110 likes | 318 Views
Tamper Resistant Software: An Implementation. By David Aucsmith, IAL. In Information Hiding Workshop, RJ Anderson (ed), LNCS, 1174, pp. 317-333, 1996.
E N D
Tamper Resistant Software: An Implementation By David Aucsmith, IAL In Information Hiding Workshop, RJ Anderson (ed), LNCS, 1174, pp. 317-333, 1996. “Integrity Verification Kernels (IVKs) … can be inserted into software to verify the integrity of critical operations. [They] cannot be observed or modified.” Presented by Andrew Paxie14 September 2000
The focus of mypresentation Overview of Paper • Introduction • Threat Model • Principles and Architecture • Integrity Verification Kernels • Interlocking Trust • Integrity Verification Protocol • Technology Extensions • Conclusion
Defend against these threats Threat Model (I) Outsider trying to get in. (II) Malicious code running on system. (III) Complete control over system. (a) No special tools. (b) Specialized software analysis tools. (c) Specialized hardware analysis tools. “Threat follows value.”
IVK Principles • “Software [must] contain a secret … [as this] forms the basis for the trust that the application has not been tampered with.” • Hide the secret and make its recovery difficult: • Disperse it in time and space (cf. Shannon). • Obfuscate and interleave operations. • Make code installation unique (cf. Cohen). • Provide an interlocking trust mechanism.
Interlocking Trust • “…the failure or by-pass of any one IVK will be detected by another.” • The idea comes from authentication protocol design. • This is a challenge-response protocol. • Defend against man-in-the-middle. • Defend against message replay.
Integrity Verification Protocol (1) Definitions: App = an application • Contains an IVK which participates in the IV protocol. eIVK = entry IVK. • Has a well known address, AE System Integrity Program • Contains eIVK and (an)other IVK(s) • Is available to all programs. App IVK System Integrity Program 1a 1c eIVK IVK 1b
Integrity Verification Protocol (2) • Notation: • For a module, X, X = A, E, S: • KX is a key for X, K1X is public, K-1X is private. • HX is a hash function computed on X. • RX is a random value X creates. • AX is the address of module X. • F is a flag storing test results as each protocol step runs. • Assume that: • H is well known to all IVKs. • A contains location and size info.
Key to protocol steps: Challenge. Integrity check. Response. Response check. Protocol points: Verify yourself and others before proceeding. Use random numbers to defend against replay 1 App IVK (A) 2 13 4 12 8 9 eIVK (E) SIP IVK (S) 11 7 10 5 3 6 Integrity Verification Protocol (3)
(1) A verifies selfF0 := (HA = K1A[K-1A[HA]]) 1 (2) A challenges EA->E: K1E[K1E[HA] | F | AA | RA] (3) E verifies selfF1 := (HE = K-1E[K1E[HE]]) 2 13 (4) E verifies AF2 := (HA = K-1E[K1E[HA]]) 4 12 (12) E responds to AE->A: K-1E[F | RA] (13) A checks responseF8 := (RA = K1E[RA]) 3 Integrity Verification Protocol (4) F = 0? App IVK (A) eIVK (E) SIP IVK (S)
Conclusion Aucsmith combines a variety of techniques to ‘armour’ an IVK against observation and modification. The integrity verification protocol is integral to the mechanism. Q: Does the technique outlined defend against the threat categories proposed?