Work Description

Package Title: Python Sampled Boot Authentication

This package consists of two scripts which implement 3 different Sampled Boot Authentication
schemes, (Random Block Sampling, One per Block Sampling and Two per Block Sampling).

Date Created: 17 April, 2019
Authors: Wonder-Junior Gumise: Wonder-Junior.Gumise@hsrw.org/Ahmad MK Nasser: ahmadnas@umich.edu

Key Points:

The two scripts in this package implement the setup and verification phases of the Sampled Boot
Authentication procedure proposed in the research paper.
They enable practical evaluation of the performance of Sampled Boot Authentication schemes on
custom hex data images.
The actual C language version of the algorithm is not included. To implement on an embedded device
it is recommended that data is fed into the AES engine in blocks, to allow using a smaller buffer for the fetched data and the
psuedo random numbers.

Research Overview:
------------=-----
The Sampled Boot schemes implemented in this package allow significant reduction of the time
needed to authenticate firmware images during startup, while still retaining a high degree of trust.

Methodology:

An AES CTR DRBG module is used to create randomly sampled addresses belonging to a user provided hex image.
Sampled data corresponding to the sampled addresses is then used to create a CMAC tag of the sampled image.
The generated tag can then be used to verify whether or not modifications have been made to the hex image,
with a certain degree of probability which depends on size of the hex image, the modifications done
to it and the chosen scheme for the procedure.

Software specifications:

Python version: 3.3
pycrypto version: 2.6.1

Installation

-Python 3.3 is required for compatibility with the utilized pycrypto library.
Python 3.3.5 for windows can be found here:
https://www.python.org/downloads/release/python-335/

-Depending on the OS you're using, "python distutils" and "pip" may be installed together with python.
If this isn't the case however, python distutils can be installed on Ubuntu by running:

apt-get install python3-distutils

And pip installation instructions can be found here:
https://www.makeuseof.com/tag/install-pip-for-python/
Note: for windows installation the correct get-pip installer script for python3.3 can be found here:
https://bootstrap.pypa.io/3.3/get-pip.py

Once Python 3.3, distutils and pip have been successfully installed on your machine you are ready to start downloading the
required packages and libraries.

-To install the pycrypto with pip run:

pip install pycrypto

pycrypto 2.6.1 is the latest available version.
Note: pycrypto 2.6.1 is missing the "CMAC" package, the missing package is however already included together with the
provided scripts. If you're interested in it's origins, here is the source:
https://github.com/dlitz/pycrypto/blob/master/lib/Crypto/Hash/CMAC.py
Just like for the CMAC package, the python-drbg library is also already included; it was sourced from here:
https://github.com/blubber/python-drbg
The libary does not have a setup.py file, however, instead of going through the process of adding the packages
to your sys.path list, you can just extract the library to the same folder as the provided scripts.

-Finally, you have to install the hexfile library. Download it from here:
https://github.com/ryansturmer/hexfile
The library can be installed using the provided setup.py file. The modules are packaged using the Distutils, so you can simply run "python setup.py build" to build the
package, and "python setup.py install" to install it.

Usage

-Once all the installation steps are complete, run "setup_phase_sampled_boot.py" to start the setup phase application.

Here is an example usage of the setup phase application:
```python
Setup phase:

Enter key as 16byte hexstring: 2b7e151628aed2a6abf7158809cf4f3c --> this is the AES Key used for CMAC generation
Enter filename/relative path of original hexfile: Example_DataSets\SBA_DataSet_1MB_original.hex --> this represents the original firmware image
Enter sample boot method: rbs
Enter sample size as a percentage (1 - 100): 10
```

As shown above, required are a 16 byte hex string key, and the filename/relative path for a hex file representing your original image.
If the hex images are in the same folder as the script the filename is sufficient otherwise the relative path is required.
The sample boot scheme is selected in the 3rd step with options, 'rbs' for Random Block Sampling,
'pbs1' for One byte per block Sampling and 'pbs2' for Two bytes per block Sampling.
The sample size option is only for the rbs scheme, in the above example, 10% of the hex image is sampled.

-The verification phase can now be started by running "verification_phase_sampled_boot.py"
This phase only requires the filename of the hex image to be verified, all the other parameters are automatically extracted from
saved files created in the setup phase. Note the file here represents a modified version of the original firmware.

Here is an example usage of the verification phase application:
```python
Verification phase:

Enter filename/relative path of hexfile to be verified: Example_DataSets\SBA_DataSet_1MB_modified_cont_512.hex
Modification detected
```

SBA_DataSet_1MB_modified_cont_512.hex is a modified version of SBA_DataSet_1MB_original with 512 bytes modified contiguously.
Output is either "Modification detected" or "No modification detected" depending on whether the selected Sampled Boot scheme
detected any modification.

DataSets

Example datasets including the ones shown in the examples above are available in the Example_DataSets folder provided with the package.
The naming scheme follows the following format:
"SBA_DataSet_" - Sampled Boot Authentication datasets.
"MB" - size of the dataset hex file is megabytes.
"original" - denotes an original non-modified hex image.
"_modified" - a modified hex image.
"cont" - denotes a modified hex image with contiguous byte modifications.
"non-cont" - denotes a modified hex image with non-contiguous byte modifications.
".hex" - the file type of the hex images

The full data set folder contains all the modified images that were used for testing.
The naming scheme follows this format:
"SBA_DataSet_" - Sampled Boot Authentication datasets.
"m" - number of modified blocks. Each block is assumed to be 16bytes long, so SBA_DataSet_m_96 contains 96 modified blocks.
"_n" - for each x value we generate a different file where the modification starts

The files that include denote hex images where the modification was non-contiguous. For e.g. dataset_NC_512_1.zip contains files in which 512 bytes were modified in a non-contiguous fashion.
Note for these files, we randomly modify 8 bytes contiguously before moving to the next block. These files were used to evaluate performance of the rBS scheme.
To evaluate performance of pBS schemes you have to reduce the number of contiguously modified bytes. You can use a hex manipulation tool to do that.

File List:

1- setup_phase_sampled_boot.py: contains the implementation of the setup phase algorithm
2- verification_phase_sampled_boot.py: contains the implementation of the verification algorithm
3- CMAC.py: contains CMAC algorithm, this is available from github but included here for convenience
4- drbg.py: contains the DRBG algorithm, this is available from github but included here for convenience
5- get-pip.py: this is available from github but included here for convenience
6- data.zip: contains a 1 MByte hex file that corresponds to the original firmware image, along with sets of modified versions of this file. Each set modifies a number of blocks at random locations.

Related publication(s):

Nasser, A., Ma, D., Gumise, W.J. (2019). Accelerated Secure Boot for Realtime Embedded Safety Systems

How to Cite this Work:

Nasser, A., Gumise, W. (2019). Authenticated Boot Acceleration Algorithm [Code and data]. University of Michigan Deep Blue Data Repository. https://doi.org/10.7302/yeh1-1x17

Use and Access:

This data set is made available under a Creative Commons Public Domain license (CC0 1.0).