Software Certification and Attestation Rajat Moona Director General, C-DAC.

Slides:

Advertisements

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Advertisements

Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr.

Jeff Bilger - CSE P 590TU - Winter 2006 The Role of Cryptography in Combating Software Piracy.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures and Hash Functions. Digital Signatures.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

MD5 Summary and Computer Examination Process Introduction to Computer Forensics.

Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

1 ES 314 Advanced Programming Lec 2 Sept 3 Goals: Complete the discussion of problem Review of C++ Object-oriented design Arrays and pointers.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Feb 19, 2002Mårten Trolin1 Previous lecture Practical things about the course. Example of cryptosystem — substitution cipher. Symmetric vs. asymmetric.

1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Trusted Computing Technologies for Embedded Systems and Sensor Networks Adrian Perrig Carnegie Mellon University.

Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication.

1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden

Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.

Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.

Alternate Version of STARTING OUT WITH C++ 4 th Edition Chapter 1 Introduction to Computers and Programming.

Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2

.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,

Message Authentication  message authentication is concerned with: protecting the integrity of a message protecting the integrity of a message validating.

Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.

Cryptography, Authentication and Digital Signatures

4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.

11.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 11 Message Integrity and Message Authentication.

11-Basic Cryptography Dr. John P. Abraham Professor UTPA.

Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.

Chapter 8 – Network Security Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some.

Csci5233 computer security & integrity 1 Cryptography: an overview.

MD5 Summary and Computer Examination Process Introduction to Computer Forensics.

Digital Signatures, Message Digest and Authentication Week-9.

Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme

Chapter 11 Message Authentication and Hash Functions.

Cryptography: Digital Signatures Message Digests Authentication

Authentication. Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice” Failure scenario?? “I am Alice”

By Sandeep Gadi 12/20/  Design choices for securing a system affect performance, scalability and usability. There is usually a tradeoff between.

PPP Configuration.

CS426Fall 2010/Lecture 51 Computer Security CS 426 Lecture 5 Cryptography: Cryptographic Hash Function.

Hashes Lesson Introduction ●The birthday paradox and length of hash ●Secure hash function ●HMAC.

IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.

9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.

 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

LAB#6 MAC & MASSAGE DIGEST CPIT 425. Message Authentication 2  Message authentication is a mechanism used to verify the integrity of a message.  Message.

Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.

Unit 3 Section 6.4: Internet Security

Cryptographic Hash Functions

Cryptographic Hash Function

Trusted Computing and the Trusted Platform Module

Outline What does the OS protect? Authentication for operating systems

Outline What does the OS protect? Authentication for operating systems

Cryptographic Hash Functions

Cryptographic Hash Functions Part I

AEGIS: Secure Processor for Certified Execution

Cryptographic Hash Functions Part I

Security in SDR & cognitive radio

Presentation transcript:

Software Certification and Attestation Rajat Moona Director General, C-DAC

Issues General purpose systems vs. embedded systems Systems with embedded storage Processors with embedded memories without any physical access Inability to probe memory/storage contents Increased dependency on the secure solutions

Software Certification Isn’t about the software correctness. Isn’t about the software verification or evaluation of programming skills Is about ensuring that the software performs the stated goal to the best achievable manner. – Does not carry any malicious code Often independent code examination results in better quality – but that can at best be the side effect of software certification and not its goal.

Software Attestation Problem Given a certified software (aka reference software), – The problem is to identify if the system implementing the functionality is running the “same” software or not. Assuming that the certified software image is available (byte-by-byte) – The solution is to compare each byte of the code in the system memory image. – But the system memory image is not accessible.

Associated challenges Who will attest the software? – The issue largely is “who will have the reference software image?” Even if the reference image is in a verification system from where it can not be read, – The verification system needs to read the memory contents from DuV.

Software Attestation Device under verification (DuV) Software Attestation System Reference Software Outcome: Verified? [Y/N]

Solution 1 Device under verification (DuV) Reference Software Outcome: Verified? [Y/N] Software Attestation System Interrogate and examine SAS sends a message to dump the memory contents and matches against the reference software.

Simple solution The SAS sends a simple message. The return message is the whole image of the memory – Issue of the code protection – Volume of data and time to process. A malicious system can still get round it by maintaining two copies – one to execute, another one for proving genuine-ness. Alternate mechanisms: Challenge Response methods.

Malicious Device Reference Software Outcome: Verified? [Y/N] Software Attestation System DuV

Some problems are handlable For example, the image of the software need not be given. Instead a hash can be computed and given. Hashes are one way functions. (For example MD5, SHA1, SHA2 etc.)

One way functions Problem: – Given a message m, find a number n derived from m in such a way that it is impractical to find m when only n is known. –  One way function. m can be converted to n but not vice versa. A good hash function also has a property that given a message and its hash, it is impractical to find another message that results in the same hash. Also known as Hash or Message Digest. Various standard algorithms exist such as MD2, MD4, MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 etc. One way functions are very commonly used. For example the passwords are stored in Unix systems using one-way functions. Cryptographic applications and communications use one-way functions for applications such as digital signatures, message integrity etc.

Volume of processing Can be handled by successive interrogating. – Memory may be viewed as an array of bytes. – Each interrogation message will provide an address (a) and length (l) the array to examine – The DuV will provide mem[a], mem[a+1] … mem[a+l-1] Or the hash computed from these values. Successive unplanned and random interrogations can remove the chances of the existence of the malicious code.

Malicious code What are the possibilities? – Malicious code has to behave like genuine code in most cases, otherwise it will be noticed. – Malicious code can be activated through special inputs By messages, by pressing a sequence of buttons, by remote control etc. But the inputs mechanisms can not be increased. – Malicious code has to hide within the genuine code.

Malicious code Can be an additional code – In which case, there must be some kinds of “jump” from the genuine code too. Can be modified code. – Too much of modifications can be caught if the memory image is taken (and the scheme is likely to work). Code can not be injected from outside unless the genuine code permits that and in that case, it is part of the functionality.

Detection of malicious code By Challenge response mechanism

Challenge Response Authentication Do you know that secret that I have? – Send a challenge – Expect a response which can be verified. – If verification is successful then with a very high probability, the other party is genuine. Challenge – Must be fresh, or with at least non-guessable response, for each time. – Examples: Time Stamp Counter Random Number

Send E(K AB, rA) Authentication Assume Secret existence at two sides A A B B Send rA K AB Send rB Send E(K AB, rB) What if I don’t have access to a cryptographic algorithm?

Detection of malicious code While challenge response mechanism solves some issues – It still does not solve the problem if the DuV maintains separate copies of the code to execute and code for providing response. Include the dynamic behaviors in the response verification. – Contents of RAM etc. The RAM contents are time variant and not all are reproducible. – Select a set that is reproducible. But it limits the choices

Run-time Examples of verifiable variables – Last message received from the outside – Last key pressed – Time of the day to certain precision – Correlation of all – Hash of all the keys pressed or all the messages received – Hash of time stamped messages/keys

Issues What if the malicious device maintains these variables in the same manner also? The problem is open but limits the options on the malicious code – Since the malicious code activation requires the same inputs and the code verification process does not know what input may be given.

Behavioral verification Include the time taken to provide response to the challenge. Since the malicious code will have to execute additional instructions, it will be slower to catch up. The focus shifts to “what if the malicious device uses a faster processor?” – Relatively an easier mechanism to handle.

Conclusion Software attestation problem is an interesting problem – Requires simple but enormous heuristic approaches Solutions are imperfect but then – “Every criminal leaves a trail behind”. The issue is to recognize the trail.