Atualização pelo Ar (OTA) de Dispositivos Embarcados Veiculares com Computação Confiável Fim-a-Fim
Resumo
Os veículos conectados possuem softwares que precisam ser atualizados para corrigir vulnerabilidades e adicionar novas funcionalidades. As atualizações Over-the-Air (OTA) evitam que o proprietário leve o veículo até uma assistência técnica, mas abrem brechas para ataques que modificam os executáveis e colocam vidas em risco. Este trabalho propõe uma arquitetura de OTA que combina as duas tecnologias de segurança por hardware mais adotadas no mercado: o Intel SGX no servidor e o ARM TrustZone no cliente. O trabalho se diferencia por propor o uso de computação confiável fim-a-fim para proteger a arquitetura de atacantes capazes de controlar todo o sistema operacional, tanto no servidor quanto no veículo. A implementação utiliza o CACIC-DevKit no servidor e um dispositivo embarcado veicular com o sistema seguro OP-TEE. Os experimentos revelam que o impacto do uso de TEE é de apenas 2% do tempo total para transferência de um bloco de 1KB de software.Referências
Anati, I., Gueron, S., Johnson, S., and Scarlata, V. (2013). Innovative technology for CPU based attestation and sealing. In Proceedings of the 2nd international workshop on hardware and architectural support for security and privacy, volume 13. ACM New York, NY, USA.
Carter, K., Foltzer, A., Hendrix, J., Huffman, B., and Tomb, A. (2013). SAW: the software analysis workbench. In Proceedings of the 2013 ACM SIGAda annual conference on High integrity language technology, pages 15–18.
Costan, V. and Devadas, S. (2016). Intel SGX explained. Cryptology ePrint Archive.
De Souza, L. A. C., Camilo, G. F., M. Campista, M. E., M. K. Costa, L. H., and M. B. Duarte, O. C. (2022). Enhancing Automatic Attack Detection through Spectral Decomposition of Network Flows. In GLOBECOM 2022 - 2022 IEEE Global Communications Conference, pages 2074–2079.
Göttel, C., Felber, P., and Schiavoni, V. (2019). Developing secure services for IoT with OP-TEE: a first look at performance and usability. In Distributed Applications and Interoperable Systems: 19th IFIP WG 6.1 International Conference, DAIS 2019, Held as Part of the 14th International Federated Conference on Distributed Computing Techniques, DisCoTec 2019, Kongens Lyngby, Denmark, June 17–21, 2019, Proceedings 19, pages 170–178.
Henriques, A. C. P. (2022). Secure Over-the-Air Vehicle Updates using Trusted Execution Environments (TEE). Master’s thesis, Universidade do Porto.
Hern, A. (2013). North Korean ’Cyberwarfare’ Said to Have Cost South Korea £500m. The Guardian, 16.
Karthik, T., Brown, A., Awwad, S., McCoy, D., Bielawski, R., Mott, C., Lauzon, S., Weimerskirch, A., and Cappos, J. (2016). Uptane: Securing software updates for automobiles. In International Conference on Embedded Security in Car, pages 1–11.
Kornaros, G., Tomoutzoglou, O., Mbakoyiannis, D., Karadimitriou, N., Coppola, M., Montanari, E., Deligiannis, I., and Gherardi, G. (2020). Towards holistic secure networking in connected vehicles through securing CAN-bus communication and firmware-over-the-air updating. Journal of Systems Architecture, 109:101761.
Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., et al. (2010). Experimental security analysis of a modern automobile. In 2010 IEEE symposium on security and privacy, pages 447–462. IEEE.
Mukherjee, A., Gerdes, R., and Chantem, T. (2021). Trusted Verification of Over-the-Air (OTA) Secure Software Updates on COTS Embedded Systems. In Workshop on Automotive and Autonomous Vehicle Security (AutoSec), volume 2021, page 25.
Ngabonziza, B., Martin, D., Bailey, A., Cho, H., and Martin, S. (2016). Trustzone explained: Architectural features and use cases. In 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC), pages 445–451. IEEE.
Oleksenko, O., Trach, B., Krahn, R., Silberstein, M., and Fetzer, C. (2018). Varys: Protecting SGX Enclaves from Practical Side-Channel Attacks. In 2018 Usenix Annual Technical Conference (USENIX ATC 18), pages 227–240.
Sarkar, S., Choudhary, G., Shandilya, S. K., Hussain, A., and Kim, H. (2022). Security of zero trust networks in cloud computing: A comparative review. Sustainability, 14(18):11213.
Scarlata, V., Johnson, S., Beaney, J., and Zmijewski, P. (2018). Supporting third party attestation for Intel SGX with Intel data center attestation primitives. White paper.
Suzaki, K., Nakajima, K., Oi, T., and Tsukamoto, A. (2020). Library implementation and performance analysis of GlobalPlatform TEE Internal API for Intel SGX and RISC-V Keystone. In 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pages 1200–1208. IEEE.
Thomaz, G. A., Guerra, M. B., Sammarco, M., and Campista, M. E. M. (2023a). CACIC-DevKit: Construção de Sistemas IoT com Políticas de Acesso Customizáveis e Segurança por Hardware. In Anais Estendidos do XLI Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 1–8. SBC.
Thomaz, G. A., Guerra, M. B., Sammarco, M., Detyniecki, M., and Campista, M. E. M. (2023b). Tamper-proof access control for IoT clouds using enclaves. Ad Hoc Networks, 147:103191.
Tsai, C.-C., Porter, D. E., and Vij, M. (2017). Graphene-SGX: A Practical Library {OS} for Unmodified Applications on SGX. In 2017 USENIX Annual Technical Conference (USENIX ATC 17), pages 645–658.
Carter, K., Foltzer, A., Hendrix, J., Huffman, B., and Tomb, A. (2013). SAW: the software analysis workbench. In Proceedings of the 2013 ACM SIGAda annual conference on High integrity language technology, pages 15–18.
Costan, V. and Devadas, S. (2016). Intel SGX explained. Cryptology ePrint Archive.
De Souza, L. A. C., Camilo, G. F., M. Campista, M. E., M. K. Costa, L. H., and M. B. Duarte, O. C. (2022). Enhancing Automatic Attack Detection through Spectral Decomposition of Network Flows. In GLOBECOM 2022 - 2022 IEEE Global Communications Conference, pages 2074–2079.
Göttel, C., Felber, P., and Schiavoni, V. (2019). Developing secure services for IoT with OP-TEE: a first look at performance and usability. In Distributed Applications and Interoperable Systems: 19th IFIP WG 6.1 International Conference, DAIS 2019, Held as Part of the 14th International Federated Conference on Distributed Computing Techniques, DisCoTec 2019, Kongens Lyngby, Denmark, June 17–21, 2019, Proceedings 19, pages 170–178.
Henriques, A. C. P. (2022). Secure Over-the-Air Vehicle Updates using Trusted Execution Environments (TEE). Master’s thesis, Universidade do Porto.
Hern, A. (2013). North Korean ’Cyberwarfare’ Said to Have Cost South Korea £500m. The Guardian, 16.
Karthik, T., Brown, A., Awwad, S., McCoy, D., Bielawski, R., Mott, C., Lauzon, S., Weimerskirch, A., and Cappos, J. (2016). Uptane: Securing software updates for automobiles. In International Conference on Embedded Security in Car, pages 1–11.
Kornaros, G., Tomoutzoglou, O., Mbakoyiannis, D., Karadimitriou, N., Coppola, M., Montanari, E., Deligiannis, I., and Gherardi, G. (2020). Towards holistic secure networking in connected vehicles through securing CAN-bus communication and firmware-over-the-air updating. Journal of Systems Architecture, 109:101761.
Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., et al. (2010). Experimental security analysis of a modern automobile. In 2010 IEEE symposium on security and privacy, pages 447–462. IEEE.
Mukherjee, A., Gerdes, R., and Chantem, T. (2021). Trusted Verification of Over-the-Air (OTA) Secure Software Updates on COTS Embedded Systems. In Workshop on Automotive and Autonomous Vehicle Security (AutoSec), volume 2021, page 25.
Ngabonziza, B., Martin, D., Bailey, A., Cho, H., and Martin, S. (2016). Trustzone explained: Architectural features and use cases. In 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC), pages 445–451. IEEE.
Oleksenko, O., Trach, B., Krahn, R., Silberstein, M., and Fetzer, C. (2018). Varys: Protecting SGX Enclaves from Practical Side-Channel Attacks. In 2018 Usenix Annual Technical Conference (USENIX ATC 18), pages 227–240.
Sarkar, S., Choudhary, G., Shandilya, S. K., Hussain, A., and Kim, H. (2022). Security of zero trust networks in cloud computing: A comparative review. Sustainability, 14(18):11213.
Scarlata, V., Johnson, S., Beaney, J., and Zmijewski, P. (2018). Supporting third party attestation for Intel SGX with Intel data center attestation primitives. White paper.
Suzaki, K., Nakajima, K., Oi, T., and Tsukamoto, A. (2020). Library implementation and performance analysis of GlobalPlatform TEE Internal API for Intel SGX and RISC-V Keystone. In 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pages 1200–1208. IEEE.
Thomaz, G. A., Guerra, M. B., Sammarco, M., and Campista, M. E. M. (2023a). CACIC-DevKit: Construção de Sistemas IoT com Políticas de Acesso Customizáveis e Segurança por Hardware. In Anais Estendidos do XLI Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 1–8. SBC.
Thomaz, G. A., Guerra, M. B., Sammarco, M., Detyniecki, M., and Campista, M. E. M. (2023b). Tamper-proof access control for IoT clouds using enclaves. Ad Hoc Networks, 147:103191.
Tsai, C.-C., Porter, D. E., and Vij, M. (2017). Graphene-SGX: A Practical Library {OS} for Unmodified Applications on SGX. In 2017 USENIX Annual Technical Conference (USENIX ATC 17), pages 645–658.
Publicado
20/05/2024
Como Citar
THOMAZ, Guilherme A.; SAMMARCO, Matteo; CAMPISTA, Miguel Elias M..
Atualização pelo Ar (OTA) de Dispositivos Embarcados Veiculares com Computação Confiável Fim-a-Fim. In: SIMPÓSIO BRASILEIRO DE REDES DE COMPUTADORES E SISTEMAS DISTRIBUÍDOS (SBRC), 42. , 2024, Niterói/RJ.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 559-573.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2024.1442.
