Secure Intermittent Computing: Precomputation and Implementation

Suslowicz, Charles Eugene

22 May 2018

This thesis explores the security of intermittent devices, embedded systems designed to retain their state across periods of power loss, for cases both when the device has an excess of available energy and when power loss is unavoidable. Existing work with intermittent systems has focused on the problems inherent to the intermittent paradigm and ignored the security implications of persistent state across periods of power loss. The security of these devices is closely linked to their unique operational characteristics and are addressed here in two studies. First, the presence of an energy harvester creates an opportunity to use excess energy, available when additional energy is harvested after the local energy reservoir is filled, to precompute security related operations. Precomputation powered by this excess energy can reduce the cost of expensive tasks during periods of energy scarcity, potentially enabling the use of expensive security operations on traditionally unsecured devices. Second, when energy is limited and intermittent operation is required, the secure storage of checkpoints is a necessity to protect against adversary manipulation of the system state. To examine the secure storage of checkpoints a protocol is implemented to ensure the integrity and authenticity of a device's checkpoints, and evaluated for its energy overhead and performance. The cost of properly ensuring the integrity and authenticity of these checkpoints is examined to identify the overhead necessary to execute intermittent operations in a secure manner. Taken together, these studies lay the groundwork for a comprehensive view of the current state of intermittent device security. / Master of Science

intermittent computing

embedded systems security

A Flexible FPGA-Assisted Framework for Remote Attestation of Internet Connected Embedded Devices

Patten, Jared Russell

01 March 2018

Embedded devices permeate our every day lives. They exist in our vehicles, traffic lights, medical equipment, and infrastructure controls. In many cases, improper functionality of these devices can present a physical danger to their users, data or financial loss, etc. Improper functionality can be a result of software or hardware bugs, but now more than ever, is often the result of malicious compromise and tampering, or as it is known colloquially "hacking". We are beginning to witness a proliferation of cyber-crime, and as more devices are built with internet connectivity (in the so called "Internet of Things"), security should be of the utmost concern. Embedded devices have begun to seamlessly merge with our daily existence. Therefore the need for security grows as it more directly affects the safety of our data, property, and even physical health. This thesis presents an FPGA-assisted framework for remote attestation, a security service that allows a remote device to prove to a verifying entity that it can be trusted. In other words, it presents a protocol by which a device (be it an insulin pump, vehicle, etc.) can prove to a user (or other entity) that it can be trusted - i.e. that it has not been "hacked". This is accomplished through executable code integrity verification and run-time monitoring. In essence, the protocol verifies that a device is running authorized and untampered software and makes it known to a verifier in a trusted fashion. We implement the protocol on a physical device to demonstrate its feasibility and to examine its performance impact.

Remote Attestation

Embedded Systems Security

Reconfigurable Computing

FPGA

Internet of Things

IoT

Electrical and Computer Engineering

REHOSTING EMBEDDED APPLICATIONS AS LINUX APPLICATIONS FOR DYNAMIC ANALYSIS

Jayashree Srinivasan (17683698)

20 December 2023

<p dir="ltr">Dynamic analysis of embedded firmware is a necessary capability for many security tasks, e.g., vulnerability detection. Rehosting is a technique that enables dynamic analysis by facilitating the execution of firmware in a host environment decoupled from the actual hardware. Current rehosting techniques focus on high-fidelity execution of the entire firmware. Consequently, these techniques try to execute firmware in an emulated environment, with precise models of hardware (i.e., peripheral) interactions. However, these techniques are hard to scale and have various drawbacks. </p><p dir="ltr">Therefore, a novel take on rehosting is proposed by focusing on the application components and their interactions with the firmware without the need to model hardware dependencies. This is achieved by rehosting the embedded application as a Linux application. In addition to avoiding precise peripheral modeling, such a rehosting technique enables the use of existing dynamic analysis techniques on these embedded applications. The feasibility of this approach is demonstrated first by manually performing the rehosting on real-world embedded applications. The challenges in each of the phases – retargeting to x86-64, peripheral handling, and fuzzing the rehosted applications are elaborated. Furthermore, automated steps for retargeting to the x86-64 and peripheral handling are developed. The peripheral handling achieves 89% accuracy if reserved regions are also considered. The testing of these rehosted applications found 2 previously unknown defects in driver components.</p>

Software and application security

System and network security

Cybersecurity

Firmware

Rehosting

Real-Time Systems

RTOS

Dynamic Analysis

Embedded Systems

Embedded Systems Security

Architectural Enhancements to Increase Trust in Cyber-Physical Systems Containing Untrusted Software and Hardware

Farag, Mohammed Morsy Naeem

25 October 2012

Embedded electronics are widely employed in cyber-physical systems (CPSes), which tightly integrate and coordinate computational and physical elements. CPSes are extensively deployed in security-critical applications and nationwide infrastructure. Perimeter security approaches to preventing malware infiltration of CPSes are challenged by the complexity of modern embedded systems incorporating numerous heterogeneous and updatable components. Global supply chains and third-party hardware components, tools, and software limit the reach of design verification techniques and introduce security concerns about deliberate Trojan inclusions. As a consequence, skilled attacks against CPSes have demonstrated that these systems can be surreptitiously compromised. Existing run-time security approaches are not adequate to counter such threats because of either the impact on performance and cost, lack of scalability and generality, trust needed in global third parties, or significant changes required to the design flow. We present a protection scheme called Run-time Enhancement of Trusted Computing (RETC) to enhance trust in CPSes containing untrusted software and hardware. RETC is complementary to design-time verification approaches and serves as a last line of defense against the rising number of inexorable threats against CPSes. We target systems built using reconfigurable hardware to meet the flexibility and high-performance requirements of modern security protections. Security policies are derived from the system physical characteristics and component operational specifications and translated into synthesizable hardware integrated into specific interfaces on a per-module or per-function basis. The policy-based approach addresses many security challenges by decoupling policies from system-specific implementations and optimizations, and minimizes changes required to the design flow. Interface guards enable in-line monitoring and enforcement of critical system computations at run-time. Trust is only required in a small set of simple, self-contained, and verifiable guard components. Hardware trust anchors simultaneously addresses the performance, flexibility, developer productivity, and security requirements of contemporary CPSes. We apply RETC to several CPSes having common security challenges including: secure reconfiguration control in reconfigurable cognitive radio platforms, tolerating hardware Trojan threats in third-party IP cores, and preserving stability in process control systems. High-level architectures demonstrated with prototypes are presented for the selected applications. Implementation results illustrate the RETC efficiency in terms of the performance and overheads of the hardware trust anchors. Testbenches associated with the addressed threat models are generated and experimentally validated on reconfigurable platform to establish the protection scheme efficacy in thwarting the selected threats. This new approach significantly enhances trust in CPSes containing untrusted components without sacrificing cost and performance. / Ph. D.

Hardware Trojans

Reconfigurable Hardware

Embedded Systems Security

Cognitive radio networks

Trusted Computing

Cyber-Physical Systems

Process Control Systems

Protecting Bare-metal Systems from Remote Exploitation

Abraham Anthony Clements (6618926)

15 May 2019

The Internet of Things is deploying large numbers of bare-metal systems that have no protection against memory corruption and control-flow hijacking attacks. These attacks have enabled unauthorized entry to hotel rooms, malicious control of unmanned aerial vehicles, and invasions of privacy. Using static and dynamic analysis these systems can utilize state-of-the-art testing techniques to identify and<br>prevent memory-corruption errors and employ defenses against memory corruption and control-flow hijacking attacks in bare-metal systems that match or exceed those currently employed on desktop systems. This is shown using three case studies.<br><br>(1) EPOXY which, automatically applies data execution prevention, diversity, stack defenses, and separating privileged code from unprivileged code using a novel<br>technique called privileged overlaying. These protections prevent code injection attacks, and reduce the number of privileged instruction to 0.06% verses an unprotected<br>application.<br><br>(2) Automatic Compartments for Embedded Systems (ACES), which automatically creates compartments that enforce data integrity and code isolation within bare-metal applications. ACES enables exploring policies to best meet security and performance requirements for individual applications. Results show ACES' can form 10s of compartments within a single thread and has a 15% runtime overhead on average.<br><br><div>(3) HALucinator breaks the requirement for specialized hardware to perform bare-metal system testing. This enables state-of-the-art testing techniques –e.g., coverage based fuzzing – to scale with the availability of commodity computers, leading to the discovery of exploitable vulnerabilities in bare-metal systems. <br></div><div><br></div><div>Combined, these case studies advance the security of embedded system several decades and provide essential protections for today’s connected devices.</div>

Computer Engineering

Applied Computer Science

Computer System Security

Computer Communications Networks

Embedded Systems

Computer Security

Embedded Systems Security

Bare-Metal

Internet of Things

Memory Corruption

cyber security

Side-Channel Analysis: Countermeasures and Application to Embedded Systems Debugging

Moreno, Carlos

January 2013

Side-Channel Analysis plays an important role in cryptology, as it represents an important class of attacks against cryptographic implementations, especially in the context of embedded systems such as hand-held mobile devices, smart cards, RFID tags, etc. These types of attacks bypass any intrinsic mathematical security of the cryptographic algorithm or protocol by exploiting observable side-effects of the execution of the cryptographic operation that may exhibit some relationship with the internal (secret) parameters in the device. Two of the main types of side-channel attacks are timing attacks or timing analysis, where the relationship between the execution time and secret parameters is exploited; and power analysis, which exploits the relationship between power consumption and the operations being executed by a processor as well as the data that these operations work with. For power analysis, two main types have been proposed: simple power analysis (SPA) which relies on direct observation on a single measurement, and differential power analysis (DPA), which uses multiple measurements combined with statistical processing to extract information from the small variations in power consumption correlated to the data. In this thesis, we propose several countermeasures to these types of attacks, with the main themes being timing analysis and SPA. In addition to these themes, one of our contributions expands upon the ideas behind SPA to present a constructive use of these techniques in the context of embedded systems debugging. In our first contribution, we present a countermeasure against timing attacks where an optimized form of idle-wait is proposed with the goal of making the observable decryption time constant for most operations while maintaining the overhead to a minimum. We show that not only we reduce the overhead in terms of execution speed, but also the computational cost of the countermeasure, which represents a considerable advantage in the context of devices relying on battery power, where reduced computations translates into lower power consumption and thus increased battery life. This is indeed one of the important themes for all of the contributions related to countermeasures to side- channel attacks. Our second and third contributions focus on power analysis; specifically, SPA. We address the issue of straightforward implementations of binary exponentiation algorithms (or scalar multiplication, in the context of elliptic curve cryptography) making a cryptographic system vulnerable to SPA. Solutions previously proposed introduce a considerable performance penalty. We propose a new method, namely Square-and-Buffered- Multiplications (SABM), that implements an SPA-resistant binary exponentiation exhibiting optimal execution time at the cost of a small amount of storage --- O(\sqrt(\ell)), where \ell is the bit length of the exponent. The technique is optimal in the sense that it adds SPA-resistance to an underlying binary exponentiation algorithm while introducing zero computational overhead. We then present several new SPA-resistant algorithms that result from a novel way of combining the SABM method with an alternative binary exponentiation algorithm where the exponent is split in two halves for simultaneous processing, showing that by combining the two techniques, we can make use of signed-digit representations of the exponent to further improve performance while maintaining SPA-resistance. We also discuss the possibility of our method being implemented in a way that a certain level of resistance against DPA may be obtained. In a related contribution, we extend these ideas used in SPA and propose a technique to non-intrusively monitor a device and trace program execution, with the intended application of assisting in the difficult task of debugging embedded systems at deployment or production stage, when standard debugging tools or auxiliary components to facilitate debugging are no longer enabled in the device. One of the important highlights of this contribution is the fact that the system works on a standard PC, capturing the power traces through the recording input of the sound card.

cryptography

embedded systems

embedded systems security

side-channel analysis

timing attacks

power analysis

spa-resistant implementations

embedded systems debugging

Electrical and Computer Engineering

Side-Channel Analysis: Countermeasures and Application to Embedded Systems Debugging

Moreno, Carlos

January 2013

Side-Channel Analysis plays an important role in cryptology, as it represents an important class of attacks against cryptographic implementations, especially in the context of embedded systems such as hand-held mobile devices, smart cards, RFID tags, etc. These types of attacks bypass any intrinsic mathematical security of the cryptographic algorithm or protocol by exploiting observable side-effects of the execution of the cryptographic operation that may exhibit some relationship with the internal (secret) parameters in the device. Two of the main types of side-channel attacks are timing attacks or timing analysis, where the relationship between the execution time and secret parameters is exploited; and power analysis, which exploits the relationship between power consumption and the operations being executed by a processor as well as the data that these operations work with. For power analysis, two main types have been proposed: simple power analysis (SPA) which relies on direct observation on a single measurement, and differential power analysis (DPA), which uses multiple measurements combined with statistical processing to extract information from the small variations in power consumption correlated to the data. In this thesis, we propose several countermeasures to these types of attacks, with the main themes being timing analysis and SPA. In addition to these themes, one of our contributions expands upon the ideas behind SPA to present a constructive use of these techniques in the context of embedded systems debugging. In our first contribution, we present a countermeasure against timing attacks where an optimized form of idle-wait is proposed with the goal of making the observable decryption time constant for most operations while maintaining the overhead to a minimum. We show that not only we reduce the overhead in terms of execution speed, but also the computational cost of the countermeasure, which represents a considerable advantage in the context of devices relying on battery power, where reduced computations translates into lower power consumption and thus increased battery life. This is indeed one of the important themes for all of the contributions related to countermeasures to side- channel attacks. Our second and third contributions focus on power analysis; specifically, SPA. We address the issue of straightforward implementations of binary exponentiation algorithms (or scalar multiplication, in the context of elliptic curve cryptography) making a cryptographic system vulnerable to SPA. Solutions previously proposed introduce a considerable performance penalty. We propose a new method, namely Square-and-Buffered- Multiplications (SABM), that implements an SPA-resistant binary exponentiation exhibiting optimal execution time at the cost of a small amount of storage --- O(\sqrt(\ell)), where \ell is the bit length of the exponent. The technique is optimal in the sense that it adds SPA-resistance to an underlying binary exponentiation algorithm while introducing zero computational overhead. We then present several new SPA-resistant algorithms that result from a novel way of combining the SABM method with an alternative binary exponentiation algorithm where the exponent is split in two halves for simultaneous processing, showing that by combining the two techniques, we can make use of signed-digit representations of the exponent to further improve performance while maintaining SPA-resistance. We also discuss the possibility of our method being implemented in a way that a certain level of resistance against DPA may be obtained. In a related contribution, we extend these ideas used in SPA and propose a technique to non-intrusively monitor a device and trace program execution, with the intended application of assisting in the difficult task of debugging embedded systems at deployment or production stage, when standard debugging tools or auxiliary components to facilitate debugging are no longer enabled in the device. One of the important highlights of this contribution is the fact that the system works on a standard PC, capturing the power traces through the recording input of the sound card.

cryptography

embedded systems

embedded systems security

side-channel analysis

timing attacks

power analysis

spa-resistant implementations

embedded systems debugging

Electrical and Computer Engineering

Validating Side Channel models in RISC-V using Model-Based Testing

Vitek, Viktor

January 2021

Microarchitecture’s optimizations have increased the performance but lowered the security. Speculative execution is one of the optimizations that was thought to be secure, but it is exploitable to leak information. The problem with these exploits is that there is no easy software defence and many exploits could be unexplored due to it being a fairly recent discovery. This thesis explores a way to find code that is vulnerable to this. The solution to the problem is to use the tool Side Channel Abstract Model Validator (SCAMV) which implements the method Model-Based Testing (MBT). We examine the core CVA6, which is a RISCV Central Processing Unit (CPU). Test cases are generated by program generators and interesting ones are selected by applying an observational model to them. The observational model abstracts side-channel leakage of the microarchitecture. The selected test cases are executed on the platform to validate the used observational models. The results of the test cases showed no indication of modifying the side channels under speculative execution. The results showed that SCAMV can examine timing-based channels. The conclusion is that our findings indicate that the CVA6 core is not vulnerable to speculative cache or timing-based side-channel attacks. / Optimeringar på mikroarkitektur nivåer har ökat prestandan men minskat säkerheten. Spekulativt utförande (speculative execution) är en av de optimeringar som har ansetts vara säkert, men det har visats att det kan utnyttjas för att läcka information. Problemet med dessa sårbarheter är att det inte finns något enkelt mjukvaruförsvar och att många sårbarheter fortfarande kan vara outforskade. Denna avhandling undersöker ett sätt att försöka hitta kod som är sårbar för detta. Lösningen på problemet är att använda verktyget SCAMV som använder sig av metoden Model-Baserad Testning. Vi undersöker CVA6, vilket är en RISCV CPU. Testfall genereras av programgeneratorer och intressanta testfall väljs genom att tillämpa en observationsmodell på dem. Observationsmodellen abstraherar sidokanalläckage i mikroarkitekturen. De valda testprogrammen verkställs på plattformen för att validera de använda observationsmodellerna. Resultatet från testfallen visade ingen indikation på att det går att modifiera sidokanalerna under spekulativt utförande. Resultatet visade att SCAMV kan undersöka tidsbaserade kanaler. Slutsatsen är att våra resultat indikerar att CVA6 inte är sårbar för spekulativa cache eller tidsbaserade sidokanalattacker.

Computer Sciences

Datavetenskap (datalogi)

INTERNET OF THINGS SYSTEMS SECURITY: BENCHMARKING AND PROTECTION

Naif S Almakhdhub (8810120)

07 May 2020

<div><p>Internet of Things (IoT) systems running on Microcontrollers (MCUS) have become a prominent target of remote attacks. Although deployed in security and safety critical domains, such systems lack basic mitigations against control-flow hijacking attacks. Attacks against IoT systems already enabled malicious takeover of smartphones, vehicles, unmanned aerial vehicles, and industrial control systems.</p></div><div><p> </p><div><p>The thesis introduces a systemic analysis of previous defense mitigations to secure IoT systems. Building off this systematization, we identify two main issues in IoT systems security. First, efforts to protect IoT systems are hindered by the lack of realistic benchmarks and evaluation frameworks. Second, existing solutions to protect from control-flow hijacking on the return edge are either impractical or have limited security guarantees. This thesis addresses these issues using two approaches. </p></div><div><p> </p></div><div><p>First, we present BenchIoT, a benchmark suite of five realistic IoT applications and an evaluation framework that enables automated and extensible evaluation of 14 metrics covering security, performance, memory usage, and energy. BenchIoT enables evaluating and comparing security mechanisms. Using BenchIoT, we show that even if two security mechanisms have similarly modest runtime overhead, one can have undesired consequences on security such as a large portion of privileged user execution.</p></div><div><p> </p></div><div><p>Second, we introduce Return Address Integrity (RAI), a novel security mechanism to prevent all control-flow hijacking attacks targeting return edges, without requiring special hardware. We design and implement μRAI to enforce the RAI property. Our results show μRAI has a low runtime overhead of 0.1% on average, and therefore is a</p></div><div><p>practical solution for IoT systems. </p></div><div><p> </p></div><div><p>This thesis enables measuring the security IoT systems through standardized benchmarks and metrics. Using static analysis and runtime monitors, it prevents control-flow hijacking attacks on return edges with low runtime overhead. Combined, this thesis advances the state-of-the-art of protecting IoT systems and benchmarking its security.</p></div></div>

Computer Engineering

Applied Computer Science

Computer System Security

Cyber security

Computer Security

System Security

Software Security

Embedded Systems Security

IoT Security

Internet of things(IoT)

control-flow hijacking

embedded systems

Cybersecurity

Memory-based Hardware-intrinsic Security Mechanisms for Device Authentication in Embedded Systems

Soubhagya Sutar (9187907)

30 July 2020

<div>The Internet-of-Things (IoT) is one of the fastest-growing technologies in computing, revolutionizing several application domains such as wearable computing, home automation, industrial manufacturing, <i>etc</i>. This rapid proliferation, however, has given rise to a plethora of new security and privacy concerns. For example, IoT devices frequently access sensitive and confidential information (<i>e.g.,</i> physiological signals), which has made them attractive targets for various security attacks. Moreover, with the hardware components in these systems sourced from manufacturers across the globe, instances of counterfeiting and piracy have increased steadily. Security mechanisms such as device authentication and key exchange are attractive options for alleviating these challenges.</div><div><br></div><div>In this dissertation, we address the challenge of enabling low-cost and low-overhead device authentication and key exchange in off-the-shelf embedded systems. The first part of the dissertation focuses on a hardware-intrinsic mechanism and proposes the design of two Physically Unclonable Functions (PUFs), which leverage the memory (DRAM, SRAM) in the system, thus, requiring minimal (or no) additional hardware for operation. Two lightweight authentication and error-correction techniques, which ensure robust operation under wide environmental and temporal variations, are also presented. Experimental results obtained from prototype implementations demonstrate the effectiveness of the design. The second part of the dissertation focuses on the application of these techniques in real-world systems through a new end-to-end authentication and key-exchange protocol in the context of an Implantable Medical Device (IMD) ecosystem. Prototype implementations exhibit an energy-efficient design that guards against security and privacy attacks, thereby making it suitable for resource-constrained devices such as IMDs.</div><div><br></div>

Computer Engineering

Computer System Security

physically unclonable functions

PUF

Dynamic Random Access Memories

DRAM

device authentication

key exchange

authentication protocol

authentication scheme

authentication mechanism

combination PUF

memory PUF

implantable medical devices

IMD

IMD security

hardware security

Embedded Systems Security