WO2021250740A1 - Dispositif de communication, procédé informatique et support lisible par ordinateur - Google Patents

Dispositif de communication, procédé informatique et support lisible par ordinateur Download PDF

Info

Publication number
WO2021250740A1
WO2021250740A1 PCT/JP2020/022529 JP2020022529W WO2021250740A1 WO 2021250740 A1 WO2021250740 A1 WO 2021250740A1 JP 2020022529 W JP2020022529 W JP 2020022529W WO 2021250740 A1 WO2021250740 A1 WO 2021250740A1
Authority
WO
WIPO (PCT)
Prior art keywords
packet
communication device
program
network
receive
Prior art date
Application number
PCT/JP2020/022529
Other languages
English (en)
Inventor
Takayuki Sasaki
Seng Pei LIEW
Adrian Perrig
Seyedali TABAEIAGHDAEI
VAERE Piet DE
Original Assignee
Nec Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nec Corporation filed Critical Nec Corporation
Priority to PCT/JP2020/022529 priority Critical patent/WO2021250740A1/fr
Publication of WO2021250740A1 publication Critical patent/WO2021250740A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine

Definitions

  • the present disclosure relates to a communication device, computing method and computer readable medium.
  • a technique of performing trusted computing has Secure boot (a technique that measures the integrity of BIOS, OS, and application using secure HW (Trusted platform module)) and Attestation (Verifies a program is compromised or not).
  • Patent Literatures 1 to 6 various trusted computing systems and methods are being considered.
  • Patent Literature 1 discloses a system, method and computer program product for guaranteeing a data transaction over a network are disclosed.
  • Patent Literature 2 discloses an anti-virus method and apparatus and a firewall device, to solve the problem of low processing performance caused by performing AV detection on a file of a compressed format in the prior art.
  • Patent Literature 3 discloses the inventive subject matter, there is described herein as a method and apparatus for securely and efficiently managing packet buffers between protection domains on an Intra-partitioned system using packet queues and triggers.
  • Patent Literature 4 discloses method and system for network access control.
  • Patent Literature 5 discloses the invention is to present a method, a computing device and a computer program product for detecting a threat in a communications network.
  • Patent Literature 6 discloses a communication apparatus capable to improve a resistivity to data-plane attack to enhance a network security.
  • PTL 1 International Publication No. WO2004/015524
  • PTL 2 The description of EP Publication of Unexamined Patent Application No. 2797278
  • PTL 3 The description of US Publication of Unexamined Patent Application No. 2008/0244725
  • PTL 4 The description of US Publication of Unexamined Patent Application No. 2017/0339172
  • PTL 5 The description of US Publication of Unexamined Patent Application No. 2014/0259160
  • PTL 6 International Publication No. WO2018/055654
  • Time-of-Check Time-of-Use For outgoing packets.
  • a purpose of the present disclosure is to provide a communication device, computing method and computer readable medium capable of protecting communication device(s) and keeping it secure during its operation.
  • One aspect of a communication device is a communication device comprising: a network interface configured to receive at least one packet from a network and transmit at least one packet to the network; a monitoring means configured to measure the integrity of at least one program of the communication device repeatedly; and a packet controller configured to instruct the network interface to stop receiving all packets and permit the network interface to transmit the packet(s), wherein a packet controller configured to permit the network interface to transmit the packet(s) during the period from the time packet reception is stopped and program tampering is verified by the monitoring means, to packet reception is resumed.
  • One aspect of a computing method according to the present invention is a computing method performed by a communication device comprising: stopping to receive a packet(s); measuring the integrity of at least one program after stopping to receive a packet(s); sending at least one packet sent by the program to a network when the measured result is integrity; and resuming to receive a packet(s) after sending.
  • One aspect of a computer readable medium is a non-transitory computer readable medium storing a program for causing a computer, the program causing the computer to execute: stopping to receive a packet(s); measuring the integrity of at least one program after stopping to receive a packet(s); sending at least one packet sent by the program to a network when the measured result is integrity; and resuming to receive a packet(s) after sending.
  • Fig. 1 is a block diagram showing a schematic configuration of a communication device according to a first exemplary embodiment
  • Fig. 2 is a block diagram showing a schematic configuration of a communication device according to a second exemplary embodiment
  • Fig. 3 is a flow chart of a communication device according to the second exemplary embodiment
  • Fig. 4 is a timing chart of a communication device according to the second exemplary embodiment
  • Fig. 5 is a block diagram showing a schematic configuration of a communication device according to a third exemplary embodiment
  • Fig. 6 is a flow chart of a communication device according to the third exemplary embodiment
  • Fig. 7 is a block diagram showing a schematic configuration of a communication device according to a forth exemplary embodiment
  • Fig. 8 is a flow chart of a communication device according to the fourth exemplary embodiment.
  • FIG. 1 is a block diagram showing a schematic configuration of a communication device according to a first exemplary embodiment.
  • a communication device 10 comprises a monitor 11, a packet controller 12, communication interface 13 and at least one program 14.
  • the monitor 11 sends a stop signal and a start signal to the packet controller 12. And, the monitor 11 measures the integrity of at least one program 14 repeatedly. And, the monitor 11 sends a start signal to the packet controller 12.
  • the packet controller 12 instructs the network interface 13 to stop receiving all packets and permit the communication interface 13 to transmit the packet(s).
  • the packet controller 12 permits security-sensitive instruction of the communication device 10 during the period from the time packet reception is stopped and program tampering is verified by the monitor 11, to packet reception is resumed.
  • the packet controller 12 permits the communication interface 13 to transmit the packet(s) during the period from the time packet reception is stopped and program tampering is verified by the monitor 11, to packet reception is resumed.
  • the communication interface 13 receives at least one packet from a network and transmits at least one packet to the network.
  • the communication device transmits the packet(s) during the period from the time packet reception is stopped and program tampering is verified by the monitor, to packet reception is resumed, and it is thereby possible to protect communication device(s) and keep it secure during its operation.
  • Second Exemplary embodiment Fig.2 is a block diagram showing a schematic configuration of a communication device according to a second exemplary embodiment.
  • a communication device 100 comprises Secure World 101, Normal World 102 and NIC 103.
  • the OS operates in Normal World 102 and cannot read or write the protected storage in Secure World 101.
  • the communication device 100 is implemented by CPU (e.g. TrustZone TM Hardware Architecture like ARM TM architecture processor), Memory and I/O circuit.
  • the Secure World 101 is the environment not capable to access from the Normal World 102.
  • the Secure World 101 comprises the Monitor 111.
  • the Normal World 102 is the environment capable to access from the Secure World 101.
  • the Normal World 102 comprises programs 121-1 ⁇ 121-n, a packet send controller 122, an OS network stack 123 and a packet receive controller 124.
  • the monitor 111 measures the integrity of at least one program 121-1 ⁇ 121-n repeatedly.
  • the monitor 111 may perform integrity measurement of the programs 121-1 ⁇ 121-n respectively.
  • the monitor 111 may perform integrity measurement all of the programs 121-1 ⁇ 121-n. For example, the monitor 111 periodically may measure whether each programs 121-1 ⁇ 121-n has been tampered with or not. And the monitor 111 sends a result of the integrity measurement to the packet send controller 122.
  • the programs 121-1 ⁇ 121-n are programs that are processed on the Normal World 102.
  • the programs 121-1 ⁇ 121-n receives the packet(s) from the packet receive controller 124.
  • the programs 121-1 ⁇ 121-n send output one or more packets to the packet send controller 122, respectively.
  • the packet send controller 122 forwards the packet(s) from the packet receive controller 124 to the NIC 103 during the period from the time packet reception is stopped and program tampering is verified by the monitor 111, to packet reception is resumed.
  • the OS network stack 123 receives the packet(s) from the packet receive controller 124. And the OS network stack 123 processes the received packet(s) according to a predetermined network protocol. And the OS network stack 123 sends the processed packet(s) to the programs 121-1 ⁇ 121-n.
  • the OS network stack 123 receives the packet(s) from the programs 121-1 ⁇ 121-n. And the OS network stack 123 processes the received packet(s) according to a predetermined network protocol. And the OS network stack 123 sends the processed packet(s) to the packet send controller 122.
  • the packet receive controller 124 receives the packet(s) from the NIC 103 and forward the packet(s) to the OS network stack 123.
  • the packet receive controller 124 stops receiving the packet(s) when stop signal is send from the monitor 111. And, the packet receive controller 124 resumes receiving the packet(s) when start signal is send from the monitor 111.
  • the NIC 103 is a network interface card that connects the communication device 100 to the computer network.
  • Fig. 3 is a sequence chart of a communication device according to the second exemplary embodiment.
  • At step S301 at least one of programs 121-1 ⁇ 121-n sends a signal to the monitor 111 and moves to the next step S302.
  • the monitor 111 sends a stop signal to the packet receive controller 124, and the packet receive controller 124 stop receiving packet(s) and moves to the next step S303.
  • the monitor 111 measures all software (including the programs 121-1 ⁇ 121-n) component in Normal World and moves to the next step S304.
  • step S304 if measurement result is at least one of the software is not compromised, moves to the next step S305. If measurement result is at least one of the software is compromised, finishes the process of transmitting the packet(s) without transmitting the packet(s).
  • step S305 the programs 121-1 ⁇ 121-n send the packet(s) to the packet send controller 122 and moves to the next step S306.
  • step S306 the programs 121-1 ⁇ 121-n sends a signal to Monitor 111 and moves to the next step S307.
  • the monitor 111 sends a start signal to the packet receive controller 124 and moves to the next step S308.
  • the signal is a signal that the reception of packets can be resumed because all the packets to be sent have been sent.
  • the packet receive controller 124 starts (or resumes) packet receiving.
  • the programs 121-1 ⁇ 121-n are guaranteed to be secure from step S5305 to step S307, because packet receiving is stopping and the programs 121-1 ⁇ 121-n can't be tampered with.
  • Fig. 4 is a timing chart of a communication device according to the second exemplary embodiment. Fig. 4 shows an example when the measurement result is valid.
  • the packet receive controller 124 stop receiving packet(s).
  • the monitor 111 checks the programs 121-1 ⁇ 121-n and verifies the integrity of the programs 121-1 ⁇ 121-n.
  • the programs 121-1 ⁇ 121-n send packets 421-1 ⁇ 421-n until restart packet receiving timing t404.
  • the packet receive controller 124 resumes receiving packet(s).
  • Fig.4 shows an example in which the programs 121-1 ⁇ 121-n send the one packet respectively
  • the programs 121-1 ⁇ 121-n may send two or more packets until restart packet receiving timing.
  • the communication device transmits the packet(s) during the period from the time packet reception is stopped and program tampering is verified by the monitor, to packet reception is resumed, and it is thereby possible to protect communication device(s) and keep it secure during its operation.
  • the packet receive controller 124 stops receiving the packet(s) when stop signal is send from the monitor 111, the packet receive controller 124 may queue received the packet(s) instead of receiving the packet(s).
  • third exemplary embodiment instead of comprising the packet send controller, the communication device adding a signature to the packet(s).
  • Fig. 5 is a block diagram showing a schematic configuration of a communication device according to a third exemplary embodiment.
  • the Normal World 102 comprises the programs 121-1 ⁇ 121-n, a packet proxy 522, the OS network stack 123 and the packet receive controller 124.
  • the Secure World 101 comprises the Monitor 111 and a signature module 511.
  • the programs 121-1 ⁇ 121-n are programs that are processed on the Normal World 102.
  • the programs 121-1 ⁇ 121-n receives the packet(s) from the packet receive controller 124.
  • the programs 121-1 ⁇ 121-n send output one or more packets to the signature module 511, respectively.
  • the signature module 511 embeds a signature to the packet(s) during the period from the time packet reception is stopped and program tampering is verified by the monitor 111, to packet reception is resumed. And, the signature module 511 sends the embedded packet(s) to the packet proxy 522.
  • the packet proxy 522 forwards the packet(s) from the signature module 51 to the OS network stack 123.
  • the packet proxy 122 may cache the packet(s).
  • Fig. 6 is a sequence chart of a communication device according to the third exemplary embodiment.
  • step S305 the programs 121-1 ⁇ 121-n send the packet(s) to the packet send controller 122 and moves to the next step S601.
  • the signature module 511 embeds a signature to the packet(s) and moves to the next step S306.
  • step S306 the programs 121-1 ⁇ 121-n sends a signal to Monitor 111 and moves to the next step S307.
  • the communication device embeds a signature to the packet(s) during the period from the time packet reception is stopped and program tampering is verified by the monitor, to packet reception is resumed, and it is thereby possible to protect communication device(s) and keep it secure during its operation.
  • the communication device embeds a signature to each packet, and it is thereby possible to avoid packet sending by compromised program and to avoid modification of the packet(s) sent by the packet proxy.
  • FIG. 7 is a block diagram showing a schematic configuration of a communication device according to a fourth exemplary embodiment.
  • the Normal World 102 comprises the programs 121-1 ⁇ 121-n, a signature unit 721, the OS network stack 123 and the packet receive controller 124.
  • the programs 121-1 ⁇ 121-n are programs that are processed on the Normal World 102.
  • the programs 121-1 ⁇ 121-n receives the packet(s) from the packet receive controller 124.
  • the programs 121-1 ⁇ 121-n send output one or more packets to the signature unit 721, respectively.
  • the signature module 721 embeds a signature to the packet(s) during the period from the time packet reception is stopped and program tampering is verified by the monitor 111, to packet reception is resumed. And, the signature module 721 sends the embedded packet(s) to the NIC103. Key for signature is stored in the Secure World 101.
  • Fig. 8 is a sequence chart of a communication device according to the second exemplary embodiment.
  • step S304 if measurement result is at least one of the software is not compromised, moves to the next step S801. If measurement result is at least one of the software is compromised, finishes the process of transmitting the packet(s) without transmitting the packet(s).
  • Monitor 111 deploys a signature key to signature module 721 and moves to the next step S305.
  • the programs 121-1 ⁇ 121-n send the packet(s) to the packet send controller 122 and moves to the next step S802.
  • the signature module 721 embeds a signature to the packet(s) and moves to the next step S306.
  • step S306 the programs 121-1 ⁇ 121-n sends a signal to Monitor 111 and moves to the next step S803.
  • the signature module 721 deletes the signature key and moves to the next step S307.
  • the monitor 111 sends a start signal to the packet receive controller 124 and moves to the next step S308.
  • the signal is a signal that the reception of packets can be resumed because all the packets to be sent have been sent.
  • the packet receive controller 124 starts (or resumes) packet receiving.
  • the communication device comprises the signature module in the Normal World, and it is thereby possible to reduce program size in the Secure World.
  • checks of the packet(s) may be performed at different timings or synchronized for each program.
  • Monitor 111 directly measures program 102. Instead, Monitor 111 may indirectly measure the program via an agent deployed in Normal World 102. Specifically, Monitor 111 measures the agent in Normal World 102, and then the agent measures program 102.
  • the packet controller 12 allows the packet transmission from the stop of receiving packets and integrity measurement, to the start of receiving packets.
  • the packet controller may allow security-sensitive instructions such as encryption, digital rights management, security checks of the device, access to peripherals (e.g. IC card reader, SIM card), access to secure storage.
  • packet controller 12 stops packet receiving form network interface 13. Instead of the network interface 13, the packet controller controls USB interface, serial port and, other types of I/O interfaces.
  • the programs may be stored in various types of non-transitory computer readable media and thereby supplied to computers.
  • the non-transitory computer readable media includes various types of tangible storage media.
  • non-transitory computer readable media examples include a magnetic recording medium (such as a flexible disk, a magnetic tape, and a hard disk drive) and a magneto-optic recording medium (such as a magneto-optic disk).
  • a magnetic recording medium such as a flexible disk, a magnetic tape, and a hard disk drive
  • a magneto-optic recording medium such as a magneto-optic disk
  • examples of the non-transitory computer readable media include CD-ROM (Read Only Memory), CD-R, and CD-R/W. Further, examples of the non-transitory computer readable media include a semiconductor memory.
  • the semiconductor memory includes, for example, a mask ROM, a PROM (Programmable ROM), an EPROM (Erasable PROM), a flash ROM, and a RAM (Random Access Memory).
  • Transitory computer readable media examples include an electrical signal, an optical signal, and an electromagnetic wave.
  • the transitory computer readable media can be used to supply programs to a computer through a wired communication line (e.g., electric wires and optical fibers) or a wireless communication line.
  • the first to fourth exemplary embodiments can be combined as desirable by one of ordinary skill in the art.
  • the number of combining exemplary embodiments is not limited.
  • the present invention is applicable to a communication device, IOT device, router, base station.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un dispositif de communication (10) comprenant : une interface de communication (13) configurée pour recevoir au moins un paquet provenant d'un réseau et transmettre au moins un paquet au réseau ; un moyen de surveillance (11) configuré pour mesurer l'intégrité d'au moins un programme du dispositif de communication de manière répétée ; et un contrôleur de paquet (12) configuré pour donner l'instruction à l'interface de communication d'arrêter de recevoir tous les paquets et permettre à l'interface de communication de transmettre le(s) paquet(s), le contrôleur de paquets (12) étant configuré pour permettre à l'interface de communication (13) de transmettre le(s) paquet(s) pendant la période comprise entre le moment où la réception de paquet est arrêtée et où il est vérifié par le moyen de surveillance (11) si le programme a été altéré et le moment où la réception de paquet est reprise.
PCT/JP2020/022529 2020-06-08 2020-06-08 Dispositif de communication, procédé informatique et support lisible par ordinateur WO2021250740A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2020/022529 WO2021250740A1 (fr) 2020-06-08 2020-06-08 Dispositif de communication, procédé informatique et support lisible par ordinateur

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2020/022529 WO2021250740A1 (fr) 2020-06-08 2020-06-08 Dispositif de communication, procédé informatique et support lisible par ordinateur

Publications (1)

Publication Number Publication Date
WO2021250740A1 true WO2021250740A1 (fr) 2021-12-16

Family

ID=78845441

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2020/022529 WO2021250740A1 (fr) 2020-06-08 2020-06-08 Dispositif de communication, procédé informatique et support lisible par ordinateur

Country Status (1)

Country Link
WO (1) WO2021250740A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006119992A (ja) * 2004-10-22 2006-05-11 Sony Corp プログラム更新方法、情報処理装置およびプログラム
US20090055896A1 (en) * 2004-07-20 2009-02-26 Osamu Aoki Network connection control program, network connection control method, and network connection control system
US20140351948A1 (en) * 2011-11-07 2014-11-27 Kabushiki Kaisya Advance Security box
JP2019212114A (ja) * 2018-06-06 2019-12-12 キヤノン株式会社 情報処理装置、その制御方法およびプログラム

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090055896A1 (en) * 2004-07-20 2009-02-26 Osamu Aoki Network connection control program, network connection control method, and network connection control system
JP2006119992A (ja) * 2004-10-22 2006-05-11 Sony Corp プログラム更新方法、情報処理装置およびプログラム
US20140351948A1 (en) * 2011-11-07 2014-11-27 Kabushiki Kaisya Advance Security box
JP2019212114A (ja) * 2018-06-06 2019-12-12 キヤノン株式会社 情報処理装置、その制御方法およびプログラム

Similar Documents

Publication Publication Date Title
US20220405403A1 (en) Technologies for trusted i/o protection of i/o data with header information
RU2738021C2 (ru) Система и способы для дешифрования сетевого трафика в виртуализированной среде
US8966642B2 (en) Trust verification of a computing platform using a peripheral device
KR102195788B1 (ko) 호스트 컴퓨팅 디바이스와 주변기기의 데이터의 보안을 강화하기 위한 장치 및 방법
CN109845227B (zh) 用于网络安全的方法和系统
CN111444519B (zh) 保护日志数据的完整性
JP2003140759A (ja) 高信頼性コンピューティングプラットフォーム
KR20120036311A (ko) 데이터에 대한 연산을 실행하기 위한 방법 및 메모리 디바이스
WO2017105704A1 (fr) E/s cryptographique bidirectionnelle pour des flux de données
CN115134344B (zh) 一种虚拟机控制台的控制方法及组件
US11531769B2 (en) Information processing apparatus, information processing method, and computer program product
US20080059811A1 (en) Tamper resistant networking
US9444845B2 (en) Network security apparatus and method
WO2021250740A1 (fr) Dispositif de communication, procédé informatique et support lisible par ordinateur
US20080276299A1 (en) Wireless terminal apparatus and method of protecting system resources
WO2021152740A1 (fr) Dispositif de réseau, procédé informatique et support lisible par ordinateur
Nasser et al. Exploiting AUTOSAR safety mechanisms to launch security attacks
CN109284638B (zh) 一种安全芯片运行环境的防护方法及系统
KR100999666B1 (ko) 무선 단말기의 정보 보안 관리 장치 및 방법
JP2010150016A (ja) エレベータの遠隔監視システム
US20130074190A1 (en) Apparatus and method for providing security functions in computing system
KR102388797B1 (ko) 하드웨어 보안칩을 이용한 하드웨어 제어 장치
JP2010176630A (ja) 携帯端末

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20940011

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20940011

Country of ref document: EP

Kind code of ref document: A1