skip to main content
research-article

Ensuring Secure Application Execution and Platform-Specific Execution in Embedded Devices

Published:02 April 2019Publication History
Skip Abstract Section

Abstract

The Internet of Things (IoT) is expanding at a large rate, with devices found in commercial and domestic settings from industrial sensors to home appliances. However, as the IoT market grows, so does the number of attacks made against it with some reports claiming an increase of 600% in 2017. This work seeks to prevent code replacement, injection, and exploitation attacks by ensuring correct and platform specific application execution. This combines two previously studied problems: secure application execution and binding hardware and software. We present descriptions of both problems and requirements for ensuring both simultaneously. We then propose a scheme extending previous work that meets these requirements, and describe our implementation of the soft-core Secure Execution Processor developed and tested on Xilinx Spartan-6 FPGA. Finally, we analyse the scheme and our implementation according to performance and the requirements listed.

References

  1. Martín Abadi, Mihai Budiu, Úlfar Erlingsson, and Jay Ligatti. 2005. Control-flow integrity. In Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS’05), Vijay Atluri, Catherine A. Meadows, and Ari Juels (Eds.). ACM, 340--353.Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Mikhail J. Atallah, Eric D. Bryant, John T. Korb, and John R. Rice. 2008. Binding software to specific native hardware in a VM environment: The PUF challenge and opportunity. In Proceedings of the 1st ACM Workshop on Virtual Machine Security (VMSec’08). ACM, New York, 45--48. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Julia Borghoff, Anne Canteaut, Tim Güneysu, Elif Bilge Kavun, Miroslav Knezevic, Lars R. Knudsen, Gregor Leander, Ventzislav Nikov, Christof Paar, Christian Rechberger, Peter Rombouts, Søren S. Thomsen, and Tolga Yalçin. 2012. PRINCE—A low-latency block cipher for pervasive computing applications. Extended abstract. In Proceedings of the 18th International Conference on the Theory and Application of Cryptology and Information Security, Advances in Cryptology’12), Lecture Notes in Computer Science, Vol. 7658, Xiaoyun Wang and Kazue Sako (Eds.). Springer, 208--225. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Erik Buchanan, Ryan Roemer, Stefan Savage, and Hovav Shacham. 2008. Return-oriented programming: Exploitation without code injection. Black Hat 8 (2008).Google ScholarGoogle Scholar
  5. Nick Christoulakis, George Christou, Elias Athanasopoulos, and Sotiris Ioannidis. 2016. HCFI: Hardware-enforced control-flow integrity. In Proceedings of the 6th ACM Conference on Data and Application Security and Privacy (CODASPY’16), Elisa Bertino, Ravi Sandhu, and Alexander Pretschner (Eds.). ACM, 38--49. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Louis Columbus. 2017. 2017 Roundup of Internet of Things Forecasts. Retrieved on March 3, 2016 from www.forbes.com/sites/louiscolumbus/2017/12/10/2017-roundup-of-internet-of-things-forecasts.Google ScholarGoogle Scholar
  7. Lucas Davi, Matthias Hanreich, Debayan Paul, Ahmad-Reza Sadeghi, Patrick Koeberl, Dean Sullivan, Orlando Arias, and Yier Jin. 2015. HAFIX: Hardware-assisted flow integrity extension. In Proceedings of the 52nd Annual Design Automation Conference. ACM, 74:1--74:6. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Ruan de Clercq, Johannes Götzfried, David Übler, Pieter Maene, and Ingrid Verbauwhede. 2017. SOFIA: Software and control flow integrity architecture. Computers 8 Security 68 (2017), 16--35. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Ruan de Clercq and Ingrid Verbauwhede. 2017. A survey of hardware-based control flow integrity (CFI). CoRR abs/1706.07257 (2017). arxiv:1706.07257 http://arxiv.org/abs/1706.07257.Google ScholarGoogle Scholar
  10. Danny Dolev and Andrew Chi-Chih Yao. 1983. On the security of public key protocols. IEEE Transactions on Information Theory 29, 2 (1983), 198--207. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Daniel Genkin, Adi Shamir, and Eran Tromer. 2017. Acoustic cryptanalysis. Journal of Cryptology 30, 2 (2017), 392--443. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Vladimir Kiriansky, Derek Bruening, and Saman P. Amarasinghe. 2002. Secure execution via program shepherding. In Proceedings of the 11th USENIX Security Symposium, Dan Boneh (Ed.). USENIX, 191--206. http://www.usenix.org/publications/library/proceedings/sec02/kiriansky.html. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Paul Kocher, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2018. Spectre attacks: Exploiting speculative execution. ArXiv e-prints (Jan. 2018). arxiv:1801.01203.Google ScholarGoogle Scholar
  14. Paul C. Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential power analysis. In Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO’99). Lecture Notes in Computer Science, Vol. 1666, Michael J. Wiener (Ed.). Springer, 388--397.Google ScholarGoogle ScholarCross RefCross Ref
  15. R. Krasinski and M. Rosner. 2003. Method for Binding a Software Data Domain to Specific Hardware.Google ScholarGoogle Scholar
  16. Robert P. Lee, Konstantinos Markantonakis, and Raja Naeem Akram. 2016. Binding hardware and software to prevent firmware modification and device counterfeiting. In Proceedings of the 2nd ACM Workshop on Cyber-Physical System Security (CPSS’16), Jianying Zhou and Javier Lopez (Eds.). ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Robert P. Lee, Konstantinos Markantonakis, and Raja Naeem Akram. 2017. Provisioning software with hardware-software binding. In Proceedings of the 12th International Conference on Availability, Reliability and Security. ACM, 49:1--49:9. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown. ArXiv e-prints (Jan. 2018). arxiv:1801.01207.Google ScholarGoogle Scholar
  19. Pieter Maene. 2017. BlockCiphers. Retrieved on June 19, 2018 from https://github.com/pmaene/BlockCiphers.Google ScholarGoogle Scholar
  20. Pieter Maene and Ingrid Verbauwhede. 2015. Single-cycle implementations of block ciphers. In Proceedings of the 4th International Workshop on Lightweight Cryptography for Security and Privacy (LightSec’15) Bochum, Germany, September. Revised Selected Papers, Lecture Notes in Computer Science, Vol. 9542, Tim Güneysu, Gregor Leander, and Amir Moradi (Eds.). Springer, 131--147. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Shahram Rasoolzadeh and Håvard Raddum. 2016. Cryptanalysis of PRINCE with minimal data. In Proceedings of the 8th International Conference on Cryptology, Progress in Cryptology (AFRICACRYPT’16), Lecture Notes in Computer Science, Vol. 9646, David Pointcheval, Abderrahmane Nitaj, and Tajjeeddine Rachidi (Eds.). Springer, 109--126. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Shahram Rasoolzadeh and Håvard Raddum. 2016. Faster key recovery attack on round-reduced PRINCE. In Proceedings of the 5th International Workshop on Lightweight Cryptography for Security and Privacy (LightSec’16), Revised Selected Papers, Lecture Notes in Computer Science, Vol. 10098, Andrey Bogdanov (Ed.). Springer, 3--17.Google ScholarGoogle Scholar
  23. Dean Sullivan, Orlando Arias, Lucas Davi, Per Larsen, Ahmad-Reza Sadeghi, and Yier Jin. 2016. Strategy without tactics: Policy-agnostic hardware-enhanced control-flow integrity. In Proceedings of the 53rd Annual Design Automation Conference (DAC’16). ACM, 163:1--163:6. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Symantec Corporation. 2018. Internet Security Technical Report (ISTR). Technical Report.Google ScholarGoogle Scholar
  25. Xilinx, Inc. 2011. PicoBlaze 8-bit Microcontroller. Retrieved on January 1, 2016 from http://www.xilinx.com/products/intellectual-property/picoblaze.html.Google ScholarGoogle Scholar
  26. Xilinx Inc. 2018. Spartan-6 FPGA SP601 Evaluation Kit. Retrieved on March 30, 2018 from https://www.xilinx.com/products/boards-and-kits/ek-s6-sp601-g.html.Google ScholarGoogle Scholar

Index Terms

  1. Ensuring Secure Application Execution and Platform-Specific Execution in Embedded Devices

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader

          HTML Format

          View this article in HTML Format .

          View HTML Format
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!