-
Return-Oriented Programming on RISC-V
Authors:
Georges-Axel Jaloyan,
Konstantinos Markantonakis,
Raja Naeem Akram,
David Robin,
Keith Mayes,
David Naccache
Abstract:
This paper provides the first analysis on the feasibility of Return-Oriented Programming (ROP) on RISC-V, a new instruction set architecture targeting embedded systems. We show the existence of a new class of gadgets, using several Linear Code Sequences And Jumps (LCSAJ), undetected by current Galileo-based ROP gadget searching tools. We argue that this class of gadgets is rich enough on RISC-V to…
▽ More
This paper provides the first analysis on the feasibility of Return-Oriented Programming (ROP) on RISC-V, a new instruction set architecture targeting embedded systems. We show the existence of a new class of gadgets, using several Linear Code Sequences And Jumps (LCSAJ), undetected by current Galileo-based ROP gadget searching tools. We argue that this class of gadgets is rich enough on RISC-V to mount complex ROP attacks, bypassing traditional mitigation like DEP, ASLR, stack canaries, G-Free, as well as some compiler-based backward-edge CFI, by jumping over any guard inserted by a compiler to protect indirect jump instructions. We provide examples of such gadgets, as well as a proof-of-concept ROP chain, using C code injection to leverage a privilege escalation attack on two standard Linux operating systems. Additionally, we discuss some of the required mitigations to prevent such attacks and provide a new ROP gadget finder algorithm that handles this new class of gadgets.
△ Less
Submitted 15 March, 2021;
originally announced March 2021.
-
Enhanced Cyber-Physical Security Using Attack-resistant Cyber Nodes and Event-triggered Moving Target Defence
Authors:
Martin Higgins,
Keith Mayes,
Fei Teng
Abstract:
This paper outlines a cyber-physical authentication strategy to protect power system infrastructure against false data injection (FDI) attacks. We demonstrate that it is feasible to use small, low-cost, yet highly attack-resistant security chips as measurement nodes, enhanced with an event-triggered moving target defence (MTD), to offer effective cyber-physical security. At the cyber layer, the pr…
▽ More
This paper outlines a cyber-physical authentication strategy to protect power system infrastructure against false data injection (FDI) attacks. We demonstrate that it is feasible to use small, low-cost, yet highly attack-resistant security chips as measurement nodes, enhanced with an event-triggered moving target defence (MTD), to offer effective cyber-physical security. At the cyber layer, the proposed solution is based on the MULTOS Trust-Anchor chip, using an authenticated encryption protocol, offering cryptographically protected and chained reports at up to 12/s. The availability of the trust-anchors, allows the grid controller to delegate aspects of passive anomaly detection, supporting local as well as central alarms. In this context, a distributed event-triggered MTD protocol is implemented at the physical layer to complement cyber side enhancement. This protocol applies a distributed anomaly detection scheme based on Holt-Winters seasonal forecasting in combination with MTD implemented via inductance perturbation. The scheme is shown to be effective at preventing or detecting a wide range of attacks against power system measurement system.
△ Less
Submitted 30 October, 2020; v1 submitted 27 October, 2020;
originally announced October 2020.
-
Security, Privacy and Safety Evaluation of Dynamic and Static Fleets of Drones
Authors:
Raja Naeem Akram,
Konstantinos Markantonakis,
Keith Mayes,
Oussama Habachi,
Damien Sauveron,
Andreas Steyven,
Serge Chaumette
Abstract:
Inter-connected objects, either via public or private networks are the near future of modern societies. Such inter-connected objects are referred to as Internet-of-Things (IoT) and/or Cyber-Physical Systems (CPS). One example of such a system is based on Unmanned Aerial Vehicles (UAVs). The fleet of such vehicles are prophesied to take on multiple roles involving mundane to high-sensitive, such as…
▽ More
Inter-connected objects, either via public or private networks are the near future of modern societies. Such inter-connected objects are referred to as Internet-of-Things (IoT) and/or Cyber-Physical Systems (CPS). One example of such a system is based on Unmanned Aerial Vehicles (UAVs). The fleet of such vehicles are prophesied to take on multiple roles involving mundane to high-sensitive, such as, prompt pizza or shopping deliveries to your homes to battlefield deployment for reconnaissance and combat missions. Drones, as we refer to UAVs in this paper, either can operate individually (solo missions) or part of a fleet (group missions), with and without constant connection with the base station. The base station acts as the command centre to manage the activities of the drones. However, an independent, localised and effective fleet control is required, potentially based on swarm intelligence, for the reasons: 1) increase in the number of drone fleets, 2) number of drones in a fleet might be multiple of tens, 3) time-criticality in making decisions by such fleets in the wild, 4) potential communication congestions/lag, and 5) in some cases working in challenging terrains that hinders or mandates-limited communication with control centre (i.e., operations spanning long period of times or military usage of such fleets in enemy territory). This self-ware, mission-focused and independent fleet of drones that potential utilises swarm intelligence for a) air-traffic and/or flight control management, b) obstacle avoidance, c) self-preservation while maintaining the mission criteria, d) collaboration with other fleets in the wild (autonomously) and e) assuring the security, privacy and safety of physical (drones itself) and virtual (data, software) assets. In this paper, we investigate the challenges faced by fleet of drones and propose a potential course of action on how to overcome them.
△ Less
Submitted 18 August, 2017;
originally announced August 2017.
-
An Efficient, Secure and Trusted Channel Protocol for Avionics Wireless Networks
Authors:
Raja Naeem Akram,
Konstantinos Markantonakis,
Keith Mayes,
Pierre-Francois Bonnefoi,
Damien Sauveron,
Serge Chaumette
Abstract:
Avionics networks rely on a set of stringent reliability and safety requirements. In existing deployments, these networks are based on a wired technology, which supports these requirements. Furthermore, this technology simplifies the security management of the network since certain assumptions can be safely made, including the inability of an attacker to access the network, and the fact that it is…
▽ More
Avionics networks rely on a set of stringent reliability and safety requirements. In existing deployments, these networks are based on a wired technology, which supports these requirements. Furthermore, this technology simplifies the security management of the network since certain assumptions can be safely made, including the inability of an attacker to access the network, and the fact that it is almost impossible for an attacker to introduce a node into the network. The proposal for Avionics Wireless Networks (AWNs), currently under development by multiple aerospace working groups, promises a reduction in the complexity of electrical wiring harness design and fabrication, a reduction in the total weight of wires, increased customization possibilities, and the capacity to monitor otherwise inaccessible moving or rotating aircraft parts such as landing gear and some sections of the aircraft engines. While providing these benefits, the AWN must ensure that it provides levels of safety that are at minimum equivalent to those offered by the wired equivalent. In this paper, we propose a secure and trusted channel protocol that satisfies the stated security and operational requirements for an AWN protocol. There are three main objectives for this protocol. First, the protocol has to provide the assurance that all communicating entities can trust each other, and can trust their internal (secure) software and hardware states. Second, the protocol has to establish a fair key exchange between all communicating entities so as to provide a secure channel. Finally, the third objective is to be efficient for both the initial start-up of the network and when resuming a session after a cold and/or warm restart of a node. The proposed protocol is implemented and performance measurements are presented based on this implementation. In addition, we formally verify our proposed protocol using CasperFDR.
△ Less
Submitted 16 August, 2016; v1 submitted 14 August, 2016;
originally announced August 2016.
-
Security and Performance Comparison of Different Secure Channel Protocols for Avionics Wireless Networks
Authors:
Raja Naeem Akram,
Konstantinos Markantonakis,
Keith Mayes,
Pierre-Francois Bonnefoi,
Damien Sauveron,
Serge Chaumette
Abstract:
The notion of Integrated Modular Avionics (IMA) refers to inter-connected pieces of avionics equipment supported by a wired technology, with stringent reliability and safety requirements. If the inter-connecting wires are physically secured so that a malicious user cannot access them directly, then this enforces (at least partially) the security of the network. However, substituting the wired netw…
▽ More
The notion of Integrated Modular Avionics (IMA) refers to inter-connected pieces of avionics equipment supported by a wired technology, with stringent reliability and safety requirements. If the inter-connecting wires are physically secured so that a malicious user cannot access them directly, then this enforces (at least partially) the security of the network. However, substituting the wired network with a wireless network - which in this context is referred to as an Avionics Wireless Network (AWN) - brings a number of new challenges related to assurance, reliability, and security. The AWN thus has to ensure that it provides at least the required security and safety levels offered by the equivalent wired network. Providing a wired-equivalent security for a communication channel requires the setting up of a strong, secure (encrypted) channel between the entities that are connected to the AWN. In this paper, we propose three approaches to establish such a secure channel based on (i) pre-shared keys, (ii) trusted key distribution, and (iii) key-sharing protocols. For each of these approaches, we present two representative protocol variants. These protocols are then implemented as part of a demo AWN and they are then compared based on performance measurements. Most importantly, we have evaluated these protocols based on security and operational requirements that we define in this paper for an AWN.
△ Less
Submitted 17 August, 2016; v1 submitted 14 August, 2016;
originally announced August 2016.
-
When Theory and Reality Collide: Demystifying the Effectiveness of Ambient Sensing for NFC-based Proximity Detection by Applying Relay Attack Data
Authors:
Iakovos Gurulian,
Carlton Shepherd,
Konstantinos Markantonakis,
Raja Naeem Akram,
Keith Mayes
Abstract:
Over the past decade, smartphones have become the point of convergence for many applications and services. There is a growing trend in which traditional smart-card based services like banking, transport and access control are being provisioned through smartphones. Smartphones with Near Field Communication (NFC) capability can emulate a contactless smart card; popular examples of such services incl…
▽ More
Over the past decade, smartphones have become the point of convergence for many applications and services. There is a growing trend in which traditional smart-card based services like banking, transport and access control are being provisioned through smartphones. Smartphones with Near Field Communication (NFC) capability can emulate a contactless smart card; popular examples of such services include Google Pay and Apple Pay. Similar to contactless smart cards, NFC-based smartphone transactions are susceptible to relay attacks. For contactless smart cards, distance-bounding protocols are proposed to counter such attacks; for NFC-based smartphone transactions, ambient sensors have been proposed as potential countermeasures. In this study, we have empirically evaluated the suitability of ambient sensors as a proximity detection mechanism for contactless transactions. To provide a comprehensive analysis, we also collected relay attack data to ascertain whether ambient sensors are able to thwart such attacks effectively. We initially evaluated 17 sensors before selecting 7 sensors for in-depth analysis based on their effectiveness as potential proximity detection mechanisms within the constraints of a contactless transaction scenario. Each sensor was used to record 1000 legitimate and relay (illegitimate) contactless transactions at four different physical locations. The analysis of these transactions provides an empirical foundation on which to determine whether ambient sensors provide a strong proximity detection mechanism for security-sensitive applications like banking, transport and high-security access control.
△ Less
Submitted 2 May, 2016;
originally announced May 2016.
-
Empirical Evaluation of Ambient Sensors as Proximity Detection Mechanism for Mobile Payments
Authors:
Raja Naeem Akram,
Iakovos Gurulian,
Carlton Shepherd,
Konstantinos Markantonakis,
Keith Mayes
Abstract:
Near Field Communication (NFC) has enabled mobile phones to emulate contactless smart cards. Similar to contactless smart cards, they are also susceptible to relay attacks. To counter these, a number of methods have been proposed that rely primarily on ambient sensors as a proximity detection mechanism (also known as an anti-relay mechanism). In this paper, we, for the first time in academic liter…
▽ More
Near Field Communication (NFC) has enabled mobile phones to emulate contactless smart cards. Similar to contactless smart cards, they are also susceptible to relay attacks. To counter these, a number of methods have been proposed that rely primarily on ambient sensors as a proximity detection mechanism (also known as an anti-relay mechanism). In this paper, we, for the first time in academic literature, empirically evaluate a comprehensive set of ambient sensors for their effectiveness as a proximity detection mechanism. We selected 15 out of a total of 17 sensors available via the Google Android platform for evaluation, with the other two sensors unavailable on widely-used handsets. In existing academic literature, only 5 sensors have been proposed with positive results as a potential proximity detection mechanism. Each sensor, where feasible, was used to record the measurements of 1000 contactless transactions at four different physical locations. A total of 252 random users, random sample of the university student population, were involved during the field trails. The analysis of these transactions provides an empirical foundation to categorically answer whether ambient sensors provide a strong proximity detection mechanism for security sensitive applications like banking, transport and high-security access control. After careful analysis, we conclude that no single evaluated mobile ambient sensor is suitable for such critical applications in realistic deployment scenarios. Lastly, we identify a number of potential avenues that may improve their effectiveness.
△ Less
Submitted 18 February, 2016; v1 submitted 26 January, 2016;
originally announced January 2016.
-
Dynamic Domains in Strongly Driven Ferromagnetic Films
Authors:
K. Mayes,
T. Plefka,
H. Sauermann
Abstract:
The spatiotemporal structure formation problem is investigated in the region far above the transverse ferromagnetic resonance instability. The investigations are based on the dissipative Landau-Lifshitz equation and have been performed on a model which takes external fields, isotropic exchange fields, anisotropy fields and the demagnetizing part of the dipolar field into consideration. The numer…
▽ More
The spatiotemporal structure formation problem is investigated in the region far above the transverse ferromagnetic resonance instability. The investigations are based on the dissipative Landau-Lifshitz equation and have been performed on a model which takes external fields, isotropic exchange fields, anisotropy fields and the demagnetizing part of the dipolar field into consideration. The numerical simulations for these models exhibit stationary domain structure in the rotating frame. Employing analytical methods and simplifying the model, certain features, such as the magnetization within the domains and the proportion of the system in each domain, are described analytically.
△ Less
Submitted 14 August, 2003;
originally announced August 2003.