Presentation is loading. Please wait.

Presentation is loading. Please wait.

On the Difficulty of Software-Based Attestation of Embedded Devices Claude Castelluccia Aurélien Francillon Daniele Perito INRIA Rhône-Alpes

Published byCorey Watkins Modified over 8 years ago

Similar presentations

Presentation on theme: "On the Difficulty of Software-Based Attestation of Embedded Devices Claude Castelluccia Aurélien Francillon Daniele Perito INRIA Rhône-Alpes"— Presentation transcript:

1 On the Difficulty of Software-Based Attestation of Embedded Devices Claude Castelluccia Aurélien Francillon Daniele Perito INRIA Rhône-Alpes {ccastel,francill,perito}@inrialpes.fr Claudio Soriente University of California, Irvine csorient@ics.uci.edu paper review jordan jump

2 introduction presentation outline introduction paper summary critique

3 introduction about me BS CprE, 2005, ISU Rockwell Collins, Cedar Rapids, IA Software Engineer, Embedded focus

4 paper summary one slide synopsis If a remote node can only use software to prove that it is still running as it should, it is difficult to do so. The paper shows two general attack methods that make the node appear to be uncompromised when required to prove itself. It also shows attacks against specific techniques, and how modifications can prevent the attacks.

5 paper summary outline assumptions and previous work generic attacks – return-oriented rootkit – code compression difficulties with specific attestation proposals – SWATT – ICE-based

6 paper summary assumptions/previous work Software code attestation – Remotely verify a node has not been compromised – Verify via memory checksum + nonce Attack goals – Modify executable memory – Still pass attestation

7 paper summary assumptions/previous work General assumptions – Compromised device doesn’t interact with other malicious nodes – Unmodified hardware (not tamper-resistant) – Verifier aware of configuration Hardware: MicaZ – COTS wireless sensor – Atmel AVR – Harvard memory architecture (program, data, and external memories) Paper contents applicable to similar micro-controllers

8 paper summary generic attacks return-oriented programming (ROP) executes existing code (no code changes necessary) Arbitrary functionality (given large enough code size) Manipulates program stack so return executes desired code Segment starts near a return statement, segments strung together If existing code known, compilers make creation of ROP easy – Attack uses ROP rootkit

9 paper summary generic attacks ROP root-kit attack Start of attestation code modified to initiate cleanup sequence Cleanup modifies return address on stack Attestation occurs Returns to ROP that initiates re-infection code

10 paper summary generic attacks Compression attack – Previously, unused program space filled with pseudorandom values so attacker cannot use them. – Compress code to make space for attack code – Decompressed on-the-fly during attestation – Achieved average of 11.6% compression

11 paper summary issues time-based attestation SoftWare-based ATTestation (SWATT), Seshadri et. al. Introduces time-to-respond Attacker would slow down function if redirecting memory Relies on fastest redirection and checksum known – Paper introduces faster redirection Requires half program memory unused Redirect 0x11xx…xx accesses to 0x10xx…xx and store malicious code in 0x11xx…xx 2 cycles vs previously fastest 3 cycles. Still detectable.. relies on processor capabilities – Porting SWATT required rewrite of algorithm, changed timing

12 paper summary issues time-based attestation Preventing rootkit attack on SWATT – Data memory not verified, allows attack – Verify memory or clean memory after attestation – Verification difficult Architecture uses different address space, instructions Pseudorandom verification requires branch Unpredictible contents (registers, I/O, stack) – Clean memory and reboot Disrupts rootkit attack, not shadow attack

13 paper summary issues ICE-based attestation Indisputable Code Execution (ICE) – Self-checksumming function – Bijective function selects order of memory locations – 10x16bit registers (C) used to calculate result: PC = Program Counter, SR = Status Register Several protocols based on ICE Not all processors support PC access

14 paper summary issues ICE-based attestation ICE-based vulnerability – PC xor current address (move both) – 0xA0000 xor 0xC5678 = 0x65678 – 0x20000 xor 0x45678 = 0x65678 Root cause: weak mixing in checksum routine

15 critique #1 Paper briefly dismisses self-modify code attestation – Claim self-modifying code is too slow and complex/impossible to implement on flash-based device. – Similar technique successfully used for rootkit

16 critique #2 Compression attack implementation doesn’t include decompression routine in sizes? – Decompression routine: 1707 program memory, 2565 data memory – Compression from 31836 bytes to 27368 – Claim 2961 bytes free after 512 canonical huffman tree and 995 for checkpoints. Doesn’t account for decompression routine. – Should be 1254 free. Data memory is only 4k; decompression routine uses substantial portion (could use measurement storage) – Compression algorithm not included (only direct-access attack?)

17 critique #3 Attacks preventable/detectable using simple or known methods – Compression attack detectable by SWATT – SWATT shadowing attack solved by filling empty space – Root-kit evicted by re-booting during attestation

18 critique #4 Rootkit requires knowledge of program contents – Static analysis to tailor attack to software – Suitable only for directed attack ICE-attack needs to be carefully crafted if modified routine

19 ! ⊕ ? jmjumps@iastate.edu

Download ppt "On the Difficulty of Software-Based Attestation of Embedded Devices Claude Castelluccia Aurélien Francillon Daniele Perito INRIA Rhône-Alpes"

Similar presentations

Operating Systems Components of OS

Operating Systems Components of OS
COMP375 Computer Architecture and Organization Senior Review.

COMP375 Computer Architecture and Organization Senior Review.
Chapter 3 General-Purpose Processors: Software

Chapter 3 General-Purpose Processors: Software
CPU Review and Programming Models CT101 – Computing Systems.

CPU Review and Programming Models CT101 – Computing Systems.
Topics covered: CPU Architecture CSE 243: Introduction to Computer Architecture and Hardware/Software Interface.

Topics covered: CPU Architecture CSE 243: Introduction to Computer Architecture and Hardware/Software Interface.
1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.
Low Cost Attack on Tamper Resistant Devices Ross Anderson, Markus Kuhn Songpol Manoonpong.

Low Cost Attack on Tamper Resistant Devices Ross Anderson, Markus Kuhn Songpol Manoonpong.
Software Certification and Attestation Rajat Moona Director General, C-DAC.

Software Certification and Attestation Rajat Moona Director General, C-DAC.
Software-based Code Attestation for Wireless Sensors.

Software-based Code Attestation for Wireless Sensors.
COMP3221: Microprocessors and Embedded Systems Final Exam Lecturer: Hui Wu Session 1, 2005.

COMP3221: Microprocessors and Embedded Systems Final Exam Lecturer: Hui Wu Session 1, 2005.
VIPER: Verifying the Integrity of PERipherals’ Firmware Yanlin Li, Jonathan M. McCune, and Adrian Perrig Carnegie Mellon University.

VIPER: Verifying the Integrity of PERipherals’ Firmware Yanlin Li, Jonathan M. McCune, and Adrian Perrig Carnegie Mellon University.
Memory Management Design & Implementation Segmentation Chapter 4.

Memory Management Design & Implementation Segmentation Chapter 4.
Interfacing. This Week In DIG II  Basic communications terminology  Communications protocols  Microprocessor interfacing: I/O addressing  Port and.

Interfacing. This Week In DIG II  Basic communications terminology  Communications protocols  Microprocessor interfacing: I/O addressing  Port and.
COMP3221: Microprocessors and Embedded Systems Lecture 2: Instruction Set Architecture (ISA) Lecturer: Hui Wu Session.

COMP3221: Microprocessors and Embedded Systems Lecture 2: Instruction Set Architecture (ISA) Lecturer: Hui Wu Session.
Security Protection and Checking in Embedded System Integration Against Buffer Overflow Attacks Zili Shao, Chun Xue, Qingfeng Zhuge, Edwin H.-M. Sha International.

Security Protection and Checking in Embedded System Integration Against Buffer Overflow Attacks Zili Shao, Chun Xue, Qingfeng Zhuge, Edwin H.-M. Sha International.
Basic Input/Output Operations

Basic Input/Output Operations
Pipeline Exceptions & ControlCSCE430/830 Pipeline: Exceptions & Control CSCE430/830 Computer Architecture Lecturer: Prof. Hong Jiang Courtesy of Yifeng.

Pipeline Exceptions & ControlCSCE430/830 Pipeline: Exceptions & Control CSCE430/830 Computer Architecture Lecturer: Prof. Hong Jiang Courtesy of Yifeng.
Recap – Our First Computer WR System Bus 8 ALU Carry output A B S C OUT F 8 8 To registers’ input/output and clock inputs Sequence of control signal combinations.

Recap – Our First Computer WR System Bus 8 ALU Carry output A B S C OUT F 8 8 To registers’ input/output and clock inputs Sequence of control signal combinations.
Unbounded Transactional Memory Paper by Ananian et al. of MIT CSAIL Presented by Daniel.

Unbounded Transactional Memory Paper by Ananian et al. of MIT CSAIL Presented by Daniel.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

Similar presentations

Ads by Google