Principles of Secure BootStrapping for IoT

Submitted by mpsingh on Sat, 12/29/2018 - 8:51pm

PI(s), Co-PI(s), Researchers:

HARD PROBLEM(S) ADDRESSED
This refers to Hard Problems, released November 2012.

Policy.

PUBLICATIONS
Papers written as a result of your research from the current quarter only.

Sze Yiu Chau, Moosa Yahyazadeh, Omar Chowdhury, Aniket Kate, Ninghui Li. Analyzing Semantic Correctness with Symbolic Execution: A Case Study on PKCS#1 v1.5 Signature Verification. To appear in 2019 NDSS.
Syed Rafiul Hussain, Mitziu Echeverria, Omar Chowdhury, Ninghui Li and Elisa Bertino. Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information. To appear in 2019 NDSS.

KEY HIGHLIGHTS

We studied IoT implementations of cryptographic primitives that are critical in secure bootstrapping. We analyzed 15 recent open-source implementations using symbolic execution and found semantic flaws in 6 of them. Further analysis of these flaws showed that 4 implementations are susceptible to new variants of the Bleichenbacher lowexponent RSA signature forgery, which enable an attacker to forge signature on a certificate without breaking the RSA algorithm. One implementation suffers from potential denial of service attacks with purposefully crafted signatures.
We studied privacy problems in 4G and 5G cellular networks. We identified inherent vulnerabilities in the paging protocols that enables an adversary who knows the phone number (or other software ids such as Twitter handle) to identify whether a cellular device is present in a physical region. We also discovered attacks that enable the recovery of persistent identity (such as IMSI) of cellular devices. During the last quarter, we studied different defense mechanisms. Without chaning hardware, one defense is for providers to randomly inject fake paging messages. With a little added overhead, the noises make the attack infeasble.

COMMUNITY ENGAGEMENTS

We have notified various software vendors and the GSM Association about our findings. GSMA listed us in their Mobile Security Research Hall of Fame at https://www.gsma.com/aboutus/workinggroups/working-groups/fraud-security-group/mobile-security-research-hall-fame

EDUCATIONAL ADVANCES:

A local high school science teacher contacted the PI about research opportunities for high school students, and we have involved a high school student in the research on IoT security. The student is implementing existing attacks on IoT. We have obtained the necessary equipments, and the project is still ongoing.

Groups:

Cyber-Physical Systems Virtual Organization