UC Irvine UC Irvine Electronic Theses and Dissertations Title Secure Remote Attestation for Safety-Critical Embedded and IoT Devices Permalink https://escholarship.org/uc/item/4kr267k8 Author Rattanavipanon, Norrathep Publication Date 2019 Peer reviewed|Thesis/dissertation eScholarship.org Powered by the California Digital Library University of California UNIVERSITY OF CALIFORNIA, IRVINE Secure Remote Attestation for Safety-Critical Embedded and IoT Devices DISSERTATION submitted in partial satisfaction of the requirements for the degree of DOCTOR OF PHILOSOPHY in Computer Science by Norrathep Rattanavipanon Dissertation Committee: Professor Gene Tsudik, Chair Professor Ardalan Amiri Sani Professor Ahmad-Reza Sadeghi 2019 Portion of Chapter 3 c 2018 IEEE, reprinted, with permission, from [15] Portion of Chapter 4 c 2017 IEEE, reprinted, with permission, from [29] Portion of Chapter 4 c 2017 ACM, reprinted, with permission, from [30] Chapter 5 c 2018 IEEE, reprinted, with permission, from [18] Chapter 6 c 2018 ACM, reprinted, with permission, from [17] Portion of Chapter 7 c 2018 IEEE, reprinted, with permission, from [20] Portion of Chapter 7 c 2018 ACM, reprinted, with permission, from [19] Chapter 8 c 2017 ACM, reprinted, with permission, from [16] All other materials c 2019 Norrathep Rattanavipanon DEDICATION To my family. What a journey. ii TABLE OF CONTENTS Page LIST OF FIGURES vii LIST OF TABLES ix ACKNOWLEDGMENTS x CURRICULUM VITAE xi ABSTRACT OF THE DISSERTATION xiv 1 Introduction 1 1.1 Contribution . .3 1.2 Outline . .4 2 Related Work 5 2.1 Architectural Requirements . .5 2.1.1 Hardware-based Techniques . .7 2.1.2 Software-based Techniques . .8 2.1.3 Hybrid (HW/SW) Techniques . 10 2.2 Assurance Guarantees . 12 2.2.1 Software Integrity . 12 2.2.2 Run-time Integrity . 13 2.3 Communication Models . 14 2.3.1 One-hop Setting . 14 2.3.2 Remote Setting (with Single Prv).................... 15 2.3.3 Remote Group Setting . 15 2.4 Adversarial Models . 16 2.4.1 Physical Adversary . 16 2.4.2 Local Adversary . 17 2.4.3 Remote Adversary . 17 2.5 Comparison . 18 2.6 Scope . 18 iii 3 Remote Attestation in Safety-Critical Settings 21 3.1 RA Overview . 21 3.1.1 RA Blueprint . 22 3.1.2 Coverage of RA .............................. 23 3.1.3 RA Timing Overhead . 24 3.2 RA in Safety-Critical Settings . 26 3.3 Overview of Proposed Solutions . 28 4 Remote Attestation Using Formally Verified Microkernel 29 4.1 Introduction . 29 4.1.1 Design Rationale . 31 4.1.2 Hybrid RA Objective and Properties . 32 4.1.3 Adversarial Model & Other Assumptions . 34 4.2 Design . 35 4.2.1 seL4 Overview . 36 4.2.2 Deriving seL4 Access Controls . 38 4.2.3 Building Blocks . 41 4.2.4 Sequence of Operation . 41 4.3 Implementation . 43 4.3.1 seL4 User-space Implementation . 44 4.3.2 Secure Boot Implementation . 45 4.3.3 Access Control Implementation . 47 4.3.4 Key Storage . 50 4.3.5 Mitigating Denial-of-Service Attacks . 51 4.4 Security Analysis . 52 4.5 Evaluation . 54 4.5.1 Evaluation Results on I.MX6 Sabre Lite . 55 4.5.2 Performance on ODROID-XU4 . 58 5 Shuffled Measurement 59 5.1 Introduction . 59 5.2 Remote Attestation via Shuffled Measurements . 60 5.3 Model and Assumptions . 61 5.4 Self-Relocating Mal Evasion Strategies . 62 5.4.1 Erasure . 63 5.4.2 Relocation Techniques . 63 5.5 Discussion . 67 5.5.1 Realistic Scenarios . 67 5.5.2 Unknown Timing . 68 5.5.3 Mal in Multiple Blocks . 68 5.5.4 Active vs Reactive Malware . 68 5.5.5 Limited # of Interruptions . 70 5.6 Reliable Detection . 71 5.7 Block Permutation in Practice . 72 5.7.1 Permutation Computation and Storage . 72 iv 5.7.2 Memory Overhead . 73 5.8 HYDRA Implementation . 75 5.8.1 Overview . 75 5.8.2 Experimental Results: SMARM with/without Secure Storage . 76 5.8.3 Experimental Results: Different tslice and tmax ............. 78 6 Memory Locking 79 6.1 Introduction . 79 6.2 Temporal Consistency . 83 6.2.1 RA Blueprint . 83 6.2.2 A Trivial Approach . 86 6.3 Modeling Temporal Consistency . 86 6.4 Temporal Consistency Mechanisms . 88 6.4.1 Simple Approaches . 89 6.4.2 Sliding Locks . 90 6.4.3 Mixing Copying with Locking . 91 6.4.4 Variations on the Theme . 93 6.4.5 Uninterruptibility vs. Locking . 95 6.4.6 Memory Access Violations . 96 6.4.7 Inconsistency Detection . 96 6.5 Temporal Consistency Security Game . 97 6.5.1 System (Memory and CPU) Model . 97 6.5.2 Syntax of a Consistent Integrity-Ensuring Measurement Scheme . 98 6.5.3 Consistent Integrity Ensuring Measurement Attack Game . 98 6.6 Security Arguments & Considerations . 100 6.6.1 Preliminaries and Assumptions . 101 6.6.2 Proof Sketch for Dec-Lock ........................ 101 6.6.3 Proof Sketch for All-Lock ........................ 102 6.7 Implementation & Evaluation . 102 6.7.1 Experimental Setup . 103 6.7.2 Experimental Results: Primitives . 103 6.7.3 Experimental Results: Mechanisms . 104 6.7.4 Implementation of Inconsistency Detection . 107 6.7.5 Experimental Results: Inconsistency Detection . 111 7 Periodic Self-Measurement 114 7.1 Introduction . 114 7.2 Remote Attestation via Self-Measurements . 116 7.2.1 Quality of Attestation . 117 7.2.2 Measurements Storage & Collection . 120 7.2.3 Security Considerations . 121 7.2.4 Irregular Intervals . 122 7.3 Comparison with On-demand Attestation . 123 7.4 Implementation . 125 7.4.1 Implementation on SMART+ ....................... 125 v 7.4.2 Implementation on HYDRA ....................... 128 7.5 Availability in Time-Sensitive Applications . 130 7.6 Collective Remote Attestation (cRA)...................... 131 8 Group Consideration 133 8.1 Introduction . 133 8.1.1 Collective Remote Attestation (cRA).................. 134 8.2 Preliminaries . 136 8.2.1 Scope . 136 8.2.2 Network & Device Assumptions . 137 8.2.3 Security Architecture . 139 8.2.4 Quality of Swarm Attestation (QoSA) . 141 8.2.5 Attestation Timeouts . 142 8.2.6 Initiator Selection . 142 8.2.7 Verifier Assumptions . 142 8.3 New cRA Protocols . 143 8.3.1 Asynchronous Version: LISAα .................... 143 8.3.2 Synchronous Version: LISAs ..................... 151 8.4 Security Analysis . ..
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages201 Page
-
File Size-