Sancus: Low-cost Trustworthy Extensible Networked Devices

Sancus: Low-cost Trustworthy Extensible Networked Devices
Slide Note
Embed
Share

Sancus proposes a security architecture for resource-constrained embedded systems, addressing the lack of effective security features in low-end devices. It focuses on software module isolation, remote attestation, secure communication, and secure linking.

  • Security architecture
  • Embedded systems
  • Resource-constrained devices
  • Network security
  • Extensible devices
hhud
hhud Follow

Uploaded on Feb 24, 2025 | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Sancus: Low-cost trustworthy extensible networked devices with a zero-software Trusted Computing Base Job Noorman, Pieter Agten, Wilfried Daniels, Raoul Strackx, Anthony Van Herrewege, Christophe Huygens, Bart Preneel, Ingrid Verbauwhede, Frank Piessens

  2. Low-end devices lack effective security features More threats on embedded devices Due to network connectivity and third-party extensibility No effective solutions exist It s a mess (Viega and Thompson) Researchers are exploring this area E.g., SMART (El Defrawy et al.)

  3. Contributions We propose Sancus, a security architecture for resource- constrained, extensible networked embedded systems We implement the hardware required for Sancus as an extension of a mainstream microprocessor, and we show that the cost of these hardware changes (in terms of performance, area and power) is small. We implement a C compiler that targets Sancus enabled devices.

  4. Problem statement Design and implement a low-cost, extensible security architecture System model Attacker model Security properties

  5. System model Infrastructure provider, IP Nodes Ni Software modules SMj,k In this paper, we focus on the low-end of this spectrum, where nodes contain only a small embedded processor.

  6. Attacker model We assume attackers can manipulate all the software on the nodes. Attackers can also tamper with the operating or even install a completely new operating system We assume attackers can control the communication network. Attackers can sniff the network, can modify traffic, or can mount man-in-the-middle attacks. Attacks against the hardware are out of scope. We assume the attacker does not have physical access to the hardware

  7. Security properties Software module isolation. Remote attestation Secure communication Secure linking.

  8. Design of Sancus Modules isolation Key management Remote attestation and secure communication Secure linking

  9. Modules isolation (Memory protection on the nodes) Variable access rights Depending on the current program counter Isolation of data Only accessible from text section Protection against code misuse (e.g., ROP) Enter module through single entry point

  10. Key management (Providing a flexible, inexpensive way for secure communication) Establish a shared secret Between SP and its module SM Use symmetric crypto Public-key is too expensive for low-cost nodes Ability to deploy modules without IP intervening

  11. key derivation function kdf Key management (Providing a flexible, inexpensive way for secure communication)

  12. Remote attestation and secure communication (Ability to use KN,SP,SM proves the integrity and isolation of SM) Only N and SP can calculate KN,SP,SM N knows KN and SP knows KSP KN,SP,SM is calculated after enabling isolation No isolation, no key; no integrity, wrong key Only SM on N is allowed to use KN,SP,SM Enforced through special instructions

  13. Remote attestation and secure communication (Ability to use KN,SP,SM proves the integrity and isolation of SM) Integrity and isolation attested by MAC, liveliness by nonce Thus included in secure communication MAC Message Authentication Code

  14. Secure linking (Modules are verified by calculating a MAC over their identity) A is deployed with a MAC of B s identity using A s key In an unprotected section since it is unforgeable A calculates the MAC of B s actual identity If they match B can safely be called Done through new instruction: mac-verify Need ensurance on B s isolation Module A wants to call module B

  15. Thank you for watching!

Related


Low-frequency Massage Devices

Low-frequency Massage Devices

Himanshu
Computer Peripherals and Interfacing

Computer Peripherals and Interfacing

ellen
Input and Output Devices in Computing

Input and Output Devices in Computing

esha
Comprehensive Cost Management Training Objectives

Comprehensive Cost Management Training Objectives

trace
Academic Senate Resolutions and Low-Cost Thresholds in Higher Education

Academic Senate Resolutions and Low-Cost Thresholds in Higher Education

adela
Cost Accounting Essentials

Cost Accounting Essentials

zuko
Networked Server Verification Using Interaction Trees

Networked Server Verification Using Interaction Trees

kaden
Cost Control and Cost Reduction Strategies in Business: Understanding Implementation Challenges

Cost Control and Cost Reduction Strategies in Business: Understanding Implementation Challenges

ivo
Activity-Based Costing (ABC) in Cost Management

Activity-Based Costing (ABC) in Cost Management

fallon
The Cost of Capital in Finance

The Cost of Capital in Finance

rachel
Cost Accounting: Techniques and Processes

Cost Accounting: Techniques and Processes

vela
Overview of Computer Input and Output Devices

Overview of Computer Input and Output Devices

brennan
Introduction to Industrial Costing: Understanding Cost Types and Accounting Systems

Introduction to Industrial Costing: Understanding Cost Types and Accounting Systems

geoffrey
Extensible Kernels and Containers in Modern Systems

Extensible Kernels and Containers in Modern Systems

cwalt
RT-Bench: Extensible Real-Time Benchmark Framework

RT-Bench: Extensible Real-Time Benchmark Framework

nat_dou
Secure and Trustworthy Cyberspace (SaTC) Program Overview

Secure and Trustworthy Cyberspace (SaTC) Program Overview

fynnigan
European Framework of Certification for Trustworthy Digital Repositories

European Framework of Certification for Trustworthy Digital Repositories

sid_fla
World Data System Certification for Open and Trustworthy Data Repositories Overview

World Data System Certification for Open and Trustworthy Data Repositories Overview

whisler_b
Ultra Low Power Features for Active Devices in IEEE 802.11-24

Ultra Low Power Features for Active Devices in IEEE 802.11-24

tdap
Security Analysis of Networked Control Systems in Smart Vehicles

Security Analysis of Networked Control Systems in Smart Vehicles

mcdermitt_l
Security Concerns and Future Challenges of Internet Connected Devices in Budva, Montenegro

Security Concerns and Future Challenges of Internet Connected Devices in Budva, Montenegro

cyru_4
Transforming Big Ten Libraries through Shared Print Collections and Collective Action

Transforming Big Ten Libraries through Shared Print Collections and Collective Action

marceaux_a

More Related Content