Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hack in the Box Conference April 10 -13, 2005, Bahrain 1 Toward Architectural Challenges of Secured Mobile Devices Manzur Ashraf BRAC University, Bangladesh.

Similar presentations


Presentation on theme: "Hack in the Box Conference April 10 -13, 2005, Bahrain 1 Toward Architectural Challenges of Secured Mobile Devices Manzur Ashraf BRAC University, Bangladesh."— Presentation transcript:

1 Hack in the Box Conference April 10 -13, 2005, Bahrain 1 Toward Architectural Challenges of Secured Mobile Devices Manzur Ashraf BRAC University, Bangladesh Email: manzur_bd@yahoo.commanzur_bd@yahoo.com

2 Hack in the Box Conference April 10 -13, 2005, Bahrain 2 Agenda / classification Energy-efficient Mobile Device & Applications Energy-efficient Security Protocols Tamper Resistance Flexibility Designing (Modeling) & Verifying Security Protocols

3 Hack in the Box Conference April 10 -13, 2005, Bahrain 3 Energy-efficient Mobile Device & Applications Device physics Software- based approach

4 Hack in the Box Conference April 10 -13, 2005, Bahrain 4 Energy constraints dominate Algorithm and system-design trade-offs for small devices Lithium batteries offer higher energy density with fewer memory effects but longer recharge times. Rechargeable lithium (1080 j/cm 3 ) & non-re (2880 j/cm 3 ) Device Physics

5 Hack in the Box Conference April 10 -13, 2005, Bahrain 5 Contd.. Zinc-based batteries have higher energy densities but possess high leakage, so are best for high usage over short duration. Recent polymer-based batteries have excellent energy densities (manufactured in a range of form factors) but expensive.

6 Hack in the Box Conference April 10 -13, 2005, Bahrain 6 Researchers have fabricated tiny, 1-mm 3 lead- acid batteries. We can expect to package energy storage directly with logic. Fuel cells (based on methanol, 8900 J/cm3)have 10 times the energy densities than batteries but additional volume of membrane, storage and housing lowers this by a factor of two to five. Contd..

7 Hack in the Box Conference April 10 -13, 2005, Bahrain 7 Solar (outdoors midday): 15 mW/cm 2 Solar (indoor office lightings): 10 uW/cm 2 Vibrations (from microwave oven casing): 200 uW/cm 3 Temperature gradient 15 uW/cm 3 (from 10 deg C temp grad) With existing tech, a cubic mm of battery space has enough energy to perform roughly 1 billion 32-bit computations, take 100 million sensor samples or send and receive 10 million bits. ( L. Doherty et.al, 2001) Sample scavenging energy ratings

8 Hack in the Box Conference April 10 -13, 2005, Bahrain 8 Ideal battery properties Depth of discharge 0% 100% v o lt a g e Charge capacity Rate of load Non-ideal case

9 Hack in the Box Conference April 10 -13, 2005, Bahrain 9 Non-ideal battery In practice, the voltage and capacity both varies widely. The voltage drops over the course of a discharge. The shape of voltage discharge curve depends on – materials used to construct the battery size of the load. For example, NiCd batteries have a relatively FLAT discharge curve. Most types of Li-ion batteries has a SLOPPED discharge curve. Two more pointers: A) Loss of capacity with increasing load B) Recovery: A reduction of the load for periods of time results in an increase in battery capacity. (Thomas et al 03)

10 Hack in the Box Conference April 10 -13, 2005, Bahrain 10 Better indicator of battery capacity?- Peak or Average power (Thomas et. Al. 2003) Waveform modification Peak power W/.Kg Average power W/Kg Battery life form from simulatio n (min) Est battery life using rated capacity of 151 Wh/Kg, min Diff between simulatio n % Est battery life using capacity at peak power, min Diff between simulatio n % NONE3001205176+4845-12 A180968394+1474-11 B300966794+4156-16 C300966894+3956-17 NONE2008087113+3085-2 A12064132142+7120-9 B20064117142+21106-9 C20064117142+20106-10 NONE10040202227+12200 A6032268283+6261-3 B10032253283+12250 C10032268283+6250-7

11 Hack in the Box Conference April 10 -13, 2005, Bahrain 11 Non-ideal properties of Battery 1.Battery capacity will vary with load power. 2.Peak power is a better indicator for battery capacity than average power. 3. Peak power should be reduced whenever possible, which means background operations should be performed serially than concurrently. Serial operation is better than concurrent operation when each consumes roughly the same energy. 4. Reducing active energy is more important than reducing idle energy. 5. Because of non-ideal battery behavior, reducing average power or energy per operation may not increase the amount of computation completed in a battery life.

12 Hack in the Box Conference April 10 -13, 2005, Bahrain 12 – Aims to collect ambient energy to help power systems, possibly storing energy when it is not required Solar energy Transducers that convert vibrating energy into electrical one- ( source: energy from floors,stairs & equipment housings) Harvesting mechanical energy (such as energy produced by a person walking and an objects movement- for example, self-winding watches, hybrid cars that transfer energy from engine to battery during braking) Temperature & pressure gradient. Energy harvesting (energy scavenging)

13 Hack in the Box Conference April 10 -13, 2005, Bahrain 13 Mostly Applicable: Demand for small amount of continuous power or short periods of high power usage. Can supplement conventional energy source - (To what extent?) when a mobile device is in a low power sleep state or charging its battery; for instance, if a mobile user extensively uses the device for short periods, an energy harvesting system might be able to ensure that battery is always topped up during the standby period. Why Needed? Due to significant manufacturing complexity sizing in VLSI circuitry is slow. It may benefits its switching power at the cost of current leakage.

14 Hack in the Box Conference April 10 -13, 2005, Bahrain 14 Research in energy harvesting Improving existing energy transducers with more efficient components or in searching for fundamentally new materials with improved energy conversion properties. Example: Solar cells with greater than 20-30% efficiency can be achieved based non-silicon solution or a better piezoelectric material than commonly used PZT (lead zirconate titrate) Better understanding of solid-state physics.

15 Hack in the Box Conference April 10 -13, 2005, Bahrain 15 Software-based approach Energy Dependant Mobile Application Adaptation Task Partitioning

16 Hack in the Box Conference April 10 -13, 2005, Bahrain 16 Applications can dynamically modify their behavior to conserve energy. Hardware only Power management: a)Powering down as many h/w components (disk in standby mode after 10 sec of inactivity). b)Placing wireless network interface in standby mode except during RPC calls or bulk transfer. c)Turning off display during speech recognition,for example & disable bios-based power mgmt. Hardware power mgmt 34% reduction in energy usage Energy Dependant Mobile Application Adaptation

17 Hack in the Box Conference April 10 -13, 2005, Bahrain 17 Lowering data-fidelity (low resolution/color reduction/compression) yields significant energy savings. Lowering fidelity can be combined with h/w power mgmt. [ Ref: Jason et al, 1999]

18 Hack in the Box Conference April 10 -13, 2005, Bahrain 18

19 Hack in the Box Conference April 10 -13, 2005, Bahrain 19 1.There is a significant variation in the effectiveness of fidelity reduction a) across data objects. b) across applications. 2. Combining h/w power mgmt with lowered fidelity can sometimes reduce energy usage below the product of their individual reductions. Intuitively this is because reducing fidelity decreases h/w utilization, thereby decreasing h/w power mgmt.

20 Hack in the Box Conference April 10 -13, 2005, Bahrain 20 Task Partitioning Cyber Foraging /Surrogate Computing Proxy-based task partitioning

21 Hack in the Box Conference April 10 -13, 2005, Bahrain 21 Cyber Foraging /Surrogate Computing Challenges: 1)Develop mechanism whereby a potential surrogate can make some of its resources available to mobile devices. 2)Provide a means for surrogates to advertise their availability and clients to locate surrogates with appropriate available resources 3)Develop a mechanism whereby clients can transfer tasks to surrogate 4)Make the remote execution of surrogate tasks be largely transparent & easy to program 5)Develop security and trust management so that surrogates can be assured that they will not be abused.

22 Hack in the Box Conference April 10 -13, 2005, Bahrain 22 Features Share a common file system middleware (heavy-weight) different file system (surrogate connected to internet will locate and download client applications) Highly coupled client and surrogate will increase network overhead and thus energy consumption. ( Messer 2002) Application writers will partition application at dev. time in a way (for example considering clients limited resource and IO interfaces) to mitigate above problem rather than automatic partition. (sachin et al 2004). It is useful for data mining, distillation proxies and home applications, etc.

23 Hack in the Box Conference April 10 -13, 2005, Bahrain 23 Proxy-based task partitioning Proxy servers compression, trans-code videos in real-time, access/provide directory services, provide service on a rule base for specific devices. Mobile devices thus negotiate with proxy servers for security, QoS and content delivery. It may also create and send data through proxy servers to other mobile devices in the network. (Arun et al. 2004)

24 Hack in the Box Conference April 10 -13, 2005, Bahrain 24 Proxy-based partitioning of watermarking algorithm for reducing energy consumption The mobile device (PDA) & proxy (intel cel 1.7 GHz) is connected (over 802.11 wireless LAN) using SSL connection. (Arun et al 2004) Energy savings was 42J to a high of 236 J (for different watermarking & partitioning algorithm)

25 Hack in the Box Conference April 10 -13, 2005, Bahrain 25 Energy-efficient Security Protocols

26 Hack in the Box Conference April 10 -13, 2005, Bahrain 26 Analyzing the Energy Consumption of Security Protocols Ref: Nachiketh et al. 2003

27 Hack in the Box Conference April 10 -13, 2005, Bahrain 27

28 Hack in the Box Conference April 10 -13, 2005, Bahrain 28

29 Hack in the Box Conference April 10 -13, 2005, Bahrain 29 Discussion AES has the least energy cost and BLOWFISH has the greatest Energy cost of IDEA for both encryption/decryption and key- setup compare well with those of AES,however the crypt analytical strength of AES is better than that of IDEA. SHA and SHA1 have better collision resistance (prob of two inputs mapped to same value) than MD4 & 5. This benefit comes as the cost of slightly higher energy cost. RSA performs signature verification efficiently, while ECDSA imposes smaller cost. (choose based on scenario/importance!)

30 Hack in the Box Conference April 10 -13, 2005, Bahrain 30 Energy analysis of SSL protocol Step 1: HANDSHAKE 1) Server authentication: client verifies digital sig. of trusted CA on the server cert. through public key of CA followed by integrity check. 2) Client authentication: client generates digital sig. by hashing some data, concatenating digest & encrypting with private key. 3) Key exchange: clients pre-master secret is encrypted using public key of server. Step 2: DATA TRANSMISSION

31 Hack in the Box Conference April 10 -13, 2005, Bahrain 31

32 Hack in the Box Conference April 10 -13, 2005, Bahrain 32

33 Hack in the Box Conference April 10 -13, 2005, Bahrain 33

34 Hack in the Box Conference April 10 -13, 2005, Bahrain 34 Discussion With respect to client energy cost, RSA-based handshake is much more efficient than ECC-based handshake when there is no client authentication in the SSL handshake stage. In the presence of client authentication in SSL handshake, ECC- based handshake consumes less energy than RSA-based handshake. Thus, depending on whether client authentication is performed or not, either RSA-based handshake or ECC-based handshake should be chosen by the client for optimizing its energy consumption. ENERGY cost (highest to lowest) : 1 st ) Asymmetric algorithms (The energy cost of asymmetric algorithms is very much dependent on the key size ) 2nd) Symmetric algorithms (The cost of the key set-up (key expansion) and encryption/decryption cost) 3 rd ) hash algorithms..

35 Hack in the Box Conference April 10 -13, 2005, Bahrain 35 Impact of cipher suite choice on SSL

36 Hack in the Box Conference April 10 -13, 2005, Bahrain 36 Discussion For data sizes smaller than 21 KB, ECC-3DES-SHA is more energy- efficient because ECC is simpler than RSA (and asymmetric energy consumption dominates that of small data transactions). For transactions of bulk data (greater than 21 KB) to encrypt, RSA- RC5 SHA consumes less energy, because for large data transfers energy consumption of symmetric ciphers dominates the total energy spent, and RC5 is much simpler than 3DES. This shows that a judicious choice of cryptographic algorithms can greatly reduce the amount of energy consumed.

37 Hack in the Box Conference April 10 -13, 2005, Bahrain 37 summary The energy consumption of SSL protocol depends on: (i)use of client authentication in handshake, (ii) asymmetric algorithm used in handshake, (iii) key size of the asymmetric algorithm, (iv) symmetric algorithm used in the record stage, (v) hash algorithm used in the record stage, (vi) size of the data to be transmitted, etc. The cost function can be used to decide the best performing among possible alternatives, depending on the input conditions. Such high-level macro-models are the subject of future work, and would allow static, as well as dynamic, optimization of the SSL protocol for energy efficiency.

38 Hack in the Box Conference April 10 -13, 2005, Bahrain 38 Tamper Resistance

39 Hack in the Box Conference April 10 -13, 2005, Bahrain 39 Overview Brute Force & Factoring Attack ( Mathematical) Easy-to-understand but futile attack Undesirable functionality Example: A mobile network should prevent unauthorized calls to placed (at handshaking). But an undocumented test-mode or buffer-flow may bypass functions and make calls??

40 Hack in the Box Conference April 10 -13, 2005, Bahrain 40 Case 1:Physical (invasive) & side- channel (non-invasive) attacks Ref: Ravi et al 04, Quisquater et al 02 Invasive attacks involve getting access to appliances, manipulate & interfere with system- internals. (Hard to deploy) TYPES: a) Microprobing b) Design reverse engineering

41 Hack in the Box Conference April 10 -13, 2005, Bahrain 41 Microprobing

42 Hack in the Box Conference April 10 -13, 2005, Bahrain 42 Non-Invasive attack: A)Timing analysis B)Fault induction techniques C)Power & electro-magnetic analysis based attack

43 Hack in the Box Conference April 10 -13, 2005, Bahrain 43 Fault Induction Hardware may fail to make correct computations security at stack! Example: RSA modulo-computations To deter this specific attack RSA implementations can check their answers by performing public key operation on the result and verifying it generates the original message (Boneh 01)

44 Hack in the Box Conference April 10 -13, 2005, Bahrain 44 Timing analysis Keys could be determined by analyzing small variations in time required to perform cryptographic computations. [Statistical techniques to predict] (Paul 96) Instruction execution time variations (divide/mult instructions take number of cycles based on data)

45 Hack in the Box Conference April 10 -13, 2005, Bahrain 45 Power analysis attack Power consumption of h/w circuit is a function of switching activity (hence data). Key used in a crypt alg. can be inferred from power consumption statistics gathered over a wide range of input data. Simple power Analysis (SPA) determines crypto. alg. used, number of operations performed. Brute-force search space for a DES implementation on 8 bit processor with 7 bytes of key data can be reduced to 240 keys from 256 keys by SPA (Messergers 02)

46 Hack in the Box Conference April 10 -13, 2005, Bahrain 46 Differential Power Analysis (DPA) uses difference between traces to overcome the measurement error & noise associated with SPA.It targeted to DES (Kocher 99 )but later used to break public keys ( Messerges 99 )

47 Hack in the Box Conference April 10 -13, 2005, Bahrain 47 Case 2: Logical Attack Buffer overflow Failure to secure code update process Use of insecure cryptographic algorithm Cryptographic protocol flaws Key management failures Random number generator defects Use of debug modes that bypass security Improper error handling, incorrect algorithms Use of weak passwords 1.Complexity (sec.vulnerabilities) 1.Extensibility (dynamically loadable modules) 1.Connectivity

48 Hack in the Box Conference April 10 -13, 2005, Bahrain 48 Contd.. Improper reuse of keys Poor user interface Operator errors Pointer errors Operating system weaknesses Sequence counter overflows Solving wrong problems Inability to reestablish security after compromises

49 Hack in the Box Conference April 10 -13, 2005, Bahrain 49 Countermeasures for logical attacks Privacy & integrity of sensitive code & data at every stage of execution Use of dedicated hardware to protect sensitive memory locations (Discretix), secure bootstraping (Arbaugh et al 97), use of cryptographic file system (Goh et al 03), sandboxing (Kiriansky 02) Verification methods for finding security flaws in trusted s/w, security protocols are important. (Chess 02)

50 Hack in the Box Conference April 10 -13, 2005, Bahrain 50 Case 3:Biometric identification Finger-print authentication is popular because fingerprint scanners can be produced inexpensively and require very little space. Fingerprint based sweep sensor (AT77C101B) is used at tablet Sharp Mebius Muramasa PC TN1- H1W.The sensor captures successive images while sweeping. Resolution: 500 dpi. Sweeping eradicates latent images left on sensor.

51 Hack in the Box Conference April 10 -13, 2005, Bahrain 51 Flexibility

52 Hack in the Box Conference April 10 -13, 2005, Bahrain 52 Concern Need: Ability to interoperate in different environments. Devices thereby need to support distinct security protocols (of different network layers) Example: a single protocol standard support wide range of crypt. Alg. (like SSL) Another challenge: continuous evolution of secured protocol. (In June 02, TLS was revised to accommodate AES)

53 Hack in the Box Conference April 10 -13, 2005, Bahrain 53 Many of the security protocols used in wireless domain are adaptations of wired security protocols. E.g., WTLS matches closely to SSL/TLS std. Future Wireless Protocols: tailored from the scratch for wireless environment considering power, performance, unique states of wireless environment only, etc.

54 Hack in the Box Conference April 10 -13, 2005, Bahrain 54 Designing (Modeling) & Verifying Security Protocols

55 Hack in the Box Conference April 10 -13, 2005, Bahrain 55 Overview Modeling is the process of abstracting the functional specifications a minimal working specimen (to understand and analyze the system more closely.) Verification means process of examining this specification for the presence of various errors that could lead to improper system operation.

56 Hack in the Box Conference April 10 -13, 2005, Bahrain 56

57 Hack in the Box Conference April 10 -13, 2005, Bahrain 57 Correctness Checking of Safety comprises two things: (1) checking local process assertions and invariants (if any), and (2) checking proper termination points of progress (end state levels – if any). Validating liveness comprises (1) looking for acceptance cycles, (2) looking for non-progress cycles, (3) using never claims – which defines an observer process that executes synchronously with the system, and (4) trace assertions – to reason about valid or invalid sequences of send or receive statements.

58 Hack in the Box Conference April 10 -13, 2005, Bahrain 58 Related works Adam D. Bradley Azer Bestavros Assaf J. Kfoury (2002) Write Deadlock: C1.1 - S1.1 Resembles a DoS attack

59 Hack in the Box Conference April 10 -13, 2005, Bahrain 59 Proxy-2616-fixed handles this correctly

60 Hack in the Box Conference April 10 -13, 2005, Bahrain 60 but Problem: Imperfect knowledge beyond first hop

61 Hack in the Box Conference April 10 -13, 2005, Bahrain 61 Sample Linear Temporal Logic Claim It represents whenever a message is sent by the Responder, it will eventually accepted by the Requester. !([](p -> X(<>q))) Where p corresponds to to_rcvr?[request(1)] q corresponds to to_sndr?[response(1)] OR to_sndr?[err(1)].

62 Hack in the Box Conference April 10 -13, 2005, Bahrain 62 Simulation using –XSPIN tool

63 Hack in the Box Conference April 10 -13, 2005, Bahrain 63 Verification in SuperTrace/ BitState mode

64 Hack in the Box Conference April 10 -13, 2005, Bahrain 64 Questions


Download ppt "Hack in the Box Conference April 10 -13, 2005, Bahrain 1 Toward Architectural Challenges of Secured Mobile Devices Manzur Ashraf BRAC University, Bangladesh."

Similar presentations


Ads by Google