Temporal Consistency of Integrity-Ensuring Computations and Applications to Embedded Systems Security Karim Eldefrawy Xavier Carpent Norrathep (Oak) Rattanavipanon Gene Tsudik University of California, Irvine SRI International
Agenda • Problem Statement • Remote Attestation • Temporal Consistency: Definition & Motivation • Temporal Consistency Methods • Implementation and Experiments • Conclusions + Future Work 2 June 5, 2018 AsiaCCS'18
Problem Statement June 5, 2018 AsiaCCS'18 3
Integrity-Ensuring Computation Integrity-ensurin g function ( F ) Output Input • Output can be used to validate integrity of input data • Examples of F : cryptographic hash functions, message authentication codes (MAC) 4 June 5, 2018 AsiaCCS'18
Integrity-Ensuring Computation Output must be temporally Computation on large input consistent : data: ❖ Must faithfully reflect exact ❖ Not instantaneous; input state of all of input data at may change while some point (or interval) in computation takes place time 5 June 5, 2018 AsiaCCS'18
Integrity-Ensuring Computation Sender Receiver ✓ =? (1) F F (2) ✘ =? F F Changes (red dots) in input happen in middle of F 6 June 5, 2018 AsiaCCS'18
Integrity-Ensuring Computation Sender Receiver ✓ =? (1) F F = (2) F F Never existed as a whole and might be non-sensical 7 June 5, 2018 AsiaCCS'18
Integrity-Ensuring Computation Output must be temporally consistent : Computation on large input data: ❖ Must faithfully reflect exact state of all ❖ Not instantaneous; input may change of input data at some point (or while computation takes place interval) in time Atomic computation of F might be Atomicity of computation of F impractical and/or unsafe guarantees temporal consistency (assume singe CPU) Especially, when performed on simple embedded (IoT) devices with safety-critical applications. Use-case: Remote Attestation 8 June 5, 2018 AsiaCCS'18
Overview of Remote Attestation 9 June 5, 2018 AsiaCCS'18
Remote Attestation (RA) • Security service for remotely assessing integrity of firmware/software in embedded devices • Verifier – trusted entity • Prover – potentially infected remote embedded device Verifier Prover Integrity-ensuring function: (H)MAC or signature (1) Challenge (2) Measure memory (3) Response (4) Verify response and determine presence of malware on Prover 10 June 5, 2018 AsiaCCS'18
Example of RA for Embedded Devices SMART [NDSS’12,DATE’14] • HW/SW co-design for RA targeting micro-controller unit (MCU) • Minimal change in MCU Property HW/SW Immutability ROM Exclusive Access to K MCU Access Control No Leak Static Analysis Controlled MCU Access Control Invocation Uninterruptibility Disabled Interrupts 11 June 5, 2018 AsiaCCS'18
Example of RA for Embedded Devices SMART [NDSS’12,DATE’14] • HW/SW co-design for RA targeting micro-controller unit (MCU) • Minimal change in MCU Temporal consistency is achieved via atomicity but … Property HW/SW Immutability ROM … Atomicity makes SMART Exclusive Access to K MCU Access Control impractical for safety-critical devices No Leak Static Analysis MCU Access Control Atomicity Disabled Interrupts 12 June 5, 2018 AsiaCCS'18
Example of RA for Embedded Devices SMART [NDSS’12,DATE’14] TrustLite [EuroSys’14] • HW/SW co-design for RA targeting • Allow secure interrupt during micro-controller unit (MCU) attestation • Minimal change in MCU • Use execution-aware memory Temporal consistency is achieved via protection unit to enforce access atomicity but … control Property HW/SW Property HW/SW Immutability ROM Immutability ROM … Atomicity makes SMART Exclusive Access to MPU Exclusive Access to K MCU Access Control impractical for safety-critical devices K No Leak Static Analysis No Leak CPU Exception Engine MCU Access Control Controlled CPU Exception Engine + Atomicity Invocation OS Disabled Interrupts Secure Interrupts CPU Exception Engine 13 June 5, 2018 AsiaCCS'18
Example of RA for Embedded Devices SMART [NDSS’12,DATE’14] TrustLite [EuroSys’14] • HW/SW co-design for RA targeting • Allow secure interrupt during micro-controller unit (MCU) attestation Allowing attestation to be • Minimal change in MCU • Use execution-aware memory Temporal consistency is achieved via interruptible helps with protection unit to enforce access atomicity but … safety-critical devices but … control Property HW/SW Property HW/SW Our goal: resolve this conflict Immutability ROM Immutability ROM … Atomicity makes SMART … Temporal consistency may not be Exclusive Access to MPU Exclusive Access to K MCU Access Control impractical for safety-critical devices achieved in TrustLite K No Leak Static Analysis No Leak CPU Exception Engine MCU Access Control Controlled CPU Exception Engine + Atomicity Invocation OS Disabled Interrupts Secure Interrupts CPU Exception Engine 14 June 5, 2018 AsiaCCS'18
Modeling Temporal Consistency in Remote Attestation
Modeling Temporal Consistency in Remote Attestation F 16 June 5, 2018 AsiaCCS'18
Modeling Temporal Consistency in Remote Attestation F • Block size of F = memory block size, e.g., 512 bits for HMAC-SHA256 • F is a sequential function: process each block once and in order • Content of blocks may change during execution of F 17 June 5, 2018 AsiaCCS'18
Modeling Temporal Consistency in Remote Attestation Attestation Task write F Task A • 18 June 5, 2018 AsiaCCS'18
Types of Malware Migratory Malware Transient Malware • • Ability: erase itself at any point during computation of F • Goal: escape detection R is consistent at time t and R corresponds to benign state → no malware was present at time t • Detection: R is consistent at any time • Detection: R is consistent at start of throughout computation computation 19 June 5, 2018 AsiaCCS'18
Mechanisms for Ensuring Temporal Consistency June 5, 2018 AsiaCCS'18 20
Strawman Approach • 21 June 5, 2018 AsiaCCS'18
Mechanism 1: All-Lock • Timelin e 22 June 5, 2018 AsiaCCS'18
Mechanism 2: Dec-Lock • Timelin e 23 June 5, 2018 AsiaCCS'18
Mechanism 3: Inc-Lock • Timelin e 24 June 5, 2018 AsiaCCS'18
Mechanism 4: Cpy-Lock • 25 June 5, 2018 AsiaCCS'18
Malware Detection Summary Mechanism Migratory Malware Transient Malware No-Lock No No All-Lock Yes Yes Dec-Lock Yes Yes Inc-Lock Yes No Cpy-Lock Yes Yes June 5, 2018 AsiaCCS'18 26
Inconsistency Detection • Alternative to enforce consistency • Memory is not locked during computation of F … • …But attestation task is alerted when memory is modified during computation of F • Pro: • No need to handle memory access violations • No interference with execution of other tasks • Con: • Inconsistency may always happen (even by benign task) → consistency is never achieved June 5, 2018 AsiaCCS'18 27
Implementation and Evaluation
Implementation • Memory locking requires hardware support • Dynamically configurable memory protection unit (MPU) → TyTan [DAC’15] • Memory management unit (MMU) → HYDRA [WiSec’17] • Implement mechanisms on HYDRA • Evaluate run-time on I.MX6-SabreLite and ODROID-XU4 I.MX6-SabreLite ODROID-XU4 29 June 5, 2018 AsiaCCS'18
Primitive Operations on 16MB Memory Size Lock, unlock and copy are at least 10 times faster than MAC 30 June 5, 2018 AsiaCCS'18
Primitive Operations on 16MB Memory Size Larger block size → faster lock and unlock process 31 June 5, 2018 AsiaCCS'18
Mechanisms Ensuring Temporal Consistency Overhead becomes < 0.1% Overhead is at most 8% Block size = 4KB Block size = 64KB 32 June 5, 2018 AsiaCCS'18
Conclusions & Future Work • Discrepancy between theoretical assumptions and implementations of cryptographic integrity-ensuring function • Input may change during computation • Output is not temporally consistent with input • Model consistency in context of remote attestation • Propose various mechanisms based on memory locking to ensure consistency • Implement and evaluate them on two commodity platforms • Future work includes: • Implementation of our mechanisms on different RA architecture (e.g., TyTan) • Software-based (or minimal hardware-based) mechanisms ensuring consistency 33 June 5, 2018 AsiaCCS'18
Questions? Contact: nrattana@uci.edu Our lab: sprout.ics.uci.edu June 5, 2018 AsiaCCS'18 34
Uninterruptability vs Memory Locking • June 5, 2018 AsiaCCS'18 35
Memory Access Violations • June 5, 2018 AsiaCCS'18 36
HYDRA Architecture User-space ▪ Has highest priority ▪ Has access to all memory blocks Task 1 Task 2 Task 3 Task 4 ▪ Distribute memory access capabilities (caps) during init ▪ Can change/revoke caps at run-time Attestation Process (P Attest ) seL4 Microkernel Hardware-Enforced Secure Boot Check for integrity and Initialize then initialize June 5, 2018 AsiaCCS'18 37
Integrity-Ensuring Computation Sender Receiver ✓ =? (1): F F ✘ (2): =? F F Changes (red dots) in input happen in middle of F 38 June 5, 2018 AsiaCCS'18
Recommend
More recommend