1 / 5

Using an “Angel in the Box” to Secure MANETs

Using an “Angel in the Box” to Secure MANETs. Wu-chang Feng, Ed Kaiser Nirupama Bulusu, Wu-chi Feng Jesse Walker, Erik Johnson. Angel in the Box. A trusted, tamper-resistant processor that is hidden from the applications and operating system running on the host Ring “–1”

Télécharger la présentation

Using an “Angel in the Box” to Secure MANETs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Using an “Angel in the Box” to Secure MANETs Wu-chang Feng, Ed Kaiser Nirupama Bulusu, Wu-chi Feng Jesse Walker, Erik Johnson

  2. Angel in the Box • A trusted, tamper-resistant processor that is hidden from the applications and operating system running on the host • Ring “–1” • Only runs code signed by appropriate authority • Intel, DARPA, IETF • Has access to key components of running system • Paradigm • Run anything you want on the untrusted part of the box, but the angel is watching

  3. Platform integrity Fail-safe operation • Angel disables host when applications and/or OS are in an unknown state • Adversary injects malware into application or disables security • Angel quarantines entire system when integrity check fails • Angel disables host when “captured” • Adversary removes node from network to reverse engineer it • Angel disables system upon losing contact with rest of network or when moved outside allowable geographic locations Stopping unwanted traffic Authentic measurements • Angel provides data integrity for remote measurements • Adversary modifies measurements sent in MANET • Angel verifies and certifies data integrity for mission-critical measurements • Angel drops unwanted traffic before it reaches the network • Adversary floods network • Angel tracks public proof-of-work in protocols, verifies that each request contains valid work, and drops those that do not

  4. Angel in the Box example • Intel’s Active Management Technology platform

  5. Good hammer, looking for nails • Detect cheating in online games • Similar platform integrity issues as MANETs • Adversary has physical control over target machine • Extensions to AMTv2 to solve cheating problem • Detect software injection of keyboard/mouse input • IAMANETs • Use existing AMTv2 to solve IAMANET problem • Intel’s DTK http://www.intel.com/software • Work on platform additions to AMTv2 to support new requirements • Intel CTG http://www.intel.com/research

More Related