the industrial challenges in software security and protection challenges in... · the industrial...

© 2017 Irdeto. All Rights Reserved. – www.irdeto.com

1© 2017 Irdeto. All Rights Reserved. – www.irdeto.com

© 2017 Irdeto. All Rights Reserved.

The Industrial Challenges in Software Security and Protection

Yuan Xiang Gu Co-Founder of Cloakware

Senior Technology Advisor, IrdetoGuest Professor, Northwest University

The 9th International Summer School on Information Security and ProtectionCanberra, Australia, July 9 - 13, 2018


22

1975 -1988: Professor of Northwest University in China 1988 -1990: Visiting professor of McGill University, Canada 1990 -1997: Senior scientist and architect at Nortel 1993: Effective Immune Software (EIS, early Cloakware idea)

1997 - 2007: Co-founder and executive positions of Cloakware 2007 - 2018.April: Chief Architect, Irdeto leading security research and collaboration with universities worldwide

2011 - present: Guest professor of Northwest University, China 2018.May - present: Senior Technology Advisor, Irdeto

Myself Briefing


33

The 1st ISSISP was held in Beijing, China, in 2009 Jack Davidson, Christian Collberg, Roberto Giacobazzi, Yuan Gu, etc.

Have been holding in following 3 times in Asian (China, India) 3 times in Europe (Belgium, Italy, France) 1 time in North America (USA) 1 time in South America (Brazil) 1 time in Australia

ISSISP2019 is considering to hold in China to celebrate the 10th year of anniversary

ISSISP History


44

The 1st international workshop on Software Security and Protection (SSP) with IEEE ISI was held in Beijing, China, in 2010 Christian Collberg, Jack Davidson, Roberto Giacobazzi, Yuan Gu, etc.

Since 2016, SSP has merged with Program Protection and Reverse Engineering Workshop (PPREW) into SSPREW (Software Security, Protection and Reverse Engineering Workshop) co-located with ACSAC.

SSPREW 2018 with ACSAC is to hold in to on Descemer 3–7, 2018, Puerto Rico, USA (CFP soon)

SSPREW History

5

SECURING DIGITAL ASSETS FOR 21 YEARS

50 MILLION TRANSACTIONS PROTECTED PER DAY

OVER 70 SOFTWARE-BASED CLOAKED CA CUSTOMERS WORLDWIDE WITH OVER 25 MILLION DEPLOYED CLIENT DEVICES

70 MILLION PERSONALIZED SEMICONDUCTOR CHIPS PROVISIONED VIA IRDETO’SKEYS & CREDENTIALS SOLUTION

MORE THAN 191 MILLION CRYPTOGRAPHIC KEYS GENERATED AND UNDER MANAGEMENT

+5 BILLION DEVICES & APPLICATIONS SECURED


6

Part 1: Trends in Threats and Security Paint Points

Part 2: New Challenges and White-box Security New Challenges to Information Security White-Box Attacks in Real World Software Security: More Than Vulnerability Power of Software Protection Software Security Immunity Connected Application central based Security Model AI and ML Security Problems Software Security Lifecycle and Digital Asset Protection New View of Information Security

Part 3: White-box Security Patterns Introduction to WB Computing Security Patterns Description in Details of Selected WB Security Pattern

Agenda

6


7

Days of hacking games and movies are over…

... Attacking busines is the new trend!

Part 1:

Trends in Threats and Security Paint Points


8

SW Protection Business Trends

8

Digital Contents (TV, Video,

Music, Film)

GamesE-Commerce

Mobile Payments

Apps &Web Applications

ApplicationsConnected & Intelligent &

Autonomous Vehicles

IOT Devices and Systems

AI & ML SW

2010 +

2015 +

1995+


9

9

Smart Office

Smart Home

Smart Building

Smart Transportation

Smart Agriculture

Smart Business

Smart Health

Smart City

Smart Environment

Smart Earth

Any device or sensor with an IP address connected to a system network via Internet is an entry point for hackers and cybercriminals: Just like leaving your front door wide open for thieve

Smart Utilities

Smart Education

Connected World: While Smarting Everything, Can We Secure Everything?

Presenter

Presentation Notes

In the current connected world, we can make everything digitalized and smarter. Question is whether we can secure everything? Definitely, the answer is no because any devices or sensors with an IP address connected to a system network via Internet is an entry point for hackers and cybercriminals – just like leaving your front door wide open for thieves. In fact, there are many vulnerabilities for hackers.

https://finance-monthly-djmweb.netdna-ssl.com/Finance-Monthly/wp-content/uploads/2018/05/The-Internet-of-Broken-Things-10-Key-Facts-About-IoT.jpg


10

20102010

2015 2015

2015

2016

2015

2014

2015

2015 2016

Wifi laptop remote control

2015

OnStar remote control

Dealer malware propagation

Remote control through Zubie dongle

BMW unlock

Key fob replicator

OnStar unlock / start takeover Tesla WebKit hack

Jeep hack

Corvette insurance dongle

Tesla Wifiand Android App

Nissan Leaf mobile app

Automotive Cybersecurity History

2017Tesla hacked by Keen again

Cybersecurity Attacks in Connected and Intelligent Vehicles

Presenter

Presentation Notes

In the automotive market, exploits are being exposed by academics and security researchers at an increasing pace. The information about the full weaknesses were documented and published in 8 out of these 12 hacks, many with source code and schematics. While many of the vulnerabilities have been fixed, in some cases it’s taken 5 years for the automaker to acknowledge and correct the security flaws. [More detail on diagram:] May 2010*: remote control, WiFi laptop, U of CA-San Diego + U of WA May 2010: OnStar [hack] remote control, U of CA-San Diego + U of WA Nov 2014: Control through Zubie dongle, Argus Cyber Security Feb 2015*: BMW ConnectedDrive unlock, German Automobile Assoc. Jul 2015§: Rolljam keyfob replicator, Kamkar Jul 2015*: Jeep hack remote control, Miller+Valasek Jul 2015§: OnStar unlock/start takeover, Kamkar Sep 2015§: Dealer malware propagation, Open Garages/Smith Aug 2015: Tesla Webkit [hack] vulnerability, CloudFlare + Lookout Aug 2015*: Corvette control via insurance dongle, U of CA-San Diego Jan 2016*: Nissan Leaf control via mobile app, Hunt Aug 2016: Tesla remote control via WiFi, Tencent * Hack fully documented and published § Hack source & schematics released to open source community (GitHub, etc) 2015 is a big millstone year for automotive industry for connected and intelligent vehicles. Before, no carmakers believe that anyone can hacking into car system remotely and dynamically. Since Jeep hack, the carmakers are punick for this reality, and start to spend big money on information security to address security problems raised by hackings. 2016-2017, there are more vulnerabilities have been discovered. You can find good videos for major attacks from websites.


11

2018 Cybersecurity Attacks in Connected and Intelligent Vehicles

▪ January▪ Rare Malware Targeting Uber’s Android App Uncovered. ▪ Canadian Train Company Targeted by North Korean Cyberattack.▪ Australian Car-Sharing Company in Identity Theft Hack.▪ Charging Electric Cars: A Free Ride for Hackers.

▪ February▪ Thieves Hack Into Keyless Entry Fob and Steal Cars in UK.▪ Tesla Hackers Hijacked Amazon Cloud Account to Mine Cryptocurrency. ▪ For Cadillac, CAN Bus data exposed by On-Board Diagnostics-sniffing.

▪ March (bad month for self-driving vehicles)▪ Failed Tesla Autopilot system caused a killing of a woman▪ Uber’s Volvo SUV killed a pedestrian woman.

▪ May▪ The team from Tencent’s Keen Security Lab discovered 14 vulnerabilities in over tens of millions of

BMW connected vehicles.

Presenter

Presentation Notes

This is just a beginning, and many connected and intelligent carmakers are still in earlier stage and do not have big volume of cars released to markets yet. For BMW attacks, please read news from both Keen lab and BMW, and brief technical details are available now, and complete details will be available by 2019 for confidential reason.

©2017 Irdeto, All Rights Reserved. – www.irdeto.com

12

Hackers Everywhere and Hacking is Big Business

• For Fun• Unsophisticated Attackers

• For Profit• Cheaters • Black Business• Organized Crime• Terrorist Organizations Hacktivists

• For Special Interests• Competitors• Nation States• Terrorist Organizations

• For Challenge• Sophisticated Researchers

12

Presenter

Presentation Notes

20 years ago, hackers mainly are for fun. Many hackers are youngsters. Recently 20 years, hacking is a business and an industry, and there is a hacking market. You can buy malwares and attacking tools from the internet. Many freeware and commercial tools can be used for effective attack purpose. Hackers have an own community in which hackers share their knowledge and experiences Hackers can apply similar skills, tools and methods to break different computer systems. Explain the motives of an attacker: For fun At early time, there were many youngest (including some high-school students) have lots of funs to develop attacks to computer systems. Of course, attack-for-fun never stops, and always there are some talent people over there being exploiting vulnerabilities of a system. For profit These days, majority attack activities are for profit. ******* Need some research on attack for profit ****** For special interests Beyond for fun and for profile, there are many other reasons to attack a real system. Business competition – a competitor can get business intelligent information by using direct and indirect attacking competitors' systems. Nation to nation for national security intelligent. Terrorist Organizations: this group of attackers uses attacking not only for profit but also getting their intelligent information, destroying and damaging targeted people, business, community and nations. In the future, it can be terrible that terrorist can attack a city transportation system and kill hundreds or thousands people by attacking driving vehicles on the street. For challenge This is a good thing. Security researchers is to exploit security problem before it is discovered for bad people. Such security research activities are very important to develop and improve security technologies and help business have up-hands to build a better system. 2015, two researchers in US developed remote attack to a car running at street to control its steer and brakes. Entire auto industry starts to realize how serious about cyber security for connected cars.


13©2016 Irdeto, All Rights Reserved. – www.irdeto.com

Presenter Name

Presenter Title

Location

Date

Classification

Cybercrime has evolved from single hackers into resilient highly skilled organizations performing global cyber attacks

• Cyber breaches recorded by businesses have almost doubled in five years, from 68 per business in 2012 to 130 per business in 2017.

• A 2017 study of 254 companies across seven countries put the annual cost of responding to cyberattacks at £11.7 million per company, a year-on-year increase of 27.4%.

• The financial impact of cybersecurity breaches is rising, and some of the largest costs in 2017 related to ransomware attacks. The cost of cybercrime to businesses over the next five years is expected to be US$8 trillion.

• Another growing trend is the use of cyberattacks to target critical infrastructure and strategic industrial sectors, raising fears that, in a worst-case scenario, attackers could trigger a breakdown in the systems that keep societies functioning.

(Source: Marsh Global Risks Report 2018) 16


14

G r o w i n g I m p a c t S c o p e o f S e c u r i t y T h r e a t s

• Millions of persons• Billions of devices• Millions of networks• Millions of companies• Millions of organizations

• Multiple nations• Cross continents• Any connected environments• Any connected devices• Anyone & Any where & Any time

• Kill and hurt people’s life• Disorder societies• Destroy and hurt

businesses• Damage nations and the

world• Financial lost• Business lost• Reduce

Productivities • Inconvenience

• Individual persons• Individual devices• Individual companies• Individual networks• Individual organizations

14

Presenter

Presentation Notes

The impact scope for security threats recently also change significantly. In the past, a successful attacks mainly tagerted individual companies and organization or person or device. Right now, this nature is changing to target hundreds, thousands or millions individuals, companies and organizations. from last two years, this nature is changing further, cyber hackers can launch an attack to many organizations and companies cross many countries. From damage view, impacts are not only for financial lost, business lost, making inconveniences, but also becoming much serious.


15

KrebsOnSecurity.com was knocked offline by 620Gbps DDoS. One of the biggest ever recorded. This was followed by a 1Tbps attack against French web host OVH

Botnet of refrigerators? Cars? Traffic Lights? Medical Devices?Would we even know it was happening?

Indications are that an estimated 500k+ IoT devices such as security cameras and DVRs were used as a botnet for the attack.

Mirai – Botnet on Steroids (DDoS)


16

Mobile ransomware quadrupled in 2015

Fast becoming a mature, million dollar business for organized crime

35 known ransomware “products” in operation in 2015

Targeting corporations and public entities such as municipal gov’ts and hospitals

Ransomware – Willingness To Harm

Presenter

Presentation Notes

35,000 attacks for the year prior to March 2015, then exceeding 136,500 attacks in the following year CryptoWall, bringing in $325M of ransoms alone


17

Ransomware in Healthcare

USA top target for ransomware with 320,000+ infected

systems

Healthcare providers pay USD $6B annually

to ransomware

Cerber “ransomware-as-a-service” takes

40% of extorted profits; run by Russian

crime ring

TeslaCrypt | 777 Xorist | Cerber

GhostCrypt | SamSamCryptoLocker

MSIL/Samas | Locky

2016Methodist Hospital

USA

2016Klinikum Arnsberg

Germany

2016Lukas Hospital

Germany

2016Hollywood

PresbyterianUSA

2016Kansas Heart Hospital

USA

2016DeKalb Health

USA

2016Chino Valley Medical

USA

2016Ottawa Hospital

Canada

Ransomware in Healthcare

Presenter

Presentation Notes

This is what is currently happening to the healthcare industry – an industry that is similar to automotive in that there’s a primary concern for safety but where there is no real experience in cybersecurity. Unfortunately, safety and security are not at all the same, and criminals are now regularly profiting off of inadequate security measures in hospital networks and equipment. Hospitals are threatened with network disruption, HVAC disabling, and equipment shutdowns as well as with the exposure or sale of patient records unless they pay a ransom. There are some hackers who do not consider the endangerment of human life to be a deterrent. While hacking hospitals is below some black-hat hackers “ethical” threshold, others willfully risk human life for profit. This includes international organized crime rings. Based on the trajectory we see here and what we’ve seen in many other industries, this is what awaits the automotive industry. Klinikum Arnsberg, Germany, Feb 2016 Lukas Hospital, Germany, Feb 2016 Hollywood Presbyterian Medical Center, Los Angeles, Feb 2016 Methodist Hospital in Henderson, Kentucky, Mar 2016 MedStar Health, 10 hospitals and 250+ out-patient clinics in the Maryland/Washington, DC area, Mar 2016 Kansas Heart Hospital, May 2016 Chino Valley Medical Center, Prime Healthcare Management, California, Mar 2016 Desert Valley Hospital, Prime Healthcare Management, California, Mar 2016 Ottawa Hospital, Ottawa, Canada, Mar 2016 DeKalb Health, Auburn, Indiana, May 2016 $6 billion annually paid to hackers by healthcare providers, KPMG 2015 survey report US top target for ransomware, 320,948 infected systems (Microsoft, Ransomware InfoDay, May 2016) TeslaCrypt, 777, Xorist, GhostCrypt, Locky, CryptoLocker, MSIL/Samas, SamSam, Cerber, Cerber2 Cerber: Ransomware as a service, 40% cut for ”Ransomware for dummies”, user friendly interface, affiliate program, Russian run


18

Global Ransomware – WannaCry & Petya

▪ On May 12, 2017: WannaCry attacks to 300,000 machines in 150 countries worldwide

▪ On June 27, 2017: Petya attacks in Europe, the Middle East and the US

Presenter

Presentation Notes

All these just are beginning. Supposed such kinds of attacks are launched by much devices including IOT devices, phones and connected cars, and impacts can be much greater.


Software makes data, functionalities, properties, assets …

Software makes networks, connections, and communications …

Software makes applications, systems, devices, servers …

Software plays music, videos, games …

Software drives satellites, planes and connected vehicles …

Software is doing everything in digital …

So f t ware Makes D i g i t a l Wor l d Rea l & L i v e

19


20

• Unsecured software is as readable as a book – IP and critical algorithms are simple for hackers to access and exploit

• Advances in debugging and reverse engineering techniques have empowered increasingly more capable and tech-savvy hackers

• Open source software and hacker collaboration compound the problem, providing “easy learning”

Problem: All Software Is Hackable


So f tware T h r e a t s a n d H a c k i n g s

Remote Attacks

Man-In-the-Middle Attacks

Static Attacks

Man-At-the-End Attacks

Dynamic Attacks

21

Presenter

Presentation Notes

There are five categories of Threats and Attacks: Main-in-the-middle attacks Man-at-the-end attacks Static attacks Dynamic attacks Leverage them to develop remote attacks


Connate Sof tware Secur i ty P rob lems

22

Presenter

Presentation Notes

In general, traditional any software contains two fatal problems: Any software contains vulnerabilities that can be leveraged to develop attacks Software itself doesn’t have any immunity against attacks Therefore, traditional software can be easy target for hacking.


Program bugs Software development errors including programming errors

Software vulnerability A weakness that may allow an attacker to develop and launch an attack

Vulnerability can be introduced by different development stages Requirements flaws Design and architecture flaws Infrastructure flaws Implementation flaws Integration flaws Deployment flaws

Sof tware i s A lways Vu lnerable

23

Presenter

Presentation Notes

Program Bugs From industrial software practice, one ( 1- 15, 15 – 50, 1 -40) bug per 1000 line of code: for 1 million of code, it may contain 1000 bugs; 100 million lines of code may contain over 100,000 bugs. Of course, some bugs may not have security impact. What is a vulnerability? A vulnerability is a weakness which allows an attacker to reduce a system's information assurance or security. White-box vulnerability is different to general software vulnerabilities. For example, important program assets without protection will be vulnerable for direct attack. Flaws can be in HW or SW; can on component level or system level. Multiple flaws can be combined into a new flaw that may have much serious security impact. Vulnerability can be introduced by different development stages of a computer system Requirements flaws Design and architecture flaws Implementation flaws Infrastructure flaws Integration flaws Deployment flaws


Secur i ty Vu lnerabi l i ty and At tacks

Zero Day vulnerability and attackUn-exploited and un-known security holes to vendors that can be developed into brand new attacks

White-box vulnerability A weakness that allows man-at-the-end attacks

A security vulnerability is the intersection of three elements: A system susceptibility or flaw An attacker has access to the flaw An attacker’s capability to exploit the flaw

Attack Surface The sum of the different points where an attacker can break a system

24

Presenter

Presentation Notes

What is an attack surface? The attack surface of a software environment is the sum of the different points (the "attack vectors") where an unauthorized user (the "attacker") can develop and launch attacks and try to enter data to or extract data from an environment The security measurement of a computer ecosystem is decided by attack surface. The smaller the attack surface of a computer ecosystem can be, the more secure the system should be. Normally, we develop a new computer ecosystem based on known vulnerabilities to manage and control the attack surface. Zero day vulnerabilities and attacks A zero day vulnerability refers to a hole in the system that is unknown to the vendor. This kind of security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack. Example is the zero day attacks on the iPhone by the 3 letter government organizations. A zero-day attack is when a malicious user finds a bug or error in a site or piece of software. The malicious user finds out about the bug either before the software developer is aware of the bug, or after the software developer has found the bug but before they are able to find a solution to the problem. People can take advantage of these vulnerabilities and use them to harm computer systems. These attacks are called zero-day attacks because they often occur on "day zero" when you consider "day one" the first day that a software company is aware that its product has problems. Any computer system contains such kind of vulnerabilities since nature of vulnerabilities can be introduced by every development stages of the system just like software bugs. Until attacker discovers it and development into an attack, nobody know that it does exist. For a vendor of the system, there is very difficult to manage and control such kind of vulnerabilities. For Intelligent Vehicles, we are in very early cycle stage of a new ecosystem. Attack surface, in general, is little known and definitely contains some zero day vulnerabilities. We have to have a mindset that the industry will have a tough security challenges to face. On the other hand, we must learn from other industries have experienced in past, such as PC, media, mobile phone, gaming, and build up better security practice to avoid big security failure. Together, build up more security systems.


25

Economics of Security (1/2)

▪ Challenges to design a secure system

▪ The system should be secure but ….

▪ Be functional, usable and easy for users▪ Be within the computational, memory and power consumption budget

of a device▪ Have a lifecycle – be manufactured, distributed, used and end of life▪ Be cost effective – cost significantly less than the asset to be

protected▪ Fulfill time to market requirements

▪ Remain secure over the life cycle of the system


Presenter

Presentation Notes

First, let’s discuss how difficult to design a security system from the economics. Challenges to design a secure system There are many aspects of requirements for a system, security requirements are just one of these aspects. Some can be constrains to the security. Most time, we dis-prioritize the security requirements for other requirements. The system should be secure but the security must be balanced by other important requirements of a system. For example, Be usable and easy for users Be within the computational, memory and power consumption budget of a device Have a lifecycle – be manufactured, distributed, used and end of life Be cost effective – cost significantly less than the asset to be protected Fulfill time to market requirements Remain secure over the life cycle of the system


26


▪ Challenges to an attacker

▪ Find a single point of failure of security▪ Cost of finding and reproducing attack should

be much less than the reward▪ Depending on attack – reward ranges from

sense of achievement to billions of dollars

▪ The attacker’s job is often much easier than the designer’s

▪ The designer needs to make a complex system work all the time without any point of failure

▪ The attacker just needs to find a single flaw as a start


Presenter

Presentation Notes

Comparing to challenges to designers, challenges to a attacker is much simpler. Considering all of these economic facts of the security, what we should do? In fact, there are many things we can do and have to do. One of most important things is to learn the lessons from what happened in the past, and do things right at early stage and have a right security strategy in place to guide and manage the development of such a new computer ecosystem! In fact, there are 8 major important lessons can help us to position ourselves to understand the difficulties, play uncertainties, and avoid unnecessary mistakes. Lesson1: Hostile is a Normality, Trusted just is a State Lesson 2: Vulnerability Does Always Exist Lesson 3: Attackers Cannot be Avoided Lesson 4: Attacking Has Effective Methodology Lesson 5: Complexity is the Biggest Enemy of Security Lesson 6: Software Must be Protected Lesson 7: Security Cannot be Fixed, but must be Dynamic and Renewable Lesson 8: We need Both of pro-active and re-active security


27

Cloakware Architecture Review – Fast, superior results

• Requires half the time of the more commonly used penetration testing

• Typically takes only a few weeks to identify most security problems

• Provides far superior results and costs significantly less

$1 $10

$100

$1000re

quire

men

ts

desig

n

deve

lopm

ent

test

ing

Cost of finding problems per development stage


Architecture Review –Fast and Superior Results

Presenter

Presentation Notes

“Finding and fixing a software problem after delivery is often 100 times more expensive than finding and fixing it during the requirements and design phase.“ For example, if a defect is found in the requirements phase, it may cost $1 to fix. The same defect will cost $10 if found in design, $100 during coding, $1000 during testing. B. Boehm, 2001 Barry W. Boehm (born 1935) is an American software engineer, distinguished professor [1][2] of computer science, industrial and systems engineering; the TRW Professor of Software Engineering; and founding director of the Center for Systems and Software Engineering at the University of Southern California. He is known for his many contributions to the area of software engineering.


28

▪ Requirement Debt▪ Miss security requirements

▪ Architecture Debt▪ Poor security architecture

▪ Design Debt▪ Poor security design decision

▪ Implementation Debt▪ Poor implementation

including bad coding▪ Test Debt

▪ Lack enough security testing and security assurance

Software Security Debt

Presenter

Presentation Notes

Security Debt is a very interesting concept. Using game console as example. In early time, there are so many game console companies, but there are only a few survived, Sony’s Play station and MS X-box. Most, the game new releases are hacked during trail period before formal launch. Therefore, connected carmakers have to make sensible decision on security aspects. If your security debt is too big, your cars to market are hacked so badly, it will cost your cars cannot compete in the market, and you r business cannot last long enough for a success. How to avoid this to happen and manage security debt in a reasonable way?


29

Hostile is a Normality, Trusted just is a State

Attacks

Attacks

Attacks

Attacks

Building a trustworthy

application system is an evolutionary

process to address

attacks from one release

to the nextAttacks

Security

Time

Presenter

Presentation Notes

When a new computer system is released into real world, we believe that it is trustable since we design the security based on our security requirements to known attacks. In fact, it is impossible to be perfect not only functionality but also security. With more and more user experiences, the system will be expanding and growing with more and more new functionalities and security improvements. At the each version of such a system, it will be attacked by some new ways that the system did not design and implement well enough to prevent and stop those new attacks. Therefore, an application system is normal to be attacked since it always contains some un-discovered vulnerabilities. After mitigating known attacks, the system becomes trustable again. In the other words, building a trustable computer system is a evolution process. Using MS window OS as an example, more than 20 years ago, Window OS is a worse on security. Right now, it is one of bests on the security.


30

Connected and Intelligent Vehicle is the Biggest Target

• Hacking individual vehicles in local and remotely

• Hacking communications

• Hacking mobile devices

• Hacking the cloud servers

• Hacking and stealingdata

• Hacking infrastructures

Presenter

Presentation Notes

No like to attack air plan, vehicles are so easy for hackers to access by owning one or more just like to own a smart phone or computer. They can open the vehicle, inspect anything, and find vulnerabilities, and develop attacks, and launch attacks. In fact, new generation vehicles just like mobile devices with wheels. Many security problems for automotive are not new, like PC and mobile phone. But, security impact is much beyoud a PC and smart phone because it may result user’s life and public and national security. Why the vehicle can be vulnerable to attack? Let’s discuss it in more details.


31

Cybersecurity trajectory

00

01

02

03

04

EducatingA “new” industry’s

cybersecurity cycle begins with security researchers

raising industry awareness of vulnerabilities

SpecializingAfter elite hackers create

working hacks, they develop highly specialized toolkits

that enable unsophisticated users

ProbingOnce academics expose

vulnerabilities, elite hackers become attracted, searching for new technical challenges

CommercializingIn about three years, black-hat hackers determine how to monetize security flaws

for eventual sale

ProfiteeringWithin 4-5 years, hacks are sold through openly illegal

services to unlawful hackers and existing criminal

organizations

Cybersecurity Trajectory

Presenter

Presentation Notes

These are the common steps for an industry newly encountering cybersecurity risks, drawn from Irdeto data on PayTV. These steps fit other industries (e.g. mobile, automotive, healthcare), with perhaps slight changes in timeline. For automotive, we’re definitely beyond step 1, likely at step 2. As each step takes roughly a year, we can expect automotive to be experiencing widespread criminal activity in about 3 years. As the automotive design cycle also takes 3 years, that means that automotive cybersecurity is an immediately urgent problem that needs to be corrected now before serious harm is done.

© 2017 Irdeto. All Rights Reserved. – www.irdeto.com32

1. Cloud planform and environment security threats2. Network and communication security threats3. Devices security threats

T-Box threats IVI threats Inside device network threats OS threats Sensor threats Interface threats PKI client threats Data security threats OTA security threats

4. External security threats Mobile App security threats Charging pile security threats

S e c u r i t y P a i n t P o i n t s o f I n t e l l i g e n t Ve h i c l e s


I n t e l l i g e n t V e h i c l e : M o s t C o m p l i c a t e d E c o - S y s t e m

Wire and wireless connectivity• CAN bus / Ethernet / USB• Bluetooth / Wifi / WAVE • GSM / LTE / 4G / 5G• Internet / ZigBee / DSRC

Increased communications• V2V / V2X / V2P / V2M / V2C

Increased data gathering and managements• Vehicle data / Driving data• Driver data / User data • Environment data / Application data• Privacy data / Security data• Insurance data / Warranty data

Increased functionalities • Power train / body control• Chassis control • Infotainment / Living room capability• Self driving L1-5• OTA / mobile payment

Increased hardware & platforms• ECU / TBOX / Many sensors• Linux / QNX / Android / YunOS

Increased services and apps• In vehicle / Mobile / Cloud• OEMs / Tier +1 / 3rd Party• Governments / Countries• Insurance / Banks

33

Presenter

Presentation Notes

First, it is a most complicated eco-system. Almost everything that exists in modern societies has some involvement to the eco-system. From security view, the complexity is the enemy of security. Therefore, any connected and autonomous vehicle can be very difficult to be highly secure because of its complexity. 事实上，智能网联汽车是世界上最复杂的软件系统之一。


Wh o D r i v e s t h e Ve h i c l e : S o f t w a r e

Platform Software• Operating systems • Framework /Middleware• Cloud computing

services • Internet / Mobile

networking

System Software• Driving control systems• Navigation systems • Automatic driving systems• Network communication systems • Inspect and diagnosing systems• AI and machine learning systems• VR systems• Data collect, storage and

management systems• Sensor software

Application Software• Entertainment features• Living room features• Mobile office features• Mobile payments• Image processing

Security Software• Secure environments• Privacy enforcement• Cryptographic software• Data security software• Security telemetry

Lines of CodeSpace shuttle: 400,000Boeing 787: 14,000,000Today ICV: 100,000,000Tomorrow’s AV: 200,000,000

34

Presenter

Presentation Notes

把车载系统的硬件设备比作人体的骨架及肉体结构，智能网联汽车的软件就是它的血液，大脑，心脏，神经，思维，精神，魄和灵。所以，智能网联汽车的核心是软件。没有软件，智能汽车就不可能开动起来并提供其功能。平台级软件使得不同计算机硬件可以运作起来，相互通讯交互及协调，一起提供对系统级应用级软件的基本计算能力的支持，例如计算机操作系统，云计算平台，互联网，及移动网络, …。系统级软件根据不同系统的各自功能需求，通过不同功能块的结合和集成，组织及实现其系统功能，例如车载控制系统，导航系统,自动驾驶系统，车内网线通讯系统，检验系统，车载数据收集、存储和管理系统, …。应用级软件根据商务模式的需要提供各种丰富的应用服务，来吸引用户愿意为使用其服务而付费或购买其智能网联汽车，例如娱乐功能，如社交媒体、音乐、电影下载、餐厅推荐等功能；可收发邮件、举行会议或其他办公场所功能的移动办公室；基于智能手机的远程控制车辆功能；司机可以控制住宅或是建筑物的供暖、制冷和安保系统; …。 Finally, security software to provide security support to prevent, detect and handle different kinds of security features and capabilities to manage and control the security, safety and privacy of users. 这种软件的规模及复杂性可以通过比较来说明：航天飞机只含40万行代码; 波音787含1千400万行代码; 今天的智能网联汽车包含大约1亿行代码; 明天的自动及无人驾驶汽车可以包含超过2亿行代码。


35

R i s k s o f R u b b i s h S e c u r i t y i n I n t e l l i g e n t C a r s


36

Part 2: New Challenges and White-box Security

Presenter

Presentation Notes

r

37

Traditional Security Seriously Broken

Challenges to traditional securityTraditional security

38

1960s 1990s 2000s 2020s

MAINFRAME ERA

One Computer

Thousands of Users

PC ERA

One Computer

OneUser

MOBILITY ERA

SeveralComputers

OneUser

UBIQUITY ERA

Thousands of Computers

OneUser

As digital technologies become universal, they have transformed the people living and life, and business environment.

User Model Evolution

Presenter

Presentation Notes

Traditional security was seriously developed during 1980s and 1990s. Since mobile is becoming more popular, security is getting a lot of new challenges.


39

20 Years Ago: Trusted System is Main Stream

COMPUTER CONNECTS TOCOMPUTER

Traditional security is more about security of trusted environments

39

Presenter

Presentation Notes

20 year ago, each company, organization, government, bank, and school has own servers and private networks. The private local networks and global networks to connect to individual computers. Internet and personal computers just start to become popular. By that time, each system is seen as trustable.


C o n n e c t e d E n v i r o n m e n t s a r e H a c k a b l e

Internet

Cloud Computing Environments

UnTrustedUnTrusted

UnTrustedUnTrusted

UnTrusted

UnTrusted

40

Presenter

Presentation Notes

In the past 20 years, un-trusted system is becoming main stream. You may ask why? Since everyone and everything can and will be connected digitally by using mobile devices and IoT devices with wired and wireless connections, it is an established reality that any commercial environments with such connections will inevitably be vulnerable to cyber-attacks in known or unknown ways. Let’s discuss this in more details: There are three things to make any connection: Device: Consumer devices, IOT devices, and M2M devices cannot be trusted Cloud server: Cloud environments cannot be vulnerable and trusted Internet and networks: Public internet cannot be trusted, and networks is vulnerable This means that end-to-end systems cannot be trusted. Instead, it always is vulnerable for attacks. From now and in the future, this situation will get much worse since everyone, everything and everywhere is to connect to each other. Why? What are main security problems of un-trusted systems?

Traditional Security: Seriously Broken (1/3)

Sandboxing-based One of oldest security techniques and has been widely using to prevent traditional man-in-the-middle

attacks not man-at-the end attacks. It seeks to protect the host against hostile software, not the SW systems or applications and their data

against the potentially hostile host It leaves us with a false sense of security: many threats cannot be addressed by the approach. For

example, it does absolutely nothing to prevent massive surveillance.

Signature-based The long-standing blacklisting approach is losing the battle against new malware. Right now, about more about 1 million new pieces of malware every day, and this will get much worse in

the future. Signature-based defenses are grossly insufficient.

41

Traditional security is not designed to counter today’s new and advanced threats. Why?


Perimeter Oriented Perimeter oriented approaches concentrate on preventing or detecting threats entering networks of an

organization, but perimeters are very porous these days. Anything with an IP address can be a launch pad for attackers Perimeter tools and security techniques were not designed to protect the data and against today’s advanced

threats. Within the perimeter, old security models are reactive. When you get past the perimeter, It’s no longer safe. With the range of new use cases that need to be supported,

from BYOD to fixed function devices, from accessing legacy web apps to new cloud-based app development and services, IT is left with the challenge of working with a varied set of non-integrated tools while striving to achieve regulatory compliance and security at the same time.

Compliance oriented Compliance meets the requirements of auditors, or specific government mandates, rather than addressing the

biggest current threats. The danger is that we may mistake compliance with security standards for actual security. They are two very different things, and some of them only deal with past threats.

42


Fixed Security A typical approach to security is to assume that the initial design will remain secure over time. It treats security as a fixed target Assuming that innovative attacks will not arise after deployment.

Most security designs and implementations follow such a static deployment model, especially for hardware-based security.

Once cracked, hardware security can’t be recovered quickly or cheaply.

In reality, anything, including clever hardware, can be hacked given enough time and effort.

43

Therefore, new dynamic security approaches treat security as evolving and assume that security must be continually renewed, whether as part of ongoing policy or reactively.

New Fundamental Challenges to Information Security

44

White-Box Security

Dynamic and Renewable Security

Traditional security is more about security of trusted environments:Stop any stranger to get into my house

White-box security and SW protection is more about security of un-trusted environments:

If a strange gets in my house, recognize and watch out, and protect valuable assets to prevent possible attacks in the house

Just Like Security and Protection in Museum

45

46

White-Box attacks are everywhere within un-trusted environments.


M a n - I n - T h e - M i d d l e A t t a c k s ( i n d i r e c t & s i d e - c h a n n e l )

Bob

Black Box Attacks or Grey Box Attacks

Alice

Software Software

Network

Trusted Inside of Black Box

• Alice and Bob each have exclusive control over their own computers

• No information leaves from or store into their computers without their approval

Perimeter Defenses

47

Presenter

Presentation Notes

Therefore, main security problems are man-in-the-middle attacks, so-called black-box attacks or side-channel attacks. In the other words, attacker tries to penetrate from outside into inside. Early information security technologies have been developed. Mainly we call them perimeter security technologies that like great wall to block attacks outside as possible.


Ma jor MITM Th reats

Illegal AccessMalware

Buffer Overflows

Spoofing

Crypto Attacks

Password Attacks

DoS and DDoS

Social Engineering

Keyloggers

Spamming

TCP/IP Hijacking

Viruses

Spyware

Bots

Trojan Horses Worms

Ransomware

Sniffing

Replay Attacks

Data Scraping

Phishing

Browser Hijacker

Rootkit

Adware Eavesdropping

Bootkits

Bugs

Backdoors Logic Bomb

Other kinds

48

Presenter

Presentation Notes

In passive attack the hacker attempt to understand or steal information from a system or application by eavesdropping and analysis. The attacker only reads the information rather then modifying, deleting or replacing the information including code and data.


Bob is the Attacker

Software

Network

Alice

Software

White-Box Attacks

Device and environment are un-trusted Attacker has direct access to the machine and

software no matter whether it’s running or not

Attackers have open-end powers to do Trace every program instruction View the contents of memory and cache Stop execution at any point and run an off-line process Alter code or memory at will Do all of this for as long as they want, whenever they want, in collusion

with as many other attackers as they can find

Attacking has much less limitation than protection

Man-At-The-End Attacks (direct)

49

Presenter

Presentation Notes

Why it is impossible? The main security problems of un-trusted systems come from man-at-the-end attacks. Let’s see what’s white-box environment where man-at-the-end attacks are new kind of attacks. There are two kinds of direct attacks: Directly attacks by human Directly attacks by Malware instead of human (automatic attacks by intelligent robot) Since the time limit of this talk, I cannot spend time to discuss attack scenarios in details. But, we can conclude that any application system with consumer devices in consumers’ hand, preventing man-at-the-end attacks must be its security requirements. In the other words, software protraction is a must to have.


50

Attack Effectiveness

Input / output

Black-box

Timing analysis

Power analysis

Fault injection

Man-in-middle-attacks

SW vulnerabilities

Buffer overflow

Grey Box

White-box Debuggers

Emulators

Computation tracing

Decompiles

Profiling

IDA pro

Symbolic analysis

Malware

Other attack tools & methodsDiffi

culty

to P

rote

ct A

sset

s

Easiest

Hardest

Weakest Strongest

White-Box Security Challenges

Easy toprotect

Much moredifficult to

protect

50

What Are the Threats?

IDA ProHexRaysOllyDbgLordPE

GDBHIEW

HexEditVMware

QEMU

Direct WhiteBox Attack

Colluding Attack

Differential Attack

time

version1 version2

51


D i rect Ana lys i s At tacks (Pass ive)

Dynamic AnalysisStatic Analysis

Using IDA Pro

Debugging Emulating

Tracing

Profiling

Memory Dump

Symbolic Execution

Monitoring

SMT/SAT Solving

Disassembling

Decompiling

Similarity Comparing

Binary Diffing

Program Graphing

Hex Editing

Pattern Matching

Program Slicing

Combining Static & Dynamic

Process Snooping

Colluding

52

Presenter

Presentation Notes

In passive attack the hacker attempt to understand or steal information from a system or application by eavesdropping and analysis. The attacker only reads the information rather then modifying, deleting or replacing the information including code and data.


D i rect Tamper ing At tacks (Act ive)

Dynamic TamperingStatic Tampering

Using IDA Pro

Using Debugger

Branch Jamming

Data Injection

Function Call Shimming

API Replacing

Dynamic Library

Exploiting

Data Lifting

Code Lifting

Data file Replacing

Binary Editing

Program file Replacing

Function Replacing

Code/Data Modifying

Combining Static & Dynamic

Execution Alternating

53

Presenter

Presentation Notes

The active tampering attacks are most dangerous and attempt to access and delete, steal, alter or execute unauthorised code, data and files. This kind of attacks can change software behaviors, alternate for own purpose, steal program assets, files or other confidential data. Also, these attacks can also delete, encrypt or modify files on a disk.


Two K inds o f MATE At tacks

White-Box Environment (Hostile)

Attacks by Human Hackers

Directly

Attacks by Intelligent

Malwares and Botnets

(Robot-Hackers)Directly

54

Software Protection Challenges

55

Bob is the Attacker

Software

Network

Alice

Software

How to provide necessary

trustworthy to software in the

Un-Trusted Environment

56

Both software security and software

protection must become mainstream,

not only in the commercial world,

but also in the research community.

White-Box Vulnerabilities – Example 1

#include <stdio.h> main() { /* Validate the users input to be in the range 1-10 */

int number; int valid = 0; while( valid == 0 ) {

printf("Enter a number between 1 and 10 -->"); scanf("%d", &number);

/* assume number is valid */ valid = 1; if( number < 1 ) { printf("Number is below 1. Please re-enter\n"); valid = 0;

} if( number > 10 ) {

printf("Number is above 10. Please re-enter\n"); valid = 0; } } printf("The number is %d\n", number ); }

57

Important constants are exposed in memory

Operation can be modified statically and dynamically

Function calls can be snipped and snooped

Branches can be jammed dynamically

All vulnerabilities must be prevented by SW protection

Presenter

Presentation Notes

white-box vulnerability is different to traditional software vulnerability that is for indirect attacks.

Session key is sent in the clear Content key is exposed on the client Content is exposed on the client Session and content keys can be extracted during use

content AESencrypt

CK SK

AESencrypt

contentECK CKESK

CK content

Server

Client

AESdecrypt

AESdecrypt

All vulnerabilities can be prevented using White-Box Crypto

58

White-Box Vulnerabilities – Example 2


59

Specific Problem: Black Hole Effect

▪ The black hole effect occurs when part of the application is very secure but the rest is in the clear

▪ Hackers mostly attack the boundary between the secure and the non secure parts of a program

59


60

Specific Problem: Black Hole Effect: How to Fix It

▪ To Fix the Black Hole effect▪ More lighter obfuscation in the rest of the program▪ Faster generated code so that more security can be use in the white area▪ Transcoder Levels for low security on the rest of the application

▪ Blur the boundary between the secure and the rest of the program at low cost

60

61

White-Box security is new

security paradigm well beyond traditional

computer and network security

Use software protection tools and libraries to make software self-protected at build-time Provide a comprehensive approach to software security

TranscoderCode

TransformsAsset / Key

Hiding

White-boxCryptography

IntegrityVerification Anti-Debug

SecureLoader

Tools

Program Interlocking

Tools

62

Software Protection at All Levels

DynamicCode

Encryption

SecureStorage

Presenter

Presentation Notes

Cloakware Security Suite Automated tools that developers use to protect application code against software attacks. Security is built in during development making it inseparable from the application. Provides a comprehensive, multi-layered approach to software security. Transcoder Protects software applications by applying transforms to the source code, making the resulting source code tamper-resistant and difficult to reverse engineer. Transforms include: data transformations, control flow transformations, branch protection, renewability, diversity. Key Hiding Protects encryption keys against static and dynamic attacks by generating C code according to the supplied key. White-box AES Provides protection of encryption keys and algorithms against white-box attacks, allowing encryption to occur without data appearing in the clear. White-box RSA Provides protection of encryption keys and algorithms against white-box attacks, allowing encryption to occur without data appearing in the clear.

M U L T I - L A Y E R E D A N D I N T E R L O C K E D S W P R O T E C T I O N

• Protect application code against a collection of attacks

• Provides a multi-layered and interlocked defenses

• Flexible and modular to choose the right combination of defenses

Program Interlocking

Control Flow Transformation

Data Transformation

White Box Cryptography and Key Hiding

Anti-Debug

Node-locking

Secured Storage

Code Encryption

Diversity & Renewability

Integrity Verification

Virtual MachineBased on

SW Protection

Making security inseparable from your software63

C/C++ Protection and Binary Protection

Cloaking Engine

Transcoder Back-End

Transcoder Front-End

C/C++ Source Code

Fabric ++

Cloaked Fabric ++

Protected C/C++ Source Code

Compiler & Linker

(Protected) Binary

Binary Protection Tools

Secured Libs & Agents

Native Execution Environment

Full Protected Binary

Source Level Protection Binary Level Protection

Transcoder

WB Crypto

Tool

64


65

Unified Cloaking Toolset

Cloaking Engine

Transcoder Back-End

Source Code in other languages

F2L / L2F Converter

LLVM Optimizer & Other Tools

Optimized & CloakedNative Code

Optimized & Cloaked asm.js, JS, Wasm

LLVM Front-End ToolsTranscoder Front-End

LLVM Compiler & Linker

CloakedC/C++ Source Code

C/C++ Compiler & Linker

Emscripten

C/C++ Source Code

JavaScript/Binary Code

LLVM IR

LLVM IR

LLVM IR

Fabric++

Fabric++

BinaryRewriting

Tool

65

Software Diversity: the-State-of-the-Art

Diverse software instances are functionally equivalent but structurally and semantically diverse

Each instance must be attacked separately by a skilled hacker

Dramatically increases the work to create an automated attack tool

The production of diverse instances is fully automated by the Cloakware tool chain

66

Applicationsoftware

Random seedvalues

#11836392838382…#29478437688574…#3 4761054329489……

Diversified instances of

application software

#1#2

#3

Cloakwaredevelopment

tools

Presenter

Presentation Notes

Randomness is integral in the design of many Cloakware technologies. The tools are capable of producing diverse instances of code every time an application is built. Diverse instances are programs with functionally identical behavior but distinct in composition. Diversity reduces the risk and effectiveness of differential attacks, minimizes collaboration between attackers (that is, collusion), and can be used to reduce the scope and impact of attacks. Diversity is controlled by using a random seed specified at build time.

67

Software Diversity

All program Constructs can Be Diversified Randomly Chosen:

- Order & program Layout- Function Families- Constants

Seeded Build- Reproducibility

Diversity Control and Opportunities- On the source level - At the compilation time- On the library level - At the link time- On the binary level- Combination above

Static and Dynamic Diversity

ConstantsFunction Families

Seed_1 Seed_2

Many software protection techniques can make own contributions to software diversity

Program Instance 1 Program Instance 2

Cloakware Securing Software - Built on Core Technology

Cloakware for Software Protection

Presenter

Presentation Notes

Data Transformations: Encoding and decoding of values (schemes) plus transforming operations into equivalent functioning code (that hides the original operation) that use the appropriate value encodings (morphers). This is done based on constraint solving techniques and pattern matching. Function Transformations: Transforming function signatures into uniform parameter lists, shuffling parameter lists and function merging where unrelated functions are merged into each other in diversified ways. Control Flow Transformations: Control flow flattening by which the control flow graph of functions are transformed such that direct branches are replaced with data-dependent instructions making discovering the latest definition of each variable statically hard. Additionally adapted from our patented control flow techniques, we apply history dependent flattening which encode the control flow (represented in the data-dependent operations mentioned earlier). Secure Inlining & Merging: Secure inlining works similarly to compiler inlining however each instance of the inlined code will appear distinct from other instances due to data transformations and other techniques applied to each inlined code instance. Function merging works by cloning and merging unrelated functions into a big mess of code that is hard to analyze. Both merging and inlining work, across compilation units which is extremely rare, if not unique in the compiler world. Control Flow Integrity: History dependent control flow flattening has a built-in mechanism where if the flow is tampered with at runtime, data will be corrupted. This way control flow is made tamper-proof (a.k.a control flow integrity) Code Entanglement: Most of the transformations and obfuscating steps are most effective, when combined. The Transcoder uses a data piping strategy to apply transformations to code resulting in high levels of code and data entanglements. Application Signing: Platform Flexible Integrity Verification: These field-tested integrity verification of digitally signed binaries can ensure no tampering of an application even when it is deployed into a potentially hostile environment. Anti-Debug: The binary protections are also able to prevent attackers from attaching debuggers to applications deployed in hostile environments; debuggers are often a powerful tool for attackers to understand the operation of a binary and to modify its behaviour. Secure Loader: Keeps applications encrypted until they are executed -- Keeps them safe from inspection or modification. Platform Flexible Fingerprinting: Platform-flexible fingerprinting provides a framework API to implement fingerprinting in a node, device or platform agnostic manner. It can be used in any possible development or deployment step of an application. Whitebox Cryptography: White-Box cryptography keeps a key hidden despite an attacker having visibility of an executing algorithm. In traditional cryptography, black-box attacks describe the situation where the attacker tries to obtain the key by knowing the algorithm and monitoring the inputs and outputs, but without visibility of the execution. Whitebox PRNG: provides a secure way of generating random values. Its implementation protects against security threats commonly associated with a pseudo-random number generators. Secure Store: The primary purpose of Secure Loader protection is to provide binary code with protection from static code-analysis attacks before a binary module is loaded into executable memory. Secure Libraries (Flexlib): Smart Assembly: The build technology behind Irdeto Core Technology – and what it affords to its users – has been carefully developed to realize the ability for component developers to release packages which keep their implementations confidential but still allow for renewable security in future builds of binaries using these components. Key Transformations: Irdeto Core Technology provides a very useful ability to transform a key into executable code where it is both harder to lift via reverse engineering but also protected by integrity protection and other anti reverse-engineering technologies of Irdeto Core Technology Security Code Injection: The build facilities of Irdeto Core Technology include a means to inject code on tunable schedules to realize integration of binary security features with minimal source code changes necessary. Security Plugins: Irdeto Core Technology can be extended by plugins for rare cases where something truly special is needed outside of the substantial Irdeto Core Technology offering. Secure Heap: Secure Heap implements new security features that are difficult to achieve using the compiler-provided libraries. These security features include support for the passing of transformed data across the library API, obfuscation of the library implementation itself, and integration with other Irdeto Cloaking Development Kit features.

69

DEFENSE IN DEPTH

TechnologyPrevent Analysis Prevent Tampering

Foil Automated Attacks

Renew and Diversify

Static Dynamic Static Dynamic

Data Flow Transforms

Control Flow Transforms

White-box Crypto

Secure Store

Integrity Verification

Anti-Debug

Code Encryption

Deployments Are Rarely Simple

Multiple Languages C, C++, Java, C#, .NET, JavaScript, Flash, Ruby, Perl, Ajax

Heterogeneous System Run Environments Android: Linux, Native & Dalvik VM BluRay Disc: BD+ VM & Native & BD-J WinMobile: C#, Native

Multiple Platforms Adobe Flash Access: PC, Mac, QNX, Android Apple iTunes: Mac, Win, iOS Comcast Xfinity: iOS, Android CA: ST40, MIPs, x86, Amino, Broadcom

70

Security must balance with constraints, in particular, performance

Security: The Effect of Market Pressures

Security is very important, but hard to measure.

Security tends to get focus after a successful attack in the field.

Until then, size and speed concerns dominate.

Adding security to part of an application:

10x bigger and slower



Usually acceptable

Sometimes acceptable

Almost always unacceptable

All security measures must give enough improvement to justify their costs.

72

A much bigger security challenge


A I -Enabled Everyth ing

Significant Success

Speech Recognition Face Recognition

Fraud Detection Financial Trading

Machine Translation Image Processing

Spam Filters Search Engines

Predictive Analysis of Consumers Intrusion Detection

Profoundly Effected

Multimedia

Computational Biology

E-commerce

Social Networks

Healthcare

AI-enabled Drones

High Performance Computing

AI-enabled Platforms

AI-enabled Devices

AI-enabled Robotics

AI-enabled IT

Big Data Processing and Data Mining

AI-enabled Cloud Services

Business Intelligence

Computer Vision

Knowledge Discovery

General Intelligence

73

Presenter

Presentation Notes

At present, AI and ML have seen significant success in the areas of speech recognition, face recognition, fraud detection, financial trading applications, predictive analysis of consumers, machine translation, image processing, spam filters, and search engines. Moreover, AI and ML have been and are being used with profound effect for AI-enabled multimedia, intelligent and driverless vehicles, computational biology, E-commerce, social networks, AI-enabled healthcare, AI-enabled drones, AI-enabled cloud services and platforms, AI-enabled commodity devices, AI-enabled robotics, AI-enabled IT, etc. Many experts believe that AI and ML are no longer buzzwords for certain business models and applications. Instead, AI and ML are becoming pervasive in everything digital, and penetrate all business models and domains everywhere.


In te l l igent Veh ic les Depend on A I

Functionality, Safety, Reliability, Security, Usability

Driving and Speed Control

Environment Assessment &

Processing

Collect, Transfer and Process Data

Telematics and Diagnostic

Navigation & Infotainment

Control

74


Adversarial Machine LearningA malicious adversary can carefully manipulate the input data exploiting specific vulnerabilities of learning algorithms to compromise the whole system security.

Malicious Use of AI and MLAttackers leverage the ability of AI and ML and speed up the development and launching of attacks for which current technical systems and IT professionals are ill-prepared, and impacts and scopes can be much serious.

Directly Attacking AI and MLWithin a MATE environment, hackers can access directly, and analyze the AI and ML software to understand algorithms, models, classifiers, solvers, and inner workings associated with its designs, functionalities, features, and capabilities; and modify the code, inputs, outputs and other critical assets of the AI and ML system to alter the application to achieve their own hacking purpose and to profit by breaking the original system intent.

Secur i ty P rob lems of A I and ML

75


Adversar ia l Mach ine Learn ing (1/2)

Human

76


Adversar ia l Mach ine Learn ing (2/2)

ML

77


Expansion of existing threatsThe costs of attacks may be lowered by the scalable use of AI systems. The set of actors can be expanded to carry out particular attacks and the set of potential targets.

Introduction of new threatsNew attacks may arise through the use of AI systems to complete tasks that would be otherwise impractical for humans. In addition, malicious actors may exploit the vulnerabilities of AI systems deployed by defenders.

Change to the typical character of threatsThere is reason to expect attacks enabled by the growing use of AI to be especially effective, finely targeted, difficult to attribute, and likely to exploit vulnerabilities in AI systems.

Mal ic ious Use of A I and ML

New report on “The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation” was released by late March by 26 experts from 14 different

institutions, warning changes in the landscape of security threats:

One recommendation from the report is that some AI and ML research may need to be kept secret due to the dual-use nature of AI and ML technology. How?

78


D i rect ly At tack ing A I and ML

79

80

Trusted model to address both

man-in-the-middle and

man-at-the-end attacks


81

Economics of Security (1/2)Connected Application Topology

Presenter

Presentation Notes

Many applications are striving to be on the primary mobile devices (i.e., iOS, Android) as well as the main environments (i.e., Windows, Mac, and various Linux OS). This configuration of back-end + web + mobile would cover a large percentage of applications in today’s connected world. A successful application topology often has a back-end component serving up the relevant data for the application. Depending on the high availability requirements of the application, this can often be cost effective when run on a cloud service (e.g., Amazon Web Services (AWS); Digital Ocean; Rackspace). The beauty of these services is the scalability and the ability to quickly spin-up or spin-down instances according to the load on the system. The components interacting with the user are either web browsers on a desktop or laptop, or apps found on mobile devices (i.e., smartphones, tablets). The threats in this environment are numerous. In addition to communication over the network, there are many threats on the user end-point. For example, a malicious user can reverse-engineer and tamper with the application so as to create an exploit that can be released in the wild. An attacker can strike at the cryptography of the system such that the principal keys of the system are compromised and released to the internet “en masse.” Yet another attacker may be able to siphon-off the main digital assets of the system (e.g., credit card numbers) for selling to the highest bidder.


82

E. G. AbdAllah, M. Zulkernine, Y. X. Gu, and C. Liem, “TRUST-CAP: A Trust Model for Cloud-based Applications”, IEEE 41st Annual Computer Software and Applications Conference on the 7th IEEE International COMPSAC Workshop on Network Technologies for Security, Administration and Protection (NETSAP), Torino, Italy, July 2017, pp. 584-589, DOI: 10.1109/COMPSAC.2017.256.

Connected Application Security

Application Centric Trusted Model

Cloud Security Infrastructure

Mobile Security InfrastructureWeb Security Infrastructure

Mobile Security Improvement

Web Security Improvement

Cloud Security Improvement

Platform Security Infrastructure

Platform Security Improvement

Presenter

Presentation Notes

Attacking software in full view of the adversary on a hostile host is called the white-box attack context (WBAC). Whatever your terminology, the importance of protecting an application system under direct scrutiny has become of paramount importance in today’s digital world. On its own, each platform (mobile, web, cloud) in a connected environment has its own security problems. The mobile platform like iOS and Android [PAG1], faces constant scrutiny on permission models, spyware and escalated privileges. Web browsers face difficulties of cross-site scripting, certificate forgery and exposure of data. Cloud infrastructures have issues with open REST APIs, insecure data storage. The requirement for a compelling application-centric security model is twofold: Security improvements in each of the mobile web, and cloud platforms that build on traditional approaches, applied directly to the application. Secure communications and strongly tethered dependencies, which provide checks and balances for the application system as a whole. Combining security enhancements of application code on each of the platforms, with a reliable tethering of interdependencies between the system, forms an application-centric security model. This is a fundamentally different model than the traditional outside-in approach. While there are approaches to improve the security situation for each of these platforms, there is also opportunity for a stronger security story through tethering from one domain to another.

83

The security lifecycle of a digital asset application mandates protection from creation, through distribution and then ultimately consumption from being deployed in the field.

Traditional Security Model

Typical approach to security is to assume that the initial design will remain secure over time

Anything will be hacked given enough time and effort Set top boxes, PC apps, Mobile devices, CE devices, TCM, TEE

Application or content owners want to know, “What is your security strategy”? How will you limit potential damages if there is a breach? What is your renewability strategy?

Initial Attack

Resistance

Security Design

H1: Analyze Security

H2: Develop Attack

H3: Automate

Attack

H4:Distribute

Attack

Attack Development

84

The Result of Static Security

100 %

0

Inst

alle

d Ba

seSe

curit

y

Static SecurityCompromised

Breach

Time

85

What is Dynamic Security?

86

Dynamic Security is a security model that enables the protection of digital assets against unauthorized use through the upgrade and renewal of the underlying security in the field.

Proactive prevention Monitor hacker channels to understand attack techniques and methodologies Apply security updates to reset the hacker’s clock

Reactive reduction Limits the impact of a breach

before it has a significant impact

Benefits: Disrupt potential hacks before they happen Mitigate impact of a security breach Minimal disruption of business

Static Security vs Dynamic Security

Once static security breaks, the entire security is gone and hard to be restored

Dynamic Security

87

Once dynamic security breaks, the security can be renewed and restored immediately in a planned way

Static Security

Minimize scope of attack -- Prevent automated attacksProvide rapid recovery in the event of an attackMake the business unattractive to the hacker

Software Diversity Benefits

Strong attack response Reduces duration of attack

Investment

$

TimeReward

Diverse production

Reduces scope of attack

Tamper resistanceRaises cost of

attack

Resulting HackerBusiness ModelResulting HackerBusiness Model

Diversity! Renewability!! Countermeasure!!!

88

Attack Mitigation and Recovery

Dynamic Security and Lifecycle Management

Optimize Security Design ActiveCloak Server

Attack Monitoring

Countermeasures Design & Dev ActiveCloak Server

Product Security Initial AttackDevelopment Design Resistance

Watch Mitigation Renewed AttackAnd Defend Planning Resistance

Attack Analysis

Pre-Launch Post-Launch

89

90

A great opportunity for researchers to discover and develop measurement model and metrics on SW security and protection.

New View of Information Security

Security toMan-In-The-Middle Attack

Dynamic Security

Security toMan-At-The-End Attacks

Static Security

Security to Web Browser

Security to Remote Attack

91

92

Security Strength

Much Less PracticalHighly Practical

Impossible Program Obfuscation

• HomomorphicTransformation

• White-Box Crypto• Other SW Protection

Technology Gap

Cryptography and SW protection

research can make good contributions

Full Homomorphic

Encryption

Indistinguishability Obfuscation

Security vs. Practice

Attack Effectiveness Against SW Protection

High

HighLow

AttackEffectiveness

Analysis Precision

Defenses

Attacks

93

Threat & Attack Index

High

HighLow

AttackEffectiveness

Analysis Precision

No Defenses or Defenses are broken

Successful Attack

• Understand code• Identify and break defenses• Locate and find assets• Leverage vulnerabilities• Modify code and data• Develop an attack• Launch the attack

94

Software Protection Strength Against Attacks

High

HighLow

Security

Analysis Precision

Defenses

Attacks

95

Software Protection Index

High

HighLow

Security

Analysis Precision

Defenses

Attacks

Effective Defenses

• Make attacks more difficult, less effective• Make understanding harder• Prevent asset identification• Prevent code and/or data tampering

• Monitor, detect, and mitigate attacks• Renew security: ongoing security lifecycle

management

96

Big Unknown: Protection Measurement

It is very difficult by adapting any existing theories and methods to develop commonly acceptable metrics on the effeteness of SW protection.

Existing software complexity techniques and methods has very little value for resolving this problem

Current computation complexity theory cannot apply easily and directly to develop a formal model for such a measurement

Cryptographic analysis methods on black-box security are not applicable well for many cases

97

Presenter

Presentation Notes

I have more questions instead answer!

Some Interesting Observations (Can be a long list)

SW protection needs to prevent all attacks if possible but attacking only needs to find one place to break.

There is no single protection can stop all attacks. Instead, we have to layer and combine different protection techniques into a protected and interlocked security maze.

More [less] complicated/protected software doesn’t mean more [less] secure Static measurement is not enough to address security dynamics Attacking mainly is a manual process. How to measure and factor the effectiveness

of attacks by different skilled attackers? Security has to deal with unknown attacks in the future? How to factor uncertainty

nature of any new attacks? Perfect security does not exist! SW security must be relative in a real environment

with limits! Strong security needs renewability! How to measure renewability?

98

Industry Need Effective Measurement

Automotive industry is used to measure and control everything that have to be put into a car.

Of course, they would like to measure SW protection and have a qualification control how security for used SW protection techniques.

99

100

Software security immunity is a concept that needs to be developed as a framework lay-outing foundation and relationship between different SW security issues


Immunity

Adaptive Immunity

Natural

Passive (maternal)

Active (infection)

Artificial

Passive (antibody transfer)

Active (immunization, vaccination )

Innate Immunity

B io logy Immuni ty

[wikipedia] In biology, immunity is the balanced state of multicellular organisms having adequate biological defenses to fight infection, disease, or other unwanted biological invasion, while having adequate tolerance to avoid allergy, and autoimmune diseases.

101


Human Heal th Defense Sys tem

Protection on the outside: the

Skin

Bacteria-killing substances

Protection on the inside: all

mucous membranes

First attack in the tissue:

scavenger cells

Innate Defense: Against foreign bodies, injuries, and pathogens

Adaptive Defense: Against specific pathogens or changed body cells

Defense cells in the blood:

B lymphocytes

Antibodies

Defense cells in the tissue:

T lymphocytes

The immune system is a host defense system comprising many biological structures and processes within an organism that protects against diseases.

102

103

Layered self-defense First line of defense: Innate immune subsystem Second line of defense: adaptive immune subsystem

More immune subsystems: nature & artificial, passive & active

Self-evolving Every time that antigen invades the body, the body remembers (memory), and an appropriate and

specific response is produced by the host immune cells and antibodies so that it can launch a faster, stronger and longer-lasting counterattack if such an antigen reappears.

Specificity Response to one organism does not give protection against another unrelated organism

Diversity and Versatility Millions of antigens in the environment can pose a threat to health. Over a normally lifetime, an

individual encounters only a fraction of that number. It must be ready to confront any antigens at any time. With diversity and versatility of immune system, each individual has own unique immutable capability.

Tolerance The immune response targets foreign cells and compounds, but it generally ignores normal tissues

in the body.

HUMAN IMMUNITY PROPERTIES

Any connected system targeting consumers’ market is a hostile environment where software is vulnerable for various types of attacks.

Software (platform layer, system layer and application layer) must build up security immunity to protect the software against external attacks.

Software security immunity needs to define a set of properties and attributes.

Software security immunity needs a framework to structure, orchestrate, and coordinate security elements to prevent and fight attacks effectively.

Software security immunity needs a strategy to manage and maintain security during its lifetime.

Software Security immunity requires right technologies, methods, solutionsand tools to provide security capabilit ies while the secured software to be designed, developed, implemented, deployed, and maintained and renewed.

WHAT WE MUST LEARN FOR SW SECURITY

104

SW SECURITY IMMUNITY FRAMEWORK

SW Security Immunity (SWSI)

“Innate” SWSI Adaptive SWSI

Perimeter Defense

IntegrityPrivacy

• Access control• Malware detection• Antivirus• Firewall• Authentication• Authorization• Intrusion detection• Cryptography• Vulnerability detection• Memory safety

• Data integrity• Code integrity• Execution integrity• AI integrity• System integrity• Environment Integrity

Self-Defense

Attack Detection

Diversity & Renewability

Response & Mitigation

• Hacking monitoring

• Security analytics

• Telemetry• Ongoing

verification

• Data and code transformation• Program obfuscation• Secure storage• White-box crypto• Code encryption• Trusted AI and ML• API protection• Anti-debug • Anti-hooking• Node-locking• Program entanglement &

interlocking

• Secure OTA• Dynamic

Policy Update• On device

response• Policy based

response• Renewable

security

105

Part 3: White-box Security Patterns

107

Software security now is an art not a science. Pattern abstraction is one of valuable steps forward to scientific foundation

WhiteBox Security Patterns

Abstract and define white-box computing problems (vulnerabilities, threats and attacks) and establish the security solutions that defend against them Develop a small and finite set of WB computing security patterns Easy to understand and adapt in real world

Create a new common language for software security and protection to Provide an effective tool to promote software protection technology Provide a foundation for software protection evaluation model and methods. Make it much easier to engage the wider academic community, generate more research

attentions and create generic mindshare

As a reference used by security professionals and ultimately would become the secure application guidelines The security patterns should be used to create a set of security architecture and design

guidelines to the security professionals and security system designers

108

Advanced WBC

Patterns(Covered by next

generation of technology and

products

New WBCPatterns

(for connected multiple environments)

White-Box Security Patterns: Present & Future

109

Technology Space

Application Space

Well Understood WBC Patterns (more about single environment)

Direct Attack Points (Just Examples)

110

Producing Software (Trusted Environment)

Running Software (White-Box Computing Environment)

Distributing Software (via 3rd Party Environment)

Source codeCompiling &

LinkingExecutable

Executable

On-line Download

Build-in Pre-Install

Executable

Other Applications

Run-time Environment

Data and data flow

Control flow

Operations Functions and invoking

Program decision and

property

Cloning Attacks

Attack Tools

Tampering Attacks

AutomaticAttack

WB Security Pattern Coverage

111

Running Software (White-Box Computing Environment)

Executable

Other Applications

Run-time Environment

Data and data flow

Execution flow

Operations Functions and invoking

Program decision and

property

Distributing Software (via 3rd Party Environment) Executable

On-line Download

Build-in Pre-Install

Cloning Attacks

Attack Tools

AutomaticAttack

Securedloader

Program integrity

verification

Software diversity

Antidebug

Homomorphic Data

Transformation

Reinterpretation

Control flow obfuscation

Execution flow integrity

Function Boundary Concealment

Shim detection

Protecting program

decision and property

White-box Cryptography

Dynamic code

decryption

SW anchoring

Pattern

Tampering Attacks

Well Understood WB Security Patterns

Primitive PatternsPattern 1: Homomorphic data transformationPattern 2: Protecting program decision and propertyPattern 3: Function boundary concealmentPattern 4: Control flow obfuscationPattern 5: Execution flow integrity Pattern 6: White-Box cryptographyPattern 7: Program integrity verificationPattern 8: Anti-debugPattern 9: Secure loaderPattern 10: Dynamic code decryptionPattern 11: SW anchoring

Abstract PatternsPattern 12: Software diversity

Derived PatternsPattern 13: ReinterpretationPattern 14: Shim detection

112

WB Security Patterns

Primitive PatternsPattern 1: Homomorphic Data TransformationPattern 2: Protecting program decision and propertyPattern 3: Function boundary concealmentPattern 4: Control flow obfuscationPattern 5: Execution flow integrity Pattern 6: White-Box cryptographyPattern 7: Program integrity verificationPattern 8: Anti-debugPattern 9: Secure loaderPattern 10: Dynamic code decryptionPattern 11: SW anchoring

Abstract PatternsPattern 12: Software Diversity


114

Homomorphic Data Transformation: Security Context

115

Main Memory Data

Secondary Storage

CPU

Fetch

RegistersInstruction Register

WhiteBox Attacks

Execute (ALU)

Inspect and peruse data

Inspect and peruse data

BinaryCode

Presenter

Presentation Notes

The potential attacker can be an end-user who owns the device and enable to access an application program with full control over the system (i.e., in the ClearBox attack context). Data assets within the program and being computed by the program are subject to a confidentiality requirement. Valuable data assets in memory are extremely vulnerable to perusal. Valuable data assets in secondary storage or through networking are processed by a program running on a device under attack. A preventive countermeasure is needed.

Homomorphic Data Transformation: Security Problem (1/2)

At runtime, data frequently exists in a program or file in various classes of storage for white-box exposure: In registers on the stack, the heap or disk other forms of secondary storage etc

Computable data stored in different storage forms or transferred from different sources may have different vulnerabilities, but a contributing factor common to them is the well-known layout of data while they are processed by a program

116

Data can be transferred dynamically via network connections to local device so that they can be accessed by local program

Once the attacker reaches a data asset, that asset succumbs completely because the data is stored using conventional formats

The attacker will know how to discern the object’s value and assign to it a properly hacked value

These kinds of storage technology normally have little protection against white-box attacks

117

Homomorphic Data Transformation: Security Problem (2/2)


118

Homomorphic Code/Data Transformation Are Essential

▪ Modern computer systems provide an open & common computation space▪ Computational data is a crucial asset needing protection ▪ Both the original values of computational data, and the computations on it, must

be hidden to ▪ Protect against reverse-engineering and subsequent code compromise

▪ Using static tools such as program analyzers, binary editors and disassemblers▪ Using dynamic tools such as debuggers, logic analyzers and emulators

Transforming of data, computations and data flow is an essential first step in HO

118


119

Homomorphic Data Transformation: Principle

OP

X Y

Z

Computation Of X and Y

‘Smooth’ Common Space: Z= F(X, Y)

Transformed Space: Z’ = F’(X’, Y’)

Value Coding

encoding of X X’ = CX(X)

encoding of YY’ = CY(Y)

Y

X = CX-1 (X’) Y = CY

-1 (Y’)

X

X’ Y’

encoding of OP and result value ZZ’ = CZ (F(X,Y)) = CZ (F(CX

-1 (X’), CY-1 (Y’)))

Z’

Original data flowCloaked data flowRelationship between smooth and transformed value

F’(X’, Y’)

New code for transformedcomputation (OP) and its result value (Z) in transformed form. Original X, Y and OP are disappeared.

encoding of ZZ’ = CZ(Z)

The implementation computes in theTransformed Space withoutencoding/decoding operations.

The green blob is a homo-morphism with 3 connecting encodings (for 2 inputs and 1 output). Multiple distinct homomorphic blobs connect at the I/O points, making the obfuscated code a homomorphic network.

119

Presenter

Presentation Notes

Why call homomorphic data transformation (HDT) is that this kind of data transformation is different to expression based data transformation. HDT is a global data analysis based not local data analysis based. With global data analysis cross an application, we can transform a computation space from original common computation space to a new computation space in which the values and operations are represented very different to the original common computation space. In this new computation space, the original values and operations are hidden and protected.


120

▪ Mathematical transformations on Data Values Data Locations Data Operations

▪ Many Transform Families▪ Randomness ▪ Random seeds support repeatability ▪ Must balance security vs. performance

to fit the application

yx

z

a

op1

op2

Original Data Flow Graph Transformed Data Flow Graph Data Transformations

Mapping

Original data, value, operation and data

flow are hidden after data transformation

Homomorphic Data Transformation: In General

Presenter

Presentation Notes

The homomorphic data transform is a most effective solution to the above pattern by applying mathematical transformations to protect original data flow so that original variables, constants and operations can be transformed and hidden with the following properties: The functional computation of the original data flow is preserved while it performs the computation of the protected data flow. Largely increasing in program data complexity and interdependency makes reverse engineering and tampering extremely difficult. There are many mathematical systems which can be used for data transforms. Different transformations on different data can interoperate in new transformed computation, even if they have different representations, without causing values to revert to original data values. Mappings between original and transformed code are many to many. It has been proven that reversing the transformed code to original code is a NP-complete fragment recognition problem.


121

Homomorphically Transformed Computation Space

Homomorphic transformation of data and computation space is fundamental to homomorphic obfuscation

121

Presenter

Presentation Notes

In principle, we transform the computing by transforming data flow for a program. For example, a function F is transformed into F’ so that all data flow of this function is transformed (including input data, constant data, resulted data, intermediate data and operations on data). The transformed function F’, which is visible to attacker, does not expose original data flow, namely, original data values and operations as illustrated by the following figures.


122

▪ Many to many mappings between original and transformed data and code make reverse engineering difficult

(NP-complete fragment recognition problem)

z’ = x’z’ = 2x’ – y’z’ = 2x’ – y’z’ = x’ + y’Transformed code segment

z’ = 5z -18z’ = 5z + 3 z’ = 10z + 4z’ = 5z + 17

y’ = -5y +11y’ = -10y + 10y’ = 5y + 10

x’ = 5x +7x’ = 5x +7x’ = 5x +7x’ = 5x +7Transcoder transforms

z = x + 5z = 2x + yz = x + yz = x + yOriginal code segment

Sample 4Sample 3Sample 2Sample 1

122

Ambiguity via Homomorphic Data Transformation (examples)


123

Homomorphic Obfuscation vs. Typical Obfuscation

Normal (Naïve) Program Obfuscation

Original andObfuscated

programs are inthe same original

computation space

ObfuscatorOriginalProgram

ObfuscatedProgram

OriginalProgram

ObfuscatedProgram

HH Program Protection

Original version

Homomorphic Hardening Tools

OriginalProgram

OriginalProgram

HO-Protected Program

Protected computation space 1

Protected computation space n

. . .

HOProgram version 1

HOProgram version n

Presenter

Presentation Notes

Normal JS obfuscation is not changing the computation space, just change the syntax of a program mainly and some kind of program structures. Homomorphic obfuscation first is to transform homomorphically the original computation space to a new computation space and make sure data flow and operations are operated in a new transformed space. And then, do all kind of other obfuscations to make a obfuscated instance that only can operand in this specific computation space. Different obfuscated instance is in a different computation space. This nature make attacking very difficult and hard to be automated.

WB Security Pattern

Primitive PatternsPattern 1: Homomorphic data transformationPattern 2: Protecting program decision and propertyPattern 3: Function boundary concealmentPattern 4: Control flow obfuscationPattern 5: Execution flow integrityPattern 6: White-Box cryptographyPattern 7: Program integrity verificationPattern 8: Anti-debugPattern 9: Secure loaderPattern 10: Dynamic code decryptionPattern 11: SW anchoring



124

Execution Flow Integrity: Security Context and Problem

Basic blocks are primary components of program execution flow. Flow dependency between those basic blocks is statically fixed. Control flow obfuscation provides only for hiding the

original intent of the control flow, but cannot guarantee execution flow integrity The protection of execution flow of a function requires to

resolve the following two problems: Transform control flow and make the control flow hard to be

analyzed and extracted statically and dynamically. Transform execution flow of a function so that the flow cannot

be tampered easily and can be detected and mitigated if it is tampered

125

Execution Flow Integrity: Security Intent

Extend original execution flow with history dependency based on original execution order of a function For each particular flow from one basic block to another block,

inject a pair of encode and decode and necessary temporary variables to interlock the flow The original control-flow is transformed into a data directed

control-flow by injected history dependency The extended execution order is no longer static and must be

determined at run-time by the computation of history dependency relationship

Data transformation can be used to protect the history dependency computation

Any tampering attack to history dependency will result wrong execution flow

126

Execution Flow Integrity: Solution – Control Flow Flattening

Control Flow Flattened Program

…

1 2 3 7

Original Program Flow

Conditional jump

Conditional jumpLoop

Exit

Start Start

Exit

127

Presenter

Presentation Notes

Control flow flattening is one basic techniques. There are more other techniques to obfuscate control flow. Branch protection is one to protect a specific kind of control flow. next pattern is more advanced approaches to protect control flow not only obfuscating but also tamper resistant.

Execution Flow Integrity: Solution - History-Dependent Transforms

Switch ( case )

…

1 2 3 7

case = b case = D(d)case = D(c) case = D(a)

b = D(b) b = E(b)d = E(d)a = E(a)a = 99

= 1= 3 = 7 = 2

c = E(c)

HD(a)

HD (b) HD (c) HD (d)

128

Presenter

Presentation Notes

HD can be used to protect control flow HD technical also can be used to protect particular program property for example, function invoking integrity.

WB Computing Security Pattern

Primitive PatternsPattern 1: Homomorphic data transformationPattern 2: Protecting program decision and propertyPattern 3: Function boundary concealmentPattern 4: Control flow obfuscationPattern 5: Execution flow integrity Pattern 6: White-Box cryptographyPattern 7: Program integrity verificationPattern 8: Anti-debugPattern 9: Secure loaderPattern 10: Dynamic code decryptionPattern 11: SW anchoring



129

WhiteBox Cryptography: Security Context – Cryptography Is Used Everywhere

Modern cryptography is one of most fundamental technology adopted for traditional security problems.

130

Art

ScienceCryptography Past 90 years

Solid Security Primitives and Protocols

White-Box Cryptography: Security Problem – Key and Valuable Assets

Software keys can be generated using high-quality pseudo random number generators

(PRNG) securely stored

Sooner or later the key is used and the following events occur:

131

DataFour score and seven years ago our fathers brought forth on the continent a new nation conceived in Liberty and dedicated to the proposition that all men are created equal.

DecryptionExtract key from

storage(encrypt,

deobfuscate)Key Key is easily extracted

by white-box attacker

132

We are now forced to defend against white-box attackers who are strictly more powerful than classic black-box and grey-box attackers

How can a secret key be used in a cryptographic algorithm without being exposed in the context in which it is attacked in white-box fashion?

White-Box Cryptography: Security Problem – White-Box Crypto Security

Existing cryptographic security proofs from the black-box and grey-box attack context simply don’t carry over to the white-box context.

It is broken!

133

The fundamental security intent of white-box cryptography is to make the recovery of the key in the white-box context at least as difficult, mathematically, as in the black-box context

Stated in another way, this pattern is to transform a key such that attacking within the white-box context offers no advantage to attacking in the black-box context

Black-box cryptographic security can be truly guaranteed within white-box context and even improved further if possible

White-Box Cryptography: Security Intent

Ideally, we should develop White-Box friendly ciphers with strong security for both black-box and white-box contexts.

White-Box Cryptography Applies Homomorphism

134

Transformed keyTransformed data

White-box cryptography

Transformed and encrypted output

KeyData

• White-box cryptographic methods use homomorphic transformations• White-box cryptography ensures that input data, keys, intermediate results and

output data are protected at all times by using homomorphic transformations

135

Key Mode Fixed Key Dynamic Key

Re-key/upgradable in the field

Security Assessment All known WB attacks assessment Diversity assessment Possible unknown attacks assessment

Implementation Assessment Complexity Speed Memory size

G E N E R A L R E Q U I R E M E N T S

136

White-box AES 128 and 256-bit keys ECB, CBC, OFB and CTR modes A var iety of s ize/speed/secur i ty t rade-of fs

White-box RSA Fixed keys up to 16384 bits Dynamic keys up to 4096 bits OAEP and PKCS #1 v1.5 encrypt ion padding PSS and PKCS #1 v1.5 signature padding Integrat ion with MD5, SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512

White-box ECC Support for pr ime f ield curves with opt imized support for NIST curves Fixed and dynamic-key sign/ver i fy (ECDSA), dynamic encrypt ion/decrypt ion (EC El-Gamal) Integrat ion with MD5, SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512

DES/TDES A var iety of s ize/speed/secur i ty t rade-of fs

White-box SHA2 Support for SHA-224 and SHA-256 Protect ion of message, digest and intermediate calculat ions

I R D E T O WH I T E B O X C R Y P T O G R A P H Y P R O D U C T F E A T U R E S

137

Irdeto WB crypto technology can countermeasure and mitigate all known WB attacks:

Plain input attack Plain output attack Replay attack Code/data lifting attack Key-update attack Collision attack BGE attack DFA attack DCA attack Affine attack

WB Crypto Security Strength

138

Thank You!

Questions?

www.Irdeto.com | [email protected]

the industrial challenges in software security and protection challenges in... · the industrial...

Documents