Download Mobile Appliance Security: Challenges and Concerns

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
Document related concepts

Power engineering wikipedia , lookup

Transcript 
Mobile Appliance Security:
Concerns and Challenges
Mahesh Mamidipaka
ICS 259: Seminar in Design Science
1. Securing Mobile Appliances: New Challenges for the System Designer
- A. Raghunathan, S. Ravi, S. Hattangady, J. Quisquater (DATE’ 03)
2. Masking Energy Behavior of DES Encryption
- H. Saputra, N. Vijaykrishnan, N. Kandemir, et al. (DATE’ 03)
3. Wireless Network Security - Tom Karrygiannis and Jes Owens, NIST
http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf
Outline




Introduction
Security Concerns
Design Challenges
Security Attacks on Smart Cards
– Power analysis based attack
 Masking Energy Behavior for DES
Encryption (DATE’ 03)
Introduction
 Mobile appliances widely used (PDAs, Cell
Phones, Smart Cards, etc.)
 Involves sensitive information: increased
security concerns
 Success of emerging technologies to
depend on ensuring adequate security
– Security cited as single largest concern among
prospective m-commerce users
Unique Challenges
 Knowledge and experience from wired
internet gives us a head start (not sufficient)
 Unique challenges:
– Use of public transmission medium
– Potentially unlimited points of access
– Vulnerable to theft, loss, and corruptibility
– Constraints on power, cost, and weight
 Need for techniques at every aspect of
design to meet the challenges
Outline





Introduction
Security Concerns
Design Challenges
Security Attacks on Smart Cards
Masking Energy Behavior for DES
Encryption
Security Issues
Tamper-resistant
Implementation
Secure SW
Execution
User
Identification
Secure
Storage
Secure
Content
Secure Data
Communication
Secure Network
Access
Secure Data Communication
 Employ security protocols to various layers of
network protocol stack
– Achieve peer authentication, privacy, data integrity etc.
– cryptographic algorithms act as building blocks
 Examples Network layer protocols:
– Cellular technologies: GSM, CDPD
– Wireless LAN: IEEE 802.11
– Wireless PAN: Bluetooth
 Distinct protocols needed at various layers
– Network layer protocol secures link between wireless
client, access point, base station or gateway
– Need complementary security mechanisms at higher
protocol layers (Eg. WTLS in WAP)
Outline





Introduction
Security Concerns
Design Challenges
Security Attacks on Smart Cards
Masking Energy Behavior for DES
Encryption
Design Challenges
 Various challenges and considerations for
mobile appliance security
– Flexible security architecture: to support diverse
security protocols and crypto algorithms
– Computational requirement for security
processing
– Impact of security processing on battery life
– Tamper-resistant implementation
Flexibility
 Ability to cater wide variety of security protocols
– Example: Support for both WEP and 3GPP algorithms
to work in LAN and 3G cellular environments
 Support for distinct security standards at different
layers of network protocol stack
– Example: WEP (link layer) and SSL (transport layer)
support for wireless LAN enabled PDA with web support
 Security protocols continuously evolving
– Protocols revised to enable new security services, new
crypto algorithms etc.
Computational Requirements
Processing Requirements for a security protocol using RSA based
Connection 3DES based encryption/decryption and SHA based integrity
Battery life
 Reduced battery life due to increased
computational requirements
 Case study: Sensor node with Motorola
Dragon Ball processor (MC68328)
 Energy Consumption:
– Transmission: 21.5 mJ/KB
– Reception: 14.3 mJ/KB
– RSA based encryption:
42mJ/KB
Tamper-Resistance
 Security protocols and mechanisms are
independent of implementation specifics
– Assumption being malicious entities do not have access
to implementation
 Observing properties of the implementation can
enable breaking of ‘secret key’
 Sensitive data is vulnerable
– During on-chip communication
– When simply stored in mobile appliance (secondary
storage like flash, main memory, caches, register files)
Outline





Introduction
Security Concerns
Design Challenges
Security Attacks on Smart Cards
Masking Energy Behavior for DES
Encryption
Security Attacks on Smart Cards
 Security attacks on smart cards can be classified
as:
– Microprobing
 Invasive technique that manipulates the internal circuits
– Software attacks
 Focuses on protocol or algorithm weakness
– Eavesdropping
 Hacks secret keys by monitoring power consumption, EM
radiation, and execution time
– Fault generation
 Based on intentional malfunction of the circuit
 Techniques like supply voltage change, exposing circuit to
radiation etc.
Eavesdropping power profile
 Rationale: Power consumption of an operation
depends on its operand values
– Operands are plain text and secret key in crypto
algorithms
– Switching activity varies in memory, buses, datapath
units, and pipeline registers based on operand values
 Different degrees of sophistication involved in
power analysis based attacks
– Simple Power Analysis (SPA): uses single power profile
– Differential Power Analysis (DPA): uses power profiles
from multiple runs
Simple Power Analysis
 Based on single power trace for operations
 Identify operations being performed based on
power profile
– Whether a branch is taken or not
– Whether an exponentiation operation is performed or
not
 Knowing the algorithm and power profile, secret
key can be revealed
 Protection from SPA:
– Code restructuring
– Random noise insertion for power variation
– Adding dummy modules
Differential Power Analysis
 Utilizes power profiles gathered from multiple runs
 Basic principle similar to SPA: relies on data
dependent power variation to break key
 Averaging used to eliminate random noises
 P.Kocher, J. Jaffer, and B. Jun “Introduction to
Differential Power Analysis and Related Attacks”,
http://www.cryptography.com/dpa/technical, 1998
Outline





Introduction
Security Concerns
Design Challenges
Security Attacks on Smart Cards
Masking Energy Behavior for DES
Encryption
Energy Masking for DES
 Architecture to have secure and non-secure
instructions
– Power consumption for secure instructions data
independent
 Critical operations in DES encryption:
–
–
–
–
Assignment
Bit by bit addition modulo 2 (XOR)
Shift operation
Indexing operation
 Instructions involving secret key replaced with
secure instructions
Secure load instruction
Energy consumption profiles
Masking energy in DES
 Energy consumption more for secure
instructions than non-secure instructions
– EDiss w/o masking: 46.4 uJ
– EDiss w/ naïve masking: 63.6 uJ (all loads and
stores masked)
– EDiss w/ smart masking: 52.6 uJ (only ‘secret
key’ related instructions masked)
Back to presentation
Related documents
Security challenges in the lighting use case
Security challenges in the lighting use case
Smart cards
Smart cards
Introduction - Computer Science
Introduction - Computer Science
Lectures 14 Experimental Methods
Lectures 14 Experimental Methods
No Slide Title
No Slide Title
[Powerpoint] - SQLSaturday_Powerpoint_
[Powerpoint] - SQLSaturday_Powerpoint_
Systems Security
Systems Security
William Stallings, Cryptography and Network Security 5/e
William Stallings, Cryptography and Network Security 5/e
Database Security - University of Scranton: Computing Sciences Dept.
Database Security - University of Scranton: Computing Sciences Dept.
New technologies By all accounts, nanotechnology – the science of
New technologies By all accounts, nanotechnology – the science of
Research Areas - The George Washington University
Research Areas - The George Washington University
a common digital Europe
a common digital Europe