50 likes | 141 Vues
Using an “Angel in the Box” to Secure MANETs. Wu-chang Feng, Ed Kaiser Nirupama Bulusu, Wu-chi Feng Jesse Walker, Erik Johnson. Angel in the Box. A trusted, tamper-resistant processor that is hidden from the applications and operating system running on the host Ring “–1”
E N D
Using an “Angel in the Box” to Secure MANETs Wu-chang Feng, Ed Kaiser Nirupama Bulusu, Wu-chi Feng Jesse Walker, Erik Johnson
Angel in the Box • A trusted, tamper-resistant processor that is hidden from the applications and operating system running on the host • Ring “–1” • Only runs code signed by appropriate authority • Intel, DARPA, IETF • Has access to key components of running system • Paradigm • Run anything you want on the untrusted part of the box, but the angel is watching
Platform integrity Fail-safe operation • Angel disables host when applications and/or OS are in an unknown state • Adversary injects malware into application or disables security • Angel quarantines entire system when integrity check fails • Angel disables host when “captured” • Adversary removes node from network to reverse engineer it • Angel disables system upon losing contact with rest of network or when moved outside allowable geographic locations Stopping unwanted traffic Authentic measurements • Angel provides data integrity for remote measurements • Adversary modifies measurements sent in MANET • Angel verifies and certifies data integrity for mission-critical measurements • Angel drops unwanted traffic before it reaches the network • Adversary floods network • Angel tracks public proof-of-work in protocols, verifies that each request contains valid work, and drops those that do not
Angel in the Box example • Intel’s Active Management Technology platform
Good hammer, looking for nails • Detect cheating in online games • Similar platform integrity issues as MANETs • Adversary has physical control over target machine • Extensions to AMTv2 to solve cheating problem • Detect software injection of keyboard/mouse input • IAMANETs • Use existing AMTv2 to solve IAMANET problem • Intel’s DTK http://www.intel.com/software • Work on platform additions to AMTv2 to support new requirements • Intel CTG http://www.intel.com/research