Secure Remote Attestation for Safety-Critical Embedded and Iot Devices

Secure Remote Attestation for Safety-Critical Embedded and Iot Devices

UC Irvine UC Irvine Electronic Theses and Dissertations Title Secure Remote Attestation for Safety-Critical Embedded and IoT Devices Permalink https://escholarship.org/uc/item/4kr267k8 Author Rattanavipanon, Norrathep Publication Date 2019 Peer reviewed|Thesis/dissertation eScholarship.org Powered by the California Digital Library University of California UNIVERSITY OF CALIFORNIA, IRVINE Secure Remote Attestation for Safety-Critical Embedded and IoT Devices DISSERTATION submitted in partial satisfaction of the requirements for the degree of DOCTOR OF PHILOSOPHY in Computer Science by Norrathep Rattanavipanon Dissertation Committee: Professor Gene Tsudik, Chair Professor Ardalan Amiri Sani Professor Ahmad-Reza Sadeghi 2019 Portion of Chapter 3 c 2018 IEEE, reprinted, with permission, from [15] Portion of Chapter 4 c 2017 IEEE, reprinted, with permission, from [29] Portion of Chapter 4 c 2017 ACM, reprinted, with permission, from [30] Chapter 5 c 2018 IEEE, reprinted, with permission, from [18] Chapter 6 c 2018 ACM, reprinted, with permission, from [17] Portion of Chapter 7 c 2018 IEEE, reprinted, with permission, from [20] Portion of Chapter 7 c 2018 ACM, reprinted, with permission, from [19] Chapter 8 c 2017 ACM, reprinted, with permission, from [16] All other materials c 2019 Norrathep Rattanavipanon DEDICATION To my family. What a journey. ii TABLE OF CONTENTS Page LIST OF FIGURES vii LIST OF TABLES ix ACKNOWLEDGMENTS x CURRICULUM VITAE xi ABSTRACT OF THE DISSERTATION xiv 1 Introduction 1 1.1 Contribution . .3 1.2 Outline . .4 2 Related Work 5 2.1 Architectural Requirements . .5 2.1.1 Hardware-based Techniques . .7 2.1.2 Software-based Techniques . .8 2.1.3 Hybrid (HW/SW) Techniques . 10 2.2 Assurance Guarantees . 12 2.2.1 Software Integrity . 12 2.2.2 Run-time Integrity . 13 2.3 Communication Models . 14 2.3.1 One-hop Setting . 14 2.3.2 Remote Setting (with Single Prv).................... 15 2.3.3 Remote Group Setting . 15 2.4 Adversarial Models . 16 2.4.1 Physical Adversary . 16 2.4.2 Local Adversary . 17 2.4.3 Remote Adversary . 17 2.5 Comparison . 18 2.6 Scope . 18 iii 3 Remote Attestation in Safety-Critical Settings 21 3.1 RA Overview . 21 3.1.1 RA Blueprint . 22 3.1.2 Coverage of RA .............................. 23 3.1.3 RA Timing Overhead . 24 3.2 RA in Safety-Critical Settings . 26 3.3 Overview of Proposed Solutions . 28 4 Remote Attestation Using Formally Verified Microkernel 29 4.1 Introduction . 29 4.1.1 Design Rationale . 31 4.1.2 Hybrid RA Objective and Properties . 32 4.1.3 Adversarial Model & Other Assumptions . 34 4.2 Design . 35 4.2.1 seL4 Overview . 36 4.2.2 Deriving seL4 Access Controls . 38 4.2.3 Building Blocks . 41 4.2.4 Sequence of Operation . 41 4.3 Implementation . 43 4.3.1 seL4 User-space Implementation . 44 4.3.2 Secure Boot Implementation . 45 4.3.3 Access Control Implementation . 47 4.3.4 Key Storage . 50 4.3.5 Mitigating Denial-of-Service Attacks . 51 4.4 Security Analysis . 52 4.5 Evaluation . 54 4.5.1 Evaluation Results on I.MX6 Sabre Lite . 55 4.5.2 Performance on ODROID-XU4 . 58 5 Shuffled Measurement 59 5.1 Introduction . 59 5.2 Remote Attestation via Shuffled Measurements . 60 5.3 Model and Assumptions . 61 5.4 Self-Relocating Mal Evasion Strategies . 62 5.4.1 Erasure . 63 5.4.2 Relocation Techniques . 63 5.5 Discussion . 67 5.5.1 Realistic Scenarios . 67 5.5.2 Unknown Timing . 68 5.5.3 Mal in Multiple Blocks . 68 5.5.4 Active vs Reactive Malware . 68 5.5.5 Limited # of Interruptions . 70 5.6 Reliable Detection . 71 5.7 Block Permutation in Practice . 72 5.7.1 Permutation Computation and Storage . 72 iv 5.7.2 Memory Overhead . 73 5.8 HYDRA Implementation . 75 5.8.1 Overview . 75 5.8.2 Experimental Results: SMARM with/without Secure Storage . 76 5.8.3 Experimental Results: Different tslice and tmax ............. 78 6 Memory Locking 79 6.1 Introduction . 79 6.2 Temporal Consistency . 83 6.2.1 RA Blueprint . 83 6.2.2 A Trivial Approach . 86 6.3 Modeling Temporal Consistency . 86 6.4 Temporal Consistency Mechanisms . 88 6.4.1 Simple Approaches . 89 6.4.2 Sliding Locks . 90 6.4.3 Mixing Copying with Locking . 91 6.4.4 Variations on the Theme . 93 6.4.5 Uninterruptibility vs. Locking . 95 6.4.6 Memory Access Violations . 96 6.4.7 Inconsistency Detection . 96 6.5 Temporal Consistency Security Game . 97 6.5.1 System (Memory and CPU) Model . 97 6.5.2 Syntax of a Consistent Integrity-Ensuring Measurement Scheme . 98 6.5.3 Consistent Integrity Ensuring Measurement Attack Game . 98 6.6 Security Arguments & Considerations . 100 6.6.1 Preliminaries and Assumptions . 101 6.6.2 Proof Sketch for Dec-Lock ........................ 101 6.6.3 Proof Sketch for All-Lock ........................ 102 6.7 Implementation & Evaluation . 102 6.7.1 Experimental Setup . 103 6.7.2 Experimental Results: Primitives . 103 6.7.3 Experimental Results: Mechanisms . 104 6.7.4 Implementation of Inconsistency Detection . 107 6.7.5 Experimental Results: Inconsistency Detection . 111 7 Periodic Self-Measurement 114 7.1 Introduction . 114 7.2 Remote Attestation via Self-Measurements . 116 7.2.1 Quality of Attestation . 117 7.2.2 Measurements Storage & Collection . 120 7.2.3 Security Considerations . 121 7.2.4 Irregular Intervals . 122 7.3 Comparison with On-demand Attestation . 123 7.4 Implementation . 125 7.4.1 Implementation on SMART+ ....................... 125 v 7.4.2 Implementation on HYDRA ....................... 128 7.5 Availability in Time-Sensitive Applications . 130 7.6 Collective Remote Attestation (cRA)...................... 131 8 Group Consideration 133 8.1 Introduction . 133 8.1.1 Collective Remote Attestation (cRA).................. 134 8.2 Preliminaries . 136 8.2.1 Scope . 136 8.2.2 Network & Device Assumptions . 137 8.2.3 Security Architecture . 139 8.2.4 Quality of Swarm Attestation (QoSA) . 141 8.2.5 Attestation Timeouts . 142 8.2.6 Initiator Selection . 142 8.2.7 Verifier Assumptions . 142 8.3 New cRA Protocols . 143 8.3.1 Asynchronous Version: LISAα .................... 143 8.3.2 Synchronous Version: LISAs ..................... 151 8.4 Security Analysis . ..

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    201 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us