Detecting Peripheral-based Attacks on the Host Memory

Stewin, Patrick

doi:10.1007/978-3-319-13515-1

Cited by 5 publications

(4 citation statements)

References 59 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Firmware attacks. There are several firmware-based attacks that target diverse devices [1,3,10,41,47,51]. Similar to the microcode attack in this paper, these attacks embed malicious code into the firmware to circumvent the platform's security while evading detection.…”

Section: Discussionmentioning

confidence: 99%

Understanding The Security of Discrete GPUs

Zhu

Kim

Rozhanski

et al. 2017

Proceedings of the General Purpose GPUs

View full text Add to dashboard Cite

GPUs have become an integral part of modern systems, but their implications for system security are not yet clear. This paper demonstrates both that discrete GPUs cannot be used as secure co-processors and that GPUs provide a stealthy platform for malware. First, we examine a recent proposal to use discrete GPUs as secure co-processors and show that the security guarantees of the proposed system do not hold on the GPUs we investigate. Second, we demonstrate that (under certain circumstances) it is possible to bypass IOMMU protections and create stealthy, long-lived GPU-based malware. We demonstrate a novel attack that compromises the in-kernel GPU driver and one that compromises GPU microcode to gain full access to CPU physical memory. In general, we find that the highly sophisticated, but poorly documented GPU hardware architecture, hidden behind obscure close-source device drivers and vendor-specific APIs, not only make GPUs a poor choice for applications requiring strong security, but also make GPUs into a security threat.

show abstract

Section: Discussionmentioning

confidence: 99%

Understanding The Security of Discrete GPUs

Zhu

Kim

Rozhanski

et al. 2017

Proceedings of the General Purpose GPUs

View full text Add to dashboard Cite

show abstract

“…We envision a verifier device to be attached to the main system bus via a DMA interface, similar in spirit to that of Intel's Manageability Engine or AMD's Platform Security Processor, but without flaws that would enable an attacker to plant malware in it [52]. These processors can operate independently of all other system components; e.g., even when all other components are powered down [67]. The external verifier could also run on a co-processor connected to the main system bus, similar in spirit to Ki-Mon ARM [41].…”

Section: A Verifier Channelmentioning

confidence: 99%

“…System components that are not directly addressable by CPU instructions or by trusted hardware modules enable malware to survive in non-volatile memories despite repeated power cycles, secure-and trusted-boot operations [56]; i.e., malware becomes persistent. For example, persistent malware has been found in the firmware of peripheral controllers [15], [43], [67], network interface cards [16], [17], disk controllers [5], [48], [60], [77], USB controllers [2], as well as routers and firewalls [5]. Naturally, persistent malware can infect the rest of the system state, and thus a remote adversary can retain long-term undetected control of a user's local system.…”

Section: Introductionmentioning

confidence: 99%

A rest stop on the unending road to provable security

2021

View full text Add to dashboard Cite

Root-of-Trust (RoT) establishment ensures either that the state of an untrusted system contains all and only content chosen by a trusted local verifier and the system code begins execution in that state, or that the verifier discovers the existence of unaccounted for content. This ensures program booting into system states that are free of persistent malware. An adversary can no longer retain undetected control of one's local system. We establish RoT unconditionally; i.e., without secrets, trusted hardware modules and instructions, or bounds on the adversary's computational power. The specification of a system's chipset and device controllers, and an external source of true random numbers, such as a commercially available quantum RNG, is all that is needed. Our system specifications are those of a concrete Word Random Access Machine (cWRAM) model -the closest computation model to a real system with a large instruction set.We define the requirements for RoT establishment and explain their differences from past attestation protocols. Then we introduce a RoT establishment protocol based on a new computation primitive with concrete (non-asymptotic) optimal space-time bounds in adversarial evaluation on the cWRAM. The new primitive is a randomized polynomial, which has kindependent uniform coefficients in a prime order field. Its collision properties are stronger than those of a k-independent (almost) universal hash function in cWRAM evaluations, and are sufficient to prove existence of malware-free states before RoT is established. Preliminary measurements show that randomizedpolynomial performance is practical on commodity hardware even for very large k.To prove the concrete optimality of randomized polynomials, we present a result of independent complexity interest: a Hornerrule program is uniquely optimal whenever the cWRAM execution space and time are simultaneously minimized.

show abstract

“…Compared to the existing work, our implementation proposal covers the hardware vulnerabilities which can be exploited by software applications or physical investigations of an IoT integrated circuit-more precisely attacks such as: snooping the bus; accessing the sensitive data stored in memories; memory inspection using DMA [20]; copying critical data using DMA reads [20,21]; hardware Trojans. All these attacks could be achieved with malicious programs gaining access to sensitive data, by exploiting hardware vulnerabilities.…”

Section: Security Threats and Related Workmentioning

confidence: 99%

A PUF-based cryptographic security solution for IoT systems on chip

Bălan

Cirstea

et al. 2020

J Wireless Com Network

View full text Add to dashboard Cite

The integration of multicore processors and peripherals from multiple intellectual property core providers as hardware components of IoT multiprocessor systems-on-chip (SoC) represents a source of security vulnerabilities for the in-chip communication. This paper describes the concept and the practical results of a SoC security implementation that is illustrative for IoT applications. The mechanism employed in this approach uses physically unclonable functions (PUF) and symmetric cryptography in order to encrypt the transferred messages within the SoC between the microprocessor and its peripherals. The mechanism is experimentally validated at FPGA level, the paper describing also an implementation scenario for an IoT ARM based device.

show abstract

Detecting Peripheral-based Attacks on the Host Memory

Cited by 5 publications

References 59 publications

Understanding The Security of Discrete GPUs

Understanding The Security of Discrete GPUs

A rest stop on the unending road to provable security

A PUF-based cryptographic security solution for IoT systems on chip

Contact Info

Product

Resources

About