Seminar: Building Sensors that Cannot Lie: Verifiable Integrity in Resource-Constrained Embedded Systems
Ivan De Oliveira Nunes
PhD Candidate, University of California, Irvine
Friday, January 29, 2021
12:00 pm - 1:00 pm
Modern society is increasingly surrounded by, and is growing accustomed to, a wide range of Cyber-Physical Systems (CPS), Internet-of-Things (IoT), and smart devices. They often perform safety- critical functions, e.g., personal medical devices, automotive CPS as well as industrial and residential automation, e.g., sensor-alarm combinations. On the lower end of the scale, these devices are small, cheap, and specialized sensors and/or actuators. They tend to host small CPUs, have small amounts of memory, and run simple software. If such devices are left unprotected, consequences of forged sensor readings or ignored actuation commands can be catastrophic, particularly, in safety-critical settings. This prompts the following three questions: (1) How to trust data produced, or verify that commands were performed, by a simple remote embedded device?, (2) How to bind these actions/results to the execution of expected software? and, (3) Can (1) and (2) be attained even if all software on a device can be modified and/or compromised (e.g., by malware)?
In this talk, I will overview a set of techniques based on formally verified hardware/software co-design, namely remote attestation, proofs of execution, and TOCTOU-avoidance. These techniques can be leveraged to assure the integrity of software and its execution, even on some of the most resource-constrained micro-controllers. I will discuss three formally verified architectures realizing the aforementioned techniques (VRASED, APEX, and RATA) and how they have been securely implemented atop the TI MSP430 micro-controller at a relatively low-cost.
Ivan De Oliveira Nunes is a Ph.D. candidate at the University of California, Irvine (UCI) working on security and privacy. Before coming to UCI, he earned a Computer Engineering degree at the Federal University of Espirito Santo (UFES), in Brazil, from 2009 to 2014. He also holds a Computer Science M.Sc. degree from the Federal University of Minas Gerais (UFMG) - Brazil (2016). In recent years, he has worked on several topics, including IoT Security, Content-Centric Networking Security, Secure Multi-Party Computation (MPC), Biometric-Based Authentication, and Opportunistic Mobile Networking. His research interests span the fields of security and privacy, embedded systems, computer networking, applied cryptography, and especially their intersection.