Mobile Appliance Security: Challenges and Concerns

Download Report

Transcript Mobile Appliance Security: Challenges and Concerns 

Mobile Appliance Security:
Concerns and Challenges
Mahesh Mamidipaka
ICS 259: Seminar in Design Science
1. Securing Mobile Appliances: New Challenges for the System Designer
- A. Raghunathan, S. Ravi, S. Hattangady, J. Quisquater (DATE’ 03)
2. Masking Energy Behavior of DES Encryption
- H. Saputra, N. Vijaykrishnan, N. Kandemir, et al. (DATE’ 03)
3. Wireless Network Security - Tom Karrygiannis and Jes Owens, NIST
http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf
Outline




Introduction
Security Concerns
Design Challenges
Security Attacks on Smart Cards
– Power analysis based attack
 Masking Energy Behavior for DES
Encryption (DATE’ 03)
Introduction
 Mobile appliances widely used (PDAs, Cell
Phones, Smart Cards, etc.)
 Involves sensitive information: increased
security concerns
 Success of emerging technologies to
depend on ensuring adequate security
– Security cited as single largest concern among
prospective m-commerce users
Unique Challenges
 Knowledge and experience from wired
internet gives us a head start (not sufficient)
 Unique challenges:
– Use of public transmission medium
– Potentially unlimited points of access
– Vulnerable to theft, loss, and corruptibility
– Constraints on power, cost, and weight
 Need for techniques at every aspect of
design to meet the challenges
Outline





Introduction
Security Concerns
Design Challenges
Security Attacks on Smart Cards
Masking Energy Behavior for DES
Encryption
Security Issues
Tamper-resistant
Implementation
Secure SW
Execution
User
Identification
Secure
Storage
Secure
Content
Secure Data
Communication
Secure Network
Access
Secure Data Communication
 Employ security protocols to various layers of
network protocol stack
– Achieve peer authentication, privacy, data integrity etc.
– cryptographic algorithms act as building blocks
 Examples Network layer protocols:
– Cellular technologies: GSM, CDPD
– Wireless LAN: IEEE 802.11
– Wireless PAN: Bluetooth
 Distinct protocols needed at various layers
– Network layer protocol secures link between wireless
client, access point, base station or gateway
– Need complementary security mechanisms at higher
protocol layers (Eg. WTLS in WAP)
Outline





Introduction
Security Concerns
Design Challenges
Security Attacks on Smart Cards
Masking Energy Behavior for DES
Encryption
Design Challenges
 Various challenges and considerations for
mobile appliance security
– Flexible security architecture: to support diverse
security protocols and crypto algorithms
– Computational requirement for security
processing
– Impact of security processing on battery life
– Tamper-resistant implementation
Flexibility
 Ability to cater wide variety of security protocols
– Example: Support for both WEP and 3GPP algorithms
to work in LAN and 3G cellular environments
 Support for distinct security standards at different
layers of network protocol stack
– Example: WEP (link layer) and SSL (transport layer)
support for wireless LAN enabled PDA with web support
 Security protocols continuously evolving
– Protocols revised to enable new security services, new
crypto algorithms etc.
Computational Requirements
Processing Requirements for a security protocol using RSA based
Connection 3DES based encryption/decryption and SHA based integrity
Battery life
 Reduced battery life due to increased
computational requirements
 Case study: Sensor node with Motorola
Dragon Ball processor (MC68328)
 Energy Consumption:
– Transmission: 21.5 mJ/KB
– Reception: 14.3 mJ/KB
– RSA based encryption:
42mJ/KB
Tamper-Resistance
 Security protocols and mechanisms are
independent of implementation specifics
– Assumption being malicious entities do not have access
to implementation
 Observing properties of the implementation can
enable breaking of ‘secret key’
 Sensitive data is vulnerable
– During on-chip communication
– When simply stored in mobile appliance (secondary
storage like flash, main memory, caches, register files)
Outline





Introduction
Security Concerns
Design Challenges
Security Attacks on Smart Cards
Masking Energy Behavior for DES
Encryption
Security Attacks on Smart Cards
 Security attacks on smart cards can be classified
as:
– Microprobing
 Invasive technique that manipulates the internal circuits
– Software attacks
 Focuses on protocol or algorithm weakness
– Eavesdropping
 Hacks secret keys by monitoring power consumption, EM
radiation, and execution time
– Fault generation
 Based on intentional malfunction of the circuit
 Techniques like supply voltage change, exposing circuit to
radiation etc.
Eavesdropping power profile
 Rationale: Power consumption of an operation
depends on its operand values
– Operands are plain text and secret key in crypto
algorithms
– Switching activity varies in memory, buses, datapath
units, and pipeline registers based on operand values
 Different degrees of sophistication involved in
power analysis based attacks
– Simple Power Analysis (SPA): uses single power profile
– Differential Power Analysis (DPA): uses power profiles
from multiple runs
Simple Power Analysis
 Based on single power trace for operations
 Identify operations being performed based on
power profile
– Whether a branch is taken or not
– Whether an exponentiation operation is performed or
not
 Knowing the algorithm and power profile, secret
key can be revealed
 Protection from SPA:
– Code restructuring
– Random noise insertion for power variation
– Adding dummy modules
Differential Power Analysis
 Utilizes power profiles gathered from multiple runs
 Basic principle similar to SPA: relies on data
dependent power variation to break key
 Averaging used to eliminate random noises
 P.Kocher, J. Jaffer, and B. Jun “Introduction to
Differential Power Analysis and Related Attacks”,
http://www.cryptography.com/dpa/technical, 1998
Outline





Introduction
Security Concerns
Design Challenges
Security Attacks on Smart Cards
Masking Energy Behavior for DES
Encryption
Energy Masking for DES
 Architecture to have secure and non-secure
instructions
– Power consumption for secure instructions data
independent
 Critical operations in DES encryption:
–
–
–
–
Assignment
Bit by bit addition modulo 2 (XOR)
Shift operation
Indexing operation
 Instructions involving secret key replaced with
secure instructions
Secure load instruction
Energy consumption profiles
Masking energy in DES
 Energy consumption more for secure
instructions than non-secure instructions
– EDiss w/o masking: 46.4 uJ
– EDiss w/ naïve masking: 63.6 uJ (all loads and
stores masked)
– EDiss w/ smart masking: 52.6 uJ (only ‘secret
key’ related instructions masked)
Back to presentation