读摘要,了解面貌
原文:https://webofscience.clarivate.cn/wos/alldb/full-record/WOS:000387820900034
Large numbers of smart connected devices, also named as the Internet of Things (IoT), are permeating our environments (homes, factories, cars, and also our body-with wearable devices) to collect data and act on the insight derived. Ensuring software integrity (including OS, apps, and configurations) on such smart devices is then essential to guarantee both privacy and safety. A key mechanism to protect the software integrity of these devices is remote attestation: A process that allows a remote verifier to validate the integrity of the software of a device. This process usually makes use of a signed hash value of the actual device’s software, generated by dedicated hardware. While individual device attestation is a well-established technique, to date integrity verification of a very large number of devices remains an open problem, due to scalability issues.
In this paper, we present SANA, the first secure and scalable protocol for efficient attestation of large sets of devices that works under realistic assumptions. SANA relies on a novel signature scheme to allow anyone to publicly verify a collective attestation in constant time and space, for virtually an unlimited number of devices. We substantially improve existing swarm attestation schemes [5] by supporting a realistic trust model where: (1) only the targeted devices are required to implement attestation; (2) compromising any device does not harm others; and (3) all aggregators can be untrusted. We implemented SANA and demonstrated its efficiency on tiny sensor devices. Furthermore, we simulated SANA at large scale, to assess its scalability. Our results show that SANA can provide efficient attestation of networks of 1,000,000 devices, in only 2:5 seconds.
SANA:安全且可扩展的聚合网络认证
大量智能互联设备(也称为物联网 (IoT))正在渗透到我们的环境(家庭、工厂、汽车以及带有可穿戴设备的身体)中,以收集数据并根据获得的洞察采取行动。确保此类智能设备上的软件完整性(包括操作系统、应用程序和配置)对于保证隐私和安全至关重要。保护这些设备软件完整性的关键机制是远程证明:允许远程验证者验证设备软件完整性的过程。此过程通常使用由专用硬件生成的实际设备软件的签名哈希值。虽然单个设备认证是一种成熟的技术,但迄今为止,由于可扩展性问题,大量设备的完整性验证仍然是一个悬而未决的问题。
在本文中,我们提出了 SANA,这是第一个安全且可扩展的协议,用于对在现实假设下工作的大量设备进行有效证明。 SANA 依靠一种新颖的签名方案,允许任何人在恒定的时间和空间内公开验证几乎无限数量的设备的集体证明。我们通过支持现实的信任模型来大幅改进现有的集群证明方案[5],其中:(1)仅需要目标设备来实施证明; (2) 损害任何设备不会伤害他人; (3) 所有聚合器都可以是不可信的。我们实施了 SANA 并在微型传感器设备上展示了其效率。此外,我们还大规模模拟了 SANA,以评估其可扩展性。我们的结果表明,SANA 可以在 2 分 5 秒内提供 1,000,000 台设备网络的高效认证。
原文:https://www.usenix.org/conference/usenix-security-11/comprehensive-experimental-analyses-automotive-attack-surfaces
标题:汽车攻击面的综合实验分析
Abstrant: Modern automobiles are pervasively computerized, and hence potentially vulnerable to attack. However, while previous research has shown that the internal networks within some modern cars are insecure, the associated threat model—requiring prior physical access—has justifiably been viewed as unrealistic. Thus, it remains an open question if automobiles can also be susceptible to remote compromise. Our work seeks to put this question to rest by systematically analyzing the external attack surface of a modern automobile. We discover that remote exploitation is feasible via a broad range of attack vectors (including mechanics tools, CD players, Bluetooth and cellular radio), and further, that wireless communications channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft. Finally, we discuss the structural characteristics of the automotive ecosystem that give rise to such problems and highlight the practical challenges in mitigating them.
摘要:现代汽车已普遍实现计算机化,因此很容易受到攻击。然而,虽然之前的研究表明一些现代汽车的内部网络不安全,但相关的威胁模型(需要事先进行物理访问)被合理地认为是不切实际的。因此,汽车是否也容易受到远程攻击仍然是一个悬而未决的问题。我们的工作旨在通过系统分析现代汽车的外部攻击面来解决这个问题。我们发现,通过广泛的攻击媒介(包括机械工具、CD 播放器、蓝牙和蜂窝无线电)进行远程利用是可行的,此外,无线通信通道允许远距离车辆控制、位置跟踪、车内音频泄露和盗窃。最后,我们讨论了导致此类问题的汽车生态系统的结构特征,并强调了缓解这些问题的实际挑战。
[12]
这个应该可以看一看
原文:https://link.springer.com/chapter/10.1007/978-3-319-66402-6_27
标题:分析CAN攻击者的能力
Abstract: The modern car is controlled by a large number of Electronic Control Units (ECUs), which communicate over a network of bus systems. One of the most widely used bus types is called Controller Area Network (CAN). Recent automotive hacking has shown that attacks with severe safety impact are possible when an attacker manages to gain access to a safety-critical CAN. In this paper, our goal is to obtain a more systematic understanding of the capabilities of the CAN attacker, which can support the development of security concepts for in-vehicle networks.
摘要:现代汽车由大量电子控制单元 (ECU) 控制,这些单元通过总线系统网络进行通信。最广泛使用的总线类型之一称为控制器局域网 (CAN)。最近的汽车黑客攻击表明,当攻击者设法获得对安全关键的 CAN 的访问权限时,就有可能造成严重安全影响的攻击。在本文中,我们的目标是更系统地了解 CAN 攻击者的能力,这可以支持车载网络安全概念的开发。
原文:https://dl.acm.org/doi/abs/10.1145/3399742
标题:幽灵攻击:利用推测执行
Abstract: Modern processors use branch prediction and speculative execution to maximize performance. For example, if the destination of a branch depends on a memory value that is in the process of being read, CPUs will try to guess the destination and attempt to execute ahead. When the memory value finally arrives, the CPU either discards or commits the speculative computation. Speculative logic is unfaithful in how it executes, can access the victim’s memory and registers, and can perform operations with measurable side effects.
Spectre attacks involve inducing a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim’s confidential information via a side channel to the adversary. This paper describes practical attacks that combine methodology from side-channel attacks, fault attacks, and return-oriented programming that can read arbitrary memory from the victim’s process. More broadly, the paper shows that speculative execution implementations violate the security assumptions underpinning numerous software security mechanisms, such as operating system process separation, containerization, just-in-time (JIT) compilation, and countermeasures to cache timing and side-channel attacks. These attacks represent a serious threat to actual systems because vulnerable speculative execution capabilities are found in microprocessors from Intel, AMD, and ARM that are used in billions of devices.
Although makeshift processor-specific countermeasures are possible in some cases, sound solutions will require fixes to processor designs as well as updates to instruction set architectures (ISAs) to give hardware architects and software developers a common understanding as to what computation state CPU implementations are (and are not) permitted to leak.
摘要:现代处理器使用分支预测和推测执行来最大限度地提高性能。例如,如果分支的目的地取决于正在读取的内存值,CPU 将尝试猜测目的地并尝试提前执行。当内存值最终到达时,CPU 要么放弃,要么提交推测计算。推测逻辑的执行方式是不忠实的,可以访问受害者的内存和寄存器,并且可以执行具有可测量副作用的操作。
幽灵攻击涉及诱导受害者推测性地执行在正确的程序执行期间不会发生的操作,并且通过侧通道将受害者的机密信息泄露给对手。本文描述了结合了侧通道攻击、故障攻击和可从受害者进程中读取任意内存的面向返回编程的方法的实际攻击。更广泛地说,该论文表明,推测执行实现违反了支撑众多软件安全机制的安全假设,例如操作系统进程分离、容器化、即时 (JIT) 编译以及缓存计时和侧通道攻击的对策。这些攻击对实际系统构成了严重威胁,因为在数十亿设备中使用的英特尔、AMD 和 ARM 微处理器中发现了易受攻击的推测执行功能。
尽管在某些情况下可以采取针对特定处理器的临时对策,但完善的解决方案需要修复处理器设计以及更新指令集架构 (ISA),以使硬件架构师和软件开发人员对 CPU 实现的计算状态有一个共同的理解(并且不允许)泄漏。
[51]
原文:https://dl.acm.org/doi/abs/10.1145/3134600.3134623
标题:VulCAN: Efficient Component Authentication and Software Isolation for Automotive Control Networks
标题:VulCAN:汽车控制网络的高效组件身份验证和软件隔离
Abstract: Vehicular communication networks have been subject to a growing number of attacks that put the safety of passengers at risk. This resulted in millions of vehicles being recalled and lawsuits against car manufacturers. While recent standardization efforts address security, no practical solutions are implemented in current cars.
This paper presents VulCAN, a generic design for efficient vehicle message authentication, plus software component attestation and isolation using lightweight trusted computing technology. Specifically, we advance the state-of-the-art by not only protecting against network attackers, but also against substantially stronger adversaries capable of arbitrary code execution on participating electronic control units. We demonstrate the feasibility and practicality of VulCAN by implementing and evaluating two previously proposed, industry standard-compliant message authentication protocols on top of Sancus, an open-source embedded protected module architecture. Our results are promising, showing that strong, hardware-enforced security guarantees can be met with a minimal trusted computing base without violating real-time deadlines under benign conditions.
摘要:车辆通信网络遭受越来越多的攻击,使乘客的安全面临风险。这导致数百万辆汽车被召回,并对汽车制造商提起诉讼。虽然最近的标准化工作解决了安全问题,但当前的汽车尚未实施任何实用的解决方案。
本文介绍了 VulCAN,一种用于高效车辆消息身份验证的通用设计,以及使用轻量级可信计算技术的软件组件证明和隔离。具体来说,我们不仅可以防御网络攻击者,还可以防御能够在参与的电子控制单元上执行任意代码的更强大的对手,从而推进最先进的技术。我们通过在 Sancus(一种开源嵌入式受保护模块架构)之上实施和评估两个先前提出的符合行业标准的消息身份验证协议,展示了 VulCAN 的可行性和实用性。我们的结果令人鼓舞,表明在良性条件下,可以通过最小的可信计算基础来满足强大的、硬件强制的安全保证,而不会违反实时期限。
[58]
原文: https://dl.acm.org/doi/abs/10.1145/3302509.3313783
标题:TACAN: transmitter authentication through covert channels in controller area networks
标题:TACAN:通过控制器局域网中的隐蔽通道进行发射机身份验证
Abstract: Nowadays, the interconnection of automotive systems with modern digital devices offers advanced user experiences to drivers. Electronic Control Units (ECUs) carry out a multitude of operations using the insecure Controller Area Network (CAN) bus in automotive Cyber-Physical Systems (CPSs). Therefore, dangerous attacks, such as disabling brakes, are possible and the safety of passengers is at risk. In this paper, we present TACAN (Transmitter Authentication in CAN), which provides secure authentication of ECUs by exploiting the covert channels without introducing CAN protocol modifications or traffic overheads (i.e., no extra bits or messages are used). TACAN turns upside-down the originally malicious concept of covert channels and exploits it to build an effective defensive technique that facilitates transmitter authentication via a trusted Monitor Node. TACAN consists of three different covert channels for ECU authentication: 1) Inter-Arrival Time (IAT)-based, leveraging the IATs of CAN messages; 2) offset-based, exploiting the clock offsets of CAN messages; 3) Least Significant Bit (LSB)-based, concealing authentication messages into the LSBs of normal CAN data. We implement the covert channels on the University of Washington (UW) EcoCAR testbed and evaluate their performance through extensive experiments. We demonstrate the feasibility of TACAN, highlighting no traffic overheads and attesting the regular functionality of ECUs. In particular, the bit error ratios are within 0.1% and 0.42% for the IAT-based and offset-based covert channels, respectively. Furthermore, the bit error ratio of the LSB-based covert channel is equal to that of a normal CAN bus, which is 3.1 x 10-7%.
摘要:如今,汽车系统与现代数字设备的互连为驾驶员提供了先进的用户体验。电子控制单元 (ECU) 使用汽车网络物理系统 (CPS) 中不安全的控制器局域网 (CAN) 总线执行多种操作。因此,可能会发生危险的攻击,例如禁用刹车,乘客的安全受到威胁。在本文中,我们提出了 TACAN(CAN 中的发送器身份验证),它通过利用隐蔽通道来提供 ECU 的安全身份验证,而无需引入 CAN 协议修改或流量开销(即,不使用额外的位或消息)。 TACAN 颠覆了隐蔽通道最初的恶意概念,并利用它构建了一种有效的防御技术,通过受信任的监控节点促进发射机身份验证。 TACAN 包含三种不同的用于 ECU 身份验证的隐蔽通道: 1) 基于到达间隔时间 (IAT),利用 CAN 消息的 IAT; 2) 基于偏移,利用 CAN 消息的时钟偏移; 3) 基于最低有效位 (LSB),将身份验证消息隐藏到正常 CAN 数据的 LSB 中。我们在华盛顿大学 (UW) EcoCAR 测试平台上实施隐蔽通道,并通过大量实验评估其性能。我们展示了 TACAN 的可行性,强调没有流量开销并证明了 ECU 的常规功能。特别是,基于 IAT 和基于偏移的隐蔽通道的误码率分别在 0.1% 和 0.42% 以内。此外,基于LSB的隐蔽通道的误码率与普通CAN总线的误码率相同,为3.1 x 10-7%。
[35]
原文:https://link.springer.com/chapter/10.1007/978-3-319-60876-1_9
标题:Analyzing the Capabilities of the CAN Attacker
标题:一种针对汽车网络的隐身、选择性、链路层拒绝服务攻击
Abstract: Modern vehicles incorporate tens of electronic control units (ECUs), driven by as much as 100,000,000 lines of code. They are tightly interconnected via internal networks, mostly based on the CAN bus standard. Past research showed that, by obtaining physical access to the network or by remotely compromising a vulnerable ECU, an attacker could control even safety-critical inputs such as throttle, steering or brakes. In order to secure current CAN networks from cyberattacks, detection and prevention approaches based on the analysis of transmitted frames have been proposed, and are generally considered the most time- and cost-effective solution, to the point that companies have started promoting aftermarket products for existing vehicles.
In this paper, we present a selective denial-of-service attack against the CAN standard which does not involve the transmission of any complete frames for its execution, and thus would be undetectable via frame-level analysis. As the attack is based on CAN protocol weaknesses, all CAN bus implementations by all manufacturers are vulnerable. In order to precisely investigate the time, money and expertise needed, we implement an experimental proof-of-concept against a modern, unmodified vehicle and prove that the barrier to entry is extremely low. Finally, we present a discussion of our threat analysis, and propose possible countermeasures for detecting and preventing such an attack.
摘要:现代车辆配备了数十个电子控制单元 (ECU),由多达 1 亿行代码驱动。它们通过内部网络紧密互连,主要基于 CAN 总线标准。过去的研究表明,通过获得对网络的物理访问或远程破坏易受攻击的 ECU,攻击者甚至可以控制油门、转向或刹车等安全关键输入。为了保护当前 CAN 网络免受网络攻击,人们提出了基于传输帧分析的检测和预防方法,并且通常被认为是最具时间和成本效益的解决方案,以至于公司已经开始推广售后市场产品现有车辆。
在本文中,我们提出了针对 CAN 标准的选择性拒绝服务攻击,该攻击不涉及传输任何完整帧来执行,因此通过帧级分析无法检测到。由于攻击是基于 CAN 协议的弱点,所有制造商的所有 CAN 总线实施都容易受到攻击。为了精确调查所需的时间、金钱和专业知识,我们对未经改装的现代车辆进行了实验性概念验证,并证明进入门槛极低。最后,我们讨论了我们的威胁分析,并提出了检测和防止此类攻击的可能对策。
[xx]
原文:
标题:
标题:
Abstract:
摘要:
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
