Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

msc brainstorm: node hijacking protection for embedded devices using TinyML #8157

Open
synctext opened this issue Sep 16, 2024 · 8 comments
Open
Assignees

Comments

@synctext
Copy link
Member

synctext commented Sep 16, 2024

brainstorm Not afraid of assembly! Defend: July 2025. Phd ambition?!

First, describe the scope and past occurrences of node hijacks.
From Solarwinds to the recent 1.3 million Android TVs in a botnet. Do you aim to protect from unzip fail of firmware update?

Security frameworks. sandbox where you can run anything. IoT device, build Raspberry pi with TinyML as exemplary use-case?

ToDo

Other ideas:

https://www.enisa.europa.eu/publications/eidas-compliant-eid-solutions/@@download/fullReport

Zero-Trust Architecture for Legal Entities

update: Cars now have firmware and secure boot. In-line with your 'hacking' passion. Toyota cars get stolen using CANbus attack. There is a Tesla bug hunting bounty. Smartphone app opens your car, passport-grade authentication. Link to insurance and question who was driving the car when damage occurred?? 🤔 (more US thing versus EU where things are decently organised). The science: protecting high-value 'portable' computers and firmware {zero-trust}.

update2: V2X tech for "car wifi" in 5.9 GHz band. Police remotely stopping a car is no longer the realm of Sci-Fi movies. See the trail of a "remote car stopping" from the Czech Technical University in Prague and the BUT in Brno and PR stuff from the USA.

ToDo: a draft 1-page research proposal (e.g. the science focus side)

@Kheoss
Copy link

Kheoss commented Oct 30, 2024

Proposal: A Privacy-Preserving Digital Identity System Using DNA Passports and Physical Unclonable Functions (PUFs)
Background and Motivation
As digital identity systems become integral to secure IoT and automotive environments, the need for robust, privacy-preserving authentication has never been greater. Traditional biometric and hardware-based authentication methods present vulnerabilities, either through centralized storage or susceptibility to cloning and tampering. This proposal explores a hybrid identity model combining DNA-based identifiers and Physical Unclonable Functions (PUFs), leveraging the unique properties of both biological and hardware-based identifiers for a decentralized, multi-factor authentication system that is resistant to forgery and highly secure.

Objectives
Develop a Secure DNA-PUF System Architecture: Design an identity framework that binds DNA-based identifiers with PUFs, creating a unique, privacy-preserving multi-factor identity verification system.
Implement Privacy-Preserving DNA Hashing: Ensure DNA information is encoded and stored securely, protecting user privacy while enabling strong, unique identity verification.
Prototype and Evaluate the System: Build a prototype and evaluate the system’s effectiveness in providing secure, decentralized authentication, focusing on IoT and automotive applications.

Possible Methodology
DNA-Based Identifier Generation: Select privacy-friendly DNA markers, create a hashed digital representation, and store this locally on the device, ensuring user privacy.
Device-Based PUF Authentication: Equip devices with PUFs (or simulate PUFs? ) to generate unique, hardware-rooted responses. Each device’s PUF response serves as an unforgeable, repeatable key.
Combined DNA-PUF Authentication: Bind the DNA hash with the PUF response to form a multi-factor identifier. Authentication involves the device presenting both the DNA-based user identity and PUF-derived device identity, ensuring that only authorized users and devices gain access.
Testing and Validation: Develop a prototype for evaluation within a simulated IoT or automotive environment, analyzing performance metrics, security resilience, and privacy preservation (how?).

Expected Outcomes ???

Secure, Decentralized Identity System: A privacy-centric identity model that binds user DNA with device-specific PUF authentication, creating a robust, decentralized system for IoT security.
Enhanced Privacy and Security: Privacy-preserving techniques for DNA data storage and processing, with a multi-factor approach that combines user and device authentication without relying on centralized databases.
A working prototype with results demonstrating its feasibility and effectiveness in environments where strong, privacy-respecting authentication is essential.

To explore: Multi-layered/fine-grain hierarchies may be a nice addition as many authentication systems work more like "I am this device" instead of "I owe this device".

Potential Impact
This DNA-PUF hybrid system for secure digital identity merges advanced biometrics with unique hardware-based identifiers. Its decentralized design makes it suitable for applications in IoT, connected vehicles, and other fields where secure, user-controlled identity management is critical. This research will contribute to the fields of digital identity and privacy, addressing current limitations and setting a foundation for further innovations in secure authentication.

  • Unclonable functions based on DNA tools.

  • Cancellable / theft locking/ lost device

  • Chemical unclonable functions based on operable random DNA pools

@synctext
Copy link
Member Author

synctext commented Oct 30, 2024

Very scary 😨 😮 😨 Solid science for "identity of the future" in a world that is slowly collapsing into chaos.

Passport 2050

Advise: re-write. example:
The world is slowly descending into less democracy, more wars, and increased suffering. Establishing the correctness of information, validity of electronic signatures, owners of object, and identity of humans is becoming a cardinal requirement for global safety. This thesis is exploring identity solutions for the worst-case scenario. Our adversary model is that multiple state-actors will re-organise their economy for sustained attacking of the integrity of liberal democracies. Our requirement is that by 2050 our system could still serve as the foundation for identity and integrity of all our socio-economic systems. By being isolated from most plausible technological breakthrough. This means our solution consists of combining traditional hardware-based PUFs and the frontier of science and unique identification: DNA.

  • PUF: eIDAS extreme
  • PUF+DNA+openness and accountability: eIDAS Ultra
  • FastDNA for eIDAS Ultra authentication

@Kheoss
Copy link

Kheoss commented Nov 13, 2024

13/11/2024: A bit of literature review

Lots of DNA is no-coding DNA ( does not encode protein sequences ), however the 1% that does is interesting.

Concept: Protein-Based DNA Signature Generator

  • simulate the process of protein formation from specific DNA segments to create a unique, verifiable signature
  • use DNA as input to model protein structure or sequence => complex and biologically authentic way to generate signatures tied to an individual’s DNA ( bio-PUF ? )
  • ZKP by simulating the protein/structure formation [transcription] for a challange

Problems:

  • how to revoke such identity?
  • many papers that might be usefull are new and did not find them (yet) to read in full [ examples:
    Synthesizing DNA molecules with identity-based digital signatures to prevent malicious tampering and enabling source attribution]

DNA encoding schemes herald a new age in cybersecurity for safeguarding digital assets

Cyber Attacks on Power System Automation and Protection and Impact Analysis

A hybrid logistic DNA-based encryption system for securing the Internet of Things patient monitoring systems

A novel DNA-based key scrambling technique for image encryption

@synctext
Copy link
Member Author

synctext commented Nov 14, 2024

Thesis Brainstorm III

"Purple teaming of the upcoming EU EBSI passport-grade digital identity"
EBSI and Europeum are establishing a state-of-the-art identity system to provide an alternative to Big Tech identity systems and traditional paper-based passports. Instead of the usual secrecy the EU has decided on an transparent, open source, and accountable system. The core of the system is formed by Hyperledger Besu. We created a state-of-the-art SIEM tooling for this server. We present a systematic study consisting of running numerous pentests against an actual pre-production EBSI server, configuring SIEM tooling to report these attacks, and devise new attacks. {speculation!} The result is successful resource exhaustion attack against the default Hyperledger configuration used. Due to the complexity and fragility of the smart contract system we successfully made the server unreachable.

SIEM tools provide forensics, not just a intrusion detection system. This project uses a "capture the flag" experience. This angle uses the hard work of building tooling, new defences, reference architecture, security audit, and possibly new attacks. Security audit should not be in the old format of this vunerability, this config detail. This project will provide a state-of-the-art security audit with risk assessment. For instance, in the scenario that EBSI provides foundation for the digital Euro it impacts risk tolerance. Each deployment level will be analysed, including facilitating tokanization. (blue teaming stuff). Your thesis does not critically depend on successfully breaking EBSI security, but you meticulously create the ecosystem for breaking it. Then you can also propose a security fix. Little investigation shows three unresolved active vulnerabilities to hyperledger Besu ecosystem 😱 Client has incorrect conversion. server side has critical error in 32 bit signed and unsigned types in the calculation of available gas.
Danger is that throwing a bunch of open source tools together is not science for a Delft Master thesis. But with unpatched critical server errors for multiple months, there is low-hanging fruit.

ToDo:

  • find 20-ish papers of state-of-the-art literature around described draft thesis direction.
  • Explore if this is "industry-driven" and thus lacks the transparency, paper publishing, open innovation processes that academics prefer
  • Install local hyperledger Besu and reproduce critical vulnerabilities, investigate how EBSI might be impacted.
    • are there Besu smart contracts in EBSI?

@Kheoss
Copy link

Kheoss commented Nov 29, 2024

https://www.geeksforgeeks.org/hyperledger-besu-in-blockchain/#limitations-of-hyperledger-besu
https://dltgroup.it/DLTWorkshop/slides2023/Sestili_Session_5.pdf
https://www.mdpi.com/2504-2289/7/2/79 [pay to win jurnal]

Brainstorm:

  1. Post-Quantum Security for apps based on Besu Hyperledger

Quantum Threats:
Shor's Algorithm: A quantum algorithm that can efficiently factorize large integers, breaking RSA and ECC-based systems.
Grover's Algorithm: Reduces the time required to brute-force symmetric encryption keys, necessitating larger key sizes for symmetric encryption algorithms.

Many blockchain systems (Besu too) use cryptographic algorithms/signatures that will eventually become obsolete in a post-quantum world.
Post-quantum algorithms are needed to ensure future-proofing.

Post-Quantum Cryptographic Algorithms:

Lattice-Based Cryptography
Merkle tree-based signatures (hash based)
Isogeny-Based Cryptography ( mayben not )

Besu platform's ( base platform for EBSI, "The first public sector blockchain infrastructure in Europe") number 1 contributor works at Consensys ( company which also own Metamask and a asteroid mining company ? )

Resolution: too speculative and the threat model a little questionable as current crypto is STILL STRONG and there is a high chance it will work in the future as public/private key is tested for 50+ years AND... we still have today's problems that need to be taken care of ( identity issues, threat actors tracking, etc)

2.Interoperability and Cross-System Security

How to make besu hyperledger be interoperable with other blockchains?

  1. Incident Response and Resilience: "Hardening the root of trust in Europe"

Traditional SIEMs: Tools like Splunk, Elastic Stack (ELK), and Graylog are adapted for blockchain monitoring by applying custom rules.

Let's try to make something for blockchain specific such as logs, event correlation, not AI preferably.

Try to protect the root of trust of europe from vulnerable base platform (Besu). Detach from the untrustworthy platform and create a layer of security.

Sprint focus:

  • Exploit existing vulnerabilities in Besu.
  • Check if we can capture the current exploits before the threat actually affects us ( anomaly vs signature detection)
  • Can other more formal threat detection models capture that from trafic?

URGENCY MODE ON: Time to focus as the graduation deadline is around July 2025!

@synctext
Copy link
Member Author

synctext commented Nov 29, 2024

Quite a discovery, Hyperledge Besu is captured by Consensys, all top-4 devs. This is an aggressive company, loaded with cash and history of various borderline illegal behaviours. Solid thesis material, turning the Besu untrustworthy platform into the EU EBSI root-of-trust for passport-grade identities. 😨

@Kheoss
Copy link

Kheoss commented Dec 10, 2024

Sprint update:

  • "Gas allocation error in CALL operations in Besu EVM" patched in 22.7.1 but still, maybe nodes run in vulnerable versions ( further study might be interesting).

Blockcain IOT SIEM tool

Lab setup - (I hope soon to be) similar to EBSI

  • BESU
  • minimum 4 validators
  • QBFT
  • smart contracts
  • Docker ( my appologies for this one )

Besu Hyperledger versions in use:

  • 22.4.2 as a vulnerable version
  • 22.7.1 as a patched version [benchmark]

On going: replicate attacks (including CVE-2022-36025, resource exhaustion, etc)

Some ideas from this sprint:

  • Besu is harder to setup than expected
  • Existing logs could vaguely detect unexpected gas fees (ex: CVE-2022-36025 ), however, how to intervine? Quarantine nodes? Demolish transactions based on statistics? Do we want an overlay or an underlay ?
    Combining Besu Logs with Network and maybe OS logs could be the way to go.
  • Should also investigate the Execution Layer (EVM) as here seems the place where bugs and vulnerabilities are most present. (Pre-Deployment Contract Complexity Assessment/Run-time Monitoring of Contract Calls).
    Quarantine a whole contract?

"Dynamic runtime complexity throttling in a permissioned Besu-based network" related tools and papers:

Slither - solidity contract static analyzer (loops, re-entrancy paterns, etc)
Mythril - symbolic framework for EVM bytecode (can detect integer overflow, etc)
Manticore - another symbolic execution tool
MadMax: surviving out of gas - vulnerabilities related to gas consumption
Securify: Practical Security Analysis of Smart Contracts - security scanner for ETH smart contracts
Making a smart contract smarter

Random ideas:
What about forensics ? immutable / tamper-evident logs?

  • Cryptographic logging:
  • Secure Storage of logs
  • teal-time integrity checks

General opinion after 1-2 weeks of working with it: Not too bad, even decent tool, backed up by lots of money. Complicated to setup and a little too "large" in features but overall a decent, enterprise level tool.

I do not think there is enough evidence to focus on Besu's infrastructure/ vulnerability finding in a master's thesis as it is enterprise level. Doing SIEM Tooling seems the best way for "hardening the root of trust".

Next sprint: SimTools for blockchain on the setup

  • YARA Rules
  • zeek...

@synctext
Copy link
Member Author

For next sprint. Get Top-3 SIEM tools running. ELk stack, Prometheus, greylog, splunk, etc?
Identify the top-3. Get going with Besu. Future sprint: identify what to fix, improve, standardize.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

No branches or pull requests

2 participants