security engineering lab - seceng – technical university of ......defenses against sensor-based...
TRANSCRIPT
-
24.10.2019 | Security Engineering Group | TU Darmstadt | Dr. Tolga Arul | 1
Kick-Off, 23.10.2019
Security Engineering Lab
Dr. Tolga Arul
Security Engineering Group
Technische Universität Darmstadt
-
24.10.2019 | Security Engineering Group | TU Darmstadt | Dr. Tolga Arul | 2
General Information: Goals & Requirements
Goal: Hands-on work in research topics of the Security Engineering group
• Should resemble software engineering process in teams (think of it as an
“Advanced Bachelorpraktikum” without the overhead)
• “Open” format, no strict meetings!
• Grade is based on implementation and final presentation
Requirements:
• Interest in security and related topics!
• Knowledge: some lectures in Trusted Systems
• Skills in this semester: various: low level (C/C++) and high level (Matlab, Python,
Java) programming skills
-
24.10.2019 | Security Engineering Group | TU Darmstadt | Dr. Tolga Arul | 3
General Information: Procedure
Programming task for groups of two up to four persons
Every group has one supervisor
This course is has 6 CP
The final grade is composed of the following parts:
Implementation (80%)
Documentation (15%)
Final Presentation (5%)
Please contact the supervisor now or later in case you are interested in a
specific topic
You can deliberate on which topic is interesting to you until 31.10. and contact the corresponding supervisor
-
24.10.2019 | Security Engineering Group | TU Darmstadt | Dr. Tolga Arul | 4
TOPICS
-
24.10.2019 | Security Engineering Group | TU Darmstadt | Dr. Tolga Arul | 5
Topics
1. Memory Characterization
2. Broadcasting Lab
3. Low Latency Streaming
-
24.10.2019 | Security Engineering Group | TU Darmstadt | Dr. Tolga Arul | 6
Implementation of a composite IoT system
• We have multiple STM32F429 Discovery DISC1 IoT boards and multiple
external SRAMs and NVRAMs.
• We also have proof-of-concept code that can connect the external SRAMs
to these IoT boards, which currently does work.
• We want to modify this code, so that it also works correctly with some
NVRAMs, in order to perform tests using the composite IoT system.
• Goal: Implement a working connection between the board, complete
measurement SW and perform experiment with the external SRAM and
NVRAMs.
Tasks:
• Modify the provided code so that it works correctly with SRAMs (parallel)
and NVRAMs (parallel | SPI | I2C), based on the provided documentation.
• Expand capabilities or rewrite measurement SW
• Perform tests
Requirements:
• Good working skills
• Experience with C
Documentation and proof-of-concept code are available.
-
24.10.2019 | Security Engineering Group | TU Darmstadt | Dr. Tolga Arul | 7
Broadcast Security
Development of a
broadcasting test
environment:
-
24.10.2019 | Security Engineering Group | TU Darmstadt | Dr. Tolga Arul | 8
Broadcast Security
Goals: Develop necessary components or adapt available components so that
they work together (Development/Integration)
1. STB:
1. Continous Integration and build environment for multi-os code
(Linux/Android/Windows)
2. Linux: Creation of bitbake recipes to extend to all available OE architectures
3. Implement Channel Change Signaling Protocol
2. Head-End
1. Port to C++ or Integration of C components using JNI
3. Subscriber Management/Subscriber Authorization/Billing (Kamalio)
1. Interfacing to User via web application for deployment and billing
2. Billing Backend and interfacing with user DB
4. Intermediate Network Components (Registrar, Proxy):
1. IMS: Extension of Kamalio to support billing for IPTV over SIP
1. Support for Postpaid and Prepaid
2. Creation of Call Data Records
2. Deployment of Multicast Architecture
1. VLANs, PIM-SSM and MPLS
-
24.10.2019 | Security Engineering Group | TU Darmstadt | Dr. Tolga Arul | 9
Broadcast Security
Head-End
Core
Distribution
Access
Core, Distribution and
Access Network
Current Architecture
STB
-
24.10.2019 | Security Engineering Group | TU Darmstadt | Dr. Tolga Arul | 10
Low Latency Streaming
• Low latency streaming has many interesting applications
• So far available solutions and evaluation are proprietary and solution-centric
Goal:
• Develop low latency environment consisting of available
implementations (sender receiver)
• Develop evaluation test setup for consistent comparison
• Deploy solution on an appropriate embedded device
Design space:
• Codecs: h264, h265, jpeg2000, av1
• Coding techniques: intra-only coding, (adaptive) intra refresh,
slice-based encoding (sliced-threads, slice-parallel)
• Transport protocols: RTP, SCTP
• Transmission: EthernetAVB (TSN), DVB-T
• HW-support on SBCs
Requirements:
• Interest in topic
• Experience with C++ is beneficial
-
Topics
1
T1: Physical side channels on mobile devices
T2: Defenses against attacks on sensors
T3: CLKSCREW PUF
-
T1: Physical side channels
2
Hardware components of an iPhone X (source: iFixit)
Modern smartphones consist of numerous hardware components
Due to physical proximity, components affect each other!
-
T1: Physical side channels: examples
3
0 2 4 6 8 10Time (s)
-2
-1
0
1
2
3
Sign
alam
plitu
de(m
T)
Facebook Messenger, magnetometer data
0 2 4 6 8 10Time (s)
-2
-1
0
1
2
3
Sign
alam
plitu
de(m
T)
TripAdvisor, magnetometer data
0 2 4 6 8 10Time (s)
0
10
20
30
40
50
60
CPU
load
(%)
Facebook Messenger, CPU data
0 2 4 6 8 10Time (s)
0
10
20
30
40
50
60C
PUlo
ad(%
)
TripAdvisor, CPU data
Example: CPU affects magnetometer Attack: identification of running applications
Example of magnetometer correlating with the CPU activity
-
T1: Physical side channels: examples (2)
4
Example: speaker affects gyroscope Attack: gyroscope as microphones for acoustic signals
Example of gyroscope susceptibility to resonance ultrasonic sounds
-
T1: Physical side channels: task
5
Project: automatically identify new physical side channels on mobile devices
We have:• unified evaluation framework• cloud module (testing on 100+ devices)
Your task: discover new reactions • triggering activities in affecting components• tracing of reacting components• performing experiments, analyze data
CPU
GPS
Bluetooth
Power
Screen
NFC
Speaker
CPUAccelerometer
Gyroscope
CameraSpeaker Microphone
?
-
T2: Defenses against attacks on sensors
6
Project: Defenses against sensor-based attacks
Idea:• use physical relation between sensors
(magnetometer + gyroscope + accelerometer)• use input from other sensors to correct the
measurements
Your task: • reproduce two existing works• evaluate the relations between sensors on devices• model the correct sensor behavior
(with Signal Processing or Machine Learning)
-
T3: CLKSCREW PUF: original attack
Original idea: changing CPU voltage/frequency introduces errors! Attack: inject faults to attack crypto-algorithms
7
0 0
Basic idea of the CLKSCREW fault injection Source: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/tang
-
T3: CLKSCREW PUF: task
8
Project: CLKSCREW as a Physically Unclonable Function (hardware fingerprint)
We have:• original PoC code
(C Kernel module + Python scripts)
Your task:• reproduce the original attack (faults)• test if faults are unique and random • extensive evaluation
-
22.10.2019 | Praktikum Security Engineering | Kick-Off | Markus Heinrich
Railway Signalling Security – Research
-
22.10.2019 | Praktikum Security Engineering | Kick-Off | Markus Heinrich
Railway Signalling Security – Lab
• Signal Box
• Control Trains
• Field Elements:
• Signals
• Points
• Tracks
• Object Controllers:
• Control FEs
• RPIs, G22
• Ethernet Network
Functional model of real-world train operation
-
22.10.2019 | Praktikum Security Engineering | Kick-Off | Markus Heinrich
Railway Signalling Security – Your Tasks
• Implement an anomaly detection system for railway signalling
• Anomaly detection architecture is based on a preprint publication
• Integrate the anomaly detection into our signalling lab
• Demonstrate your implementation by performing and defending
network attacks
Make railway transportation more secure!
-
22.10.2019 | Praktikum Security Engineering | Kick-Off | Markus Heinrich
Railway Signalling Security – Your Skills
• A programming language suited to compile for ARM and amd64
• Experience with C/C++ (existing features)
• Experience with Raspberry Pi of advantage
• Experience with Git version control of advantage
• Experience with railway signalling of advantage
• Experience with networking of advantage
• You can talk German or English with me
-
22.10.2019 | Praktikum Security Engineering | Kick-Off | Markus Heinrich
Railway Signalling Security – Contact
Markus Heinrich
TU Darmstadt
Mornewegstraße 32
D-64293 Darmstadt
+49 6151 16-25631
mailto:[email protected]
-
24.10.2019 | Security Engineering Group | TU Darmstadt | Dr. Tolga Arul | 11
General Information: Contact
Markus Heinrich
06151 / 16 - 25631
S4|14 4.3.29
Nikolay Matyunin
06151 / 16 – 25623
S4|14 4.3.27
Tolga Arul
06151 / 16 – 25649
S4|14 4.3.17
mailto:[email protected]:[email protected]:[email protected]