Mobile Appliance Security: Concerns and Challenges - PowerPoint PPT Presentation

About This Presentation
Title:

Mobile Appliance Security: Concerns and Challenges

Description:

ICS 259: Seminar in Design Science ... Design Challenges. Various challenges and considerations for mobile appliance security ... – PowerPoint PPT presentation

Number of Views:83
Avg rating:3.0/5.0
Slides: 25
Provided by: mah18
Learn more at: https://www.cecs.uci.edu
Category:

less

Transcript and Presenter's Notes

Title: Mobile Appliance Security: Concerns and Challenges


1
Mobile Appliance Security Concerns and Challenges
  • Mahesh Mamidipaka
  • ICS 259 Seminar in Design Science

1. Securing Mobile Appliances New Challenges for
the System Designer - A. Raghunathan, S.
Ravi, S. Hattangady, J. Quisquater (DATE 03) 2.
Masking Energy Behavior of DES Encryption -
H. Saputra, N. Vijaykrishnan, N. Kandemir, et al.
(DATE 03) 3. Wireless Network Security - Tom
Karrygiannis and Jes Owens, NIST
http//csrc.nist.gov/publications/nistpubs/800-48/
NIST_SP_800-48.pdf
2
Outline
  • Introduction
  • Security Concerns
  • Design Challenges
  • Security Attacks on Smart Cards
  • Power analysis based attack
  • Masking Energy Behavior for DES Encryption (DATE
    03)

3
Introduction
  • Mobile appliances widely used (PDAs, Cell Phones,
    Smart Cards, etc.)
  • Involves sensitive information increased
    security concerns
  • Success of emerging technologies to depend on
    ensuring adequate security
  • Security cited as single largest concern among
    prospective m-commerce users

4
Unique Challenges
  • Knowledge and experience from wired internet
    gives us a head start (not sufficient)
  • Unique challenges
  • Use of public transmission medium
  • Potentially unlimited points of access
  • Vulnerable to theft, loss, and corruptibility
  • Constraints on power, cost, and weight
  • Need for techniques at every aspect of design to
    meet the challenges

5
Outline
  • Introduction
  • Security Concerns
  • Design Challenges
  • Security Attacks on Smart Cards
  • Masking Energy Behavior for DES Encryption

6
Security Issues
Tamper-resistant Implementation
User Identification
Secure Content
Secure Network Access
7
Secure Data Communication
  • Employ security protocols to various layers of
    network protocol stack
  • Achieve peer authentication, privacy, data
    integrity etc.
  • cryptographic algorithms act as building blocks
  • Examples Network layer protocols
  • Cellular technologies GSM, CDPD
  • Wireless LAN IEEE 802.11
  • Wireless PAN Bluetooth
  • Distinct protocols needed at various layers
  • Network layer protocol secures link between
    wireless client, access point, base station or
    gateway
  • Need complementary security mechanisms at higher
    protocol layers (Eg. WTLS in WAP)

8
Outline
  • Introduction
  • Security Concerns
  • Design Challenges
  • Security Attacks on Smart Cards
  • Masking Energy Behavior for DES Encryption

9
Design Challenges
  • Various challenges and considerations for mobile
    appliance security
  • Flexible security architecture to support
    diverse security protocols and crypto algorithms
  • Computational requirement for security processing
  • Impact of security processing on battery life
  • Tamper-resistant implementation

10
Flexibility
  • Ability to cater wide variety of security
    protocols
  • Example Support for both WEP and 3GPP algorithms
    to work in LAN and 3G cellular environments
  • Support for distinct security standards at
    different layers of network protocol stack
  • Example WEP (link layer) and SSL (transport
    layer) support for wireless LAN enabled PDA with
    web support
  • Security protocols continuously evolving
  • Protocols revised to enable new security
    services, new crypto algorithms etc.

11
Computational Requirements
Processing Requirements for a security protocol
using RSA based Connection 3DES based
encryption/decryption and SHA based integrity
12
Battery life
  • Reduced battery life due to increased
    computational requirements
  • Case study Sensor node with Motorola Dragon Ball
    processor (MC68328)
  • Energy Consumption
  • Transmission 21.5 mJ/KB
  • Reception 14.3 mJ/KB
  • RSA based encryption
  • 42mJ/KB

13
Tamper-Resistance
  • Security protocols and mechanisms are independent
    of implementation specifics
  • Assumption being malicious entities do not have
    access to implementation
  • Observing properties of the implementation can
    enable breaking of secret key
  • Sensitive data is vulnerable
  • During on-chip communication
  • When simply stored in mobile appliance (secondary
    storage like flash, main memory, caches, register
    files)

14
Outline
  • Introduction
  • Security Concerns
  • Design Challenges
  • Security Attacks on Smart Cards
  • Masking Energy Behavior for DES Encryption

15
Security Attacks on Smart Cards
  • Security attacks on smart cards can be classified
    as
  • Microprobing
  • Invasive technique that manipulates the internal
    circuits
  • Software attacks
  • Focuses on protocol or algorithm weakness
  • Eavesdropping
  • Hacks secret keys by monitoring power
    consumption, EM radiation, and execution time
  • Fault generation
  • Based on intentional malfunction of the circuit
  • Techniques like supply voltage change, exposing
    circuit to radiation etc.

16
Eavesdropping power profile
  • Rationale Power consumption of an operation
    depends on its operand values
  • Operands are plain text and secret key in crypto
    algorithms
  • Switching activity varies in memory, buses,
    datapath units, and pipeline registers based on
    operand values
  • Different degrees of sophistication involved in
    power analysis based attacks
  • Simple Power Analysis (SPA) uses single power
    profile
  • Differential Power Analysis (DPA) uses power
    profiles from multiple runs

17
Simple Power Analysis
  • Based on single power trace for operations
  • Identify operations being performed based on
    power profile
  • Whether a branch is taken or not
  • Whether an exponentiation operation is performed
    or not
  • Knowing the algorithm and power profile, secret
    key can be revealed
  • Protection from SPA
  • Code restructuring
  • Random noise insertion for power variation
  • Adding dummy modules

18
Differential Power Analysis
  • Utilizes power profiles gathered from multiple
    runs
  • Basic principle similar to SPA relies on data
    dependent power variation to break key
  • Averaging used to eliminate random noises
  • P.Kocher, J. Jaffer, and B. Jun Introduction to
    Differential Power Analysis and Related Attacks,
    http//www.cryptography.com/dpa/technical, 1998

19
Outline
  • Introduction
  • Security Concerns
  • Design Challenges
  • Security Attacks on Smart Cards
  • Masking Energy Behavior for DES Encryption

20
Energy Masking for DES
  • Architecture to have secure and non-secure
    instructions
  • Power consumption for secure instructions data
    independent
  • Critical operations in DES encryption
  • Assignment
  • Bit by bit addition modulo 2 (XOR)
  • Shift operation
  • Indexing operation
  • Instructions involving secret key replaced with
    secure instructions

21
Secure load instruction
22
Energy consumption profiles
23
Masking energy in DES
  • Energy consumption more for secure instructions
    than non-secure instructions
  • EDiss w/o masking 46.4 uJ
  • EDiss w/ naïve masking 63.6 uJ (all loads and
    stores masked)
  • EDiss w/ smart masking 52.6 uJ (only secret
    key related instructions masked)

24
Back to presentation
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Mobile Appliance Security: Concerns and Challenges" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!