skip to main content
10.1145/2046707.2046711acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

VIPER: verifying the integrity of PERipherals' firmware

Published: 17 October 2011 Publication History

Abstract

Recent research demonstrates that malware can infect peripherals' firmware in a typical x86 computer system, e.g., by exploiting vulnerabilities in the firmware itself or in the firmware update tools. Verifying the integrity of peripherals' firmware is thus an important challenge. We propose software-only attestation protocols to verify the integrity of peripherals' firmware, and show that they can detect all known software-based attacks. We implement our scheme using a Netgear GA620 network adapter in an x86 PC, and evaluate our system with known attacks.

References

[1]
Advanced Micro Devices, Inc. AMD I/O virtualization technology (IOMMU) specification. Publication No. 34434, Revision: 1.26, Feb. 2009.
[2]
Advanced Micro Devices, Inc. AMD64 architecture programmer's manual volume 2: System programming. Publication No. 24593, Revision: 3.17, June 2010.
[3]
A. M. Azab, P. Ning, Z. Wang, X. Jiang, X. Zhang, and N. C. Skalsky. HyperSentry: enabling stealthy in-context measurement of hypervisor integrity. In Proceedings of the ACM conference on Computer and Communication Security, 2010.
[4]
C. Castelluccia, A. Francillon, D. Perito, and C. Soriente. On the difficulty of software-based attestation of embedded devices. In Proceedings of the ACM Conference on Computer and Communications Security, Nov. 2009.
[5]
K. Chen. Reversing and exploiting an Apple firmware update. In Black Hat, 2009.
[6]
L. Duflot, Y.-A. Perez, and B. Morin. Run-time firmware integrity verification: what if you can not trust your network card? In CanSecWest, 2011.
[7]
L. Duflot, Y.-A. Perez, G. Valadon, and O. Levillain. Can you still trust your network card? CanSecWest, 2010.
[8]
A. Francillon, C. Castelluccia, D. Perito, and C. Soriente. Comments on "refutation of on the difficulty of software-based attestation of embedded devices". http://planete.inrialpes.fr/perito/papers/2010_CCS_attestation_comment%s_on_rebutal.pdf, Oct. 2010.
[9]
V. Gratzer and D. Naccache. Alien vs. quine, the vanishing circuit and other tales from the industry's crypt. In Proceedings of Eurocrypt, May 2006.
[10]
IEEE Computer Society: 802.3 Working Group. IEEE standard 802.3x-1997, 1997.
[11]
A. N. Inc. Tigon Open Firmware. http://alteon.shareable.org.
[12]
A. N. Inc. Tigon/PCI Ethernet Controlller (revision 1.04). http://alteon.shareable.org, 1997.
[13]
Intel Corporation. Intel 64 and IA-32 architectures software developer's manual volume 1: Basic architecture. Order Number: 253665-073US, Jan. 2011.
[14]
Intel Corporation. Intel 64 and IA-32 architectures software developer's manual volume 3b: System programming guide, part 2. Order Number: 253669-037US, Jan. 2011.
[15]
M. Jakobsson and K.-A. Johansson. Assured detection of malware with applications to mobile platforms. DIMACS Technical Report 2010-03, http://dimacs.rutgers.edu/TechnicalReports/abstracts/2010/2010-03.html, 2010.
[16]
M. Jakobsson and K.-A. Johansson. Assured detection of malware with applications to mobile platforms. In Proceedings of the Workshop on Hot Topics in Security (HotSec), Aug. 2010.
[17]
R. Kennell and L. H. Jamieson. Establishing the genuinity of remote computer systems. In Proceedings of the USENIX Security Symposium, 2003.
[18]
Y. Li, J. M. McCune, and A. Perrig. SBAP: Software-Based Attestation for Peripherals. In Proceedings of the 3rd International Conference on Trust and Trustworthy Computing, 2010.
[19]
J. M. McCune, B. Parno, A. Perrig, M. K. Reiter, and H. Isozaki. Flicker: An execution infrastructure for TCB minimization. In Proceedings of the European Conference on Computer Systems (EuroSys), Apr. 2008.
[20]
Mindshare Inc., R. Budruk, D. Anderson, and T. Shanley. PCI Express System Architecture. Addison-Wesley Professional, Sept. 2003.
[21]
MindShare Inc., T. Shanley, and D. Anderson. PCI System Architecture (4th Edition). Addison-Wesley Professional, June 1999.
[22]
E. B. Nightingale, J. R. Douceur, and V. Orgovan. Cycles, cells and platters: an empirical analysisof hardware failures on a million consumer PCs. In Proceedings of the European Conference on Computer systems (EuroSys), 2011.
[23]
NIST. Recommendation for key management. Special Publication 800--57 Part 1, Mar. 2007.
[24]
T. Park and K. G. Shin. Soft tamper-proofing via program integrity verification in wireless sensor networks. IEEE Transactions on Mobile Computing (TMC), 2005.
[25]
A. Perrig and L. van Doorn. Refutation of "on the difficulty of software-based attestation of embedded devices". http://sparrow.ece.cmu.edu/group/pub/perrig-vandoorn-refutation.pdf, 2010.
[26]
F. L. Sang, Èric Lacombe, V. Nicomette, and Y. Deswarte. Exploiting an I/OMMU vulnerability. In Proceedings of IEEE Conference on Malicious and Unwanted Software (Malware), 2010.
[27]
F. L. Sang, V. Nicomette, Y. Deswarte, and L. Duflot. Attaques DMA peer-to-peer et contremesures. In Proceedings of the Symposium sur la Sécurité des Technologies de L'Information et des Communications (SSTIC), June 2011.
[28]
A. Seshadri. A Software Primitive for Externally-verifiable Untampered Execution and its Applications to Securing Computing Systems. PhD thesis, Electrical and Computer Engineering Department, Carnegie Mellon University, 2009.
[29]
A. Seshadri, M. Luk, A. Perrig, L. van Doorn, and P. Khosla. SCUBA: Secure code update by attestation in sensor networks. In Proceedings of ACM Workshop on Wireless Security (WiSe), Sept. 2006.
[30]
A. Seshadri, M. Luk, E. Shi, A. Perrig, L. van Doorn, and P. Khosla. Pioneer: Verifying Integrity and Guaranteeing Execution of Code on Legacy Platforms. In Proceedings of ACM Symposium on Operating Systems Principles, Oct. 2005.
[31]
A. Seshadri, A. Perrig, L. van Doorn, and P. Khosla. SWATT: SoftWare-based ATTestation for embedded devices. In Proceedings of the IEEE Symposium on Security and Privacy, 2004.
[32]
M. Shaneck, K. Mahadevan, V. Kher, and Y. Kim. Remote software-based attestation for wireless sensors. In Proceedings of the European Workshop on Security and Privacy in Ad Hoc and Sensor Networks (ESAS), 2005.
[33]
U. Shankar, M. Chew, and J. Tygar. Side effects are not sufficient to authenticate software. In Proceedings of the USENIX Security Symposium, 2004.
[34]
D. Spinellis. Reflection as a mechanism for software integrity verification. ACM Transactions on Information and System Security, Feb. 2000.
[35]
A. Triulzi. Project Maux Mk.II, I Own the NIC, now I want a shell. In The 8th annual PacSec conference, 2008.
[36]
A. Triulzi. The Jedi Packet takes over the Deathstar, taking NIC backdoor to the next level. In The 12th annual CanSecWest conference, 2010.
[37]
J. Wang, A. Stavrou, and A. K. Ghosh. HyperCheck: A Hardware-Assisted Integrity Monitor. In Proceedings of International Symposium on Recent Advances in Intrusion Detection (RAID), 2010.

Cited By

View all
  • (2024)Orbital Shield: Rethinking Satellite Security in the Commercial Off-the-Shelf Era2024 Security for Space Systems (3S)10.23919/3S60530.2024.10592292(1-11)Online publication date: 27-May-2024
  • (2024)Watch Out Your Thumb Drive: Covert Data Theft From Portable Data Storage via BackscatterIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.330560721:4(2434-2447)Online publication date: Jul-2024
  • (2024)One for All and All for One: GNN-based Control-Flow Attestation for Embedded Devices2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00251(3346-3364)Online publication date: 19-May-2024
  • Show More Cited By

Index Terms

  1. VIPER: verifying the integrity of PERipherals' firmware

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    CCS '11: Proceedings of the 18th ACM conference on Computer and communications security
    October 2011
    742 pages
    ISBN:9781450309486
    DOI:10.1145/2046707
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 17 October 2011

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. integrity of peripherals' firmware
    2. proxy attack
    3. software-based attestation

    Qualifiers

    • Research-article

    Conference

    CCS'11
    Sponsor:

    Acceptance Rates

    CCS '11 Paper Acceptance Rate 60 of 429 submissions, 14%;
    Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

    Upcoming Conference

    CCS '25

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)50
    • Downloads (Last 6 weeks)7
    Reflects downloads up to 14 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)Orbital Shield: Rethinking Satellite Security in the Commercial Off-the-Shelf Era2024 Security for Space Systems (3S)10.23919/3S60530.2024.10592292(1-11)Online publication date: 27-May-2024
    • (2024)Watch Out Your Thumb Drive: Covert Data Theft From Portable Data Storage via BackscatterIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.330560721:4(2434-2447)Online publication date: Jul-2024
    • (2024)One for All and All for One: GNN-based Control-Flow Attestation for Embedded Devices2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00251(3346-3364)Online publication date: 19-May-2024
    • (2024)Control Corruption without Firmware Infection: Stealthy Supply Chain Attacks via PLC Hardware Implants (MalTag)2024 ACM/IEEE 15th International Conference on Cyber-Physical Systems (ICCPS)10.1109/ICCPS61052.2024.00029(247-258)Online publication date: 13-May-2024
    • (2024)A Hardware-Based Correct Execution Environment Supporting Virtual MemoryIEEE Access10.1109/ACCESS.2024.344350912(114008-114022)Online publication date: 2024
    • (2024)A novel ALM based security framework for block chain in healthcare platformInternational Journal of System Assurance Engineering and Management10.1007/s13198-024-02443-3Online publication date: 4-Aug-2024
    • (2023)Symbolic modelling of remote attestation protocols for device and app integrity on AndroidProceedings of the 2023 ACM Asia Conference on Computer and Communications Security10.1145/3579856.3582812(218-231)Online publication date: 10-Jul-2023
    • (2023)Whole-Program Control-Flow Path AttestationProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3616687(2680-2694)Online publication date: 15-Nov-2023
    • (2023)A Software-Based Remote Attestation Scheme for Internet of Things DevicesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.315488720:2(1422-1434)Online publication date: 1-Mar-2023
    • (2023)ISC-FLAT: On the Conflict Between Control Flow Attestation and Real-Time Operations2023 IEEE 29th Real-Time and Embedded Technology and Applications Symposium (RTAS)10.1109/RTAS58335.2023.00018(133-146)Online publication date: May-2023
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media