Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tamper Resistant Software: An Implementation By David Aucsmith, IAL In Information Hiding Workshop, RJ Anderson (ed), LNCS, 1174, pp. 317-333, 1996. “Integrity.

Similar presentations


Presentation on theme: "Tamper Resistant Software: An Implementation By David Aucsmith, IAL In Information Hiding Workshop, RJ Anderson (ed), LNCS, 1174, pp. 317-333, 1996. “Integrity."— Presentation transcript:

1 Tamper Resistant Software: An Implementation By David Aucsmith, IAL In Information Hiding Workshop, RJ Anderson (ed), LNCS, 1174, pp. 317-333, 1996. “Integrity Verification Kernels (IVKs) … can be inserted into software to verify the integrity of critical operations. [They] cannot be observed or modified.” Presented by Andrew Paxie 14 September 2000

2 Overview of Paper Introduction Threat Model Principles and Architecture Integrity Verification Kernels Interlocking Trust Integrity Verification Protocol Technology Extensions Conclusion The focus of my presentation

3 Threat Model (I) Outsider trying to get in. (II) Malicious code running on system. (III) Complete control over system. (a) No special tools. (b) Specialized software analysis tools. (c) Specialized hardware analysis tools. “Threat follows value.” Defend against these threats

4 IVK Principles “Software [must] contain a secret … [as this] forms the basis for the trust that the application has not been tampered with.” Hide the secret and make its recovery difficult: –Disperse it in time and space (cf. Shannon). –Obfuscate and interleave operations. –Make code installation unique (cf. Cohen). –Provide an interlocking trust mechanism.

5 Interlocking Trust “…the failure or by-pass of any one IVK will be detected by another.” The idea comes from authentication protocol design. –This is a challenge-response protocol. –Defend against man-in-the-middle. –Defend against message replay.

6 Integrity Verification Protocol (1) Definitions: App = an application -Contains an IVK which participates in the IV protocol. eIVK = entry IVK. -Has a well known address, A E System Integrity Program -Contains eIVK and (an)other IVK(s) -Is available to all programs. App System Integrity Program eIVKIVK 1a 1b 1c

7 Integrity Verification Protocol (2) Notation: – For a module, X, X = A, E, S: K X is a key for X, K 1 X is public, K -1 X is private. H X is a hash function computed on X. R X is a random value X creates. A X is the address of module X. –F is a flag storing test results as each protocol step runs. Assume that: –H is well known to all IVKs. –A contains location and size info.

8 Integrity Verification Protocol (3) Key to protocol steps: –Challenge. –Integrity check. –Response. –Response check. Protocol points: –Verify yourself and others before proceeding. –Use random numbers to defend against replay eIVK (E) 10 App IVK (A) SIP IVK (S) 13 9 3 2 1 6 5 48 7 11 12

9 Integrity Verification Protocol (4) eIVK (E) App IVK (A) SIP IVK (S) F = 0? 1 (1) A verifies self F 0 := (H A = K 1 A [K -1 A [H A ]]) 2 (2) A challenges E A->E: K 1 E [K 1 E [H A ] | F | A A | R A ] 3 (3) E verifies self F 1 := (H E = K -1 E [K 1 E [H E ]]) 4 (4) E verifies A F 2 := (H A = K -1 E [K 1 E [H A ]]) 12 (12) E responds to A E->A: K -1 E [F | R A ] 13 (13) A checks response F 8 := (R A = K 1 E [R A ])

10 Conclusion Aucsmith combines a variety of techniques to ‘armour’ an IVK against observation and modification. The integrity verification protocol is integral to the mechanism. Q: Does the technique outlined defend against the threat categories proposed?


Download ppt "Tamper Resistant Software: An Implementation By David Aucsmith, IAL In Information Hiding Workshop, RJ Anderson (ed), LNCS, 1174, pp. 317-333, 1996. “Integrity."

Similar presentations


Ads by Google