VIPER: verifying the integrity of PERipherals' firmware

Recent research demonstrates that malware can infect peripherals' firmware in a typical x86 computer system, e.g., by exploiting vulnerabilities in the firmware itself or in the firmware update tools. Verifying the integrity of peripherals' firmware is thus an important challenge. We propose software-only attestation protocols to verify the integrity of peripherals' firmware, and show that they can detect all known software-based attacks. We implement our scheme using a Netgear GA620 network adapter in an x86 PC, and evaluate our system with known attacks.

[1]  Ed Solari,et al.  PCI Express System Architecture , 2003 .

[2]  K. Chen Reversing and exploiting an Apple firmware update , 2009 .

[3]  Leah H. Jamieson,et al.  Establishing the Genuinity of Remote Computer Systems , 2003, USENIX Security Symposium.

[4]  Diomidis Spinellis,et al.  Reflection as a mechanism for software integrity verification , 2000, TSEC.

[5]  Zhi Wang,et al.  HyperSentry: enabling stealthy in-context measurement of hypervisor integrity , 2010, CCS '10.

[6]  Jiang Wang,et al.  Autonomic Recovery: HyperCheck: A Hardware-Assisted Integrity Monitor , 2013 .

[7]  Yongdae Kim,et al.  Remote Software-Based Attestation for Wireless Sensors , 2005, ESAS.

[8]  J. Doug Tygar,et al.  Side Effects Are Not Sufficient to Authenticate Software , 2004, USENIX Security Symposium.

[9]  Claudio Soriente,et al.  On the difficulty of software-based attestation of embedded devices , 2009, CCS.

[10]  David Naccache,et al.  Alien vs. Quine, the Vanishing Circuit and Other Tales from the Industry's Crypt , 2006, EUROCRYPT.

[11]  Tom Shanley,et al.  PCI System Architecture , 1993 .

[12]  Pradeep K. Khosla,et al.  SWATT: softWare-based attestation for embedded devices , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[13]  Kang G. Shin,et al.  Soft tamper-proofing via program integrity verification in wireless sensor networks , 2005, IEEE Transactions on Mobile Computing.

[14]  Michael K. Reiter,et al.  Flicker: an execution infrastructure for tcb minimization , 2008, Eurosys '08.

[15]  Yves Deswarte,et al.  Exploiting an I/OMMU vulnerability , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[16]  Elaine Shi,et al.  Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems , 2005, SOSP '05.

[17]  John R. Douceur,et al.  Cycles, cells and platters: an empirical analysisof hardware failures on a million consumer PCs , 2011, EuroSys '11.

[18]  L. V. Doorn,et al.  SCUBA: Secure Code Update By Attestation in sensor networks , 2006, WiSe '06.

[19]  Pradeep K. Khosla,et al.  A software primitive for externally-verifiable untampered execution and its applications to securing computing systems , 2009 .

[20]  Adrian Perrig,et al.  Refutation of "On the Difficulty of Software-Based Attestation o f Embedded Devices" , 2010 .

[21]  Markus Jakobsson,et al.  Assured Detection of Malware With Applications to Mobile Platforms , 2010 .

[22]  No License,et al.  Intel ® 64 and IA-32 Architectures Software Developer ’ s Manual Volume 3 A : System Programming Guide , Part 1 , 2006 .

[23]  Markus Jakobsson,et al.  Retroactive Detection of Malware with Applications to Mobile Platforms , 2010, HotSec.

[24]  Adrian Perrig,et al.  SBAP: Software-Based Attestation for Peripherals , 2010, TRUST.