4.3 Firmware Security

Time	Label	Presentation Title Authors
17:00	4.3.1	PRACTICAL EVALUATION OF CODE INJECTION IN ENCRYPTED FIRMWARE UPDATES Speaker: Oscar Guillen, Technische Universität München (TUM), DE Authors: Oscar Guillen¹, Dawin Schmidt² and Georg Sigl¹ ¹Technische Universität München (TUM), DE; ²LMU München, DE Abstract Several firmware update mechanisms in microcontrollers still make use of confidentiality-only block cipher modes, ultimately lulling the users into a false sense of security. In this work we show how easy it is to apply well known malleability attacks to successfully inject arbitrary code into an encrypted firmware image. We demonstrate this vulnerability by attacking the Advanced Encryption Standard in Cipher Block Chaining mode on an ARM-based microcontroller. The attack makes use of patterns in the structure of the firmware image to obtain known-plaintexts which may be used to modify an encrypted image. Subsequently, malicious code may be injected to extract the memory contents of the device. This work shall help motivate the use of authenticated encryption modes even in resource constrained devices. Download Paper (PDF; Only available from the DATE venue WiFi)
17:30	4.3.2	INTEGRATION OF ROP/JOP MONITORING IPS IN AN ARM-BASED SOC Speaker: Yunheung Paek, Seoul National University, KR Authors: Yongje Lee, Jinyong Lee, Ingoo Heo, Dongil Hwang and Yunheung Paek, Seoul National University, KR Abstract Code reuse attack (CRA) is a powerful technique that allows attackers to perform arbitrary computation by reusing the existing code fragments. To defend from CRAs while complying with the conventional ARM-based SoC design principles, the previous hardware solution suggests the use of the ARM debug interface to acquire the control flow information of an application running on the host. However, it requires tremendous storage space to store the complementary data necessary to trace the execution flow. In this paper, we propose a new hardware CRA monitor which gives both low storage overhead and high performance. For this, we have used an instrumentation technique which transforms the original ARM binary code into a form which will ease the CRA monitor to efficiently extract through the debug interface all crucial pieces of runtime information from the trace outcomes. In addition, while the previous solution was only built to detect one type of CRAs, called return-oriented programming (ROP), ours has been designed to unify the detection logics for ROP and another important type of CRAs, called jump-oriented programming (JOP). Empirical results show that our solution dramatically reduces the storage overhead for CRA detection, yet successfully detecting both ROP and JOP attacks simultaneously with negligibly low runtime overhead and moderate area overhead. Download Paper (PDF; Only available from the DATE venue WiFi)
18:00	4.3.3	VERIFYING INFORMATION FLOW PROPERTIES OF FIRMWARE USING SYMBOLIC EXECUTION Speaker: Sharad Malik, Princeton University, US Authors: Pramod Subramanyan¹, Sharad Malik¹, Hareesh Khattri², Abhranil Maiti² and Jason Fung² ¹Princeton University, US; ²Intel Corporation, US Abstract Verifying security requirements of the firmware in contemporary system-on-chip (SoC) designs is a critical challenge. There are two main difficulties in addressing this problem. Security properties like confidentiality and integrity cannot be specified with commonly-used property specification schemes like assertion-based verification/linear temporal logic (LTL). Second, firmware interacts closely with other hardware and firmware which may be untrusted/malicious and their behavior has to be correctly modelled for the verification to be sound and complete. In this paper, we propose an approach to verify firmware security properties using symbolic execution. We introduce a property specification language for information flow properties of firmware which intuitively captures the requirements of confidentiality and integrity. We also propose an algorithm based on symbolic execution to verify these properties. Evaluation on a commercial SoC design uncovered a complex security bug missed by simulation-based testing. Download Paper (PDF; Only available from the DATE venue WiFi)
18:30	IP2-1, 361	(Best Paper Award Candidate) ANALYZING THE IMPACT OF INJECTED SENSOR DATA ON AN ADVANCED DRIVER ASSISTANCE SYSTEM USING THE OP2TIMUS PROTOTYPING PLATFORM Speaker: Alexander Stühring, University of Oldenburg, DE Authors: Alexander Stühring¹, Günter Ehmen¹ and Sibylle Fröschle² ¹University of Oldenburg, DE; ²OFFIS Institute for Information Technology, DE Abstract Modern vehicles are running complex and safety critical applications distributed over several Electronic Control Units (ECUs). Some ECUs are equipped with communication interfaces providing access to other devices, networks or remote services. Since the number of attack vectors is increasing, an early investigation of the impact of attacks becomes steadily more important. This paper gives an example how manipulated sensor data injected to the CAN bus affects an Advanced Driver Assistance System (ADAS). Within multiple experiments we illustrate the impact of different aspects like the sending rate. Download Paper (PDF; Only available from the DATE venue WiFi)
18:31	IP2-2, 302	HARDWARE TROJANS IN INCOMPLETELY SPECIFIED ON-CHIP BUS SYSTEMS Speaker: Nicole Fern, UC Santa Barbara, US Authors: Nicole Fern, Ismail San, Cetin Kaya Koc and Kwang-Ting (Tim) Cheng, UC Santa Barbara, US Abstract The security, functionality, and performance of the on-chip bus system is critical in an SoC design. We highlight the susceptibility of current bus implementations to Hardware Trojans hiding in unspecified functionality. Unlike existing Trojans which aim to disrupt normal bus behavior and are often designed for a specific protocol and topology, we present a general model for creating a covert Trojan communication channel between SoC components. From our channel model, which is applicable to any topology and protocol, one can create circuitry allowing information to flow covertly by altering existing bus signals only when they are unspecified. We give the specifics of this circuitry for AMBA AXI4 and APB, then create a system comprised of several master and slave units connected by an AXI4-Lite interconnect to quantify the overhead of the Trojan channel and illustrate the ability of our Trojans to evade a suite of protocol compliance checking assertions from ARM. We further outline several detection strategies for this class of hardware Trojan. Download Paper (PDF; Only available from the DATE venue WiFi)
18:30		End of session

Time

Label

Presentation Title
Authors

17:00

4.3.1

PRACTICAL EVALUATION OF CODE INJECTION IN ENCRYPTED FIRMWARE UPDATES
Speaker:
Oscar Guillen, Technische Universität München (TUM), DE
Authors:
Oscar Guillen¹, Dawin Schmidt² and Georg Sigl¹
¹Technische Universität München (TUM), DE; ²LMU München, DE
Abstract
Several firmware update mechanisms in microcontrollers still make use of confidentiality-only block cipher modes, ultimately lulling the users into a false sense of security. In this work we show how easy it is to apply well known malleability attacks to successfully inject arbitrary code into an encrypted firmware image. We demonstrate this vulnerability by attacking the Advanced Encryption Standard in Cipher Block Chaining mode on an ARM-based microcontroller. The attack makes use of patterns in the structure of the firmware image to obtain known-plaintexts which may be used to modify an encrypted image. Subsequently, malicious code may be injected to extract the memory contents of the device. This work shall help motivate the use of authenticated encryption modes even in resource constrained devices.
Download Paper (PDF; Only available from the DATE venue WiFi)

17:30

4.3.2

INTEGRATION OF ROP/JOP MONITORING IPS IN AN ARM-BASED SOC
Speaker:
Yunheung Paek, Seoul National University, KR
Authors:
Yongje Lee, Jinyong Lee, Ingoo Heo, Dongil Hwang and Yunheung Paek, Seoul National University, KR
Abstract
Code reuse attack (CRA) is a powerful technique that allows attackers to perform arbitrary computation by reusing the existing code fragments. To defend from CRAs while complying with the conventional ARM-based SoC design principles, the previous hardware solution suggests the use of the ARM debug interface to acquire the control flow information of an application running on the host. However, it requires tremendous storage space to store the complementary data necessary to trace the execution flow. In this paper, we propose a new hardware CRA monitor which gives both low storage overhead and high performance. For this, we have used an instrumentation technique which transforms the original ARM binary code into a form which will ease the CRA monitor to efficiently extract through the debug interface all crucial pieces of runtime information from the trace outcomes. In addition, while the previous solution was only built to detect one type of CRAs, called return-oriented programming (ROP), ours has been designed to unify the detection logics for ROP and another important type of CRAs, called jump-oriented programming (JOP). Empirical results show that our solution dramatically reduces the storage overhead for CRA detection, yet successfully detecting both ROP and JOP attacks simultaneously with negligibly low runtime overhead and moderate area overhead.
Download Paper (PDF; Only available from the DATE venue WiFi)

18:00

4.3.3

VERIFYING INFORMATION FLOW PROPERTIES OF FIRMWARE USING SYMBOLIC EXECUTION
Speaker:
Sharad Malik, Princeton University, US
Authors:
Pramod Subramanyan¹, Sharad Malik¹, Hareesh Khattri², Abhranil Maiti² and Jason Fung²
¹Princeton University, US; ²Intel Corporation, US
Abstract
Verifying security requirements of the firmware in contemporary system-on-chip (SoC) designs is a critical challenge. There are two main difficulties in addressing this problem. Security properties like confidentiality and integrity cannot be specified with commonly-used property specification schemes like assertion-based verification/linear temporal logic (LTL). Second, firmware interacts closely with other hardware and firmware which may be untrusted/malicious and their behavior has to be correctly modelled for the verification to be sound and complete. In this paper, we propose an approach to verify firmware security properties using symbolic execution. We introduce a property specification language for information flow properties of firmware which intuitively captures the requirements of confidentiality and integrity. We also propose an algorithm based on symbolic execution to verify these properties. Evaluation on a commercial SoC design uncovered a complex security bug missed by simulation-based testing.
Download Paper (PDF; Only available from the DATE venue WiFi)

18:30

IP2-1, 361

(Best Paper Award Candidate)
ANALYZING THE IMPACT OF INJECTED SENSOR DATA ON AN ADVANCED DRIVER ASSISTANCE SYSTEM USING THE OP2TIMUS PROTOTYPING PLATFORM
Speaker:
Alexander Stühring, University of Oldenburg, DE
Authors:
Alexander Stühring¹, Günter Ehmen¹ and Sibylle Fröschle²
¹University of Oldenburg, DE; ²OFFIS Institute for Information Technology, DE
Abstract
Modern vehicles are running complex and safety critical applications distributed over several Electronic Control Units (ECUs). Some ECUs are equipped with communication interfaces providing access to other devices, networks or remote services. Since the number of attack vectors is increasing, an early investigation of the impact of attacks becomes steadily more important. This paper gives an example how manipulated sensor data injected to the CAN bus affects an Advanced Driver Assistance System (ADAS). Within multiple experiments we illustrate the impact of different aspects like the sending rate.
Download Paper (PDF; Only available from the DATE venue WiFi)

18:31

IP2-2, 302

HARDWARE TROJANS IN INCOMPLETELY SPECIFIED ON-CHIP BUS SYSTEMS
Speaker:
Nicole Fern, UC Santa Barbara, US
Authors:
Nicole Fern, Ismail San, Cetin Kaya Koc and Kwang-Ting (Tim) Cheng, UC Santa Barbara, US
Abstract
The security, functionality, and performance of the on-chip bus system is critical in an SoC design. We highlight the susceptibility of current bus implementations to Hardware Trojans hiding in unspecified functionality. Unlike existing Trojans which aim to disrupt normal bus behavior and are often designed for a specific protocol and topology, we present a general model for creating a covert Trojan communication channel between SoC components. From our channel model, which is applicable to any topology and protocol, one can create circuitry allowing information to flow covertly by altering existing bus signals only when they are unspecified. We give the specifics of this circuitry for AMBA AXI4 and APB, then create a system comprised of several master and slave units connected by an AXI4-Lite interconnect to quantify the overhead of the Trojan channel and illustrate the ability of our Trojans to evade a suite of protocol compliance checking assertions from ARM. We further outline several detection strategies for this class of hardware Trojan.
Download Paper (PDF; Only available from the DATE venue WiFi)

18:30

End of session

Visit us at DATE 2016