Abstract
The Internet of Things (IoT) is expanding at a large rate, with devices found in commercial and domestic settings from industrial sensors to home appliances. However, as the IoT market grows, so does the number of attacks made against it with some reports claiming an increase of 600% in 2017. This work seeks to prevent code replacement, injection, and exploitation attacks by ensuring correct and platform specific application execution. This combines two previously studied problems: secure application execution and binding hardware and software. We present descriptions of both problems and requirements for ensuring both simultaneously. We then propose a scheme extending previous work that meets these requirements, and describe our implementation of the soft-core Secure Execution Processor developed and tested on Xilinx Spartan-6 FPGA. Finally, we analyse the scheme and our implementation according to performance and the requirements listed.
- Martín Abadi, Mihai Budiu, Úlfar Erlingsson, and Jay Ligatti. 2005. Control-flow integrity. In Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS’05), Vijay Atluri, Catherine A. Meadows, and Ari Juels (Eds.). ACM, 340--353.Google Scholar
Digital Library
- Mikhail J. Atallah, Eric D. Bryant, John T. Korb, and John R. Rice. 2008. Binding software to specific native hardware in a VM environment: The PUF challenge and opportunity. In Proceedings of the 1st ACM Workshop on Virtual Machine Security (VMSec’08). ACM, New York, 45--48. Google Scholar
Digital Library
- Julia Borghoff, Anne Canteaut, Tim Güneysu, Elif Bilge Kavun, Miroslav Knezevic, Lars R. Knudsen, Gregor Leander, Ventzislav Nikov, Christof Paar, Christian Rechberger, Peter Rombouts, Søren S. Thomsen, and Tolga Yalçin. 2012. PRINCE—A low-latency block cipher for pervasive computing applications. Extended abstract. In Proceedings of the 18th International Conference on the Theory and Application of Cryptology and Information Security, Advances in Cryptology’12), Lecture Notes in Computer Science, Vol. 7658, Xiaoyun Wang and Kazue Sako (Eds.). Springer, 208--225. Google Scholar
Digital Library
- Erik Buchanan, Ryan Roemer, Stefan Savage, and Hovav Shacham. 2008. Return-oriented programming: Exploitation without code injection. Black Hat 8 (2008).Google Scholar
- Nick Christoulakis, George Christou, Elias Athanasopoulos, and Sotiris Ioannidis. 2016. HCFI: Hardware-enforced control-flow integrity. In Proceedings of the 6th ACM Conference on Data and Application Security and Privacy (CODASPY’16), Elisa Bertino, Ravi Sandhu, and Alexander Pretschner (Eds.). ACM, 38--49. Google Scholar
Digital Library
- Louis Columbus. 2017. 2017 Roundup of Internet of Things Forecasts. Retrieved on March 3, 2016 from www.forbes.com/sites/louiscolumbus/2017/12/10/2017-roundup-of-internet-of-things-forecasts.Google Scholar
- Lucas Davi, Matthias Hanreich, Debayan Paul, Ahmad-Reza Sadeghi, Patrick Koeberl, Dean Sullivan, Orlando Arias, and Yier Jin. 2015. HAFIX: Hardware-assisted flow integrity extension. In Proceedings of the 52nd Annual Design Automation Conference. ACM, 74:1--74:6. Google Scholar
Digital Library
- Ruan de Clercq, Johannes Götzfried, David Übler, Pieter Maene, and Ingrid Verbauwhede. 2017. SOFIA: Software and control flow integrity architecture. Computers 8 Security 68 (2017), 16--35. Google Scholar
Digital Library
- Ruan de Clercq and Ingrid Verbauwhede. 2017. A survey of hardware-based control flow integrity (CFI). CoRR abs/1706.07257 (2017). arxiv:1706.07257 http://arxiv.org/abs/1706.07257.Google Scholar
- Danny Dolev and Andrew Chi-Chih Yao. 1983. On the security of public key protocols. IEEE Transactions on Information Theory 29, 2 (1983), 198--207. Google Scholar
Digital Library
- Daniel Genkin, Adi Shamir, and Eran Tromer. 2017. Acoustic cryptanalysis. Journal of Cryptology 30, 2 (2017), 392--443. Google Scholar
Digital Library
- Vladimir Kiriansky, Derek Bruening, and Saman P. Amarasinghe. 2002. Secure execution via program shepherding. In Proceedings of the 11th USENIX Security Symposium, Dan Boneh (Ed.). USENIX, 191--206. http://www.usenix.org/publications/library/proceedings/sec02/kiriansky.html. Google Scholar
Digital Library
- Paul Kocher, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2018. Spectre attacks: Exploiting speculative execution. ArXiv e-prints (Jan. 2018). arxiv:1801.01203.Google Scholar
- Paul C. Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential power analysis. In Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO’99). Lecture Notes in Computer Science, Vol. 1666, Michael J. Wiener (Ed.). Springer, 388--397.Google Scholar
Cross Ref
- R. Krasinski and M. Rosner. 2003. Method for Binding a Software Data Domain to Specific Hardware.Google Scholar
- Robert P. Lee, Konstantinos Markantonakis, and Raja Naeem Akram. 2016. Binding hardware and software to prevent firmware modification and device counterfeiting. In Proceedings of the 2nd ACM Workshop on Cyber-Physical System Security (CPSS’16), Jianying Zhou and Javier Lopez (Eds.). ACM. Google Scholar
Digital Library
- Robert P. Lee, Konstantinos Markantonakis, and Raja Naeem Akram. 2017. Provisioning software with hardware-software binding. In Proceedings of the 12th International Conference on Availability, Reliability and Security. ACM, 49:1--49:9. Google Scholar
Digital Library
- Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown. ArXiv e-prints (Jan. 2018). arxiv:1801.01207.Google Scholar
- Pieter Maene. 2017. BlockCiphers. Retrieved on June 19, 2018 from https://github.com/pmaene/BlockCiphers.Google Scholar
- Pieter Maene and Ingrid Verbauwhede. 2015. Single-cycle implementations of block ciphers. In Proceedings of the 4th International Workshop on Lightweight Cryptography for Security and Privacy (LightSec’15) Bochum, Germany, September. Revised Selected Papers, Lecture Notes in Computer Science, Vol. 9542, Tim Güneysu, Gregor Leander, and Amir Moradi (Eds.). Springer, 131--147. Google Scholar
Digital Library
- Shahram Rasoolzadeh and Håvard Raddum. 2016. Cryptanalysis of PRINCE with minimal data. In Proceedings of the 8th International Conference on Cryptology, Progress in Cryptology (AFRICACRYPT’16), Lecture Notes in Computer Science, Vol. 9646, David Pointcheval, Abderrahmane Nitaj, and Tajjeeddine Rachidi (Eds.). Springer, 109--126. Google Scholar
Digital Library
- Shahram Rasoolzadeh and Håvard Raddum. 2016. Faster key recovery attack on round-reduced PRINCE. In Proceedings of the 5th International Workshop on Lightweight Cryptography for Security and Privacy (LightSec’16), Revised Selected Papers, Lecture Notes in Computer Science, Vol. 10098, Andrey Bogdanov (Ed.). Springer, 3--17.Google Scholar
- Dean Sullivan, Orlando Arias, Lucas Davi, Per Larsen, Ahmad-Reza Sadeghi, and Yier Jin. 2016. Strategy without tactics: Policy-agnostic hardware-enhanced control-flow integrity. In Proceedings of the 53rd Annual Design Automation Conference (DAC’16). ACM, 163:1--163:6. Google Scholar
Digital Library
- Symantec Corporation. 2018. Internet Security Technical Report (ISTR). Technical Report.Google Scholar
- Xilinx, Inc. 2011. PicoBlaze 8-bit Microcontroller. Retrieved on January 1, 2016 from http://www.xilinx.com/products/intellectual-property/picoblaze.html.Google Scholar
- Xilinx Inc. 2018. Spartan-6 FPGA SP601 Evaluation Kit. Retrieved on March 30, 2018 from https://www.xilinx.com/products/boards-and-kits/ek-s6-sp601-g.html.Google Scholar
Index Terms
Ensuring Secure Application Execution and Platform-Specific Execution in Embedded Devices
Recommendations
Secure Application Execution in Mobile Devices
LNCS Essays on The New Codebreakers - Volume 9100Smart phones have rapidly become hand-held mobile devices capable of sustaining multiple applications. Some of these applications allow access to services including healthcare, financial, online social networks and are becoming common in the smart phone ...
Hardware-assisted run-time monitoring for secure program execution on embedded processors
Embedded system security is often compromised when "trusted" software is subverted to result in unintended behavior, such as leakage of sensitive data or execution of malicious code. Several countermeasures have been proposed in the literature to ...
Customized kernel execution on reconfigurable hardware for embedded applications
To conserve space and power as well as to harness high performance in embedded systems, high utilization of the hardware is required. This can be facilitated through dynamic adaptation of the silicon resources in reconfigurable systems in order to ...






Comments