Luning Xia

NFPS: Adding Undetectable Secure Deletion to Flash Translation Layer

Securely removing data from modern computing systems is challenging, as past existence of the deleted data may leave artifacts in the layout at all layers of a computing system, which can be utilized by the adversary to infer information about the deleted data. Conventional overwriting-based and encryption-based solutions are not sufficient, as they cannot remove these artifacts. In this work, we aim to securely remove data from NAND flash-based block devices. We observed that completely removing the aforementioned artifacts from NAND flash is expensive, as it may require re-organizing the entire flash layout. We thus approach this security goal from a new angle. We investigate undetectable secure deletion, a novel security notion which can 1) remove the deleted data from flash devices, such that the adversary cannot have access to the deleted data once they have been removed, and 2) conceal the deletion history, such that the adversary cannot find out there was a deletion in the past. We design NAND Flash Partial Scrubbing (NFPS), the first undetectable secure deletion scheme for NAND flash-based block devices. We propose partial page reprogramming and partial block erasure methods to sanitize data from NAND flash. In addition, we incorporate NFPS to typical Flash Translation Layer (FTL) algorithms. Finally, we implement NFPS and experimentally evaluate its effectiveness.

Evaluating the Optimized Implementations of SNOW3G and ZUC on FPGA

SNOW 3G and ZUC are both the heart of secure algorithm sets in 3GPP LTE-Advanced, which is the potential candidate for 4G mobile broadband communication standard. In this paper, we optimize the implementation of the SNOW 3G and ZUC on FPGA, and also evaluate their performance. Our implementation of SNOW 3G reaches a little higher throughput than that of the best commercial IP core. Our optimized implementation of ZUC gives 40% performance improvement, compared with the best reported methods in terms of area-throughput ratio. Especially, compared with the ASIC implementation of ZUC in the most recent work in INDOCRYT 2011, the critical path of our architecture is 20% shorter than theirs. Our evaluation results show that both SNOW 3G and ZUC are flexible to balance different throughput with consumed area.

Hardware performance optimization and evaluation of SM3 hash algorithm on FPGA

Hash algorithms are widely used for data integrity and authenticity. Chinese government recently published a standard hash algorithm, SM3, which is highly recommended for commercial applications. However, little research of SM3 implementation has been published. We find that the existing optimization techniques cannot be adopted to SM3 efficiently, due to the complex computation and strong data dependency. In this paper, we present our novel optimization techniques: shift initialization and SRL-based implementation. Based on the techniques, we propose two architectures: compact design and high-throughput design, both of which significantly improve the performance on FPGA. As far as we know, our work is the first one to evaluate SM3 hardware performance. The evaluation result suggests that SM3 with low area and high efficiency is suitable for hardware implementations, especially for those resource-limited platforms.

Analysis for Location-Based Key Pre-distribution in Wireless Sensor Networks

Wireless sensor networks play key roles in many applications. They are often deployed in hostile environment where communications between sensor nodes must be encrypted. This requires the establishment of secure keys between the sensor nodes in the wireless sensor networks. As one of the methods establishing pairwise keys, location-based key pre-distribution scheme takes advantage of the observation that in static wireless sensor network, it is often possible to approximately determine the location of sensor nodes. In this paper, we evaluate the security and connectivity of location-based key pre-distribution scheme when a target field is partitioned using different methods. The analysis in this paper indicates that in the three possible partition methods, the hexagon-based scheme has the highest probability of establishing pairwise keys between sensor nodes, while the triangle-based key scheme can achieve the highest security. The tradeoff between connectivity and security should be taken into consideration in practice.

Sanitizing data is not enough!: towards sanitizing structural artifacts in flash media

Conventional overwriting-based and encryption-based secure deletion schemes can only sanitize data. However, the past existence of the deleted data may leave artifacts in the layout at all layers of a computing system. These structural artifacts may be utilized by the adversary to infer sensitive information about the deleted data or even to fully recover them. The conventional secure deletion solutions unfortunately cannot sanitize them. In this work, we introduce truly secure deletion, a novel security notion that is much stronger than the conventional secure deletion. Truly secure deletion requires sanitizing both the obsolete data as well as the corresponding structural artifacts, so that the resulting storage layout after a delete operation is indistinguishable from that the deleted data never appeared. We propose TedFlash, a Truly secure deletion scheme for Flash-based block devices. TedFlash can successfully sanitize both the data and the structural artifacts, while satisfying the design constraints imposed for flash memory. Security analysis and experimental evaluation show that TedFlash can achieve the truly secure deletion guarantee with a small additional overhead compared to conventional secure deletion solutions.

Supporting Transparent Snapshot for Bare-metal Malware Analysis on Mobile Devices

The increasing growth of cybercrimes targeting mobile devices urges an efficient malware analysis platform. With the emergence of evasive malware, which is capable of detecting that it is being analyzed in virtualized environments, bare-metal analysis has become the definitive resort. Existing works mainly focus on extracting the malicious behaviors exposed during bare-metal analysis. However, after malware analysis, it is equally important to quickly restore the system to a clean state to examine the next sample. Unfortunately, state-of-the-art solutions on mobile platforms can only restore the disk, and require a time-consuming system reboot. In addition, all of the existing works require some in-guest components to assist the restoration. Therefore, a kernel-level malware is still able to detect the presence of the in-guest components. We propose Bolt, a transparent restoration mechanism for bare-metal analysis on mobile platform without rebooting. Bolt achieves a reboot-less restoration by simultaneously making a snapshot for both the physical memory and the disk. Memory snapshot is enabled by an isolated operating system (BoltOS) in the ARM TrustZone secure world, and disk snapshot is accomplished by a piece of customized firmware (BoltFTL) for flash-based block devices. Because both the BoltOS and the BoltFTL are isolated from the guest system, even kernel-level malware cannot interfere with the restoration. More importantly, Bolt does not require any modifications into the guest system. As such, Bolt is the first that simultaneously achieves efficiency, isolation, and stealthiness to recover from infection due to malware execution. We have implemented a Bolt prototype working with the Android OS. Experimental results show that Bolt can restore the guest system to a clean state in only 2.80 seconds.

Extracting Robust Keys from NAND Flash Physical Unclonable Functions

Physical unclonable functions PUFs are innovative primitives to extract secret keys from the unique submicron structure of integrated circuits. PUFs avoid storing the secret key in the nonvolatile memory directly, providing interesting advantages such as physical unclonability and tamper resistance. In general, Error-Correcting Codes ECC are used to ensure the reliability of the response bits. However, the ECC techniques have significant power, delay overheads and are subject to information leakage. In this paper, we introduce a PUF-based key generator for NAND Flash memory chips, while requiring no extra custom hardware circuits. First, we present three methods to extract raw PUF output numbers from NAND Flash memory chips, namely partial erasure, partial programming and program disturbance, which are all based on the NAND Flash Physical Unclonable Function NFPUF. Second, we use a bit-map or a position-map to select the cells with the most reliable relationship of the size between raw NFPUF output numbers. Only the selected cells are used for key generation. Finally, we describe the practical implementations with multiple off-the-shelf NAND Flash memory chips, and evaluate the reliability and security of the proposed key generator. Experimental results show that our NFPUF based key generator can generate a cryptographically secure 128-bit key with a failure rate

Copker: A Cryptographic Engine Against Cold-Boot Attacks

<10^{-6}