1 / 14

CS/ECE Advanced Network Security Dr. Attila Altay Yavuz

CS/ECE Advanced Network Security Dr. Attila Altay Yavuz. Topic 1.2 Course and Project Overview (2). Fall 2014. escar 2011 - A Hardware Security Module for ECUs. Tester. ECU. ECU. ECU. CE-Device. Intra-car Communication Security. Attack surface is growing

Download Presentation

CS/ECE Advanced Network Security Dr. Attila Altay Yavuz

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CS/ECE Advanced Network SecurityDr. Attila Altay Yavuz Topic 1.2 Course and Project Overview (2) Dr. Attila Altay Yavuz Fall 2014

  2. escar 2011 - A Hardware Security Module for ECUs Tester ECU ECU ECU CE-Device Intra-car Communication Security • Attack surface is growing • Car networks get connected to the internet • CE-Devices are connected to the car networks • Network access hard- and software is now cheap (e.g. bluetooth – CAN) HMI Internet • Growing complexity of the in-car software, 3rd party SW integration • Attackers are becoming more professional, using more advanced methods • Tuning protection and avoidance of unjustified guarantee claims are a strong driver

  3. Intra-Car Communication Security • Real Attacks on Modern Automobile Systems: • Comprehensive Experimental Analyses of Automotive Attack SurfacesStephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage, Karl Koscher, Alexei Czeskis, Franziska Roesner, and Tadayoshi Kohno.  USENIX Security, August 10–12, 2011. • Not only internal access, but CD players, Bluetooth, multi-media systems enable attacks • A media player playing a modified WMA music done the job! • Lots of remote exploits • Relay Attacks on Passive Keyless Entry and Start Systems in Modern CarsAurelien Francillon, Boris Danev, and Srdjan Capkun Network and Distributed System Security Symposium (NDSS), 2011 • Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case StudyIshtiaq Roufa, Rob Millerb, Hossen Mustafaa, Travis Taylora, Sangho Ohb Wenyuan Xua, Marco Gruteserb, Wade Trappeb, and Ivan Seskarb  USENIX conference on Security, 2010 • Listing internal components from 40 meters away! • Play with tire-pressure system, stop and ambush drivers

  4. Secure Inter-ECU Communication Secure ECU Communication in Car • Scenario: Communication among Electrical Contorl Units (ECUs) on internal vehicle systems • Bus system: CAN, FlexRay (Ethernet) • Malicious falsification of messages • Sending corrupted messages by infected control units or interceptions for defective influence of recipient • Why? • No authentication and/or integrity mechanism is used in intra-car systems!

  5. Secure Inter-ECU Communication Secure ECU Communication in Car • Challanges: • Ultra Limited Bandwidht • We have 16 bit (or 24 bit) allocated for securtiy purposes • Limited Memory, little space for crypto keys • Keys must be re-newed (re-transmitted) • Time and synronization issues, package loss • PKC crypto not feasible as is • Safety versus Security • Satefy is priority for auto industry, no one will change any standard easily • Interpret security as a safety concern with malicious intent

  6. Secure ECU Communication in Car • Proposal: • Use of different Message Authentication Code with Truncation • A 128-bit HMAC can be truncated up to 32 bits with no extra security loss • 2^32 guaranteed. • Can we do better than this? • Universal Message Authentication Codes (UMACs) are algebraic one-time/multiple time MACs • They are faster than traditional MACs under certain assumptions • Strategy is to identify suitable UMACs, investigate under truncation and set up a key management method • Why key management? • UMACs require key sycnronization and renewal!

  7. Secure ECU Communication in Car • UMAC is itself two times faster than CMAC on ARM • But key set up phase of UMAC is pretty slow • Perform key setup beforehand, and use pre-computed keys. This enables fast computation with a memory trade-off • If memory is a constraint, CMAC is a better choice • If speed is more important and we can tolerate store, UMACs are fast. We can pre-compute keys in idle times and use them for a fast real-time computation • Storing/transmitting a different key for each message is impractical

  8. Secure ECU Communication in Car • Use crypto PRNGs: Signer and verifier share seed (root) key sk=(a,b), and for each message mj, a new key is derived from the previous key as skj CPRNG( skj-1 ) • Not unconditionally secure anymore, at most as secure as CPRNG • Requires synchronization between the signer and receivers • Optional, evolution of UMACs from a formal perspective • (i)Wegman-Carter, M is hashed to a short digest via a universal hash function indexed by a secret key. Resulting value is OTP encrypted. • (ii) Brassard replaces OTP with a PRF along with a random nonce. • (iii) Apply PRF directly to the hash result. • (iv) Derive UMAC key from a short key (as above), • (v) Reuse keys for some messages. Many UMACs use this approach, and it is problematic

  9. Some Important UMACs Secure ECU Communication in Car • Polynomial UMACs (e.g., [1]):(k,k’) are n-bit keys, messages with l=t*nbits. Split message x into t blocks, work on GF(2^{n}) • Square Hash [2]: • MMH [3]: • There are many more: NMH family (e.g., [4]), WH [5], NH [6] • Polynomial evaluation and message authentication [7] by Daniel J. Bernstein is a very fast UMAC

  10. Secure ECU Communication in Car • Group Size: 1-2 student • Students considering security research, or Winter 2014:Applied crypto class • Required Background: • C/C++ or Java programming, or ability to use software packages from existing libraries • Knowledge on cryptographic hash functions, MAC, block ciphers (AES), Pseudo Random • 1) Identify a set of good UMACs • 2) Implement selected UMACs (or obtain implementation) • 3) Work on efficient key update mechanisms for UMACs • 4) Understand Blundo polynomials to set up keys between ECUs • 5) Report overall security architecture and scheme • 6) Final report and presentation

  11. Universal Message Authentication Code (UMAC) References • [1] Ted Krovetz. UMAC: Message Authentication Code using Universal Hashing, March • 2006. RFC 4418, http://fastcrypto.org/umac/rfc4418.txt. • Version for 2000, http://fastcrypto.org/umac/index00.html • [2] M. Etzel, S. Patel, Z. Ramzan, “Square Hash: Fast Message Authentication via Optimized Universal Hash Functions,” Proc. Crypto’99, LNCS 1666, M. Wiener, Ed., Springer-Verlag, 1999, pp. 234–251. • [3] S. Halevi, H. Krawczyk, “MMH: Software Message Authentication in the Gbit/second Rates,” Fast Software Encryption, LNCS 1267, E. Biham, Ed., Springer-Verlag, 1997, pp. 172–189. • [4] M.N. Wegman, J.L. Carter, “New Hash Functions and their Use in Authentication • and Set Equality,” Journal of Computer and System Sciences, Vol. 22, No. 3, 1981, • pp. 265–279. • [5]J.-P. Kaps, K. Yuksel, B. Sunar, “EnergyScalable Universal Hashing,” IEEE Trans. on Computers, Vol. 54, No. 12, 2005, pp. 1484–1495. • [6] J. Black, S. Halevi, H. Krawczyk, T. Krovetz, P. Rogaway. “UMAC: Fast and Secure Message Authentication,” Proc. Crypto’99, LNCS 1666, M. Wiener, Ed., Springer-Verlag, 1999, pp. 216–233. • [7] Daniel J. Bernstein, The Poly1305-AES message-authentication code • [8]W.Nevelsteen and B. Preneel. Software performance of universal hash functions. In Proceedings of the 17th international conference on Theory and application of cryptographic techniques (EUROCRYPT'99), Springer-Verlag, 24-41. • [9] H. Handschuh and B. Preneel. Key-Recovery Attacks on Universal Hash Function Based MAC Algorithms. In Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology (CRYPTO 2008), Springer-Verlag, Berlin, 144-161.

  12. Secure Inter-ECU Communication Encryption Methods for Medical Systems • Research Problem: • Chaos-based encryption methods are proposed for medical systems • They are claimed to be more „effective“ (?) than traditiona encryption methods • Secure of Chaous-based methods are being critizied • Security is dubious, but even are they so much more efficient than traditional encryption? • Investigate this case! • It is likely that their efficiency advantages do not justy the security

  13. Secure Inter-ECU Communication Encryption Methods for Medical Systems • Some papers: 1) An Efficient Medical Image Cryptosystem Based on Chaotic Maps http://www.aicit.org/JDCTA/ppl/JDCTA%20Vol6%20No13%20Binder1_part29.pdf 2) Chaos Based Encryption System for Encrypting Electroencephalogram Signals, Journal of Medical Systems. http://www.researchgate.net/publication/261736834_Chaos_based_encryption_system_for_encrypting_electroencephalogram_signals The above paper discusses a C# based implementation 3)An efficient and secure medical image protection scheme based on chaotic maps. http://www.ncbi.nlm.nih.gov/pubmed/23816172 4) A review paper on Chaos-based encryption http://www.ripublication.com/irph/ijict_spl/ijictv4n2spl_14.pdf 5) http://www.intechopen.com/books/multimedia-a-multidisciplinary-approach-to-complex-issues/multimedia-security-a-survey-of-chaos-based-encryption-technology

  14. Encryption Methods for Medical Systems • Group Size: 1-2 student(s) • Required Background: • C/C++ or Java programming, or ability to use software packages from existing libraries • Knowledge on cryptographic hash functions, MAC, block ciphers (AES), Pseudo Random F. • Work on implementation of the latest Chaos schemes • Totally ok if you can obtain existing implementations • Work on efficient AES implementations or ciphers such as • Present Cipher Suite • Humming Bird • Compare efficiency, discuss security differences, analyze the claim , final report and presentation

More Related