240 likes | 442 Views
Mobile Appliance Security: Concerns and Challenges. Mahesh Mamidipaka ICS 259: Seminar in Design Science. 1. Securing Mobile Appliances: New Challenges for the System Designer - A. Raghunathan, S. Ravi, S. Hattangady, J. Quisquater (DATE’ 03) 2. Masking Energy Behavior of DES Encryption
E N D
Mobile Appliance Security: Concerns and Challenges Mahesh Mamidipaka ICS 259: Seminar in Design Science 1. Securing Mobile Appliances: New Challenges for the System Designer - A. Raghunathan, S. Ravi, S. Hattangady, J. Quisquater (DATE’ 03) 2. Masking Energy Behavior of DES Encryption - H. Saputra, N. Vijaykrishnan, N. Kandemir, et al. (DATE’ 03) 3. Wireless Network Security - Tom Karrygiannis and Jes Owens, NIST http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf
Outline • Introduction • Security Concerns • Design Challenges • Security Attacks on Smart Cards • Power analysis based attack • Masking Energy Behavior for DES Encryption (DATE’ 03)
Introduction • Mobile appliances widely used (PDAs, Cell Phones, Smart Cards, etc.) • Involves sensitive information: increased security concerns • Success of emerging technologies to depend on ensuring adequate security • Security cited as single largest concern among prospective m-commerce users
Unique Challenges • Knowledge and experience from wired internet gives us a head start (not sufficient) • Unique challenges: • Use of public transmission medium • Potentially unlimited points of access • Vulnerable to theft, loss, and corruptibility • Constraints on power, cost, and weight • Need for techniques at every aspect of design to meet the challenges
Outline • Introduction • Security Concerns • Design Challenges • Security Attacks on Smart Cards • Masking Energy Behavior for DES Encryption
Secure SW Execution Secure Storage Secure Data Communication Security Issues Tamper-resistant Implementation User Identification Secure Content Secure Network Access
Secure Data Communication • Employ security protocols to various layers of network protocol stack • Achieve peer authentication, privacy, data integrity etc. • cryptographic algorithms act as building blocks • Examples Network layer protocols: • Cellular technologies: GSM, CDPD • Wireless LAN: IEEE 802.11 • Wireless PAN: Bluetooth • Distinct protocols needed at various layers • Network layer protocol secures link between wireless client, access point, base station or gateway • Need complementary security mechanisms at higher protocol layers (Eg. WTLS in WAP)
Outline • Introduction • Security Concerns • Design Challenges • Security Attacks on Smart Cards • Masking Energy Behavior for DES Encryption
Design Challenges • Various challenges and considerations for mobile appliance security • Flexible security architecture: to support diverse security protocols and crypto algorithms • Computational requirement for security processing • Impact of security processing on battery life • Tamper-resistant implementation
Flexibility • Ability to cater wide variety of security protocols • Example: Support for both WEP and 3GPP algorithms to work in LAN and 3G cellular environments • Support for distinct security standards at different layers of network protocol stack • Example: WEP (link layer) and SSL (transport layer) support for wireless LAN enabled PDA with web support • Security protocols continuously evolving • Protocols revised to enable new security services, new crypto algorithms etc.
Computational Requirements Processing Requirements for a security protocol using RSA based Connection 3DES based encryption/decryption and SHA based integrity
Battery life • Reduced battery life due to increased computational requirements • Case study: Sensor node with Motorola Dragon Ball processor (MC68328) • Energy Consumption: • Transmission: 21.5 mJ/KB • Reception: 14.3 mJ/KB • RSA based encryption: 42mJ/KB
Tamper-Resistance • Security protocols and mechanisms are independent of implementation specifics • Assumption being malicious entities do not have access to implementation • Observing properties of the implementation can enable breaking of ‘secret key’ • Sensitive data is vulnerable • During on-chip communication • When simply stored in mobile appliance (secondary storage like flash, main memory, caches, register files)
Outline • Introduction • Security Concerns • Design Challenges • Security Attacks on Smart Cards • Masking Energy Behavior for DES Encryption
Security Attacks on Smart Cards • Security attacks on smart cards can be classified as: • Microprobing • Invasive technique that manipulates the internal circuits • Software attacks • Focuses on protocol or algorithm weakness • Eavesdropping • Hacks secret keys by monitoring power consumption, EM radiation, and execution time • Fault generation • Based on intentional malfunction of the circuit • Techniques like supply voltage change, exposing circuit to radiation etc.
Eavesdropping power profile • Rationale: Power consumption of an operation depends on its operand values • Operands are plain text and secret key in crypto algorithms • Switching activity varies in memory, buses, datapath units, and pipeline registers based on operand values • Different degrees of sophistication involved in power analysis based attacks • Simple Power Analysis (SPA): uses single power profile • Differential Power Analysis (DPA): uses power profiles from multiple runs
Simple Power Analysis • Based on single power trace for operations • Identify operations being performed based on power profile • Whether a branch is taken or not • Whether an exponentiation operation is performed or not • Knowing the algorithm and power profile, secret key can be revealed • Protection from SPA: • Code restructuring • Random noise insertion for power variation • Adding dummy modules
Differential Power Analysis • Utilizes power profiles gathered from multiple runs • Basic principle similar to SPA: relies on data dependent power variation to break key • Averaging used to eliminate random noises • P.Kocher, J. Jaffer, and B. Jun “Introduction to Differential Power Analysis and Related Attacks”, http://www.cryptography.com/dpa/technical, 1998
Outline • Introduction • Security Concerns • Design Challenges • Security Attacks on Smart Cards • Masking Energy Behavior for DES Encryption
Energy Masking for DES • Architecture to have secure and non-secure instructions • Power consumption for secure instructions data independent • Critical operations in DES encryption: • Assignment • Bit by bit addition modulo 2 (XOR) • Shift operation • Indexing operation • Instructions involving secret key replaced with secure instructions
Masking energy in DES • Energy consumption more for secure instructions than non-secure instructions • EDiss w/o masking: 46.4 uJ • EDiss w/ naïve masking: 63.6 uJ (all loads and stores masked) • EDiss w/ smart masking: 52.6 uJ (only ‘secret key’ related instructions masked)