Teaching: Secure Systems Presentation to HP Denis A Nicole
Taught Modules Existing: COMP2040 Secure Systems, Pt II, 5 ECTS †. New: COMP3217 Secure Systems, Pt III, 7.5 ECTS. † European Credit Transfer & Accumulation System. 60 ECTS make up a typical year of study. 2
New Syllabus Background: types of attack and attacker, range of systems Wireless ID: ISO14443, Mifare, E- Passports and related near-field communications systems Card security, EMV payment systems, GSM and SIM cards Physical security: chip and pin machines, secure modules Wired and WiFi network security Examples of weak cryptosystems: GSM, WEP 3 Password vulnerabilities Public Key infrastructure Penetration testing of web-based systems Hardware vulnerabilities Side channel attacks: power analysis and resistant designs OS vulnerabilities: patch management, rootkits and viruses Infrastructure attacks: smart grids, the Italian Job, cyber-warfare
Hands-on laboratory work RFID CHIP AND PIN Penetration testing: PonziBank (with Netcraft) Side Channels 4
Which do you trust? 5
Mifare detuning: coupled oscillators 6
125kHz tag spoofer: PCB design exercise 7 For all first year Electronics students
8 EMV electrical protocol C1 Vcc (+5V, 55mA until Jan 2014) C2 Reset (active low) C3 Clock (1MHz to 5MHz) C5 Ground C7 Input/Output (1 bit = 372 clocks)
Check a PIN 9 Sending: 80 CA 9F How many tries do I have left? Received: 9F Three. It might not tell you! Sending: FF FF FF FF FF Is it 0000? Received: 63 C2 Nope; two tries left State of non-volatile memory changed. Counter: 0x2 Sending: FF FF FF FF FF 0001? Received: Yes Sending: 80 CA 9F Received: 9F We’re back to three tries If you “brick” your card, an ATM should check online and reset it. Gives a good introduction to ASN.1
PonziBank 10
Research: C/C++ Verification Presentation to HP Denis A Nicole
Our contribution to security A whole new class of software vulnerabilities arise in “multicore” chips: all modern phones, desktops and servers. The vulnerabilities are timing-dependent and cannot usually be found by conventional testing. 12
ESBMC is a Collaboration between University of Southampton –Jeremy Morse and Denis Nicole Federal University of Amazonas, Brazil –Mikhail Ramalho, Mauro Freitas, Felipe Sousa, Hendrio Marques and Lucas Cordeiro University of Stellenbosch, South Africa –Bernd Fischer 13
ESBMC is a bounded model checker It exhaustively analyses all possible behaviours of a (multithreaded) C or C++ program up to a fixed depth of –loop iteration (including backward jumps and recursion), –thread interleaving. Within these bounds, it checks for –C errors: pointer errors, arithmetic errors, array bounds, malloc() / free(), assert() failures, data races, etc. –Violation of Linear Temporal Logic specifications. 14
Model Checking is not Simulation Simulation (testing) checks correctness for a particular input and a particular thread interleaving. You need to run multiple simulations with different data and different timing before you get some assurance. Model Checking exhaustively analyses all possible behaviours over a range of possible inputs and generates a witness, a trace of program state, if there are any possible failures. Good-coverage simulation may be effective against “random” errors; it offers little protection against tailored attacks. 15
Improvement by competition The field of C model checking research is now large enough to support annual competitions; perhaps the best known is that held in conjunction with the International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS). The team is proud to report that ESBMC v1.17 won the Gold Medal in the SystemC and Concurrency categories and the Bronze Medal in the overall ranking of the first International Competition on Software Verification at TACAS ESBMC v1.20 won the Bronze Medal in the overall ranking of the second competition at TACAS