remote software-based attestation for wireless sensors july 13, 2005 mark shaneck, karthikeyan...
TRANSCRIPT
Remote Software-based Attestation Remote Software-based Attestation for Wireless Sensorsfor Wireless Sensors
July 13, 2005July 13, 2005Mark Shaneck, Karthikeyan MahadevanMark Shaneck, Karthikeyan Mahadevan
Vishal Kher, Yongdae KimVishal Kher, Yongdae Kim
Department of Computer ScienceDepartment of Computer Science
University of MinnesotaUniversity of Minnesota
2
IntroductionIntroduction
• Securing sensors in critical applications is Securing sensors in critical applications is importantimportant• E.g. military applicationsE.g. military applications
• Compromise of a sensor can enable attacker to Compromise of a sensor can enable attacker to inject false sensing informationinject false sensing information
• Compromise of shared keys can enable attacker to Compromise of shared keys can enable attacker to compromise secure communicationscompromise secure communications
3
AttestationAttestation
• How to detect compromise? Attest!How to detect compromise? Attest!
• Ensure that the contents of the memory are Ensure that the contents of the memory are unchangedunchanged• Detects sensor compromise that involves a Detects sensor compromise that involves a
modification of the program memorymodification of the program memory• Compute a checksum of the memory contentsCompute a checksum of the memory contents
4
Naïve Attestation ModelNaïve Attestation Model
• Attestation routine reads memory and computes a Attestation routine reads memory and computes a checksumchecksum
• Attacker must offset memory reads to avoid detectionAttacker must offset memory reads to avoid detection• Offsets incur measurable delay in executionOffsets incur measurable delay in execution• Attester can measure execution time to detect compromiseAttester can measure execution time to detect compromise
MalcodeAttest
UnmodifiedCopyOf
Original
Program Memory of Sensor
5
LimitationsLimitations
• Suitable for directly connected devicesSuitable for directly connected devices• Slight execution delays can be accurately measuredSlight execution delays can be accurately measured
• What about remote attestation?What about remote attestation?• Code is located on device - attacker can use static Code is located on device - attacker can use static
analysis to analyze the code offline and insert analysis to analyze the code offline and insert conditional offsetsconditional offsets
• Slight execution delays cannot be accurately measured Slight execution delays cannot be accurately measured - overshadowed by unpredictable network latency- overshadowed by unpredictable network latency
6
Remote AttestationRemote Attestation
• How can we adapt the attestation model to work in How can we adapt the attestation model to work in a remote setting?a remote setting?
• Prevent attacker from analyzing attestation code Prevent attacker from analyzing attestation code offlineoffline• Send the attestation routine to the sensorSend the attestation routine to the sensor• Make it different each timeMake it different each time
• Prevent attacker from modifying attestation codePrevent attacker from modifying attestation code• Use techniques to make it difficult to statically analyze Use techniques to make it difficult to statically analyze
7
Why Remote Attestation?Why Remote Attestation?
• Is remote attestation really necessary?Is remote attestation really necessary?
• Physical access to the sensors is not always Physical access to the sensors is not always feasiblefeasible• Military setting - sensors are located in hostile, Military setting - sensors are located in hostile,
enemy territoryenemy territory• Building monitoring - sensors could be located Building monitoring - sensors could be located
in dangerous/inaccessible locationsin dangerous/inaccessible locations
8
OutlineOutline
• Problem ScopeProblem Scope
• Building BlocksBuilding Blocks
• Attestation Procedure ConstructionAttestation Procedure Construction
• Discussion/ConclusionDiscussion/Conclusion
9
AssumptionsAssumptions
• Base Station is secureBase Station is secure• Base Station to sensor communication is Base Station to sensor communication is
encrypted/authenticated using a pairwise shared keyencrypted/authenticated using a pairwise shared key• Base Station has an exact memory image of each Base Station has an exact memory image of each
sensorsensor
• Sensors do not have virtual memorySensors do not have virtual memory• Sensors can receive and execute binary codeSensors can receive and execute binary code
10
Threat ModelThreat Model
• Attacker can perform any software based Attacker can perform any software based attack on the attestation routineattack on the attestation routine
• Attacker cannot tamper with hardwareAttacker cannot tamper with hardware
• Impersonation and DoS attacks are out of Impersonation and DoS attacks are out of scopescope
11
RequirementsRequirements
• Resistance toResistance to• ReplayReplay• PredictionPrediction• Static AnalysisStatic Analysis
• Loose dependence on execution timeLoose dependence on execution time• Complete memory coverageComplete memory coverage• Efficient constructionEfficient construction
12
Building BlocksBuilding Blocks
• RandomizationRandomization• EncryptionEncryption• Self-Modifying CodeSelf-Modifying Code• ObfuscationObfuscation
• Opaque Predicates/Pointer AliasingOpaque Predicates/Pointer Aliasing• Junk InstructionsJunk Instructions
13
Self Modifying CodeSelf Modifying Code
nop1: 0xFFF6
2: 0xFFF7
3: 0xFFF8
4: 0xFFF9
5: 0xFFFA
6: 0xFFFB
7: 0xFFFC
8: 0xFFFD
9: 0xFFFE
10: 0xFFFF
nop
mov $0x05, %eax
inc %eax
xor %eax, %eax
test %eax, %eax
jnz 0xFFFF
mov 0x40, 0xFFFA
jmp 0xFFF9
nop
inc %eax
0x40 = “inc %eax”
14
Opaque PredicatesOpaque Predicates
• Conditions that always evaluate to true or Conditions that always evaluate to true or always evaluate to falsealways evaluate to false• Evaluation result is not obvious from static Evaluation result is not obvious from static
analysisanalysis
• Can be formed through pointer aliasing Can be formed through pointer aliasing • known to be an NP-hard problemknown to be an NP-hard problem
16
Junk InstructionsJunk Instructions
• Full or partial machine code instructionsFull or partial machine code instructions
• Full - distract analysisFull - distract analysis
• Partial - confuse analysisPartial - confuse analysis
17
CompareResults
MeasureResponse Time
Generate AttestationRoutine
Precompute Result
Attestation ProtocolAttestation Protocol
Base
Attestation Routine
Checksum Result
Execute Attestation
RoutineSensor
18
Attestation Routine OverviewAttestation Routine Overview
• Randomly step through program memory, Randomly step through program memory, adding values to the checksum resultadding values to the checksum result
• Loop repeats Loop repeats O(n log n)O(n log n) times to ensure times to ensure complete coverage of the memorycomplete coverage of the memory
• Routine will incorporate the building blocks Routine will incorporate the building blocks to prevent attacks on the routine itselfto prevent attacks on the routine itself
19
Attestation RoutineAttestation Routine
EncryptedCode
DecryptionRoutine
Main Attestation
Loop
SeedCalculation
JunkInstructions
Jump
Memory Reads& Jump
HashCalculation
Random Number
Generator
Self ModifyingCode
JunkInstructions
JunkInstructions
JunkInstructions
Jump
Memory Reads& Jump
JunkInstructions
20
Security AnalysisSecurity Analysis
• What can the attacker do?What can the attacker do?
• Replay responseReplay response• Countered by randomization and random memory Countered by randomization and random memory
read pattern (seed)read pattern (seed)
• Attacker must attack each codeAttacker must attack each code• Goal: force attacker to do intensive computation for Goal: force attacker to do intensive computation for
each attestation procedureeach attestation procedure
21
What Attacker Must DoWhat Attacker Must Do
• Break EncryptionBreak Encryption• Find key, which is protected by opaque predicatesFind key, which is protected by opaque predicates
• Determine SeedDetermine Seed• Protected the same way as the encryption keyProtected the same way as the encryption key
• Examine self-modifying codeExamine self-modifying code• Rewrite this portion of the code to insert conditional Rewrite this portion of the code to insert conditional
offsetsoffsets
22
EmulationEmulation
• Attacker could install an emulatorAttacker could install an emulator
• Each read is directed to the appropriate offsetEach read is directed to the appropriate offset
• Computation is not I/O bound - significant Computation is not I/O bound - significant overheadoverhead• Attack will be foiled with an appropriate choice of the Attack will be foiled with an appropriate choice of the
timeout periodtimeout period
23
ExtensionExtension
• Fill sensor’s free memory space with random Fill sensor’s free memory space with random values (known to base station)values (known to base station)
• Attest entire memory contentsAttest entire memory contents
• Malicious code would be limited in size by data Malicious code would be limited in size by data memorymemory• Copy of original is forced to be located in data memoryCopy of original is forced to be located in data memory
24
Related WorkRelated Work
• SWATT (Seshadri et al.)SWATT (Seshadri et al.)• Genuinity (Kennell et al.)Genuinity (Kennell et al.)• Trusted Hardware - TPM, BIND, Copilot (Sailer Trusted Hardware - TPM, BIND, Copilot (Sailer
et al., Shi et al., N. L. P. Jr et al.)et al., Shi et al., N. L. P. Jr et al.)• Obfuscation (Collberg et al., Barak et al., etc)Obfuscation (Collberg et al., Barak et al., etc)• Program Evolution (F. Cohen)Program Evolution (F. Cohen)• Self-checksumming (Chang et al., Horne et al.)Self-checksumming (Chang et al., Horne et al.)• Integrity Verification Kernel (D. Aucsmith)Integrity Verification Kernel (D. Aucsmith)
25
Future WorkFuture Work
• ImplementationImplementation• Test and measure how lightweight/heavyweight the Test and measure how lightweight/heavyweight the
attestation procedure isattestation procedure is• Measure and test to determine appropriate timeout periodMeasure and test to determine appropriate timeout period
• Impersonation AttackImpersonation Attack• May require hardware supportMay require hardware support
• Enhance the attestation protocol to work in Enhance the attestation protocol to work in multihop settingsmultihop settings