Attackers target many different types of computer systems in use today, exploiting software vulnerabilities to take over the device and make it act maliciously. Reports of numerous attacks have been ...published, against the constrained embedded devices of the Internet of Things, mobile devices like smartphones and tablets, high-performance desktop and server environments, as well as complex industrial control systems. Trusted computing architectures give users and remote parties like software vendors guarantees about the behaviour of the software they run, protecting them against software-level attackers. This paper defines the security properties offered by them, and presents detailed descriptions of twelve hardware-based attestation and isolation architectures from academia and industry. We compare all twelve designs with respect to the security properties and architectural features they offer. The presented architectures have been designed for a wide range of devices, supporting different security properties.
The shape of a wave carries all information about the spatial and temporal structure of its source, given that the medium and its properties are known. Most modern imaging methods seek to utilize ...this nature of waves originating from Huygens' principle. We discuss the retrieval of the complete kinetic energy distribution from the acoustic trace that is recorded when a short ion bunch deposits its energy in water. This novel method, which we refer to as Ion-Bunch Energy Acoustic Tracing (I-BEAT), is a refinement of the ionoacoustic approach. With its capability of completely monitoring a single, focused proton bunch with prompt readout and high repetition rate, I-BEAT is a promising approach to meet future requirements of experiments and applications in the field of laser-based ion acceleration. We demonstrate its functionality at two laser-driven ion sources for quantitative online determination of the kinetic energy distribution in the focus of single proton bunches.
A multipass laser cavity is presented which can be used to illuminate an elongated volume from a transverse direction. The illuminated volume can also have a very large transverse cross section. ...Convenient access to the illuminated volume is granted. The multipass cavity is very robust against misalignment, and no active stabilization is needed. The scheme is suitable for example in beam experiments, where the beam path must not be blocked by a laser mirror, or if the illuminated volume must be very large. This cavity was used for the muonic-hydrogen experiment in which 6 μm laser light illuminated a volume of 7 × 25 × 176 mm3, using mirrors that are only 12 mm in height. We present our measurement of the intensity distribution inside the multipass cavity and show that this is in good agreement with our simulation.
Software components are frequently used in cyber-physical systems (CPSes) to control a physical mechanism, such as a valve or brakes on a car. These systems are extremely sensitive to software ...vulnerabilities, as their exploitation could lead to injury, damage to equipment, or environmental catastrophe. This paper proposes a hardware-based security architecture called SOFIA, which protects software running on microprocessors used in CPSes. SOFIA provides mechanisms to protect software integrity and control flow integrity. This allows the processor to defend against a large number of attacks, including code injection, code reuse, and fault-based attacks on the program counter. In addition, the architecture also defends against software copyright infringement and reverse engineering. All protection mechanisms are enforced in hardware using cryptographic techniques. We are the first to propose a mechanism to enforce control flow integrity at the finest possible granularity using cryptographic techniques. A SOFIA core has been created by implementing the proposed architectural features on a LEON3 microprocessor. The SOFIA core requires that its software conforms to a strict format. To this end, we additionally designed and implemented a software toolchain to compile source code that adheres to the formatting rules. Several benchmarks were compiled with the SOFIA toolchain, and were executed on a SOFIA core running on an FPGA, showing an average total execution time overhead of 106% compared to an unmodified LEON3 core. Our hardware evaluation shows a clock speed reduction of 23.2%.
Sancus 2.0 Noorman, Job; Bulck, Jo Van; Mühlberg, Jan Tobias ...
ACM transactions on privacy and security,
08/2017, Letnik:
20, Številka:
3
Journal Article
Recenzirano
Odprti dostop
The Sancus security architecture for networked embedded devices was proposed in 2013 at the USENIX Security conference. It supports remote (even third-party) software installation on devices while ...maintaining strong security guarantees. More specifically, Sancus can remotely attest to a software provider that a specific software module is running uncompromised and can provide a secure communication channel between software modules and software providers. Software modules can securely maintain local state and can securely interact with other software modules that they choose to trust.
Over the past three years, significant experience has been gained with applications of Sancus, and several extensions of the architecture have been investigated—both by the original designers as well as by independent researchers. Informed by these additional research results, this journal version of the Sancus paper describes an improved design and implementation, supporting additional security guarantees (such as confidential deployment) and a more efficient cryptographic core.
We describe the design of Sancus 2.0 (without relying on any prior knowledge of Sancus) and develop and evaluate a prototype FPGA implementation. The prototype extends an MSP430 processor with hardware support for the memory access control and cryptographic functionality required to run Sancus. We report on our experience using Sancus in a variety of application scenarios and discuss some important avenues of ongoing and future work.
As recently shown by attacks against Android-driven smart phones, ARM devices are vulnerable to cold boot attacks. At the end of 2012, the data recovery tool FROST was released which exploits the ...remanence effect of RAM to recover user data from a smart phone, at worst its disk encryption key. Disk encryption is supported in Android since version 4.0 and is today available on many smart phones. With ARMORED, we demonstrate that Android's disk encryption feature can be improved to withstand cold boot attacks by performing AES entirely without RAM. ARMORED stores necessary keys and intermediate values of AES inside registers of the ARM microprocessor architecture without involving main memory. As a consequence, cold boot attacks on encryption keys in RAM appear to be futile. We developed our implementation on a Panda Board and tested it successfully on real phones. We also present a security and a performance analysis for ARMORED.
TEEshift Lazard, Titouan; Götzfried, Johannes; Müller, Tilo ...
Proceedings of the 3rd Workshop on System Software for Trusted Execution,
01/2018
Conference Proceeding
We present TEEshift, a tool suite that protects the confiden- tiality and integrity of code by shifting selected functions into TEEs. Our approach works entirely on binary-level and does not require ...the adaption of source code projects or build environments, nor does it require compiler-level patches. Programmers provide a list of ELF symbols pointing to the functions that should be protected. After post-processing an ELF binary with TEEshift, the selected functions are not present in cleartext anymore. Only after attesting to a re- mote party that the loading enclave behaves with integrity, the functions are decrypted, but remain inside the enclave protected against reverse engineering. An online connection is only required when a program starts for the first time on a PC. Afterwards, sealing is used to securely store the decryption key and bind it to the PC. By allowing program- mers to move selected function into TEEs, without patching their source code, we provide a convenient way to enable TEEs in existing projects while preserving the flexibility for a finegrained security and performance tradeoff. We evaluated our tool using a real world gaming application, confirming the practicability of our approach for existing projects. We overcome the limitation of the fragmented TEE landscape by building on top of Asylo, an open framework by Google for apps which aim to support different TEEs such as Intel SGX and AMD SEV using a unified API.
The weakest link in software-based full disk encryption is the authentication procedure. Since the master boot record must be present unencrypted in order to launch the decryption of remaining system ...parts, it can easily be manipulated and infiltrated by bootkits that perform keystroke logging; consequently, password-based authentication schemes become attackable. The current technological response, as enforced by BitLocker, verifies the integrity of the boot process by use of the trusted platform module. But, as we show, this countermeasure is insufficient in practice. We present STARK, the first tamperproof authentication scheme that
mutually authenticates
the computer and the user in order to resist keylogging during boot. To achieve this, STARK implements
trust bootstrapping
from a secure token to the whole PC. The secure token is an active USB drive that verifies the integrity of the PC and indicates the verification status by an LED to the user. This way, users can ensure the authenticity of the PC before entering their passwords.