TU Darmstadt / ULB / TUbiblio

Hardware entangled security primitives: attacks and defenses

Zeitouni, Shaza (2022)
Hardware entangled security primitives: attacks and defenses.
Technische Universität Darmstadt
doi: 10.26083/tuprints-00021552
Dissertation, Erstveröffentlichung, Verlagsversion

Kurzbeschreibung (Abstract)

Hardware-assisted security aims at protecting computing systems against software-based attacks that can affect the different software layers. This is attained by leveraging hardware components or modules to enforce strict security measures and thus providing stronger security guarantees compared to software-only solutions. The trusted hardware components form together the so-called trust anchor, which comprises various primitives to support different security protocols and services such as authentication, platform integrity, runtime protection, trusted execution and trusted configuration, to name some. This thesis consists of two parts: i) an offensive part, where we present our findings based on attacks we conducted on hardware-based security primitives that can be deployed in trust anchors for platform authentication and cryptographic key generation, and ii) a defensive part, where we present our novel hardware-assisted defenses/architectures for platform integrity at runtime and trusted configuration that are based on trust anchors of our design. The contributions are organized in three pivots based on the security service provided by the trust anchor. Platform Authentication. Physically Unclonable Functions (PUFs) are hardware security primitives that leverage the innate characteristics of hardware due to its manufacturing process for the generation of device-specific identifiers or cryptographic keys. Therefore, PUFs have been considered as a promising cost-effective primitive/component in trust anchors for constrained embedded devices. In this part of the thesis we evaluate the security of several PUF primitives. We demonstrate a noninvasive fault injection attack on SRAM PUFs that is conducted by controlling the voltage supply to the PUF under attack for the recovery of the secret PUF response [1]. Then, we present remote software-based fault injection attack on Rowhammer PUFs and modeling attacks on Rowhammer PUFs and memristor-based PUFs that require no physical access to the PUF under attack [2, 3]. This pivot is based on the following publications:

[1] Shaza Zeitouni, Yossef Oren, Christian Wachsmann, Patrick Koeberl, Ahmad-Reza Sadeghi. “Remanence Decay Side-Channel: The PUF Case”. In IEEE Transactions on Information Forensics and Security (TIFS), Vol. 11, 2015.

[2] Shaza Zeitouni, David Gens, Ahmad-Reza Sadeghi. “It’s Hammer Time: How to Attack (Rowhammer-based) DRAM-PUFs”. In Proceedings of the 55th ACM/IEEE Design Automation Conference (DAC’18), 2018.

[3] Shaza Zeitouni, Emmanuel Stapf, Hossein Fereidooni, Ahmad-Reza Sadeghi. “On the Security of Strong Memristor-based Physically Unclonable Functions”. In Proceedings of the 57th ACM/IEEE Design Automation Conference (DAC’20), 2020.

Runtime Protection. Memory corruption attacks aim at diverting the execution of software at runtime without violating its integrity at rest. While static attestation is a well established approach to verify the trustworthiness/integrity of software components and detect malware attacks, it cannot detect runtime attacks. In this part of the thesis, we present our runtime defenses for embedded systems under different deployment and adversary models and their underlying hardware-based trust anchors that we design and implement. We present i) LO-FAT, the first hardware-based control-flow attestation scheme to mitigate runtime control-flow attacks [4], ii) ATRIUM, the first runtime attestation scheme to capture executed instructions/binaries and control-flow behavior simultaneously to mitigate runtime control-flow as well as Time of Check Time of Use attacks [5], iii) CHASE, a flexible runtime attestation scheme suitable for real-time constrained devices [6] and iv) HardScope, a runtime context-specific memory isolation scheme to efficiently mitigate currently-known runtime data-oriented attacks [7]. This pivot is based on the following publications:

[4] Ghada Dessouky, Shaza Zeitouni, Thomas Nyman, Andrew Paverd, Lucas Davi, Patrick Koeberl, N. Asokan, Ahmad-Reza Sadeghi. “LO-FAT: Low-Overhead Control Flow ATtestation in Hardware”. In Proceedings of the 54th ACM/IEEE Design Automation Conference (DAC’17), 2017.

[5] Shaza Zeitouni, Ghada Dessouky, Orlando Arias, Dean Sullivan, Ahmad Ibrahim, Yier Jin, Ahmad-Reza Sadeghi. “ATRIUM: Runtime Attestation Resilient Under Memory Attacks”. In Proceedings of the 36th ACM/IEEE International Conference on Computer Aided Design (ICCAD’17), 2017.

[6] Ghada Dessouky, Shaza Zeitouni, Ahmad Ibrahim, Lucas Davi, Ahmad-Reza Sadeghi. “CHASE: Configurable Hardware-Assisted Security Extension for Real-Time Systems”. In Proceedings of the 38th ACM/IEEE International Conference on Computer Aided Design (ICCAD’19), 2019.

[7] Thomas Nyman, Ghada Dessouky, Shaza Zeitouni, Aaro Lehikoinen, Andrew Paverd, N. Asokan, Ahmad-Reza Sadeghi. “HardScope: Hardening Embedded Systems Against Data-Oriented Attacks”. In Proceedings of the 56th ACM/IEEE Design Automation Conference (DAC’19), 2019.

Trusted Configuration. Due to their flexibility and high performance-to-power ratio, Field Programmable Gate Arrays (FPGAs) have found their way into data centers. Major Cloud Service Providers (CSPs) offer their clients FPGA-accelerated compute instances and allow them to freely configure the FPGAs. However, this deployment model engenders a new type of physical attacks that can be launched remotely by clients using only malicious FPGA configurations. In this part of the thesis, we systematize the research work on cloud FPGAs and spot the light on fundamental security concerns and challenges [8]. Among them, the mutual trust problem of FPGA configuration: clients aim to protect their proprietary designs by encrypting FPGA configurations, while CSPs do not support the use of encrypted configurations and require access to FPGA configurations to inspect for malicious primitives, e.g. voltage sensors. To tackle this open challenge, we present a security protocol between the involved parties and its underlying hardware-based trust anchor that we design and implement for trusted configuration on cloud FPGAs [9]. This pivot is based on the following publications:

[8] Ghada Dessouky, Ahmad-Reza Sadeghi, Shaza Zeitouni. “SoK: Secure FPGA Multi-Tenancy in the Cloud: Challenges and Opportunities”. In Proceedings of the 6th IEEE European Symposium on Security and Privacy (EuroS&P’21), 2021.

[9] Shaza Zeitouni, Jo Vliegen, Tommaso Frassetto, Dirk Koch, Ahmad-Reza Sadeghi, Nele Mentens. “Trusted Configuration in Cloud FPGAs”. In Proceedings of the 29th IEEE International Symposium On Field-Programmable Custom Computing Machines (FCCM’21), 2021.

Typ des Eintrags: Dissertation
Erschienen: 2022
Autor(en): Zeitouni, Shaza
Art des Eintrags: Erstveröffentlichung
Titel: Hardware entangled security primitives: attacks and defenses
Sprache: Englisch
Referenten: Sadeghi, Prof. Ahmad-Reza ; Mentens, Prof. Nele
Publikationsjahr: 2022
Ort: Darmstadt
Kollation: XV, 161 Seiten
Datum der mündlichen Prüfung: 20 September 2021
DOI: 10.26083/tuprints-00021552
URL / URN: https://tuprints.ulb.tu-darmstadt.de/21552
Kurzbeschreibung (Abstract):

Hardware-assisted security aims at protecting computing systems against software-based attacks that can affect the different software layers. This is attained by leveraging hardware components or modules to enforce strict security measures and thus providing stronger security guarantees compared to software-only solutions. The trusted hardware components form together the so-called trust anchor, which comprises various primitives to support different security protocols and services such as authentication, platform integrity, runtime protection, trusted execution and trusted configuration, to name some. This thesis consists of two parts: i) an offensive part, where we present our findings based on attacks we conducted on hardware-based security primitives that can be deployed in trust anchors for platform authentication and cryptographic key generation, and ii) a defensive part, where we present our novel hardware-assisted defenses/architectures for platform integrity at runtime and trusted configuration that are based on trust anchors of our design. The contributions are organized in three pivots based on the security service provided by the trust anchor. Platform Authentication. Physically Unclonable Functions (PUFs) are hardware security primitives that leverage the innate characteristics of hardware due to its manufacturing process for the generation of device-specific identifiers or cryptographic keys. Therefore, PUFs have been considered as a promising cost-effective primitive/component in trust anchors for constrained embedded devices. In this part of the thesis we evaluate the security of several PUF primitives. We demonstrate a noninvasive fault injection attack on SRAM PUFs that is conducted by controlling the voltage supply to the PUF under attack for the recovery of the secret PUF response [1]. Then, we present remote software-based fault injection attack on Rowhammer PUFs and modeling attacks on Rowhammer PUFs and memristor-based PUFs that require no physical access to the PUF under attack [2, 3]. This pivot is based on the following publications:

[1] Shaza Zeitouni, Yossef Oren, Christian Wachsmann, Patrick Koeberl, Ahmad-Reza Sadeghi. “Remanence Decay Side-Channel: The PUF Case”. In IEEE Transactions on Information Forensics and Security (TIFS), Vol. 11, 2015.

[2] Shaza Zeitouni, David Gens, Ahmad-Reza Sadeghi. “It’s Hammer Time: How to Attack (Rowhammer-based) DRAM-PUFs”. In Proceedings of the 55th ACM/IEEE Design Automation Conference (DAC’18), 2018.

[3] Shaza Zeitouni, Emmanuel Stapf, Hossein Fereidooni, Ahmad-Reza Sadeghi. “On the Security of Strong Memristor-based Physically Unclonable Functions”. In Proceedings of the 57th ACM/IEEE Design Automation Conference (DAC’20), 2020.

Runtime Protection. Memory corruption attacks aim at diverting the execution of software at runtime without violating its integrity at rest. While static attestation is a well established approach to verify the trustworthiness/integrity of software components and detect malware attacks, it cannot detect runtime attacks. In this part of the thesis, we present our runtime defenses for embedded systems under different deployment and adversary models and their underlying hardware-based trust anchors that we design and implement. We present i) LO-FAT, the first hardware-based control-flow attestation scheme to mitigate runtime control-flow attacks [4], ii) ATRIUM, the first runtime attestation scheme to capture executed instructions/binaries and control-flow behavior simultaneously to mitigate runtime control-flow as well as Time of Check Time of Use attacks [5], iii) CHASE, a flexible runtime attestation scheme suitable for real-time constrained devices [6] and iv) HardScope, a runtime context-specific memory isolation scheme to efficiently mitigate currently-known runtime data-oriented attacks [7]. This pivot is based on the following publications:

[4] Ghada Dessouky, Shaza Zeitouni, Thomas Nyman, Andrew Paverd, Lucas Davi, Patrick Koeberl, N. Asokan, Ahmad-Reza Sadeghi. “LO-FAT: Low-Overhead Control Flow ATtestation in Hardware”. In Proceedings of the 54th ACM/IEEE Design Automation Conference (DAC’17), 2017.

[5] Shaza Zeitouni, Ghada Dessouky, Orlando Arias, Dean Sullivan, Ahmad Ibrahim, Yier Jin, Ahmad-Reza Sadeghi. “ATRIUM: Runtime Attestation Resilient Under Memory Attacks”. In Proceedings of the 36th ACM/IEEE International Conference on Computer Aided Design (ICCAD’17), 2017.

[6] Ghada Dessouky, Shaza Zeitouni, Ahmad Ibrahim, Lucas Davi, Ahmad-Reza Sadeghi. “CHASE: Configurable Hardware-Assisted Security Extension for Real-Time Systems”. In Proceedings of the 38th ACM/IEEE International Conference on Computer Aided Design (ICCAD’19), 2019.

[7] Thomas Nyman, Ghada Dessouky, Shaza Zeitouni, Aaro Lehikoinen, Andrew Paverd, N. Asokan, Ahmad-Reza Sadeghi. “HardScope: Hardening Embedded Systems Against Data-Oriented Attacks”. In Proceedings of the 56th ACM/IEEE Design Automation Conference (DAC’19), 2019.

Trusted Configuration. Due to their flexibility and high performance-to-power ratio, Field Programmable Gate Arrays (FPGAs) have found their way into data centers. Major Cloud Service Providers (CSPs) offer their clients FPGA-accelerated compute instances and allow them to freely configure the FPGAs. However, this deployment model engenders a new type of physical attacks that can be launched remotely by clients using only malicious FPGA configurations. In this part of the thesis, we systematize the research work on cloud FPGAs and spot the light on fundamental security concerns and challenges [8]. Among them, the mutual trust problem of FPGA configuration: clients aim to protect their proprietary designs by encrypting FPGA configurations, while CSPs do not support the use of encrypted configurations and require access to FPGA configurations to inspect for malicious primitives, e.g. voltage sensors. To tackle this open challenge, we present a security protocol between the involved parties and its underlying hardware-based trust anchor that we design and implement for trusted configuration on cloud FPGAs [9]. This pivot is based on the following publications:

[8] Ghada Dessouky, Ahmad-Reza Sadeghi, Shaza Zeitouni. “SoK: Secure FPGA Multi-Tenancy in the Cloud: Challenges and Opportunities”. In Proceedings of the 6th IEEE European Symposium on Security and Privacy (EuroS&P’21), 2021.

[9] Shaza Zeitouni, Jo Vliegen, Tommaso Frassetto, Dirk Koch, Ahmad-Reza Sadeghi, Nele Mentens. “Trusted Configuration in Cloud FPGAs”. In Proceedings of the 29th IEEE International Symposium On Field-Programmable Custom Computing Machines (FCCM’21), 2021.

Alternatives oder übersetztes Abstract:
Alternatives AbstractSprache

Hardwareunterstützte Sicherheit zielt darauf ab, IT Systeme vor softwarebasierten Angriffen zu schützen, die die verschiedenen Softwareschichten betreffen können. Dies wird erreicht, indem Hardwarekomponenten oder -module genutzt werden, um strenge Sicherheitsmaßnahmen durchzusetzen und somit stärkere Sicherheitsgarantien im Vergleich zu reinen Softwarelösungen zu bieten. Die vertrauenswürdigen Hardwarekomponenten bilden zusammen den sogenannten Vertrauensanker, der verschiedene Primitive umfasst, um verschiedene Sicherheitsprotokolle und -dienste wie Authentifizierung, Plattformintegrität, Laufzeitschutz, vertrauenswürdige Ausführung und vertrauenswürdige Konfiguration zu unterstützen, um einige Aufgaben zu nennen. Diese Dissertation besteht aus zwei Teilen: i) einem offensiven Teil, in dem wir unsere Ergebnisse basierend auf Angriffen auf Hardware-Sicherheitsprimitive präsentieren, die in Vertrauensankern für die Plattformauthentifizierung und die Generierung kryptographischer Schlüssel eingesetzt werden können, und ii) einen defensiven Teil, in dem wir unsere neuartigen hardwaregestützten Verteidigungen/Architekturen für Plattformintegrität zur Laufzeit und vertrauenswürdige Konfiguration präsentieren, die auf Vertrauensankern unseres Designs basieren. Die Beiträge sind in drei Gruppen geteilt, basierend auf der Sicherheitsdienstleistung des Vertrauensankers.

Plattformauthentifizierung. Physically Unclonable Functions (PUFs) sind Hardware-Sicherheitsprimitive, die die intrinsischen/angeborenen Eigenschaften von Hardware aufgrund ihres Herstellungsprozesses für die Generierung von gerätespezifischen Identifikatoren oder kryptographische Schlüsseln nutzen. Daher wurden PUFs als vielversprechende kostengünstige Grundelemente/Komponenten in Vertrauensankern für eingeschränkte eingebettete Geräte angesehen. In dieser Dissertation evaluieren Wir die Sicherheit mehrerer PUF-Primitiven. Wir demonstrieren einen nichtinvasiven Fehlerinjektionsangriff auf SRAM-PUFs, der durch Steuern der Spannungsversorgung der angegriffenen PUF zur Wiederherstellung der geheimen PUF-Antwort durchgeführt wird [1]. Dann präsentieren wir Software-basierte Remote-Angriffe auf die Rowhammer PUFs und Memristor-basierte PUFs, die keinen physischen Zugriff auf die angegriffene PUF erfordern [2, 3]. Diese Gruppe basiert auf den folgenden Publikationen:

[1] Shaza Zeitouni, Yossef Oren, Christian Wachsmann, Patrick Koeberl, Ahmad-Reza Sadeghi. “Remanence Decay Side-Channel: The PUF Case”. In IEEE Transactions on Information Forensics and Security (TIFS), Vol. 11, 2015.

[2] Shaza Zeitouni, David Gens, Ahmad-Reza Sadeghi. “It’s Hammer Time: How to Attack (Rowhammer-based) DRAM-PUFs”. In Proceedings of the 55th ACM/IEEE Design Automation Conference (DAC’18), 2018.

[3] Shaza Zeitouni, Emmanuel Stapf, Hossein Fereidooni, Ahmad-Reza Sadeghi. “On the Security of Strong Memristor-based Physically Unclonable Functions”. In Proceedings of the 57th ACM/IEEE Design Automation Conference (DAC’20), 2020.

Plattformintegrität zur Laufzeit. Laufzeitangriffe zielen darauf ab, die Ausführung von Software zur Laufzeit umzuleiten, ohne ihre Integrität im Ruhezustand zu verletzen. Die Attestierung ist ein etablierter Ansatz, um die Vertrauenswürdigkeit/Integrität von Softwarekomponenten zu überprüfen und Malware-Angriffe zu erkennen, kann jedoch in seiner statischen Grundform Laufzeitangriffe nicht erkennen. Wir präsentieren Laufzeitverteidigungen für eingebettete Systeme unter verschiedenen Bereitstellungs- und Gegnermodellen und ihren zugrunde liegenden hardwarebasierten Vertrauensankern, die wir entwerfen und implementieren. Wir präsentieren i) LO-FAT, das erste hardwarebasierte Kontrollfluss-Attestierung zur Abschwächung von Laufzeit-Kontrollfluss-Angriffen [4], ii) ATRIUM, das erste Laufzeit-Attestierung, das sowohl ausgeführte Befehle als auch Kontrollflussverhalten meldet, um sowohl Kontrollfluss- als auch Time-of-Check-Time-of-Use-Angriffe zu mindern [5], iii) CHASE vor, ein Laufzeit-Attestierung, das für echtzeitbeschränkte Geräte geeignet ist [6] und iv) HardScope, ein laufzeitkontextspezifisches Speicherisolationsschema, um derzeit bekannte laufzeitdatenorientierte Angriffe effizient abzuwehren [7]. Diese Gruppe basiert auf den folgenden Publikationen:

[4] Ghada Dessouky, Shaza Zeitouni, Thomas Nyman, Andrew Paverd, Lucas Davi, Patrick Koeberl, N. Asokan, Ahmad-Reza Sadeghi. “LO-FAT: Low-Overhead Control Flow ATtestation in Hardware”. In Proceedings of the 54th ACM/IEEE Design Automation Conference (DAC’17), 2017.

[5] Shaza Zeitouni, Ghada Dessouky, Orlando Arias, Dean Sullivan, Ahmad Ibrahim, Yier Jin, Ahmad-Reza Sadeghi. “ATRIUM: Runtime Attestation Resilient Under Memory Attacks”. In Proceedings of the 36th ACM/IEEE International Conference on Computer Aided Design (ICCAD’17), 2017.

[6] Ghada Dessouky, Shaza Zeitouni, Ahmad Ibrahim, Lucas Davi, Ahmad-Reza Sadeghi. “CHASE: Configurable Hardware-Assisted Security Extension for Real-Time Systems”. In Proceedings of the 38th ACM/IEEE International Conference on Computer Aided Design (ICCAD’19), 2019.

[7] Thomas Nyman, Ghada Dessouky, Shaza Zeitouni, Aaro Lehikoinen, Andrew Paverd, N. Asokan, Ahmad-Reza Sadeghi. “HardScope: Hardening Embedded Systems Against Data-Oriented Attacks”. In Proceedings of the 56th ACM/IEEE Design Automation Conference (DAC’19), 2019.

Vertrauenswürdige FPGA Konfiguration. Aufgrund ihrer Flexibilität und ihres Leistungsverhältnis haben Field Programmable Gate Arrays (FPGAs), die rekonfigurierbare Geräte sind, ihren Weg in Rechenzentren gefunden. Cloud-Dienstanbieter bieten ihren Kunden FPGA-beschleunigte Compute-Instanzen und erlauben ihnen, die FPGAs frei zu konfigurieren. Dieses Bereitstellungsmodell erzeugt jedoch eine neue Art physischer Angriffe, die von Kunden aus der Ferne gestartet werden können, indem sie nur böswillige FPGA-Konfigurationen verwenden. In dieser Dissertation systematisieren wir die Forschungsarbeiten zu Cloud-FPGAs und beleuchten grundlegende Sicherheitsbedenken und -herausforderungen [8]. Darunter das Problem des gegenseitigen Vertrauens bei der FPGA-Konfiguration: Kunden zielen darauf ab, ihre proprietären Designs durch Verschlüsselung von FPGA-Konfigurationen zu schützen, während Cloud-Dienstanbieter die Verwendung verschlüsselter Konfigurationen nicht unterstützen und Zugriff auf FPGA-Konfigurationen benötigen, um sie auf böswillige Primitiven zu untersuchen, z.B. Spannungssensoren. Um diese offene Herausforderung anzugehen, präsentieren wir ein Sicherheitsprotokoll zwischen den beteiligten Parteien und dem zugrunde liegenden hardwarebasierten Vertrauensanker, den wir für eine vertrauenswürdige Konfiguration auf Cloud FPGAs entwerfen und implementieren [9]. Diese Gruppe basiert auf den folgenden Publikationen:

[8] Ghada Dessouky, Ahmad-Reza Sadeghi, Shaza Zeitouni. “SoK: Secure FPGA Multi-Tenancy in the Cloud: Challenges and Opportunities”. In Proceedings of the 6th IEEE European Symposium on Security and Privacy (EuroS&P’21), 2021.

[9] Shaza Zeitouni, Jo Vliegen, Tommaso Frassetto, Dirk Koch, Ahmad-Reza Sadeghi, Nele Mentens. “Trusted Configuration in Cloud FPGAs”. In Proceedings of the 29th IEEE International Symposium On Field-Programmable Custom Computing Machines (FCCM’21), 2021.

Deutsch
Status: Verlagsversion
URN: urn:nbn:de:tuda-tuprints-215527
Sachgruppe der Dewey Dezimalklassifikatin (DDC): 000 Allgemeines, Informatik, Informationswissenschaft > 004 Informatik
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Systemsicherheit
TU-Projekte: DFG|SFB1119|S2SFB1119 Sadeghi
Hinterlegungsdatum: 20 Jun 2022 12:18
Letzte Änderung: 23 Jun 2022 06:42
PPN:
Referenten: Sadeghi, Prof. Ahmad-Reza ; Mentens, Prof. Nele
Datum der mündlichen Prüfung / Verteidigung / mdl. Prüfung: 20 September 2021
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen