1 - 10 of 247
-
PublicationBreaking TrustZone memory isolation and secure boot through malicious hardware on a modern FPGA-SoC( 2022)FPGA-SoCs are heterogeneous embedded computing platforms consisting of reconfigurable hardware and high-performance processing units. This combination offers flexibility and good performance for the design of embedded systems. However, allowing the sharing of resources between an FPGA and an embedded CPU enables possible attacks from one system on the other. This work demonstrates that a malicious hardware block contained inside the reconfigurable logic can manipulate the memory and peripherals of the CPU. Previous works have already considered direct memory access attacks from malicious logic on platforms containing no memory isolation mechanism. In this work, such attacks are investigated on a modern platform which contains state-of-the-art memory and peripherals isolation mechanisms. We demonstrate two attacks capable of compromising a Trusted Execution Environment based on ARM TrustZone and show a new attack capable of bypassing the secure boot configuration set by a device owner via the manipulation of Battery-Backed RAM and eFuses from malicious logic.
-
PublicationMobile Contactless Fingerprint Recognition: Implementation, Performance and Usability Aspects( 2022)This work presents an automated contactless fingerprint recognition system for smart-phones. We provide a comprehensive description of the entire recognition pipeline and discuss important requirements for a fully automated capturing system. In addition, our implementation is made publicly available for research purposes. During a database acquisition, a total number of 1360 contactless and contact-based samples of 29 subjects are captured in two different environmental situations. Experiments on the acquired database show a comparable performance of our contactless scheme and the contact-based baseline scheme under constrained environmental influences. A comparative usability study on both capturing device types indicates that the majority of subjects prefer the contactless capturing method. Based on our experimental results, we analyze the impact of the current COVID-19 pandemic on fingerprint recognition systems. Finally, implementation aspects of contactless fingerp rint recognition are summarized.
-
PublicationSovereignly Donating Medical Data as a Patient: A Technical Approach( 2022)Data is the new asset of the 21st century, and many new business models are based on data. However, data is also needed in the medical research domain, such as in the procedure of applying new machine learning methods for gaining new medical findings. Furthermore, the hurdle arises that medical data comprises personal data, and thus, it requires particular care and protection. Hence, patients must consent to the data donation process for general medical research but without selecting specific research projects. We argue that patients must gain more influence in the data donation process to cover this lack of data sovereignty. Therefore, we developed a concept and implementation empowering patients to make sovereign decisions about donating their medical data to specific medical research projects. Our work comprises concepts of the Medical Informatics Initiative, International Data Spaces, and MY DATA Control Technologies with new specific elements combining these components. This approach of patient empowerment enables a new kind of data sovereignty in the medical research domain.
-
PublicationChosen Ciphertext k-Trace Attacks on Masked CCA2 Secure Kyber( 2021)
-
PublicationA Systematic Review on Model Watermarking for Neural Networks( 2021)Machine learning (ML) models are applied in an increasing variety of domains. The availability of large amounts of data and computational resources encourages the development of ever more complex and valuable models. These models are considered the intellectual property of the legitimate parties who have trained them, which makes their protection against stealing, illegitimate redistribution, and unauthorized application an urgent need. Digital watermarking presents a strong mechanism for marking model ownership and, thereby, offers protection against those threats. This work presents a taxonomy identifying and analyzing different classes of watermarking schemes for ML models. It introduces a unified threat model to allow structured reasoning on and comparison of the effectiveness of watermarking methods in different scenarios. Furthermore, it systematizes desired security requirements and attacks against ML model watermarking. Based on that framework, representative literature from the field is surveyed to illustrate the taxonomy. Finally, shortcomings and general limitations of existing approaches are discussed, and an outlook on future research directions is given.
-
PublicationVIA: Analyzing Device Interfaces of Protected Virtual Machines( 2021)Both AMD and Intel have presented technologies for confidential computing in cloud environments. The proposed solutions - AMD SEV (-ES, -SNP) and Intel TDX - protect Virtual Machines (VMs) against attacks from higher privileged layers through memory encryption and integrity protection. This model of computation draws a new trust boundary between virtual devices and the VM, which in so far lacks thorough examination. In this paper, we therefore present an analysis of the virtual device interface and discuss several attack vectors against a protected VM. Further, we develop and evaluate VIA, an automated analysis tool to detect cases of improper sanitization of input recieved via the virtual device interface. VIA improves upon existing approaches for the automated analysis of device interfaces in the following aspects: (i) support for virtualization relevant buses, (ii) efficient Direct Memory Access (DMA) support and (iii) performance. VIA builds upon the Linux Kernel Library and clang's libfuzzer to fuzz the communication between the driver and the device via MMIO, PIO, and DMA. An evaluation of VIA shows that it performs 570 executions per second on average and improves performance compared to existing approaches by an average factor of 2706. Using VIA, we analyzed 22 drivers in Linux 5.10.0-rc6, thereby uncovering 50 bugs and initiating multiple patches to the virtual device driver interface of Linux. To prove our findings criticality under the threat model of AMD SEV and Intel TDX, we showcase three exemplary attacks based on the bugs found. The attacks enable a malicious hypervisor to corrupt the memory and gain code execution in protected VMs with SEV-ES and are theoretically applicable to SEV-SNP and TDX.
-
PublicationSecurity Concept with Distributed Trust-Levels for Autonomous Cooperative Vehicle Networks( 2021)The newly proposed cooperative intelligent transportation system (cITS) is a big step towards completely autonomous driving. It is a key requirement for vehicles to exchange crucial information. Only with exchanged data, such as hazard warnings or route planning each vehicle will have enough information to find its way without a driver. However, this data has to be authentic and trustworthy, since it will directly influence the behavior of every vehicle inside such a network. For authentic messages, public key infrastructure (PKI)-based asymmetric cryptography mechanisms were already proposed by different organizations, such as the European Telecommunications Standards Institute (ETSI). The second crucial information of trustworthiness is still missing. In this paper, a new security concept is presented, which introduces a trust-level for each vehicle to enable an assessment, whether data is trustworthy or not. Besides, a Pretty Good Privacy (PGP)-inspired certificate administration is proposed to manage the certificates and their affiliated trust-level. The new concept mitigates sybil attacks and increases the speed of data processing inside vehicles.
-
PublicationLive Migration of Operating System Containers in Encrypted Virtual Machines( 2021)With the widespread use of Docker and Kubernetes, OS-level virtualization has become a key technology to deploy and run software. At the same time, data centers and cloud providers offer shared computing resources on demand. The use of these resources usually leads to a larger trusted computing base and less control over the data. We present a confidential computing concept for the migration of operating system containers in secure encrypted virtual machines so that these are protected from the operator and administrator. In our approach, processes inside of the containers remain intact, i.e., they keep their state and do not have to be restarted. Network services inside of the containers remain unchanged and reachable. This is typically called live migration. Integrity and confidentiality of the data inside of the containers is enforced during migration as well as on the destination platform, namely in transit, in use and at rest. The authenticity and integrity of the destination platform is verified using remote attestation before any data is transferred. While our core concept is not specific to a particular hardware, we present two different approaches corresponding to the first generation of AMD SEV as well as SEV-SNP. Our proof of concept implementation is based on the first generation of SEV.
-
PublicationSEVerity: Code Injection Attacks against Encrypted Virtual Machines( 2021)Modern enterprises increasingly take advantage of cloud infrastructures. Yet, outsourcing code and data into the cloud requires enterprises to trust cloud providers not to meddle with their data. To reduce the level of trust towards cloud providers, AMD has introduced Secure Encrypted Virtualization (SEV). By encrypting Virtual Machines (VMs), SEV aims to ensure data confidentiality, despite a compromised or curious Hypervisor the SEV Encrypted State (SEV-ES) extension additionally protects the VM's register state from unauthorized access. Yet, both extensions do not provide integrity of the VM's memory, which has already been abused to leak the protected data or to alter the VM's control-flow. In this paper, we introduce the SEVerity attack; a missing puzzle piece in the series of attacks against the AMD SEV family. Specifically, we abuse the system's lack of memory integrity protection to inject and execute arbitrary code within SEV-ES-protected VMs. Contrary to previ ous code execution attacks against the AMD SEV family, SEVerity neither relies on a specific CPU version nor on any code gadgets inside the VM. Instead, SEVerity abuses the fact that SEV-ES prohibits direct memory access into the encrypted memory. Specifically, SEVerity injects arbitrary code into the encrypted VM through I/O channels and uses the Hypervisor to locate and trigger the execution of the encrypted payload. This allows us to sidestep the protection mechanisms of SEV-ES. Overall, our results demonstrate a success rate of 100% and hence highlight that memory integrity protection is an obligation when encrypting VMs. Consequently, our work presents the final stroke in a series of attacks against AMD SEV and SEV-ES and renders the present implementation as incapable of protecting against a curious, vulnerable, or malicious Hypervisor.
-
PublicationAnalyzing requirements for post quantum secure machine readable travel documents( 2021)In a post-quantum world, the security of digital signatures and key agreements mechanisms used for Machine Readable Travel Documents (MRTDs) will be threatened by Shor's algorithm. Due to the long validity period of MRTDs, upgrading travel documents with practical mechanisms which are resilient to attacks using quantum computers is an urgent issue. In this paper, we analyze potential quantum-resistant replacements that are suitable for those protocols and the ressource-constrained environment of embedded security chips.
