Speculative taint tracking (STT)

Speculative execution attacks present an enormous security threat, capable of reading arbitrary program data under malicious speculation, and later exfiltrating that data over microarchitectural covert channels. This paper proposes speculative taint tracking (STT), a high security and high performance hardware mechanism to block these attacks. The main idea is that it is safe to execute and selectively forward the results of speculative instructions that read secrets, as long as we can prove that the forwarded results do not reach potential covert channels. The technical core of the paper is a new abstraction to help identify all micro-architectural covert channels, and an architecture to quickly identify when a covert channel is no longer a threat. We further conduct a detailed formal analysis on the scheme in a companion document. When evaluated on SPEC06 workloads, STT incurs 8.5% or 14.5% performance overhead relative to an insecure machine.

Download Full-text

Survey of Transient Execution Attacks and Their Mitigations

ACM Computing Surveys ◽

10.1145/3442479 ◽

2021 ◽

Vol 54 (3) ◽

pp. 1-36

Author(s):

Wenjie Xiong ◽

Jakub Szefer

Keyword(s):

Information Leakage ◽

Speculative Execution ◽

Covert Channel ◽

Covert Channels ◽

Critical Data ◽

Different Types ◽

Temporal And Spatial ◽

Main Components ◽

First Disclosure

Transient execution attacks, also known as speculative execution attacks, have drawn much interest in the last few years as they can cause critical data leakage. Since the first disclosure of Spectre and Meltdown attacks in January 2018, a number of new transient execution attack types have been demonstrated targeting different processors. A transient execution attack consists of two main components: transient execution itself and a covert channel that is used to actually exfiltrate the information.Transient execution is a result of the fundamental features of modern processors that are designed to boost performance and efficiency, while covert channels are unintended information leakage channels that result from temporal and spatial sharing of the micro-architectural components. Given the severity of the transient execution attacks, they have motivated computer architects in both industry and academia to rethink the design of the processors and to propose hardware defenses. To help understand the transient execution attacks, this survey summarizes the phases of the attacks and the security boundaries across which the information is leaked in different attacks.This survey further analyzes the causes of transient execution as well as the different types of covert channels and presents a taxonomy of the attacks based on the causes and types. This survey in addition presents metrics for comparing different aspects of the transient execution attacks and uses them to evaluate the feasibility of the different attacks. This survey especially considers both existing attacks and potential new attacks suggested by our analysis. This survey finishes by discussing different mitigations that have so far been proposed at the micro-architecture level and discusses their benefits and limitations.

Download Full-text

Addressing Covert Channel Attacks in RFID-Enabled Supply Chains

Advanced Security and Privacy for RFID Technologies ◽

10.4018/978-1-4666-3685-9.ch011 ◽

2013 ◽

pp. 176-190

Author(s):

Kirti Chawla ◽

Gabriel Robins

Keyword(s):

Supply Chain ◽

Supply Chains ◽

Network Flow ◽

Economic Effects ◽

Future Research ◽

Covert Channel ◽

Covert Channels ◽

Node Selection ◽

Future Research Directions ◽

Key Nodes

RFID technology can help competitive organizations optimize their supply chains. However, it may also enable adversaries to exploit covert channels to surreptitiously spy on their competitors. We explain how tracking tags and compromising readers can create covert channels in supply chains and cause detrimental economic effects. To mitigate such attacks, the authors propose a framework that enables an organization to monitor its supply chain. The supply chain is modeled as a network flow graph, where tag flow is verified at selected key nodes, and covert channels are actively sought. While optimal taint checkpoint node selection is algorithmically intractable, the authors propose node selection and flow verification heuristics with various tradeoffs. The chapter discusses economically viable countermeasures against supply chain-based covert channels, and suggests future research directions.

Download Full-text

A New Sensors-Based Covert Channel on Android

The Scientific World JOURNAL ◽

10.1155/2014/969628 ◽

2014 ◽

Vol 2014 ◽

pp. 1-14 ◽

Cited By ~ 18

Author(s):

Ahmed Al-Haiqi ◽

Mahamod Ismail ◽

Rosdiadee Nordin

Keyword(s):

Covert Channel ◽

Security Model ◽

Covert Channels ◽

Computing Systems ◽

Collusion Attacks ◽

Acceleration Data ◽

Universal Solution ◽

Android Platform ◽

New Sensors ◽

Explicit Communication

Covert channels are not new in computing systems, and have been studied since their first definition four decades ago. New platforms invoke thorough investigations to assess their security. Now is the time for Android platform to analyze its security model, in particular the two key principles: process-isolation and the permissions system. Aside from all sorts of malware, one threat proved intractable by current protection solutions, that is, collusion attacks involving two applications communicating over covert channels. Still no universal solution can countermeasure this sort of attack unless the covert channels are known. This paper is an attempt to reveal a new covert channel, not only being specific to smartphones, but also exploiting an unusual resource as a vehicle to carry covert information: sensors data. Accelerometers generate signals that reflect user motions, and malware applications can apparently only read their data. However, if the vibration motor on the device is used properly, programmatically produced vibration patterns can encode stolen data and hence an application can cause discernible effects on acceleration data to be received and decoded by another application. Our evaluations confirmed a real threat where strings of tens of characters could be transmitted errorless if the throughput is reduced to around 2.5–5 bps. The proposed covert channel is very stealthy as no unusual permissions are required and there is no explicit communication between the colluding applications.

Download Full-text

A Survey of Key Technologies for Constructing Network Covert Channel

Security and Communication Networks ◽

10.1155/2020/8892896 ◽

2020 ◽

Vol 2020 ◽

pp. 1-20

Author(s):

Jing Tian ◽

Gang Xiong ◽

Zhen Li ◽

Gaopeng Gou

Keyword(s):

Communication Technology ◽

Network Architecture ◽

The Internet ◽

Covert Channel ◽

Free Access ◽

Transmission Network ◽

Information Channel ◽

Covert Channels ◽

Key Technologies ◽

Network Covert Channel

In order to protect user privacy or guarantee free access to the Internet, the network covert channel has become a hot research topic. It refers to an information channel in which the messages are covertly transmitted under the network environment. In recent years, many new construction schemes of network covert channels are proposed. But at the same time, network covert channel has also received the attention of censors, leading to many attacks. The network covert channel refers to an information channel in which the messages are covertly transmitted under the network environment. Many users exploit the network covert channel to protect privacy or guarantee free access to the Internet. Previous construction schemes of the network covert channel are based on information steganography, which can be divided into CTCs and CSCs. In recent years, there are some covert channels constructed by changing the transmission network architecture. On the other side, some research work promises that the characteristics of emerging network may better fit the construction of the network covert channel. In addition, the covert channel can also be constructed by changing the transmission network architecture. The proxy and anonymity communication technology implement this construction scheme. In this paper, we divide the key technologies for constructing network covert channels into two aspects: communication content level (based on information steganography) and transmission network level (based on proxy and anonymity communication technology). We give an comprehensively summary about covert channels at each level. We also introduce work for the three new types of network covert channels (covert channels based on streaming media, covert channels based on blockchain, and covert channels based on IPv6). In addition, we present the attacks against the network covert channel, including elimination, limitation, and detection. Finally, the challenge and future research trend in this field are discussed.

Download Full-text

Formal Analysis of SET and NSL Protocols Using the Interpretation Functions-Based Method

Journal of Computer Networks and Communications ◽

10.1155/2012/254942 ◽

2012 ◽

Vol 2012 ◽

pp. 1-18 ◽

Cited By ~ 6

Author(s):

Hanane Houmani ◽

Mohamed Mejri

Keyword(s):

Communication Channel ◽

Formal Analysis ◽

Sufficient Conditions ◽

Main Idea ◽

The Internet ◽

Cryptographic Protocol ◽

Cryptographic Primitives ◽

Algebraic Properties ◽

Security Properties ◽

Set Protocol

Most applications in the Internet such as e-banking and e-commerce use the SET and the NSL protocols to protect the communication channel between the client and the server. Then, it is crucial to ensure that these protocols respect some security properties such as confidentiality, authentication, and integrity. In this paper, we analyze the SET and the NSL protocols with respect to the confidentiality (secrecy) property. To perform this analysis, we use the interpretation functions-based method. The main idea behind the interpretation functions-based technique is to give sufficient conditions that allow to guarantee that a cryptographic protocol respects the secrecy property. The flexibility of the proposed conditions allows the verification of daily-life protocols such as SET and NSL. Also, this method could be used under different assumptions such as a variety of intruder abilities including algebraic properties of cryptographic primitives. The NSL protocol, for instance, is analyzed with and without the homomorphism property. We show also, using the SET protocol, the usefulness of this approach to correct weaknesses and problems discovered during the analysis.

Download Full-text

Development of a Remote-Controlled Electrical Interference Vehicle with a Magnetron

Sensors ◽

10.3390/s20216309 ◽

2020 ◽

Vol 20 (21) ◽

pp. 6309

Author(s):

Miroslav Popela ◽

Jan Leuchter ◽

Jana Olivová ◽

Marie Richterová

Keyword(s):

Frequency Band ◽

Power Supply ◽

Wireless Sensors ◽

High Performance ◽

Electronic Devices ◽

Main Idea ◽

Substantial Part ◽

Operational Mode ◽

Li Po ◽

The Individual

This paper describes the design and construction of a remotely controlled mobile interference device designed primarily for interference (jamming) and immunity testing of wireless sensors operating in the 2.4 GHz band (Wi-Fi). The main idea was to build a remotely controlled test device to test the immunity of wireless sensors operating in the 2.4 GHz band directly in field conditions. The remotely controlled mobile interference device is equipped with a special interference apparatus, using a special magnetron tube as a source of interference. Magnetron was selected due to its high performance, allowing interference with wireless sensors over long distances. As magnetron is powered by high voltage (3 kVDC) and is being used in a remotely controlled device, it was important to solve the issue of its power supply using an accumulator. The remotely controlled device was further equipped with the option of detecting and analysing signals in the frequency band of 1 GHz to 18 GHz, adding an extra operational mode that can be used in civil (commercial), industrial, and military applications. Detection and analysis of extraneous signals that may affect our various electronic devices, operating in the 1 GHz to 18 GHz frequency band, is very important. By detecting and analyzing the detected signal, it is possible to recognize what kind of foreign device is transmitting on the detected frequency and how much it can affect the proper functioning of our electronic devices. All the individual parts of the remotely controlled mobile interference device are described in this article in detail, including their optimization for maximum use of the accumulator capacity by which the remotely controlled mobile interference device is powered. A substantial part of this article is devoted to optimizing the interference apparatus power supply with a resonant converter and internal intelligence, where the accumulators’ capacity is measured to gain needed predictions for maximum use of Li-Po batteries and thus extending its time of use.

Download Full-text

A Low Area Overhead Design for High-Performance General-Synchronous Circuits with Speculative Execution

2019 IEEE International Symposium on Circuits and Systems (ISCAS) ◽

10.1109/iscas.2019.8702333 ◽

2019 ◽

Cited By ~ 1

Author(s):

Shimpei Sato ◽

Eijiro Sassa ◽

Yuta Ukon ◽

Atsushi Takahashi

Keyword(s):

High Performance ◽

Speculative Execution ◽

Synchronous Circuits ◽

Low Area ◽

Area Overhead

Download Full-text

Formal Analysis of an Efficient Handover Authentication Scheme for EAP-Based Wireless Networks with Extending BAN Logic

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.401-403.1864 ◽

2013 ◽

Vol 401-403 ◽

pp. 1864-1867 ◽

Cited By ~ 2

Author(s):

Li Ling Cao ◽

Wan Cheng Ge

Keyword(s):

Wireless Networks ◽

Privacy Preservation ◽

Formal Analysis ◽

Main Idea ◽

Authentication Protocol ◽

Security Requirements ◽

Ban Logic ◽

Handover Authentication ◽

Authentication Schemes ◽

Extensible Authentication Protocol

The existing Extensible Authentication Protocol (EAP) based handover authentication schemes have show robust security features especially the Qi Jing et al.'s design, which not only meets the essential security requirements in handover authentication but also achieves privacy preservation. However, it still suffers pitfalls in the process of authentication. The main idea of this paper is to extend the work by Qi Jing et al. and particularly focus on the formal analysis using extending BAN logic which is more concise yet practical to use on PKI-based protocols.

Download Full-text

A Low Area Overhead Design Method for High-Performance General-Synchronous Circuits with Speculative Execution

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences ◽

10.1587/transfun.e102.a.1760 ◽

2019 ◽

Vol E102.A (12) ◽

pp. 1760-1769

Author(s):

Shimpei SATO ◽

Eijiro SASSA ◽

Yuta UKON ◽

Atsushi TAKAHASHI

Keyword(s):

High Performance ◽

Design Method ◽

Speculative Execution ◽

Synchronous Circuits ◽

Low Area ◽

Area Overhead

Download Full-text

Declarative Power Sequencing

ACM Transactions on Embedded Computing Systems ◽

10.1145/3477039 ◽

2021 ◽

Vol 20 (5s) ◽

pp. 1-21

Author(s):

Jasmin Schult ◽

Daniel Schwyn ◽

Michael Giardino ◽

David Cock ◽

Reto Achermann ◽

...

Keyword(s):

High Performance ◽

Power Delivery ◽

System Component ◽

Critical Element ◽

Security Threat ◽

Correct Operation ◽

Power Delivery Networks ◽

Modern Computer ◽

Power Models ◽

Efficient Power

Modern computer server systems are increasingly managed at a low level by baseboard management controllers (BMCs). BMCs are processors with access to the most critical parts of the platform, below the level of OS or hypervisor, including control over power delivery to every system component. Buggy or poorly designed BMC software not only poses a security threat to a machine, it can permanently render the hardware inoperative. Despite this, there is little published work on how to rigorously engineer the power management functionality of BMCs so as to prevent this happening. This article takes a first step toward putting BMC software on a sound footing by specifying the hardware environment and the constraints necessary for safe and correct operation. This is best accomplished through automation: correct-by-construction power control sequences can be efficiently generated from a simple, trustworthy model of the platform’s power tree that incorporates the sequencing requirements and safe voltage ranges of all components. We present both a modeling language for complex power-delivery networks and a tool to automatically generate safe, efficient power sequences for complex modern platforms. This not only increases the trustworthiness of a hitherto opaque yet critical element of platform firmware: regulator and chip power models are significantly simpler to produce than hand-written power sequences. This, combined with model reuse for common components, reduces both time and cost associated with platform bring-up for new hardware. We evaluate our tool using a new high-performance 2-socket server platform with >100W per socket TDP, tight voltage limits and 25 distinct power regulators needing configuration, showing both fast (<10s) tool runtime, and correct power sequencing of a live system.

Download Full-text