1 ISO 9000 Certification- an overview Presented by Mohamad Fawaz, Managing Partner UMB-QMI.
PowerAlert: An Integrity Checker using Power...
Transcript of PowerAlert: An Integrity Checker using Power...
![Page 1: PowerAlert: An Integrity Checker using Power Measurementpublish.illinois.edu/.../files/2017/07/11162016-Fawaz-1.pdf · 2017. 7. 20. · Ahmed Fawaz 11/16/2016. Submitted to IEEE S&P’17.](https://reader036.fdocuments.us/reader036/viewer/2022071420/6119994a00027c453542b0cb/html5/thumbnails/1.jpg)
PowerAlert: An Integrity Checker using Power
MeasurementAhmed Fawaz11/16/2016
Submitted to IEEE S&P’17
![Page 2: PowerAlert: An Integrity Checker using Power Measurementpublish.illinois.edu/.../files/2017/07/11162016-Fawaz-1.pdf · 2017. 7. 20. · Ahmed Fawaz 11/16/2016. Submitted to IEEE S&P’17.](https://reader036.fdocuments.us/reader036/viewer/2022071420/6119994a00027c453542b0cb/html5/thumbnails/2.jpg)
Problem Description
How to validate the integrity of software against a slow and stealthy attacker without any trusted components
in the machine?
• Trusting data from monitors such as Kobra
![Page 3: PowerAlert: An Integrity Checker using Power Measurementpublish.illinois.edu/.../files/2017/07/11162016-Fawaz-1.pdf · 2017. 7. 20. · Ahmed Fawaz 11/16/2016. Submitted to IEEE S&P’17.](https://reader036.fdocuments.us/reader036/viewer/2022071420/6119994a00027c453542b0cb/html5/thumbnails/3.jpg)
Solution Approach
![Page 4: PowerAlert: An Integrity Checker using Power Measurementpublish.illinois.edu/.../files/2017/07/11162016-Fawaz-1.pdf · 2017. 7. 20. · Ahmed Fawaz 11/16/2016. Submitted to IEEE S&P’17.](https://reader036.fdocuments.us/reader036/viewer/2022071420/6119994a00027c453542b0cb/html5/thumbnails/4.jpg)
Threat Model
• Host machine is untrusted with attacker changing the kernel (rootkit)• Attacker does not modify the hardware (clock rate, firmware,…)• Attacker will attempt to deceive PowerAlert
Proxy Attack Data Pointer Redirection
Static Analysis
ActiveAnalysis
Attacker Hiding
ForceRetraining
Use a remote machine to compute
Keep a cleancopy of memory
Attempt to precompute
Learn how the programworks
Hide when the checkerruns
Learn a tampered model
![Page 5: PowerAlert: An Integrity Checker using Power Measurementpublish.illinois.edu/.../files/2017/07/11162016-Fawaz-1.pdf · 2017. 7. 20. · Ahmed Fawaz 11/16/2016. Submitted to IEEE S&P’17.](https://reader036.fdocuments.us/reader036/viewer/2022071420/6119994a00027c453542b0cb/html5/thumbnails/5.jpg)
Solution
• Diversity of the IC-program to thwart adaptation• Measure current independently• Run the checker at random times
![Page 6: PowerAlert: An Integrity Checker using Power Measurementpublish.illinois.edu/.../files/2017/07/11162016-Fawaz-1.pdf · 2017. 7. 20. · Ahmed Fawaz 11/16/2016. Submitted to IEEE S&P’17.](https://reader036.fdocuments.us/reader036/viewer/2022071420/6119994a00027c453542b0cb/html5/thumbnails/6.jpg)
PowerAlert Protocol
1. Start protocol2. Generate the IC-program3. Start measurement4. Verify the output and the current
measurements
Verifier:
1. Pause all tasks2. Load the IC-program3. Run the IC-program4. Return the result
Prover:
![Page 7: PowerAlert: An Integrity Checker using Power Measurementpublish.illinois.edu/.../files/2017/07/11162016-Fawaz-1.pdf · 2017. 7. 20. · Ahmed Fawaz 11/16/2016. Submitted to IEEE S&P’17.](https://reader036.fdocuments.us/reader036/viewer/2022071420/6119994a00027c453542b0cb/html5/thumbnails/7.jpg)
Generation of IC-programs
![Page 8: PowerAlert: An Integrity Checker using Power Measurementpublish.illinois.edu/.../files/2017/07/11162016-Fawaz-1.pdf · 2017. 7. 20. · Ahmed Fawaz 11/16/2016. Submitted to IEEE S&P’17.](https://reader036.fdocuments.us/reader036/viewer/2022071420/6119994a00027c453542b0cb/html5/thumbnails/8.jpg)
LFSR Generation
![Page 9: PowerAlert: An Integrity Checker using Power Measurementpublish.illinois.edu/.../files/2017/07/11162016-Fawaz-1.pdf · 2017. 7. 20. · Ahmed Fawaz 11/16/2016. Submitted to IEEE S&P’17.](https://reader036.fdocuments.us/reader036/viewer/2022071420/6119994a00027c453542b0cb/html5/thumbnails/9.jpg)
Power Finite State Machine
![Page 10: PowerAlert: An Integrity Checker using Power Measurementpublish.illinois.edu/.../files/2017/07/11162016-Fawaz-1.pdf · 2017. 7. 20. · Ahmed Fawaz 11/16/2016. Submitted to IEEE S&P’17.](https://reader036.fdocuments.us/reader036/viewer/2022071420/6119994a00027c453542b0cb/html5/thumbnails/10.jpg)
Power Measurement
![Page 11: PowerAlert: An Integrity Checker using Power Measurementpublish.illinois.edu/.../files/2017/07/11162016-Fawaz-1.pdf · 2017. 7. 20. · Ahmed Fawaz 11/16/2016. Submitted to IEEE S&P’17.](https://reader036.fdocuments.us/reader036/viewer/2022071420/6119994a00027c453542b0cb/html5/thumbnails/11.jpg)
Measurements
![Page 12: PowerAlert: An Integrity Checker using Power Measurementpublish.illinois.edu/.../files/2017/07/11162016-Fawaz-1.pdf · 2017. 7. 20. · Ahmed Fawaz 11/16/2016. Submitted to IEEE S&P’17.](https://reader036.fdocuments.us/reader036/viewer/2022071420/6119994a00027c453542b0cb/html5/thumbnails/12.jpg)
Timing ModelIC-program runtime:
Network runtime:
![Page 13: PowerAlert: An Integrity Checker using Power Measurementpublish.illinois.edu/.../files/2017/07/11162016-Fawaz-1.pdf · 2017. 7. 20. · Ahmed Fawaz 11/16/2016. Submitted to IEEE S&P’17.](https://reader036.fdocuments.us/reader036/viewer/2022071420/6119994a00027c453542b0cb/html5/thumbnails/13.jpg)
Verification Process
• Power Language:
• Timing verification:
![Page 14: PowerAlert: An Integrity Checker using Power Measurementpublish.illinois.edu/.../files/2017/07/11162016-Fawaz-1.pdf · 2017. 7. 20. · Ahmed Fawaz 11/16/2016. Submitted to IEEE S&P’17.](https://reader036.fdocuments.us/reader036/viewer/2022071420/6119994a00027c453542b0cb/html5/thumbnails/14.jpg)
Example
![Page 15: PowerAlert: An Integrity Checker using Power Measurementpublish.illinois.edu/.../files/2017/07/11162016-Fawaz-1.pdf · 2017. 7. 20. · Ahmed Fawaz 11/16/2016. Submitted to IEEE S&P’17.](https://reader036.fdocuments.us/reader036/viewer/2022071420/6119994a00027c453542b0cb/html5/thumbnails/15.jpg)
Design of IC-program
![Page 16: PowerAlert: An Integrity Checker using Power Measurementpublish.illinois.edu/.../files/2017/07/11162016-Fawaz-1.pdf · 2017. 7. 20. · Ahmed Fawaz 11/16/2016. Submitted to IEEE S&P’17.](https://reader036.fdocuments.us/reader036/viewer/2022071420/6119994a00027c453542b0cb/html5/thumbnails/16.jpg)
Attacker-Verifier Games
• Players:• Attacker• Defender
• Actions:• Attacker hide @ {ta1, ta2, tan, …}• Defender verify @ {td1, td2, tdn, …}
• Strategy: pick the time instances
![Page 17: PowerAlert: An Integrity Checker using Power Measurementpublish.illinois.edu/.../files/2017/07/11162016-Fawaz-1.pdf · 2017. 7. 20. · Ahmed Fawaz 11/16/2016. Submitted to IEEE S&P’17.](https://reader036.fdocuments.us/reader036/viewer/2022071420/6119994a00027c453542b0cb/html5/thumbnails/17.jpg)
Strategy selection
• Defender is assumed to have a renewal strategy with rate \lambda
![Page 18: PowerAlert: An Integrity Checker using Power Measurementpublish.illinois.edu/.../files/2017/07/11162016-Fawaz-1.pdf · 2017. 7. 20. · Ahmed Fawaz 11/16/2016. Submitted to IEEE S&P’17.](https://reader036.fdocuments.us/reader036/viewer/2022071420/6119994a00027c453542b0cb/html5/thumbnails/18.jpg)
Detection probability
![Page 19: PowerAlert: An Integrity Checker using Power Measurementpublish.illinois.edu/.../files/2017/07/11162016-Fawaz-1.pdf · 2017. 7. 20. · Ahmed Fawaz 11/16/2016. Submitted to IEEE S&P’17.](https://reader036.fdocuments.us/reader036/viewer/2022071420/6119994a00027c453542b0cb/html5/thumbnails/19.jpg)
Attacker Utility
![Page 20: PowerAlert: An Integrity Checker using Power Measurementpublish.illinois.edu/.../files/2017/07/11162016-Fawaz-1.pdf · 2017. 7. 20. · Ahmed Fawaz 11/16/2016. Submitted to IEEE S&P’17.](https://reader036.fdocuments.us/reader036/viewer/2022071420/6119994a00027c453542b0cb/html5/thumbnails/20.jpg)
Evasion Rate
![Page 21: PowerAlert: An Integrity Checker using Power Measurementpublish.illinois.edu/.../files/2017/07/11162016-Fawaz-1.pdf · 2017. 7. 20. · Ahmed Fawaz 11/16/2016. Submitted to IEEE S&P’17.](https://reader036.fdocuments.us/reader036/viewer/2022071420/6119994a00027c453542b0cb/html5/thumbnails/21.jpg)
Performance
![Page 22: PowerAlert: An Integrity Checker using Power Measurementpublish.illinois.edu/.../files/2017/07/11162016-Fawaz-1.pdf · 2017. 7. 20. · Ahmed Fawaz 11/16/2016. Submitted to IEEE S&P’17.](https://reader036.fdocuments.us/reader036/viewer/2022071420/6119994a00027c453542b0cb/html5/thumbnails/22.jpg)
Security Analysis
Proxy Attack Data Pointer Redirection
Static Analysis Active Analysis Attacker Hiding Force Retraining
Use a remote machine to compute
Keep a clean copy of memory
Attempt to precompute
Learn how the program works
Hide when the checker runs
Learn a tampered model
Network timing will detect redirection
IC-program optimized to detect k=4
The structure is flattened thus NP-Hard
• Change of the IC-program preventsadaptation.
• Space of programs big.
Defenderstrategy leads to attacker slow down
Retraining is only done with a clean HDD
![Page 23: PowerAlert: An Integrity Checker using Power Measurementpublish.illinois.edu/.../files/2017/07/11162016-Fawaz-1.pdf · 2017. 7. 20. · Ahmed Fawaz 11/16/2016. Submitted to IEEE S&P’17.](https://reader036.fdocuments.us/reader036/viewer/2022071420/6119994a00027c453542b0cb/html5/thumbnails/23.jpg)
Conclusion
• We use power measurements as a trust base
• The IC-program diversity prevents the attacker from adapting
• The defender's strategy results in the attacker detection