Tamper Resistant Software: An Implementation By David Aucsmith, IAL In Information Hiding Workshop, RJ Anderson (ed), LNCS, 1174, pp. 317-333, 1996. “Integrity.

Slides:

Advertisements

Similar presentations

Operating System Security

Advertisements

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

Dynamic Self-Checking Techniques for Improved Tamper Resistance Bill Horne, Lesley Matheson, Casey Sheehan, Robert E. Tarjan STAR Lab, InterTrust Technologies.

Tamper Resistant Software An Implementation By David Aucsmith, IAL “This paper describes a technology for the construction of tamper resistant software.”

Chapter 6 Security Kernels.

Software Certification and Attestation Rajat Moona Director General, C-DAC.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Threat Modeling for Hostile Client Systems Avni Rambhia.

1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker ： LIN, KENG-CHU.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE

EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

Applied Cryptography for Network Security

Wireless Sensor Network Security Anuj Nagar CS 590.

Computer Security: Principles and Practice

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus

1 FIPS 140 Validation for a “System-on-a-Chip” September 27, 2005 NIST Physical Testing Workshop.

Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,

Protecting Web 2.0 Services from Botnet Exploitations Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second Nguyen H Vo, Josef Pieprzyk Department.

Cryptography and Network Security

Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY

多媒體網路安全實驗室 An Efficient RFID Authentication Protocol for Low-cost Tags Date ： Reporter : Hong Ji Wei Authors : Yanfei Liu From : 2008 IEEE/IFIP.

Cryptography on Non-Trusted Machines Stefan Dziembowski.

1 Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and.

Trusted Computing Or How I Learned to Stop Worrying and Love the MPAA.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Chapter 21 Distributed System Security Copyright © 2008.

Applying White-Box Cryptography SoBeNet user group meeting October 8, 2004 Brecht Wyseur.

Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.

Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson

出處 :2010 2nd International Conference on Signal Processing Systems (ICSPS) 作者 :Zhidong Shen 、 Qiang Tong 演講者 : 碩研資管一甲吳俊逸.

G53SEC 1 Reference Monitors Enforcement of Access Control.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Payment in Identity Federations David J. Lutz Universitaet Stuttgart.

1 Part 7: State of the Art and Future u Are we in a sorry state? u How to keep us Safe? u Software trust management u Hardware trust management u Evasive.

Wireless and Mobile Security

PGP & IP Security  Pretty Good Privacy – PGP Pretty Good Privacy  IP Security. IP Security.

Introduction Program File Authorization Security Theorem Active Code Authorization Authorization Logic Implementation considerations Conclusion.

Protecting The Kernel Data through Virtualization Technology BY VENKATA SAI PUNDAMALLI id :

Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Introduction to Network Systems Security Mort Anvari.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

By Ramesh Mannava.  Overview  Introduction  10 secure software engineering topics  Agile development with security development activities  Conclusion.

Database Laboratory Regular Seminar TaeHoon Kim Article.

Pertemuan #8 Key Management Kuliah Pengaman Jaringan.

Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.

Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.

How To Do Outline of Research Paper

Cryptographic Hash Function

AEGIS: Secure Processor for Certified Execution

Student: Ying Hong Course: Database Security Instructor: Dr. Yang

Presentation transcript:

Tamper Resistant Software: An Implementation By David Aucsmith, IAL In Information Hiding Workshop, RJ Anderson (ed), LNCS, 1174, pp , “Integrity Verification Kernels (IVKs) … can be inserted into software to verify the integrity of critical operations. [They] cannot be observed or modified.” Presented by Andrew Paxie 14 September 2000

Overview of Paper Introduction Threat Model Principles and Architecture Integrity Verification Kernels Interlocking Trust Integrity Verification Protocol Technology Extensions Conclusion The focus of my presentation

Threat Model (I) Outsider trying to get in. (II) Malicious code running on system. (III) Complete control over system. (a) No special tools. (b) Specialized software analysis tools. (c) Specialized hardware analysis tools. “Threat follows value.” Defend against these threats

IVK Principles “Software [must] contain a secret … [as this] forms the basis for the trust that the application has not been tampered with.” Hide the secret and make its recovery difficult: –Disperse it in time and space (cf. Shannon). –Obfuscate and interleave operations. –Make code installation unique (cf. Cohen). –Provide an interlocking trust mechanism.

Interlocking Trust “…the failure or by-pass of any one IVK will be detected by another.” The idea comes from authentication protocol design. –This is a challenge-response protocol. –Defend against man-in-the-middle. –Defend against message replay.

Integrity Verification Protocol (1) Definitions: App = an application -Contains an IVK which participates in the IV protocol. eIVK = entry IVK. -Has a well known address, A E System Integrity Program -Contains eIVK and (an)other IVK(s) -Is available to all programs. App System Integrity Program eIVKIVK 1a 1b 1c

Integrity Verification Protocol (2) Notation: – For a module, X, X = A, E, S: K X is a key for X, K 1 X is public, K -1 X is private. H X is a hash function computed on X. R X is a random value X creates. A X is the address of module X. –F is a flag storing test results as each protocol step runs. Assume that: –H is well known to all IVKs. –A contains location and size info.

Integrity Verification Protocol (3) Key to protocol steps: –Challenge. –Integrity check. –Response. –Response check. Protocol points: –Verify yourself and others before proceeding. –Use random numbers to defend against replay eIVK (E) 10 App IVK (A) SIP IVK (S)

Integrity Verification Protocol (4) eIVK (E) App IVK (A) SIP IVK (S) F = 0? 1 (1) A verifies self F 0 := (H A = K 1 A [K -1 A [H A ]]) 2 (2) A challenges E A->E: K 1 E [K 1 E [H A ] | F | A A | R A ] 3 (3) E verifies self F 1 := (H E = K -1 E [K 1 E [H E ]]) 4 (4) E verifies A F 2 := (H A = K -1 E [K 1 E [H A ]]) 12 (12) E responds to A E->A: K -1 E [F | R A ] 13 (13) A checks response F 8 := (R A = K 1 E [R A ])

Conclusion Aucsmith combines a variety of techniques to ‘armour’ an IVK against observation and modification. The integrity verification protocol is integral to the mechanism. Q: Does the technique outlined defend against the threat categories proposed?