1 00:00:02,260 --> 00:00:06,370 [Auto-generated transcript. Edits may have been applied for clarity.] I. To say. 2 00:00:10,460 --> 00:00:14,240 All right along with you. Good afternoon. 3 00:00:15,890 --> 00:00:21,650 So let me start by a quick introduction. Um, I'm even Martino, which I'm acting head of department. 4 00:00:21,650 --> 00:00:25,040 This academic here in in computer science department. 5 00:00:25,040 --> 00:00:30,169 And it is my great pleasure to introduce to you, professor surgeon champion, um, visiting us. 6 00:00:30,170 --> 00:00:36,980 Um, from Keith Turek, a fellow Croatian, um, surgeon is a full professor at MPH. 7 00:00:37,010 --> 00:00:40,820 He's also chair of Zurich, uh, Information Security Institute. 8 00:00:41,300 --> 00:00:42,740 Uh, um, for security. 9 00:00:42,740 --> 00:00:55,250 Privacy associate by, uh, associate VP for, uh, digital transformation and government at and uh, among all these roles, you also do some research. 10 00:00:55,250 --> 00:01:00,799 So you just, I believe, finished your ERC consolidator grant on secure position in various networks. 11 00:01:00,800 --> 00:01:06,709 So, um, his work is, uh, the boundary between the physical and digital domain, 12 00:01:06,710 --> 00:01:12,740 starting with analysis of, uh, physical properties, meaning signal propagation, 13 00:01:12,740 --> 00:01:18,229 wireless communication, and actually using physical laws to create security properties such as, 14 00:01:18,230 --> 00:01:22,220 for example, something we're going to hear about, um, called distance ball. 15 00:01:22,820 --> 00:01:30,350 And, uh, working all the way up through smartphone sensors to the satellites and digital infrastructures. 16 00:01:30,800 --> 00:01:35,540 Maybe just to give you a quick example, around 2010, you know each other for some time. 17 00:01:35,540 --> 00:01:45,500 So around 2010, he published the first paper on the vulnerabilities of so-called PCA system of a PKC suppressive keyless entry system. 18 00:01:46,580 --> 00:01:51,049 Now, this key but many high end cars back then. Now it's more of a commodity. 19 00:01:51,050 --> 00:01:58,040 But back then it was um, it was quite famous and expensive to have a key that would allow you higher level of usability. 20 00:01:58,220 --> 00:02:04,760 Basically, you would just need to be near to open the car and enter the vehicle and, and such. 21 00:02:04,760 --> 00:02:09,889 And most of the first one to have a systematic evaluation of such a system, showing, of course, 22 00:02:09,890 --> 00:02:19,130 that there is a logical breakage in design because, uh, ability to communicate does not imply physical proximity. 23 00:02:19,310 --> 00:02:23,540 And so he was the first one to introduce relay attacks on that system. 24 00:02:24,380 --> 00:02:29,180 At the same time. When are you asking what the industry has done about it? 25 00:02:29,180 --> 00:02:35,149 Because as a security researcher, you are you are required to do this, uh, something called the responsible disclosure. 26 00:02:35,150 --> 00:02:42,080 So he and his team went to all the car manufacturers, and actually the car industry did nothing. 27 00:02:42,080 --> 00:02:45,680 Right. They said, well, the usability is a great important sales factor. 28 00:02:45,860 --> 00:02:49,040 And, you know, um, these events won't happen today. 29 00:02:49,550 --> 00:02:55,700 You can go to YouTube or, you know, there are millions of videos how expensive cars, 30 00:02:55,700 --> 00:03:01,550 especially Teslas and similar ones, are basically being taken away in the middle of the night. 31 00:03:01,700 --> 00:03:05,960 Interestingly, my neighbour also got his brand new BMW that way. 32 00:03:06,350 --> 00:03:12,260 It was picked up by my Rinke, uh, smart, uh, right, uh, doorbell. 33 00:03:13,190 --> 00:03:18,200 But it turned off notifications. So yeah. So so yeah, it was late. 34 00:03:18,770 --> 00:03:27,799 Anyway, um, because the industry did nothing certain, uh, created a secure distance measurement system there. 35 00:03:27,800 --> 00:03:33,709 Then in the spinoff company that eventually, later on was a client and then successfully. 36 00:03:33,710 --> 00:03:38,960 And today in most of the car keys, you have surgeons secure distance measurement protocol. 37 00:03:39,860 --> 00:03:43,339 Okay. So, um, with this, I will stop. 38 00:03:43,340 --> 00:03:49,010 And, uh, before I finish a bit of housekeeping, first of all, uh, the strategy lecture series, 39 00:03:49,010 --> 00:03:56,510 our distinguished series is generously funded by Oxfam, Oxford Asset Management and, uh, yeah, thankful for that. 40 00:03:56,810 --> 00:04:02,180 And also, please stay after the lecture for some tea, coffee and biscuits just around the corner here. 41 00:04:02,480 --> 00:04:06,170 And with this, uh, let's welcome together Professor Chapman. 42 00:04:12,760 --> 00:04:16,390 So thank you, Yvonne, and thank you all for, uh, for coming. 43 00:04:16,900 --> 00:04:23,740 I'm I'm going to try to cover two topics. One is more kind of mundane and related to, uh, smartphones. 44 00:04:24,070 --> 00:04:32,469 And the other one is, is related to, uh, maybe our, our future and cyber physical systems that will be deployed and the and the system and 45 00:04:32,470 --> 00:04:35,830 what I believe are the systems that we need to build in order to secure our future. 46 00:04:35,830 --> 00:04:38,920 Because otherwise, I, I think it's going to be very scary. 47 00:04:39,400 --> 00:04:43,540 So let me, uh, start with, uh, with one simple question. 48 00:04:44,480 --> 00:04:47,810 And that's do you truly own your your phone and. 49 00:04:47,840 --> 00:04:58,490 And here the question is, is somehow similar to the one that you or the to the test that you can you can do when you ask yourself the if you own, 50 00:04:58,880 --> 00:05:04,940 if you truly own a house that you live in. And a good test is to try to nail a picture on the wall. 51 00:05:05,480 --> 00:05:11,470 Right. So the similar thing you can do with a phone, you can ask yourself, what can I actually do with this phone? 52 00:05:11,480 --> 00:05:17,270 So how much access do I have, uh, to to what I want to do on this phone. 53 00:05:17,270 --> 00:05:27,259 So whether there is some hardware that you want to modify or that you want to configure in some way, uh, you sit over there. 54 00:05:27,260 --> 00:05:31,760 So you being the apps potentially that you can develop and install, 55 00:05:32,120 --> 00:05:41,149 whereas there is this whole ecosystem below not only of operating systems but potentially hypervisors. 56 00:05:41,150 --> 00:05:43,880 There's a lot of firmware that's being deployed on these phones. 57 00:05:44,150 --> 00:05:50,750 So there is a lot of control that is being exercised for good or bad by different entities in the in this ecosystem. 58 00:05:50,750 --> 00:05:56,480 And these could be either big tech entities like Google, Samsung, Apple, uh, 59 00:05:56,510 --> 00:06:02,989 Qualcomm and, and so forth, or even a lot of, uh, third party, uh, entities. 60 00:06:02,990 --> 00:06:11,600 And what you can see here already, if you're unfamiliar with, uh, with the phones, is that the phones are divided into or at least this arm, uh, 61 00:06:11,600 --> 00:06:19,640 platform is divided into what's called the normal world and the secure world, which is, uh, typically running something like arm transition. 62 00:06:19,910 --> 00:06:21,500 Right. So that's the architecture. 63 00:06:22,040 --> 00:06:33,620 And, um, there you already see a division between secure services and potentially, uh, normal, uh, execution of of, let's say, users users code. 64 00:06:35,630 --> 00:06:40,850 That part is also heavily controlled by by different commercial entities. 65 00:06:40,850 --> 00:06:46,460 And as a user, you typically have no access to these secure services you can't easily configure. 66 00:06:49,240 --> 00:06:54,190 So this is not only about control. So this ecosystem is is quite is quite large. 67 00:06:54,200 --> 00:07:04,770 We have hundreds of mil. I mean it's hard to estimate, but there are 100 over 100 million lines of code that are that your application sits on top of. 68 00:07:04,780 --> 00:07:10,060 So if even if you have something like a secure messenger running on top of your your code, 69 00:07:10,420 --> 00:07:17,320 it's, it sits on this large ecosystem of, of um of code which. 70 00:07:18,430 --> 00:07:22,330 Also then results in vulnerabilities being being disclosed. 71 00:07:22,840 --> 00:07:25,239 Uh, every once in a while, a lot of them are zero day, 72 00:07:25,240 --> 00:07:33,010 meaning that effectively you don't really know about these vulnerabilities before they are publicly released, 73 00:07:33,010 --> 00:07:38,050 but they have been out there in the wild and and potentially have compromised your phone. 74 00:07:38,950 --> 00:07:48,310 And clearly, with these AI tools, tools coming up that can analyse large code bases, we can expect more such vulnerabilities to to appear. 75 00:07:49,700 --> 00:07:52,910 This is not surprising or shocking to any computer scientist. 76 00:07:53,360 --> 00:07:58,910 This is just a link to some of these zero days published by Google. 77 00:07:59,360 --> 00:08:07,939 So they keep on coming. And so you could even even say that at any given point in time, you're probably exposed to some of them on your on your phone, 78 00:08:07,940 --> 00:08:13,880 and they might be weaponized against you, or it depends on what kind of target you tend to be. 79 00:08:15,380 --> 00:08:20,150 And this is I'm not the first one to notice. Reports about security vulnerabilities are everywhere. 80 00:08:20,700 --> 00:08:25,130 Uh, we can see politicians, people being targeted. 81 00:08:25,520 --> 00:08:30,560 Also entire organisations being being targeted. The same applies to control. 82 00:08:31,400 --> 00:08:41,330 Um, in terms of controlling this, this ecosystem and effectively some of these entities acting as potential gatekeepers to, 83 00:08:41,390 --> 00:08:44,990 uh, to the functionality of the phone. There are numerous reports on this. 84 00:08:45,470 --> 00:08:48,890 Uh, the latest one you can maybe see by graphene, for example, 85 00:08:48,890 --> 00:08:54,890 which is a secure operating system that you can run on your on your phone complaining about attestation, 86 00:08:54,890 --> 00:09:05,090 being, uh, being forced into some, um, application ecosystems and effectively breaking some of the functionality on their, on their phones. 87 00:09:05,510 --> 00:09:14,780 So this is this is clearly a problem, right, that we have that we have entities that provide a lot of service. 88 00:09:15,800 --> 00:09:22,370 So they create these rich ecosystems. But in some sense we are dependent on them. 89 00:09:22,700 --> 00:09:26,719 Right. So we are dependent on them to control access to resources. 90 00:09:26,720 --> 00:09:33,920 Because the way that computer systems are designed is that is that someone needs to manage access to shared resources like CPUs, 91 00:09:33,920 --> 00:09:36,380 memory, uh, peripherals and so on. 92 00:09:36,590 --> 00:09:47,720 And we put this big fat operating system in between, plus other layers in order to, to mediate this access and through a a set of privacy, security, 93 00:09:47,750 --> 00:09:56,450 uh, arguments, you can then then try to argue why certain access of an application is to an A from an application is actually restricted. 94 00:09:59,060 --> 00:10:05,270 So this means effectively that in today's uh, architectures, access to peripherals such as screens, networks, 95 00:10:05,540 --> 00:10:17,180 every sensor needs to be mediated by these uh, OEM, uh operating system providers like Apple, Apple, uh, Google, Samsung and so on. 96 00:10:17,780 --> 00:10:20,660 It is not only about control, it's also about availability. 97 00:10:20,870 --> 00:10:31,790 So if those entities decide to, to, um, stop their service, your functionality, whatever that is, would, would equally, equally stop. 98 00:10:32,240 --> 00:10:40,700 And also it's about configurability, which is lack of developer control over what they want to to do with the phone. 99 00:10:41,000 --> 00:10:50,810 I was involved in a broader, um, effort by ePFl and back then during the pandemic, where we were working on contact tracing frameworks. 100 00:10:51,620 --> 00:10:56,660 One of them was, in the end, adopted and deployed by Apple and Google. 101 00:10:57,080 --> 00:11:01,820 And one of our main challenges was just access to Bluetooth and access to Bluetooth beacons. 102 00:11:02,120 --> 00:11:08,540 And this was heavily guarded for, for, uh, some good reasons by, by Apple and Google. 103 00:11:08,540 --> 00:11:17,869 And this led to a lot of frustration, um, among among researchers because many ideas that we had even in that state of, 104 00:11:17,870 --> 00:11:23,360 of, let's say, uh, global panic, we could not implement, um, our ideas. 105 00:11:24,710 --> 00:11:28,370 So clearly you can run alternative ecosystems, right? 106 00:11:28,400 --> 00:11:33,830 You could say, I don't like this ecosystem dominated by my big tech players. 107 00:11:34,130 --> 00:11:37,160 I'm going to switch to two alternatives. 108 00:11:37,160 --> 00:11:40,160 And these might be some Linux phones. It might be graphene. 109 00:11:40,160 --> 00:11:45,500 If I built alternative ecosystems that give you potentially more control over over the phone. 110 00:11:46,220 --> 00:11:53,510 But they also have a restricted functionality because you might not no longer be able to run an app that, um, 111 00:11:53,960 --> 00:11:59,510 of your bank or maybe some favourite app that potentially requires a different type at the station, 112 00:12:00,080 --> 00:12:03,710 or wants to be run only within a Google or Apple ecosystem. 113 00:12:04,280 --> 00:12:07,280 So this is you lose a lot of functionality. 114 00:12:09,860 --> 00:12:14,310 So this means that we essentially are facing sort of a choice. 115 00:12:14,450 --> 00:12:16,850 I do carry two phones with you. 116 00:12:16,880 --> 00:12:26,840 You have a, a secure phone and, and a sort of general phone, uh, on, on which you can install some less critical application or, 117 00:12:26,960 --> 00:12:31,580 or you just suffer with the consequences of, of each of these ecosystems. 118 00:12:32,120 --> 00:12:36,709 So we raised this question some, some years ago. Why does it have to be like this? 119 00:12:36,710 --> 00:12:41,510 And can we actually design something else. So can we have nice nice things in a nutshell. 120 00:12:41,750 --> 00:12:49,510 So a phone that is actually secure, open, developer friendly and can actually be controlled by the user. 121 00:12:49,520 --> 00:12:56,120 But I'm going to refine this, this statement because I, we didn't want full control by the users. 122 00:12:56,360 --> 00:13:02,700 We want actually shared control. So this phone needs to be controlled by your user, 123 00:13:02,700 --> 00:13:08,610 but at the same time functional and compatible with these large ecosystems like Android, iOS and so on. 124 00:13:10,450 --> 00:13:18,610 So we started this in 2020, started thinking about this, and then published the first paper in in 2021. 125 00:13:19,450 --> 00:13:23,630 It was a really difficult publication process, I can tell you, because, uh, 126 00:13:23,740 --> 00:13:29,140 some of the ideas that we wanted to push, they didn't find immediate acceptance in the, in the community, 127 00:13:29,410 --> 00:13:33,969 but effectively we wanted to create a phone that contains several phones, for example, 128 00:13:33,970 --> 00:13:44,710 to where you can run one E.M.S. or more and one or more domains that execute some secure apps. 129 00:13:45,280 --> 00:13:49,540 But those apps should have full access to the hardware peripherals. 130 00:13:49,540 --> 00:13:59,919 They should be able to run bare metal, essentially. So we wanted to move from this ecosystem on the left where we have this monolithic, let's say, 131 00:13:59,920 --> 00:14:09,490 monolithic design to this system on the right where we would create ecosystems that are equally privileged. 132 00:14:09,640 --> 00:14:21,450 So we didn't want to create a phone where the user dominates these large OEM ecosystems, because this might break their their security model. 133 00:14:21,460 --> 00:14:21,880 Right. 134 00:14:22,210 --> 00:14:34,300 So we wanted to build a phone where you can execute your workflow bare metal with full access to peripherals in parallel with the existing commercial, 135 00:14:34,840 --> 00:14:38,229 uh, phones. And what can you do that there? 136 00:14:38,230 --> 00:14:44,470 You could create domains, for example, where you run in parallel with, let's say, Android, another secure operating system, 137 00:14:44,740 --> 00:14:52,450 or even a self-contained bare metal application that runs directly on the on on the course. 138 00:14:53,170 --> 00:14:59,680 So one of these, one of these um, domains needs to be protected from the user. 139 00:15:00,010 --> 00:15:04,000 So whatever the user does on the phone and needs to be controlled by um, 140 00:15:04,360 --> 00:15:08,890 and others potentially need to be controlled by the user or in any combination of those. 141 00:15:11,980 --> 00:15:15,220 So we are talking about really equal privilege. 142 00:15:15,790 --> 00:15:22,510 And we wanted to do it in a way that that also doesn't over privilege any of the layers on the phone. 143 00:15:23,230 --> 00:15:30,980 Now come to the to the how we we did it. But just to set aside a little bit of a of of a scene, 144 00:15:31,000 --> 00:15:37,090 what we wanted to achieve is that we wanted to have secure domains that have direct access to screen and networks. 145 00:15:37,090 --> 00:15:44,740 So when I'm running in a secure domain, I want full screen access without having to trust Android, for example. 146 00:15:45,010 --> 00:15:55,240 So when I'm running in my domain, that peripheral is tied to my to talk to that code and cannot be modified or inspected by Android. 147 00:15:55,510 --> 00:16:01,630 The same with network, for example, or with any other sensor or any other peripheral that we want. 148 00:16:01,660 --> 00:16:09,460 Equally, we want that high, high availability. So meaning that if I if Android suddenly drops. 149 00:16:10,380 --> 00:16:19,140 That this other domain can take over the functionality and and connect to the network and continue running as, as if nothing happened. 150 00:16:19,560 --> 00:16:25,740 So we wanted to remove this dependency on these on these large operating systems while 151 00:16:26,100 --> 00:16:30,389 allowing them to still run on the platform fully isolated from the from the rest, 152 00:16:30,390 --> 00:16:36,180 because the same properties that we want for a secure domain. We also want for for the OEM code. 153 00:16:37,860 --> 00:16:43,200 And at the same time, we didn't want to introduce a huge layer below these, 154 00:16:43,200 --> 00:16:50,250 these systems and a large TCB because that wouldn't that wouldn't make sense to introduce yet another dependency. 155 00:16:52,590 --> 00:17:00,630 We also wanted to do it in a usable fashion, meaning that so how would you now even even interact between these these domains? 156 00:17:01,200 --> 00:17:08,750 Well, this is not a very complicated idea, but but it's it's, uh, it needed to be to be to be done. 157 00:17:08,760 --> 00:17:14,780 So a simple press of a button where when you're running your, your phone, you can just press a button. 158 00:17:14,790 --> 00:17:22,770 This button is, uh, so the, the firmware has been configured such that this button press cannot be interrupted by, 159 00:17:23,280 --> 00:17:26,430 uh, or modified by any of the of the running domains. 160 00:17:27,210 --> 00:17:30,180 You get into a mode where you can switch between different domains. 161 00:17:30,540 --> 00:17:35,560 So either you press a button and you keep on switching between domains or anything of that sort. 162 00:17:35,580 --> 00:17:43,799 So at a press of a button, you switch between, uh, let's say your Android and your secure, uh, domain running, for example, 163 00:17:43,800 --> 00:17:50,520 a signal messenger and wireless and, and then you can enable all kinds of interactions between these domains. 164 00:17:50,880 --> 00:18:01,470 For example, your Android could be receiving a notification that you have a message in a secure domain without presenting a message. 165 00:18:01,470 --> 00:18:05,250 And then you can press a button switch and see the message in a secure domain. 166 00:18:05,340 --> 00:18:10,770 You can allow interactions between these domains, but clearly according to any policy that you would that you would like. 167 00:18:14,870 --> 00:18:28,240 So of course, all this sounds very, very nice when you present this kind of a vision and, um, and then, um, clearly somehow it needs to be built. 168 00:18:28,250 --> 00:18:32,389 Or the question is, can you even build this on today's, um, um, platforms? 169 00:18:32,390 --> 00:18:40,820 And, and what I've learned over these 20 years as a, as a professor is that there is nothing that dedicated students cannot do. 170 00:18:41,450 --> 00:18:50,370 Um, so it took us only for only more than 40 years going through these different, uh, prototypes. 171 00:18:50,370 --> 00:18:56,660 So first, for some arm board that we that we worked on, there was a, uh, an emulator that we used. 172 00:18:56,900 --> 00:19:01,160 And then you see the first examples of, of phones. 173 00:19:01,190 --> 00:19:05,180 These were some older phone models that we, that we built. 174 00:19:05,780 --> 00:19:08,930 Uh, I mean, we didn't build a phones, but a firmware that we updated. 175 00:19:09,440 --> 00:19:15,920 And this was in summer 2024 when, when some hope that this can actually run on, 176 00:19:15,950 --> 00:19:23,000 on phones without without much, um, uh, let's say, uh, much disturbance to the ecosystem. 177 00:19:23,390 --> 00:19:30,290 And then finally in, in March this year, uh, a spinoff company from our, 178 00:19:30,650 --> 00:19:35,810 from our department presenting this prototype at the Mobile World Congress in Barcelona, 179 00:19:36,740 --> 00:19:42,530 where we, we showcased essentially that such a system can be, can be built. 180 00:19:43,490 --> 00:19:52,220 And so how does it work? Well, here's the latest prototype, which is from now from well, effectively from a week ago or so. 181 00:19:52,640 --> 00:20:02,690 So a prototype of a phone where you switch between Android to a Linux, uh, operating system running some web apps. 182 00:20:03,140 --> 00:20:06,890 Three Ma here that you see is, uh, is a sweet, secure messaging app. 183 00:20:06,900 --> 00:20:14,120 So we reported it there. So every time that you switch, you switch potentially to a locked, let's say lock screen. 184 00:20:14,840 --> 00:20:21,139 Um, now you switch back to Android and you can do that as many times as you, as you like. 185 00:20:21,140 --> 00:20:28,360 And you can run several of these of these domains. So that's that essentially tells you what we built. 186 00:20:28,360 --> 00:20:32,020 What can you do. But then the question remains is how? 187 00:20:32,770 --> 00:20:35,500 How did you actually build this. Right. I mean, what do you do? 188 00:20:36,280 --> 00:20:42,910 Well, all problems in computer science clearly can be can be solved by another level of indirection. 189 00:20:43,330 --> 00:20:50,950 This is clearly not me who said this? Apparently. Roger Needham, uh, and a few other people also also, uh, said this. 190 00:20:53,040 --> 00:21:00,149 So the first idea would be to to Virtualise you put a hypervisor underneath all these different domains, 191 00:21:00,150 --> 00:21:04,350 these operating systems, this hypervisor is going to virtualise access to peripherals. 192 00:21:04,350 --> 00:21:09,030 And there you go. This is exactly the path that we didn't want to take. 193 00:21:09,180 --> 00:21:13,170 The reason is that you will replace this control. 194 00:21:14,300 --> 00:21:17,450 That you wanted to, um, to give up. 195 00:21:17,750 --> 00:21:27,710 You didn't want to have within these operating systems with now a hypervisor which will again manage access to these, to these peripherals. 196 00:21:28,190 --> 00:21:31,700 So we did not want to virtualise, uh, peripherals. 197 00:21:31,700 --> 00:21:35,630 We didn't want to virtualise access to, uh, to hardware. 198 00:21:36,900 --> 00:21:52,170 So instead we wanted to design a lean and simple firmware which will simply connect or dedicate peripherals to different domains. 199 00:21:52,950 --> 00:21:59,459 And so it is the sort of simple approach to, to designing such a, such a system. 200 00:21:59,460 --> 00:22:06,870 It of course need to be tested because one wouldn't believe that it would actually work without breaking all kinds of functionalities on the phone, 201 00:22:07,230 --> 00:22:14,309 but it but it works. So we introduced the simple layer, and I wouldn't even call it a layer, 202 00:22:14,310 --> 00:22:21,600 because it's rather a simple piece of code that assigns resources to the operating system and domains. 203 00:22:22,260 --> 00:22:26,610 It simply says, you get these these calls at this time. 204 00:22:26,610 --> 00:22:30,240 At this point in time, when you run, you get exclusive access to the screen, 205 00:22:30,870 --> 00:22:37,319 you get this memory, you get access to GPUs, you get access to, uh, to something else. 206 00:22:37,320 --> 00:22:41,190 So some of these peripherals can be shared, some of them not. 207 00:22:41,190 --> 00:22:47,190 But generally the principle is that we assign instead of virtualise. 208 00:22:48,780 --> 00:22:50,670 An arm actually allows you to do that. 209 00:22:51,890 --> 00:23:00,560 So, uh, first thing that we that we did is if you look at this, this side here, you see that that hypervisors are gone. 210 00:23:00,560 --> 00:23:04,370 So virtualisation is not needed there anymore. 211 00:23:04,460 --> 00:23:07,580 Right. This is not something that we want that we want to do. 212 00:23:07,910 --> 00:23:13,400 And the only thing that we did is we extended the secure monitor which runs on El L3. 213 00:23:13,760 --> 00:23:23,209 So if you look at these, uh, these uh, levels, these privileged levels, uh, the L3 would be the, the highest privilege level, uh, 214 00:23:23,210 --> 00:23:34,840 layer here where which we extended with, let's say, 6000 lines of code, which can then enforce this functionality that I, that I just spoke. 215 00:23:34,980 --> 00:23:38,990 And these lines of code are fully transparent and open. Anyone can inspect them. 216 00:23:38,990 --> 00:23:44,120 There is no there are no secrets there that that you that one needs. 217 00:23:44,750 --> 00:23:51,170 So first thing that we are doing is domains run concurrently on separate call of course. 218 00:23:51,170 --> 00:23:58,940 So we are not pausing Android we are not or iOS by the way this works on on iOS as well is just 219 00:23:58,940 --> 00:24:04,430 that access to Apple devices is more difficult and then than working with Android devices. 220 00:24:05,900 --> 00:24:09,240 And so the and the secure monitor. Right. 221 00:24:09,290 --> 00:24:18,070 Also uses, um, other space controllers in order to assign memory to each to each of these, of these course. 222 00:24:18,080 --> 00:24:24,260 So it's kind of a coarse grained access control in terms of scheduling one domain. 223 00:24:24,860 --> 00:24:35,810 It can be any of these domains. It can be an independent domain can also be be in charge of of of scheduling these the the execution of these domains. 224 00:24:36,350 --> 00:24:44,510 This also can be configured by by the user. It depends on the on the setup, on the, on the phone and the properties that you that you want. 225 00:24:46,010 --> 00:24:53,180 In terms of peripherals, arm arm is also pretty good for this in the sense that your peripherals are memory mapped. 226 00:24:53,450 --> 00:24:58,579 And now you can essentially use again, uh, 227 00:24:58,580 --> 00:25:06,260 the address space controllers in order to grant domain specific access to, to um, to individual peripherals. 228 00:25:06,260 --> 00:25:14,780 So here on this on this figure, you can see that memory is just mapped so that, uh, GPS belongs to this, uh, domain one. 229 00:25:15,200 --> 00:25:21,170 And the screen domains domain two and domain three runs runs the network. 230 00:25:23,120 --> 00:25:31,459 So maybe this sounds a little bit too exclusive, but when we did the analysis of the peripherals and the workflows on the phone, 231 00:25:31,460 --> 00:25:39,710 it actually works pretty well in the sense that the screen, for example, is something that you need direct access to and exclusive access to. 232 00:25:40,070 --> 00:25:42,680 Right? Because when you switch from one domain to another, 233 00:25:42,680 --> 00:25:49,250 no other domain should see what you are doing or take input or see what you are, what you are presenting on the screen. 234 00:25:50,540 --> 00:25:56,930 You also, however, for a network, maybe you can have one domain that you trust for availability. 235 00:25:57,500 --> 00:26:01,399 So this domain can proxy the traffic for all the other domains. 236 00:26:01,400 --> 00:26:11,120 So you don't need to need to even, even um, worry let's say about about the network that much of your traffic is end to end encrypted for example. 237 00:26:11,270 --> 00:26:16,430 So this really depends on, on the peripheral and on the configuration that you, that you like. 238 00:26:19,420 --> 00:26:27,100 One thing that actually surprised us, and it's always it's always a bit of a, uh, over time, you'll refine what you're what you're doing is, 239 00:26:27,610 --> 00:26:35,500 is what turned out to be the biggest and the so far security issue that we, that we have identified is, uh, where interrupts. 240 00:26:36,610 --> 00:26:46,570 So, uh, there are a lot of peripherals clearly that work with, with interrupts and interrupt management through, uh, a general interrupt controller. 241 00:26:48,440 --> 00:26:55,510 Turned out to be the the biggest issue. So one of one of my collaborators, or one of the colleagues in on this project, 242 00:26:56,690 --> 00:27:03,410 has published a number of works showing how interrupts across different trusted execution environments and so on, 243 00:27:03,800 --> 00:27:07,590 can trigger attacks on those on those environments. 244 00:27:07,650 --> 00:27:13,880 Right. This you can see them as, as, uh, a type of micro architectural or side channel attacks. 245 00:27:14,180 --> 00:27:16,370 They're not really that's a different class of attacks, 246 00:27:16,700 --> 00:27:26,720 but essentially allowing domains to manipulate interrupts that they are not in charge of causing security, security issues. 247 00:27:27,560 --> 00:27:32,810 So one of one of the things that we need to to solve in this turn out to be quite interesting, 248 00:27:32,810 --> 00:27:41,060 interesting work was to to then introduce this, uh, GSC protection so that we call the GSC guard, 249 00:27:42,050 --> 00:27:52,310 uh, that we implemented there in order to make sure that only those domains that own those peripherals can also, 250 00:27:53,120 --> 00:27:57,259 uh, work with the interrupts, uh, from those from those peripherals. 251 00:27:57,260 --> 00:28:03,590 So essentially that this interrupt routeing is, is, is is protected that the owners are, 252 00:28:03,950 --> 00:28:11,299 are um properly, um, um properly restricted to only what they will down and how this is done. 253 00:28:11,300 --> 00:28:21,470 It's maybe a little bit too, too much of, uh, uh, to get into, but uh, luckily this GSC guard plus the, 254 00:28:21,470 --> 00:28:27,080 um, the way that the GSC can be configured with these secure non-secure, 255 00:28:27,590 --> 00:28:36,169 uh, uh, labelling of, uh, of interrupts and the awareness of the of the interrupt ID's of of individual, individual. 256 00:28:36,170 --> 00:28:43,460 Cause you can then you can then, um, isolate this properly and and protect your protect your system. 257 00:28:45,030 --> 00:28:50,760 So in a nutshell. We created a new a new architecture. 258 00:28:50,780 --> 00:28:59,210 I don't think the the core idea is not that new. Clearly assigning assigning peripherals exclusively to particular pieces of code. 259 00:28:59,330 --> 00:29:11,479 I don't think that's a terribly new idea in itself, but somehow going back or even I would say daring according to our given, 260 00:29:11,480 --> 00:29:17,870 given the feedback that we got from the reviewers to go back and revisit an almost the default 261 00:29:17,870 --> 00:29:23,209 idea that we should always virtualise all of our peripherals and and all of our resources, 262 00:29:23,210 --> 00:29:26,570 and then stack things on top of on, on top of each other. 263 00:29:27,260 --> 00:29:33,680 That that idea of virtualising actually didn't really solve the problem that we were trying to solve here, 264 00:29:33,680 --> 00:29:42,230 which is a problem of trying to, to, uh, satisfy together satisfy all the constraints of the users. 265 00:29:42,740 --> 00:29:51,049 OEMs align incentives and, and build a platform where we have a minimal or at least as, 266 00:29:51,050 --> 00:29:57,240 as reduced as possible level of trust in these common components that enforce isolation. 267 00:29:57,260 --> 00:30:00,740 In this case, this, uh, secure monitor running on on the R3. 268 00:30:01,550 --> 00:30:06,050 So we, we with a set of these measures like the, uh, eSIM. 269 00:30:06,050 --> 00:30:16,730 So secure monitor, extend it with less of less than 10,000 lines of code, uh, using these memory protection mechanisms, uh, 270 00:30:16,730 --> 00:30:22,840 to isolate peripherals and memory extending, uh, on GA cigar, uh, and GSC, um, 271 00:30:23,090 --> 00:30:28,640 well, essentially extended some this GSE guard reprogramming these these buttons. 272 00:30:29,060 --> 00:30:36,410 We were able to to create an ecosystem where anyone is able to essentially run whatever 273 00:30:36,410 --> 00:30:41,960 they want on their phone with full security isolated from their primary operating system. 274 00:30:43,610 --> 00:30:51,170 And I believe that if we can and we started doing this now, if we can push this to every phone, 275 00:30:51,680 --> 00:30:57,049 we can really open up, uh, open up development on each phone, 276 00:30:57,050 --> 00:31:05,360 because suddenly these domains get much closer to hardware and also enable more security and sovereignty on the phone, 277 00:31:05,360 --> 00:31:11,810 because now it's up to you to decide how much of the code you depend on for your critical applications. 278 00:31:13,160 --> 00:31:20,960 I'm clearly is not sitting sitting, um, let's say, um, I mean, they are clearly developing their platforms. 279 00:31:21,500 --> 00:31:26,809 So, um, if you're familiar with this, with this ecosystem, I see some faces. 280 00:31:26,810 --> 00:31:33,920 Here they are. Um, so, um, CA for example, is, uh, is arm's, uh, confidential computing. 281 00:31:34,430 --> 00:31:43,130 Uh, these are confidential computing extensions. Uh, we clearly then evolved also these design so that if in the future these can be deployed, 282 00:31:43,940 --> 00:31:51,800 we already have solutions that would, um, give us the properties that I talked about just on this, on this new platform as well. 283 00:31:54,360 --> 00:31:54,900 So yeah. 284 00:31:55,050 --> 00:32:06,210 So I'm really hoping that this will go somewhere and that, um, all of us will be able to have, um, more secure phones, more development freedom. 285 00:32:06,600 --> 00:32:14,520 And also we can we can give users, but also organisations more sovereignty over their critical workflows at the same time, 286 00:32:14,880 --> 00:32:18,570 um, preserving the benefits of this exciting ecosystem. 287 00:32:18,570 --> 00:32:27,299 And I, I have to say that the in terms of, um, the feedback that we got, especially at the Mobile World Congress and also in, 288 00:32:27,300 --> 00:32:32,760 uh, when talking to people, uh, I'm quite excited that we, we might be onto onto something. 289 00:32:32,760 --> 00:32:42,780 It's, uh, it's an interesting, uh, sort of academic and academic idea that, uh, that seems to be going, going now, uh, fully commercial. 290 00:32:44,800 --> 00:32:49,340 I am clearly not done with my talk. It's a little bit too early to to let you go yet. 291 00:32:49,940 --> 00:32:57,649 So this was the first part of my talk when I wanted to talk about something a little bit that touches on all of us, 292 00:32:57,650 --> 00:33:05,600 and it's a it's something that we all very often interact with and, and made a, made a case for how to make it better. 293 00:33:06,890 --> 00:33:15,980 But there is another topic that that worries me already for for maybe 20 years, but it seems to be more and more imminent, um, these days. 294 00:33:16,100 --> 00:33:23,780 So this is most likely I mean, clearly this is an AI generated image as you can as you can imagine, 295 00:33:23,930 --> 00:33:31,370 I asked I asked the AI to to generate a European city with some robots and drones in it. 296 00:33:31,370 --> 00:33:36,920 So this is this is how I imagined a European city with some robots and drones. 297 00:33:38,180 --> 00:33:40,760 So if you strip strip out all the technology, 298 00:33:40,970 --> 00:33:47,450 it might it might look really nice and and appealing if you put all the technology in that you see here, it might be, 299 00:33:47,450 --> 00:33:56,029 uh, it might be a little bit scary, maybe not the future that you want to live in, but it might be the future that that we build, we will experience. 300 00:33:56,030 --> 00:34:07,250 So a lot of self-driving cars, maybe humanoid robots, maybe drones flying around delivering things, uh, making our lives generally better. 301 00:34:08,870 --> 00:34:12,890 The question that you that I would ask myself, and maybe it's only me, 302 00:34:14,180 --> 00:34:19,280 is if I see a drone flying over my head, or if I see a robot passing next to me. 303 00:34:20,000 --> 00:34:24,080 My question is, is this robot supposed to be there? Right. 304 00:34:24,110 --> 00:34:26,690 Is it going to harm me? Is this a friend or foe? 305 00:34:27,890 --> 00:34:35,480 And this is a question that I would say most governments and most police forces these days are also thinking about. 306 00:34:36,470 --> 00:34:47,150 Are these devices supposed to be there? How do we register these devices like we we started with cars in a very, very, uh, let's say loose manner. 307 00:34:47,150 --> 00:34:53,720 And now we, we know exactly where these cars should drive with these robots and drones. 308 00:34:54,140 --> 00:34:58,640 We equally want to know where they are and are they supposed to be there. 309 00:34:58,640 --> 00:35:07,820 So we need to register them. They need to be able to securely and in a verifiable manner, uh, determine their location. 310 00:35:09,410 --> 00:35:15,620 So and then potentially reported to us or the infrastructure needs to be able to measure their, their location. 311 00:35:16,400 --> 00:35:26,060 So what we would actually want is some sort of spoofing resilience so that these devices that the locations of these devices can be securely, 312 00:35:26,840 --> 00:35:32,570 uh, calculated. We want to be able to verify the locations of these devices. 313 00:35:32,840 --> 00:35:37,970 And that's a slightly different property because it's about the claim, it's the location of a device that's trying to cheat. 314 00:35:39,580 --> 00:35:47,740 And we also want clearly increased resilience to interference because as we have seen, especially in the case of of Gnss. 315 00:35:49,480 --> 00:35:59,230 Janice. So our GPS, Galileo and so on are highly vulnerable to spoofing the different types of spoofing attacks and jamming attacks. 316 00:35:59,230 --> 00:36:06,730 And these is just one of the several maps of Europe where you can see at a particular date. 317 00:36:06,730 --> 00:36:14,350 This was in February this year. The locations where spoofing and jamming is is currently happening. 318 00:36:16,510 --> 00:36:26,020 And this is not very surprising. If you if you have been following the news, you might see this kind of news where drones on battlefields are. 319 00:36:26,470 --> 00:36:36,640 Instead of relying on on wireless communication, they are dragging wires behind them in order to be less susceptible to interference because 320 00:36:36,640 --> 00:36:41,470 of the of the of the interference based attacks on the functionality of these drones. 321 00:36:42,670 --> 00:36:49,120 Now, it's not only the devices that calculate their locations that are vulnerable to to these kind of attacks, 322 00:36:49,120 --> 00:37:00,970 but it's also the infrastructure as well. So if you read this carefully, you will see that we are already in an era where satellites, especially, 323 00:37:01,360 --> 00:37:10,209 uh, Gnss satellites, which are quite, uh, critical, are seen as a target and even a physical target. 324 00:37:10,210 --> 00:37:15,070 Right? I mean, they they're even facing a potential physical disruption. 325 00:37:17,170 --> 00:37:21,580 I mean, this is not very surprising, especially for for our group. 326 00:37:21,670 --> 00:37:24,760 Uh, I think this is a very, very old video, right. 327 00:37:25,360 --> 00:37:28,690 Uh, where we we were doing GPS spoofing. 328 00:37:29,270 --> 00:37:35,290 Not sure how to make this a bit. A bit faster, but I'll try. 329 00:37:36,010 --> 00:37:41,430 So. You will see GPU spoofing happening. 330 00:37:41,430 --> 00:37:44,190 So here this mobile phone is in is in Zurich. 331 00:37:44,640 --> 00:37:51,920 And back then what we did is we we spoofed the location from this, from this point where you saw it jump to another building in Zurich. 332 00:37:51,930 --> 00:37:58,670 Now it moved a little bit. Now it's going to move to another location if you see it now moving there. 333 00:37:58,700 --> 00:38:04,680 This was all done by spoofing that injected messages into the antenna of these of this phone, 334 00:38:05,040 --> 00:38:08,670 and therefore shifted the perceived location of this phone. 335 00:38:09,180 --> 00:38:12,270 And this doesn't only work in a small area. 336 00:38:12,600 --> 00:38:16,830 We now shifted the location to Berlin. Right. So this works pretty well. 337 00:38:17,580 --> 00:38:25,200 And clearly this this has been done with civilian GPS where authentication is, is um, doesn't really exist. 338 00:38:25,200 --> 00:38:30,600 So you can generate genuine GPS, um, authentic looking G.P.S. signals. 339 00:38:32,410 --> 00:38:36,549 This is not only a problem for mobile phones because as a as a user, 340 00:38:36,550 --> 00:38:42,160 you have corrective mechanisms and you can rely on other markers in order to figure out where you are. 341 00:38:42,640 --> 00:38:52,360 But this is clearly also an issue, uh, for Rob, for drones and other robots which rely on this spoofing, uh, on this, uh, location information. 342 00:38:52,360 --> 00:38:56,169 Right. So here you can see a, I mean, I'm not going to play a video, 343 00:38:56,170 --> 00:39:04,780 but this was done by my group of and and Jonathan in Northeastern, where they took a drone that was set to hover. 344 00:39:04,930 --> 00:39:08,140 And then by injecting, uh, spoofing signals, 345 00:39:08,290 --> 00:39:18,280 they managed to fully control the drone so they could essentially order the drone to go left or right by injecting appropriate GPS, uh, signals. 346 00:39:20,990 --> 00:39:26,540 So why is GPS um or Genesis more, more broadly, um, vulnerable? 347 00:39:26,780 --> 00:39:33,850 Well, because first of all distance. Right. It's easy to jam and overshadow and disrupt the signal. 348 00:39:33,920 --> 00:39:37,160 These are these are satellites that are 20,000km away. 349 00:39:37,730 --> 00:39:43,610 Uh, the the power of the of the signal on the surface of the Earth is very weak. 350 00:39:44,000 --> 00:39:48,620 And this you can't easily, easily fix in in with that constellation. 351 00:39:49,160 --> 00:39:57,440 Another thing is broadcast, meaning that these are broadcast only signals and they are susceptible to delays. 352 00:39:57,980 --> 00:40:05,600 And these selective delay attacks can cause a location to be shifted from one to another location, 353 00:40:06,320 --> 00:40:11,930 even if the if the signals are digitally signed or authenticated in some way, because, well, 354 00:40:11,930 --> 00:40:16,309 the adversary can just pick up those signals and shift them to another location, 355 00:40:16,310 --> 00:40:25,100 or shift them selectively and introduce delays and relays, which has been already shown in in in academic research, quite a bit. 356 00:40:26,180 --> 00:40:34,069 Another thing is that the types of waveforms and modulations and time of arrival mechanisms that were built for Gnss, 357 00:40:34,070 --> 00:40:44,210 at least for vanilla Gnss, they are not they're not really, um, fully resistant to the time of arrival manipulation, manipulation, attacks. 358 00:40:44,660 --> 00:40:54,450 And the protection measures do not really scale. So my my argument is that we need to rethink positioning. 359 00:40:55,290 --> 00:41:03,770 And we actually have a nice chance here. So. We are in an age of of Leo satellites being deployed heavily. 360 00:41:03,800 --> 00:41:07,130 They are much closer to the surface of the Earth 500km. 361 00:41:07,550 --> 00:41:12,260 We have great experience in running cellular networks, uh, at uh, 362 00:41:12,260 --> 00:41:19,639 at the massive scale so we can leverage these additional infrastructure abilities in order 363 00:41:19,640 --> 00:41:26,810 to secure those to secure positioning against both spoofing attacks and and interference. 364 00:41:27,170 --> 00:41:35,570 And how how will we do that? Well, these ingredients for those who who have been maybe following this research will not be very surprising. 365 00:41:35,900 --> 00:41:42,440 So we need to integrate two way ranging. So it turns out that the ability to to do two way ranging from roundtrip time 366 00:41:42,440 --> 00:41:48,320 of flight ranging can actually solve the problem of secure positioning and of, 367 00:41:48,410 --> 00:41:49,850 uh, location verification. 368 00:41:50,330 --> 00:41:59,090 And also a denser infrastructure gives us more opportunity to rethink our, uh, jamming resilience and, uh, time of arrival protection mechanisms. 369 00:42:00,660 --> 00:42:06,630 So what we are working on is to integrate terrestrial and satellite infrastructure. 370 00:42:07,710 --> 00:42:18,870 Uh, so meaning work, which typically, uh, Leo Leo constellations plus terrestrial, uh, infrastructure in order to solve, solve this problem. 371 00:42:19,890 --> 00:42:24,000 So the first thing that you have to think about in this space and, and this is, 372 00:42:24,000 --> 00:42:28,500 of course, a very high level, high level talks, I can't go into many details is that. 373 00:42:28,920 --> 00:42:33,780 So if you look at the broadcast systems like DNS and also like some of the 374 00:42:33,780 --> 00:42:37,500 some of the Leo constellations that are simply broadcasting for positioning, 375 00:42:37,860 --> 00:42:46,290 you can't really prevent spoofing. So that's really not a solution because of these selective delay attacks that I mentioned. 376 00:42:46,590 --> 00:42:48,060 But what you can do instead, 377 00:42:49,170 --> 00:42:58,440 you can do around the time of flight distance measurements that you can then in addition protect against distance reduction attacks. 378 00:42:58,620 --> 00:43:04,409 So if you can prevent distance reduction attacks, meaning that an adversary cannot reduce the distance, 379 00:43:04,410 --> 00:43:09,600 but only large, he just happens that within these this kind of geometry, like a, 380 00:43:09,840 --> 00:43:15,480 like a this pyramid here, if you do this from, from several, uh, vantage points, 381 00:43:16,710 --> 00:43:24,000 you can have a guaranteed provable, uh, secure positioning system and even location verification system. 382 00:43:25,690 --> 00:43:30,100 So and this is a result that's quite old. It's from 2004 2005. 383 00:43:31,270 --> 00:43:39,610 Recently a group of people are sitting at this point, and, um, our students want us. 384 00:43:39,610 --> 00:43:45,010 We're are extending this kind of an an idea with what they call trick. 385 00:43:46,380 --> 00:43:56,000 Where they are combining essentially broadcast with a response to so a broadcast from one once one of the systems. 386 00:43:56,010 --> 00:44:06,090 So for example NSE or Leo and then a respond a response to a two terrestrial system forming instead of these circles that constrain the geometry, 387 00:44:06,360 --> 00:44:15,900 they they create ellipses in order to and define a region within which spoofing is not is not possible. 388 00:44:16,800 --> 00:44:20,040 Right and into which spoofing is not possible either. 389 00:44:21,030 --> 00:44:26,069 So this is this seems like relatively, relatively simple geometric thinking, 390 00:44:26,070 --> 00:44:30,510 but there's actually quite interesting, interesting academic work behind it. 391 00:44:32,660 --> 00:44:39,080 So. But in order for these geometries to work and give us secure positioning, we need we need something else. 392 00:44:40,160 --> 00:44:46,220 We need to be able to protect these two ways ranging against distance reduction attacks. 393 00:44:47,060 --> 00:44:54,650 So if you have a satellite and, uh, and a drone or two drones running challenge response protocols that are authenticated, 394 00:44:54,920 --> 00:45:01,700 one would believe that these are sufficient to prevent distance reduction attacks, but they're really not. 395 00:45:01,850 --> 00:45:14,120 So we know from from the research literature that that specially crafted signals injected by the adversary into these two devices, 396 00:45:14,120 --> 00:45:20,550 measuring a distance, uh, can actually shorten the distance that is measured between these two devices. 397 00:45:20,570 --> 00:45:27,330 If we if an adversary can do that, there is practically no help in in building a secure positioning system. 398 00:45:27,350 --> 00:45:31,810 So we need to solve this problem. So how can this happen? 399 00:45:34,780 --> 00:45:43,600 So if you if you look at a bolt here, uh, a pulse which is wirelessly transmitted over a wireless channel when it. 400 00:45:44,860 --> 00:45:49,380 When it arrives at the receiver, it's going to be somewhat smudged, right? 401 00:45:49,390 --> 00:45:56,620 So it's going to be spread by the by this channel because these wireless channels are quite complex. 402 00:45:57,610 --> 00:46:01,330 And not only that, it's going to be spread, but counter-intuitively, 403 00:46:02,320 --> 00:46:13,120 the the time of arrival of this smudged pulse will not be the strongest peak that you see here, but it might be the one that's that's before four. 404 00:46:13,390 --> 00:46:16,450 You have to essentially determine which one is it, 405 00:46:16,600 --> 00:46:23,140 and that that's where a lot of crafting might go in terms of building these kind of arranging systems, 406 00:46:23,470 --> 00:46:32,650 which one of these earlier peaks that come before the the strongest peak is actually the one that determines the true the true distance. 407 00:46:33,790 --> 00:46:40,060 And by injecting signals in such a way that you can create this even earlier peak. 408 00:46:41,620 --> 00:46:47,820 You will be able to shorten the distance. So that's intuitively how this works. 409 00:46:47,840 --> 00:46:52,460 Not not very precise, but intuitively how some of these attacks work. 410 00:46:52,850 --> 00:46:58,880 And this was one of the attacks that we that we did on, on, on an ultra wideband ranging system where we, 411 00:46:59,090 --> 00:47:04,310 we paired, we looked at the, the ranging between an an NXP chip and an iPhone. 412 00:47:04,700 --> 00:47:13,730 So on an NXP ultra wideband chip and iPhone where we when we turned our spoofing, we were able to bring a distance that was measured at 8m to 0m. 413 00:47:16,600 --> 00:47:19,640 So this is clearly. And how did we do that? 414 00:47:19,670 --> 00:47:27,040 Well, we actually didn't know any of the, of the keys or, or random sequences that were exchanged between these two devices. 415 00:47:27,520 --> 00:47:35,799 And we injected what was essentially another random sequence into the on top of the packets that were being exchanged by these two devices. 416 00:47:35,800 --> 00:47:46,150 And we managed to cause those early peaks to appear in the in the receiver and therefore trigger a shorter, a shorter distance measurement. 417 00:47:46,300 --> 00:47:53,880 I mean, the measurement of a shorter distance. He's actually a very, very fresh out of the print result. 418 00:47:54,660 --> 00:48:02,020 Um. Where we have recently shown it's a very simple kind of kind of result. 419 00:48:02,320 --> 00:48:10,960 Again, very counter-intuitive. So if you see here on the left, there are you can use in a narrow band, uh, system. 420 00:48:12,140 --> 00:48:15,590 You can actually use a negative group delay. 421 00:48:16,040 --> 00:48:19,310 Um, filter that can. 422 00:48:19,760 --> 00:48:32,180 I'm not sure if I have a. Yeah. So here this blue this blue signal is the, um, is the signal that should come out of the that should arrive at the, 423 00:48:32,180 --> 00:48:36,020 at the receiver if we didn't introduce our attack. 424 00:48:36,020 --> 00:48:43,400 Right. So instead what we did is we created we, we implemented a filter that created this red. 425 00:48:44,640 --> 00:48:49,290 Red curve, but it seems as if it has arrived earlier. 426 00:48:49,400 --> 00:48:57,000 Right. So if you look at this envelope here, and if you measure the time of arrival of that envelope, you will measure an earlier time of arrival. 427 00:48:57,750 --> 00:49:03,299 And how did we do that? Well, this filter essentially, uh, aggressively amplifies these, 428 00:49:03,300 --> 00:49:10,530 these amplitudes here and then suppresses them later in order to create this shape without knowing what's coming, 429 00:49:10,530 --> 00:49:13,700 without knowing which signal, which which signal, these come. 430 00:49:13,710 --> 00:49:20,100 So it's a very, very elegant way to reduce a measured a measure distance by manipulating, 431 00:49:20,550 --> 00:49:29,660 uh, by manipulating, using in this case, something that wrote you. Another attack that that comes from, uh, already from 2006. 432 00:49:31,400 --> 00:49:40,250 Is what's called an early detect, late commit attack. Uh, in this case, I illustrated on ultra wideband, right where you have a drone sending some, 433 00:49:40,790 --> 00:49:45,860 some pulses to a drone, and they are supposed to arrive as indicated here. 434 00:49:46,040 --> 00:49:52,280 The attacker wants to transmit those pulses earlier, but doesn't know what they are in advance. 435 00:49:52,730 --> 00:50:02,510 Cannot guess them. Right? So they are completely random. So what the attacker can do instead the attacker can send something in advance. 436 00:50:04,370 --> 00:50:08,960 Some random random garbage within the slots that he wants. 437 00:50:09,860 --> 00:50:17,470 And then when he learns. A part of the signal that that, um, that the sender transmitted. 438 00:50:17,950 --> 00:50:23,410 He sort of he generates the remaining part of this, of this signal. 439 00:50:25,480 --> 00:50:29,290 And now some of the time of arrival systems will react in the following way. 440 00:50:29,320 --> 00:50:34,750 They will say, hey, you know, maybe half of the of this symbol is messed up, 441 00:50:34,750 --> 00:50:41,260 but the other half shows shows enough evidence that this is a correct, that this is a correct symbol. 442 00:50:42,730 --> 00:50:48,350 And in and when summarised. I think this is a fine symbol. 443 00:50:49,810 --> 00:50:56,710 And of course, this kind of behaviour that you see here, it's a bit exaggerated but can happen on the real wireless wireless channel. 444 00:50:57,580 --> 00:51:01,720 So you end up advancing again and shortening a distance. 445 00:51:04,790 --> 00:51:08,840 So how can one protect against these physically? Uh, attacks. 446 00:51:09,770 --> 00:51:15,470 So basic protections, like a secret spreading codes can help? 447 00:51:15,680 --> 00:51:20,060 Not entirely, but they can. They can assist there. There is a lot of work now. 448 00:51:20,090 --> 00:51:23,959 There was a work work from Apple, for example, in the ultra wideband space, 449 00:51:23,960 --> 00:51:30,170 showing how effectively using spreading spreading codes across different sequences 450 00:51:30,470 --> 00:51:35,270 can potentially mitigate some of these attacks in the context of ultra wideband GPS. 451 00:51:35,810 --> 00:51:42,799 Uh is introducing camera, which are physical layer markers, um, which are some sort of punctured codes, 452 00:51:42,800 --> 00:51:47,600 right, in order to, to detect on the physical layer whether weather signals have been manipulated. 453 00:51:48,200 --> 00:51:58,610 Uh, in ultra Wideband, we have we have done a lot of work securing that even mentioned resulting in a spinoff company and product in up, uh, in Wi-Fi. 454 00:51:58,820 --> 00:52:05,360 We have we have mechanisms for that that are being now introduced in standards, the same in Bluetooth. 455 00:52:06,470 --> 00:52:11,930 And well, that's something that I already mentioned how this could be and this could be done. 456 00:52:13,700 --> 00:52:23,629 So in a nutshell, we have different technologies, geometries and ranges that we could potentially use to derive a position of a device. 457 00:52:23,630 --> 00:52:29,870 But at the at the core of it for each of these technologies is how do we protect 458 00:52:29,870 --> 00:52:35,899 the time of arrival in order to avoid this kind of time of arrival manipulations, 459 00:52:35,900 --> 00:52:41,030 because at least against distance reduction, because if we can prevent distance reductions, 460 00:52:41,810 --> 00:52:46,130 distance enlargements will be prevented by the geometry itself. 461 00:52:46,940 --> 00:52:48,680 So we need to focus on that. 462 00:52:50,420 --> 00:52:58,460 And if you look at different technologies that are being used for ranging, uh, you can of course pick on which one you want to work. 463 00:52:58,640 --> 00:53:03,380 We worked already on Ultra wideband, on Bluetooth, uh, on 5G, 464 00:53:04,280 --> 00:53:11,780 and most recently we introduced a new a new system that we built specifically for, uh, space. 465 00:53:11,780 --> 00:53:19,759 So for arranging with, uh, Leo satellites, where we then focussed on all of the M, uh, modulation because that's, uh, modulation. 466 00:53:19,760 --> 00:53:30,210 That's, that's being used in, in a lot of communication systems, um, including with Leo and, and of course, this is now an overloaded overload, 467 00:53:30,260 --> 00:53:37,590 this slide of all the things that one needs to do in this space in order to in order to make this work right from the start, 468 00:53:38,000 --> 00:53:44,659 designing the waveforms that you want to use to design the packets and making sure that, uh, 469 00:53:44,660 --> 00:53:49,310 that you have a time of arrival verification that secure and provably secure and so on. 470 00:53:49,670 --> 00:53:55,460 I'm going to give you an intuition behind behind, um, those those results. 471 00:53:55,940 --> 00:54:01,690 So this is the intuition. No. So what are we doing? 472 00:54:01,690 --> 00:54:06,850 For those of you who don't? Who are familiar with all of the modulation or not? 473 00:54:07,390 --> 00:54:10,870 I mean, it's essentially a frequency kind of embedding. 474 00:54:11,770 --> 00:54:22,660 And with an inverse Fourier transform, you get, uh, you get the, um, the time, the time domain signal, then you, then you transmit and. 475 00:54:23,650 --> 00:54:28,450 What did we actually do? We took two consecutive symbols in the OFDM. 476 00:54:29,050 --> 00:54:32,620 Uh, in the URL of the a manipulation encoded in the in the frequency domain. 477 00:54:33,280 --> 00:54:35,859 And we created, uh, a verification, 478 00:54:35,860 --> 00:54:44,020 a verification function that is going to test whether the wireless channel is consistent across those two, those two symbols. 479 00:54:44,410 --> 00:54:54,520 And what does this on on a high level test. This test whether the the distortion of the wireless channel is plausible or not. 480 00:54:55,420 --> 00:55:00,520 So if it's plot if it's if it's inconsistent across these two consecutive symbols, 481 00:55:00,790 --> 00:55:06,579 this means that most likely there is there is some sort of an intervention by by 482 00:55:06,580 --> 00:55:11,830 an adversary and not an expected and expected behaviour of the of the channel. 483 00:55:15,310 --> 00:55:19,120 So, um, yeah. 484 00:55:20,230 --> 00:55:25,219 And this in the, in the, um, in this constellation diagram looks looks like this. 485 00:55:25,220 --> 00:55:31,410 So the. Typically when you are when you decode these symbols, 486 00:55:32,040 --> 00:55:38,579 what you expect is that due to the channel changing the phase and the amplitude of your of your arriving signals, 487 00:55:38,580 --> 00:55:41,480 you will need to do some form of a of a compensation. 488 00:55:41,490 --> 00:55:50,100 So if you if you can test that this compensation is inconsistent across two symbols, you can let's say build on top of that. 489 00:55:50,100 --> 00:55:55,770 And, and then um, uh, have your time of arrival verification function. 490 00:55:55,770 --> 00:56:00,990 And for that, of course, we produced the proof that is in our, in our research research work. 491 00:56:02,460 --> 00:56:08,310 But of course, you know, security, we need to, uh, argue through proofs that we, that we write in papers. 492 00:56:08,310 --> 00:56:12,660 But implementation wise, we wanted to see if such ideas could actually work. 493 00:56:13,170 --> 00:56:17,879 And for that we have built first then in lab in lab setup. 494 00:56:17,880 --> 00:56:25,800 Right. This large box here is essentially emulates a wireless signal between the ground and and the satellites. 495 00:56:25,800 --> 00:56:31,890 So so this is a full a full blown, uh, satellite link simulator, right, 496 00:56:31,890 --> 00:56:36,990 where you can plug in your, your signals from the ground and from the satellite and back, 497 00:56:36,990 --> 00:56:42,930 and then test alongside with all the constellations and all the Doppler shifts and everything that you have to cope with. 498 00:56:43,380 --> 00:56:52,260 Right, in order to to test whether this type of modulation and this type of verification function can actually survive such channels, 499 00:56:53,040 --> 00:56:56,340 and we have shown that functionally it can. Right. 500 00:56:56,730 --> 00:57:01,140 We were not very happy with this because we said we we need to go out and actually test this. 501 00:57:01,860 --> 00:57:09,960 And um, and then we went to, uh, to a tunnel because transmitting outside is not so easy if you, 502 00:57:10,410 --> 00:57:14,880 if you are, um, getting licenses to transmit in certain bands, it's not so obvious. 503 00:57:15,270 --> 00:57:20,009 A tunnel clearly is not a channel that's, that's representative of a satellite channel. 504 00:57:20,010 --> 00:57:28,770 You don't have a tunnel to the up in the sky, but we wanted to functionally test across 500m where there are actually set up works. 505 00:57:29,880 --> 00:57:38,880 And so what you can see at one end of the tunnel, there was uh, there is a, there's one, uh, transceiver, another one here on this cart. 506 00:57:39,540 --> 00:57:43,590 And, uh, and what you don't see students pushing this cart down the tunnel. 507 00:57:43,980 --> 00:57:52,680 And as a result, you can you can see this distance actually changing, being being reduced as a result of this, of this approach. 508 00:57:53,130 --> 00:57:57,510 And then when they pull back you will see the distance, the distance increase. 509 00:57:57,750 --> 00:58:01,470 Increase back. Um back to the. 510 00:58:01,860 --> 00:58:08,830 Yeah. Mhm. And of course we are not happy with that either. 511 00:58:09,460 --> 00:58:13,240 So we did the test in the lab. 512 00:58:14,320 --> 00:58:19,030 We did the uh terrestrial tests and we will do more open space tests. 513 00:58:19,870 --> 00:58:28,420 But we are also happy that ESA uh, will allow us to deploy our, our design within the, um, the cyber Cube. 514 00:58:28,510 --> 00:58:30,610 So there was a competition, and there will be. 515 00:58:30,670 --> 00:58:37,480 And a European Space Agency launched satellite that will implement several projects, including, uh, our own, 516 00:58:37,990 --> 00:58:43,180 uh, where we will then perform our experiments from the satellites down to the down to the ground. 517 00:58:46,020 --> 00:58:53,159 So in summary, I believe that we need to change the way that we that we work on, 518 00:58:53,160 --> 00:59:00,569 on these positioning systems in the sense that we need to change the the reference that only broadcast the broadcast, 519 00:59:00,570 --> 00:59:05,969 the only systems are sufficient, that we don't need terrestrial infrastructures to be built in our cities. 520 00:59:05,970 --> 00:59:09,780 I think we do. I think we will need more robustness in this space. 521 00:59:09,960 --> 00:59:18,210 Otherwise we will see a lot more attacks that involve spoofing of locations, duping on on own locations, by by devices. 522 00:59:18,540 --> 00:59:26,280 So we need to build. We need to be ready build fundamentals for, for for this uh, for this particular problem space. 523 00:59:27,150 --> 00:59:31,230 And if we can do that, maybe we'll have a more secure future. 524 00:59:32,160 --> 00:59:37,080 Um, of course, it's easy to be pessimistic about that, right? 525 00:59:37,560 --> 00:59:44,969 Most likely, how these things develop is that you first need attacks and problems to happen and then deploy these, these kind of solutions. 526 00:59:44,970 --> 00:59:54,780 But let's see, maybe we we get ahead of a curve. Uh, there is some hope because there are already a number of calls by, by relevant European, 527 00:59:54,930 --> 01:00:00,240 uh, and global entities calling for secure positioning to be, to be deployed. 528 01:00:00,540 --> 01:00:02,090 And also these, uh, 529 01:00:02,100 --> 01:00:11,400 the effects of the of the recent wars where spoofing and jamming has been quite prevalent are showing how relevant this topic is, is becoming. 530 01:00:13,880 --> 01:00:22,480 Uh, so final final musings for my from my side when it comes to generally system design and and 531 01:00:22,490 --> 01:00:30,990 security research is that I think we we can be really bold in hardening our infrastructures. 532 01:00:31,070 --> 01:00:36,800 I think it doesn't require us to be to, to design everything from scratch. 533 01:00:36,830 --> 01:00:46,040 I think we can integrate technologies. Uh, our choice of OFDM is it's not only a choice to go for OFDM, 534 01:00:46,040 --> 01:00:52,339 but we are clearly looking for integration within existing 5G and other other 535 01:00:52,340 --> 01:00:58,600 technologies to towards and to effectively simplify the implementation of of such um, 536 01:00:58,610 --> 01:01:05,360 protection measures into existing, uh, ecosystems in the same way for the sovereign smartphone. 537 01:01:05,870 --> 01:01:09,830 What we want wanted to do is to avoid the trap of of being exclusive. 538 01:01:09,860 --> 01:01:14,389 We wanted to be on a platform that's actually open to to everyone, 539 01:01:14,390 --> 01:01:21,230 including large ecosystems, because this is not an, uh, this is not a fight against someone. 540 01:01:21,230 --> 01:01:29,420 It's a it's a, it's a fight to have systems that we can actually control, either as a user or as as as as communities. 541 01:01:32,330 --> 01:01:36,980 And so of course, of course, that I did all of this alone. 542 01:01:37,730 --> 01:01:42,680 Um, and, uh, so these are some, some of the people on, uh, 543 01:01:42,680 --> 01:01:47,810 that I want to acknowledge that work quite hard on some of these, uh, projects that you have seen. 544 01:01:48,230 --> 01:01:50,210 And with this, I, I thank you.