Secure Application Execution

Msgna, M., Markantonakis, K., Naccache, D., Mayes, K.: Verifying Software Integrity in Embedded Systems: A Side Channel Approach. To appear in Constructive Side Channel Analysis and Secure Design (COSADE 2014). Springer, Paris, France (2014).Abstract
In the last few decades embedded processors have invaded the modern lifestyle. Embedded systems have hardware and software components. Assuring the integrity of the software is very important as it is the component that controls what the hardware does through its instructions. Although there exist a number of software integrity verification techniques, they often fail to work in embedded environment. One main reason is, the memory read protection, frequently implemented in today's microprocessors, that prevent the verifier from reading out the necessary software parts. In this paper we show that side channel leakage (power consumption) can be used to verify the integrity of the software component without prior knowledge of the software code. Our approach uses instruction-level power consumption templates to extract information about executed instructions by the processor. Then this information together with pre-computed signatures are used to verify the integrity of the executed application using RSA signature screening algorithm. The instruction-level templates are constructed ahead of time using few authentic reference processors.
Msgna, M., Markantonakis, K., Mayes, K.: Precise Instruction-Level Side Channel Profiling of Embedded Processors. To appear in 10th Information Security Practice and Experience Conference (ISPEC 2014). Springer, Fuzhou, China (2014).Abstract
Since the first publication, side channel leakage has been widely used for the purposes of extracting secret information, such as cryptographic keys, from embedded devices. However, in a few instances it has been utilised for extracting other information about the internal state of a computing device. In this paper, we show how to create a precise instruction-level side channel leakage profile of an embedded processor. Using the profile we show how to extract executed instructions from the device's leakage with high accuracy. In addition, we provide a comparison between several performance and recognition enhancement tools. Further, we also provide details of our lab setup and noise minimisation techniques, and suggest possible applications
Msgna, M., Markantonakis, K., Mayes, K.: The B-Side of Side Channel Leakage: Control Flow Security in Embedded Systems. In: Tanveer, Z., Albert, Z., Varadharajan, V., and Morley, M. Security and Privacy in Communication Networks. p. 288-304. Springer International Publishing (2013). WebsiteAbstract
The security of an embedded system is often compromised when a "trusted" program is subverted to behave differently. Such as executing maliciously crafted code and/or skipping legitimate parts of a "trusted" program. Several countermeasures have been proposed in the literature to counteract these behavioural changes of a program. A common underlying theme in most of them is to define security policies at the lower level of the system in an independent manner and then check for security violations either statically or dynamically at runtime. In this paper we propose a novel method that verifies a programs behaviour, such as the control flow, by using the devices side channel leakage.
Akram, R.N., Markantonakis, K., Mayes, K.: Cross-Platform Application Sharing Mechanism. In: Wang, H., Tate, S.R., and Xiang, Y. 10th IEEE International Conference on Trust Security and Privacy in Computing and Communications (IEEE TrustCom-11). p. 597-605. IEEE Computer Society, Changsha, China (2011).Abstract
The application sharing mechanism in multi-application smart cards facilitates corroborative schemes between applications in a secure and reliable manner. Traditional application sharing can only be realised if both applications are installed on the same device. In this paper we extend the smart card firewall to include the application sharing mechanism between applications installed on different smart cards. We propose Platform and Application Binding Protocols that enables two smart-cards / applications to authenticate and ascertain the trustworthiness before sharing resources. Furthermore we provide an informal analysis of the protocols along with comparison with existing protocols. Subsequently mechanical formal analysis based on the CasperFDR and the implementation experience is presented.
Akram, R.N., Markantonakis, K., Mayes, K.: User Centric Security Model for Tamper-Resistant Devices. In: Li, J. and Chung, J.-Y. 8th IEEE International Conference on e-Business Engineering (ICEBE 2011). p. 168-177. IEEE Computer Society, Beijing, China (2011).Abstract
Tamper-resistant devices provide a secure, reliable, and trusted execution environment even in the possession of an adversary. With ever growing use of computing platforms (i.e. mobile phones, tablets and embedded devices, etc.) the potential for compromising the security and privacy of an individual is increased. The Trusted Platform Module is restricted to integrity measurement and cryptographic operations, which is crucial in its own right. On the contrary, smart cards provide a general-purpose execution environment, but traditionally they are under a centralised control, which if extended to the other computing platforms may not be appropriate. Therefore, in this paper we analyse the rationale for a general-purpose cross-platform user centric tamper-resistant device based on the smart card architecture, its applications in different computing environments, along with the ownership management framework.