. of Electrical

Compromised Social Network Accounts Detection and Incentives Manuel Egele Dept. of Electrical

Compromised Social Network Accounts Detection and Incentives Manuel Egele Dept. of Electrical &amp; Computer Engineering Boston University megele@bu.edu As Seen on Twitter 2 Why Compromised Accounts? Historically, attackers create fake

528 views • 18 slides
Square Root of Not: Square Root of Not: . . . A Major Difference Between Square Root of

Square Root of Not: Square Root of Not: . . . A Major Difference Between Square Root of

Quantum Mechanics Quantum Logic Alternative Quantum . . . Square Root of Not: . . . Square Root of Not: Square Root of Not: . . . A Major Difference Between Square Root of Not Is . . . Why Factoring Large . . . Fuzzy and Quantum

381 views • 17 slides
Getting the most out of the ROOT tutorials Automated conversion from ROOT macros to Jupyter

Getting the most out of the ROOT tutorials Automated conversion from ROOT macros to Jupyter

Getting the most out of the ROOT tutorials Automated conversion from ROOT macros to Jupyter notebooks Pau Miquel, Summer 2016 Supervisors: Pere Mat, Danilo Piparo 1 / 24 Outline 1. Overview 2. ROOT Tutorials 3. Conversion a. Steps

746 views • 30 slides
Thoughts on F-Root Futures Jeff Osborn President, Internet Systems Consortium Whats the

Thoughts on F-Root Futures Jeff Osborn President, Internet Systems Consortium Whats the

Thoughts on F-Root Futures Jeff Osborn President, Internet Systems Consortium Whats the Point? What is a root server? Root server traditions Current root server realities Post mortem of root attacks New root server

448 views • 11 slides
ROOT4J / SPARK-ROOT: ROOT I/O for JVM and Applications for Apache Spark V. Khristenko 1 J.

ROOT4J / SPARK-ROOT: ROOT I/O for JVM and Applications for Apache Spark V. Khristenko 1 J.

Introduction Functionality Examples Summary ROOT4J / SPARK-ROOT: ROOT I/O for JVM and Applications for Apache Spark V. Khristenko 1 J. Pivarski 2 1 Department of Physics The University of Iowa 2 Princeton University - DIANA ROOT I/O Workshop,

544 views • 19 slides
Root C t Cause An Analysis Presented by: Isaac Garcia, RCC Objec ectives es Define Root

Root C t Cause An Analysis Presented by: Isaac Garcia, RCC Objec ectives es Define Root

Root C t Cause An Analysis Presented by: Isaac Garcia, RCC Objec ectives es Define Root Cause Understand how an organization benefits from root cause Learn how to determine root cause using the 5 Why method Learn how to

739 views • 31 slides
Compromised Controls and Pace of Compromised Controls and Pace of Change Hampered Implementation

Compromised Controls and Pace of Compromised Controls and Pace of Change Hampered Implementation

Compromised Controls and Pace of Compromised Controls and Pace of Change Hampered Implementation of Change Hampered Implementation of Enhanced Mental Health Services Enhanced Mental Health Services A presentation to the Joint Legislative A

249 views • 21 slides
Root Cause &amp; Why CQC Findings Impact so far On-going work Example of Progress Incident

Root Cause &amp; Why CQC Findings Impact so far On-going work Example of Progress Incident

South East Coast Ambulance Trust Delivery Plan 2017-2019 November 2017 Content Overview Root Cause &amp; Why CQC Findings Impact so far On-going work Example of Progress Incident Management OVERVIEW This document describes the

616 views • 29 slides
In Root we Trust Pavan Chander Lisa Bui OWASP Toronto: Feb 20, 2019 Who are we? Pavan Chander

In Root we Trust Pavan Chander Lisa Bui OWASP Toronto: Feb 20, 2019 Who are we? Pavan Chander

In Root we Trust Pavan Chander Lisa Bui OWASP Toronto: Feb 20, 2019 Who are we? Pavan Chander Lisa Bui pchander@deloitte.ca libui@deloitte.ca Pavan is a Manager with Deloittes Lisa is a consultant in Deloittes Risk Cyber Risk

385 views • 21 slides
Extending the Secure Boot Certificate and Signature Chain of Trust to the OS Fionnuala Gunter,

Extending the Secure Boot Certificate and Signature Chain of Trust to the OS Fionnuala Gunter,

Extending the Secure Boot Certificate and Signature Chain of Trust to the OS Fionnuala Gunter, fin.gunter@hypori.com Mimi Zohar, zohar@linux.vnet.ibm.com Secure Boot Chains of Trust Secure Boot places the root of PK trust in hardware

847 views • 16 slides

More recommend