System Security Lab          Uni-directional Trusted Path:           Transaction Confirmation              on Just One Dev...
System Security Lab                                                 Motivation                    •     Malware can have s...
System Security Lab                                                 Motivation                    •     Malware can have s...
System Security Lab                                    Threat Scenario                                  issue transaction ...
System Security Lab                                      Threat Scenario                                                  ...
System Security Lab                                      Threat Scenario                                                  ...
System Security Lab                                      Threat Scenario                                                  ...
System Security Lab                                      Threat Scenario                                                  ...
System Security Lab                                      Threat Scenario                     Server cannot distinguish    ...
System Security Lab                                               Our Goals                     •    Assurance to a remote...
System Security Lab                                               Our Goals                     •    Assurance to a remote...
Idea of the Uni-directional                          Trusted PathDienstag, 28. Juni 2011
System Security Lab                                  Full Trusted Path                                                    ...
System Security Lab     Trusted Path: Existing Approaches       •       Secure GUI (reserved screen area)             •   ...
System Security Lab     Trusted Path: Existing Approaches       •       Secure GUI (reserved screen area)             •   ...
System Security Lab     Uni-directional Trusted Path (UTP)                              CPU                               ...
System Security Lab     Uni-directional Trusted Path (UTP)                              CPU                               ...
System Security Lab     Uni-directional Trusted Path (UTP)                               CPU                              ...
Transaction Confirmation                           with UTPDienstag, 28. Juni 2011
System Security Lab                          Transaction Initiation                                               CPU     ...
System Security Lab                          Transaction Initiation                                                  CPU  ...
System Security Lab                          Transaction Initiation                                                  CPU  ...
System Security Lab                          Transaction Initiation                                                  CPU  ...
System Security Lab                    Transaction Confirmation                                              CPU          ...
System Security Lab                    Transaction Confirmation                                              CPU          ...
System Security Lab                    Transaction Confirmation                                              CPU          ...
System Security Lab                    Transaction Confirmation                                              CPU          ...
System Security Lab                    Transaction Confirmation                                               CPU  4. show...
System Security Lab                    Transaction Confirmation                                                    CPU  4....
System Security Lab                    Transaction Confirmation                                                    CPU  4....
System Security Lab                    Transaction Confirmation                                                    CPU  4....
System Security Lab                    Transaction Confirmation                                                    CPU  4....
System Security Lab                    Transaction Confirmation                                                    CPU  4....
System Security Lab                    Transaction Confirmation                                                    CPU    ...
System Security Lab                    Transaction Confirmation                                                    CPU    ...
System Security Lab                    Transaction Confirmation                                                    CPU    ...
System Security Lab                    Transaction Confirmation                                                    CPU    ...
System Security Lab                          Security Considerations                     •    Transaction generated by mal...
System Security Lab                          Security Considerations                     •    Transaction generated by mal...
System Security Lab                          Security Considerations                     •    Transaction generated by mal...
System Security Lab                          Security Considerations                     •    Transaction manipulation + m...
System Security Lab                          Security Considerations                     •    Transaction manipulation + m...
System Security Lab                          Security Considerations                     •    Transaction manipulation + m...
System Security Lab                          Security Considerations                     •    Transaction manipulation + m...
System Security Lab                          Security Considerations                     •    Transaction manipulation + m...
System Security Lab                          Security Considerations                     •    Transaction manipulation + m...
System Security Lab                          Security Considerations                     •    Transaction manipulation + f...
System Security Lab                          Security Considerations                     •    Transaction manipulation + f...
System Security Lab                          Security Considerations                     •    Transaction manipulation + f...
System Security Lab                          Security Considerations                     •    Transaction manipulation + f...
System Security Lab                    Setup: Device Enrollment                     •    Server knows that a human confirm...
Realization of UTPDienstag, 28. Juni 2011
System Security Lab                   PC-Based Implementation                •         Evidence attestation: Trusted Platf...
System Security Lab                 Implementation Architecture                              Client                       ...
System Security Lab                 Implementation Architecture                              Client                       ...
System Security Lab                 Implementation Architecture                              Client                       ...
System Security Lab                 Implementation Architecture                              Client                       ...
System Security Lab                          Screenshot (Transaction Initiation)        Marcel Winandy          Uni-direct...
System Security Lab                          Screenshot (Transaction Initiation)        Marcel Winandy          Uni-direct...
System Security Lab                 Screenshot (Transaction Confirmation)        Marcel Winandy    Uni-directional Trusted...
System Security Lab                                                      Evaluation                  •       Code complexi...
System Security Lab                                          Conclusion                     •    Existing solutions agains...
System Security Lab                                    Questions?                                                         ...
BACKUPDienstag, 28. Juni 2011
System Security Lab               Implementation of UTP with Flicker        Marcel Winandy    Uni-directional Trusted Path...
Nächste SlideShare
Wird geladen in …5
×

Uni-directional Trusted Path: Transaction Confirmation on Just One Device

613 Aufrufe

Veröffentlicht am

Veröffentlicht in: Technologie
0 Kommentare
0 Gefällt mir
Statistik
Notizen
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Keine Downloads
Aufrufe
Aufrufe insgesamt
613
Auf SlideShare
0
Aus Einbettungen
0
Anzahl an Einbettungen
2
Aktionen
Geteilt
0
Downloads
5
Kommentare
0
Gefällt mir
0
Einbettungen 0
Keine Einbettungen

Keine Notizen für die Folie

Uni-directional Trusted Path: Transaction Confirmation on Just One Device

  1. 1. System Security Lab Uni-directional Trusted Path: Transaction Confirmation on Just One Device Atanas Filyanov1, Jonathan M. McCune2, Ahmad-Reza Sadeghi3, Marcel Winandy1 1 Ruhr-University Bochum, Germany 2 Carnegie Mellon University, USA 3 Technical University Darmstadt, Germany DSN 2011 - 41st Annual IEEE/IFIP International Conference on Dependable Systems and Networks Hong Kong, China, 27-30 June 2011Dienstag, 28. Juni 2011
  2. 2. System Security Lab Motivation • Malware can have strong power on commodity systems • Keyloggers, transaction generators, ... (commit online fraud) • Credit card companies, banks absorb most liabilities • Users have disincentive to solve the problem • Even e-commerce servers are under attack! • Sony: attackers have eventually stolen credit card data from several customers • Recently similar attacks at other game companies Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 2Dienstag, 28. Juni 2011
  3. 3. System Security Lab Motivation • Malware can have strong power on commodity systems • Keyloggers, transaction generators, ... (commit online fraud) • Credit card companies, banks absorb most liabilities • Users have disincentive to solve the problem • Even e-commerce servers are under attack! • Sony: attackers have eventually stolen credit card data from several customers • Recently similar attacks at other game companies If all had used our proposed solution, there would have been no problem! :-) Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 2Dienstag, 28. Juni 2011
  4. 4. System Security Lab Threat Scenario issue transaction request transaction request confirmation request confirmation confirmation confirmation User Client System Server • Typical scenarios: online purchases, online banking, e-government, enrollment for online services, etc. Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 3Dienstag, 28. Juni 2011
  5. 5. System Security Lab Threat Scenario Adversary issue transaction request transaction request confirmation request confirmation confirmation confirmation User Client System Server • Typical scenarios: online purchases, online banking, e-government, enrollment for online services, etc. • Adversary: controls network traffic and controls client system • only software attacks (no hardware tampering) Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 3Dienstag, 28. Juni 2011
  6. 6. System Security Lab Threat Scenario Adversary issue transaction request transaction request confirmation request confirmation confirmation confirmation User Client System Server • Typical scenarios: online purchases, online banking, e-government, enrollment for online services, etc. • Adversary: controls network traffic and controls client system • only software attacks (no hardware tampering) Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 3Dienstag, 28. Juni 2011
  7. 7. System Security Lab Threat Scenario Adversary issue transaction request transaction request confirmation request confirmation confirmation confirmation User Client System Server • Typical scenarios: online purchases, online banking, e-government, enrollment for online services, etc. • Adversary: controls network traffic and controls client system • only software attacks (no hardware tampering) Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 3Dienstag, 28. Juni 2011
  8. 8. System Security Lab Threat Scenario Adversary issue transaction request transaction request confirmation request confirmation confirmation confirmation User Client System Server • Typical scenarios: online purchases, online banking, e-government, enrollment for online services, etc. • Adversary: controls network traffic and controls client system • only software attacks (no hardware tampering) Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 3Dienstag, 28. Juni 2011
  9. 9. System Security Lab Threat Scenario Server cannot distinguish Adversary between transactions issued/ confirmed by user or malware ? issue transaction request transaction request confirmation request confirmation confirmation confirmation User Client System Server • Typical scenarios: online purchases, online banking, e-government, enrollment for online services, etc. • Adversary: controls network traffic and controls client system • only software attacks (no hardware tampering) Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 3Dienstag, 28. Juni 2011
  10. 10. System Security Lab Our Goals • Assurance to a remote server that a user indeed confirmed a proposed action • Technical solution without additional devices, but compatible to existing operating systems • Minimal/no deviation from normal user experience • Assumption: Client System hardware provides some form of secure execution environment Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 4Dienstag, 28. Juni 2011
  11. 11. System Security Lab Our Goals • Assurance to a remote server that a user indeed confirmed a proposed action • Technical solution without additional devices, but compatible to existing operating systems • Minimal/no deviation from normal user experience • Assumption: Client System hardware provides some form of secure execution environment Available on commodity platforms: PC: Intel TXT, AMD SVM Mobile: ARM TrustZone; Playstation3: Cell BE Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 4Dienstag, 28. Juni 2011
  12. 12. Idea of the Uni-directional Trusted PathDienstag, 28. Juni 2011
  13. 13. System Security Lab Full Trusted Path Properties: Application 1. Isolation of I/O channels 2 3 (integrity & confidentiality) 1 Application 2. Assurance for user about User authenticity of application Application 3. Assurance for application OS about user-generated input Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 6Dienstag, 28. Juni 2011
  14. 14. System Security Lab Trusted Path: Existing Approaches • Secure GUI (reserved screen area) • Requires a secure OS • Secure Attention Sequence (e.g., Ctrl+Alt+Delete) • Requires OS kernel to remain uncompromised • Additional hardware indicators (e.g., color LED) • Requires OS kernel to remain uncompromised Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 7Dienstag, 28. Juni 2011
  15. 15. System Security Lab Trusted Path: Existing Approaches • Secure GUI (reserved screen area) • Requires a secure OS • Secure Attention Sequence (e.g., Ctrl+Alt+Delete) • Requires OS kernel to remain uncompromised • Additional hardware indicators (e.g., color LED) • Requires OS kernel to remain uncompromised No widespread adoption, or lack of interest from users (also: usability unclear) Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 7Dienstag, 28. Juni 2011
  16. 16. System Security Lab Uni-directional Trusted Path (UTP) CPU Properties: Application 1. Isolation of I/O channels (integrity & confidentiality) OS 3 2. Assurance for user about Untrusted Execution Mode authenticity of application 1 UTP Agent 3. Assurance for application User Secure Execution Mode about user-generated input Server Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 8Dienstag, 28. Juni 2011
  17. 17. System Security Lab Uni-directional Trusted Path (UTP) CPU Properties: Application 1. Isolation of I/O channels (integrity & confidentiality) OS 3 2. Assurance for user about Untrusted Execution Mode authenticity of application 1 UTP Agent 3. Assurance for application User Secure Execution Mode about user-generated input Server Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 8Dienstag, 28. Juni 2011
  18. 18. System Security Lab Uni-directional Trusted Path (UTP) CPU Properties: Application 1. Isolation of I/O channels (integrity & confidentiality) OS 3 2. Assurance for user about Untrusted Execution Mode authenticity of application 1 UTP Agent 3. Assurance for application User Secure Execution Mode about user-generated input Server Client System • Enable remote server to gain assurance about human-initiated action • Based on CPU‘s capability to switch between untrusted and secure execution mode • UTP is only available in Secure Execution Mode: • Isolated execution environment and control of user I/O devices • Ability to provide evidence to remote system what has executed in this mode Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 8Dienstag, 28. Juni 2011
  19. 19. Transaction Confirmation with UTPDienstag, 28. Juni 2011
  20. 20. System Security Lab Transaction Initiation CPU Browser OS Untrusted Execution Mode Server User I/O Devices UTP Agent Secure Execution Mode Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 10Dienstag, 28. Juni 2011
  21. 21. System Security Lab Transaction Initiation CPU Browser 1. issues transaction OS Untrusted Execution Mode Server User I/O Devices UTP Agent Secure Execution Mode Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 10Dienstag, 28. Juni 2011
  22. 22. System Security Lab Transaction Initiation CPU 2. requests transaction Browser 1. issues transaction OS Untrusted Execution Mode Server User I/O Devices UTP Agent Secure Execution Mode Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 10Dienstag, 28. Juni 2011
  23. 23. System Security Lab Transaction Initiation CPU 2. requests transaction Browser 3. requests confirmation 1. issues (conf. message) transaction OS Untrusted Execution Mode Server User I/O Devices UTP Agent Secure Execution Mode Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 10Dienstag, 28. Juni 2011
  24. 24. System Security Lab Transaction Confirmation CPU Browser 3. requests confirmation (conf. message) OS Untrusted Execution Mode Server User I/O Devices Secure Execution Mode Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 11Dienstag, 28. Juni 2011
  25. 25. System Security Lab Transaction Confirmation CPU Browser 3. requests confirmation (conf. message) OS Untrusted Execution Mode Server User I/O Devices Secure Execution Mode Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 11Dienstag, 28. Juni 2011
  26. 26. System Security Lab Transaction Confirmation CPU Browser 3. requests confirmation (conf. message) OS Untrusted Execution Mode Server User I/O Devices UTP Agent Secure Execution Mode Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 11Dienstag, 28. Juni 2011
  27. 27. System Security Lab Transaction Confirmation CPU Browser 3. requests confirmation (conf. message) OS Untrusted Execution Mode Server User (conf. message) I/O Devices UTP Agent Secure Execution Mode Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 11Dienstag, 28. Juni 2011
  28. 28. System Security Lab Transaction Confirmation CPU 4. show conf. message + request confirmation Browser 3. requests confirmation (conf. message) OS Untrusted Execution Mode Server User (conf. message) I/O Devices UTP Agent Secure Execution Mode Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 11Dienstag, 28. Juni 2011
  29. 29. System Security Lab Transaction Confirmation CPU 4. show conf. message + request confirmation Browser 3. requests confirmation (conf. message) 5. confirm/abort OS Untrusted Execution Mode Server User (conf. message) I/O Devices UTP Agent Secure Execution Mode Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 11Dienstag, 28. Juni 2011
  30. 30. System Security Lab Transaction Confirmation CPU 4. show conf. message + request confirmation Browser 3. requests confirmation (conf. message) 5. confirm/abort OS Untrusted Execution Mode Server User (conf. message) I/O Devices UTP Agent confirm/abort Secure Execution Mode Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 11Dienstag, 28. Juni 2011
  31. 31. System Security Lab Transaction Confirmation CPU 4. show conf. message + request confirmation Browser 3. requests confirmation (conf. message) 5. confirm/abort OS Untrusted Execution Mode Server User (conf. message) 6. attestation evidence: I/O Devices UTP Agent confirm/abort - UTP Agent integrity measurement Secure Execution Mode - conf. message from server - confirm/abort from user Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 11Dienstag, 28. Juni 2011
  32. 32. System Security Lab Transaction Confirmation CPU 4. show conf. message + request confirmation Browser 3. requests confirmation (conf. message) 5. confirm/abort OS Untrusted Execution Mode Server User (conf. message) 6. attestation evidence: I/O Devices UTP Agent confirm/abort - UTP Agent integrity measurement Secure Execution Mode - conf. message from server - confirm/abort from user Client System Uni-directional Trusted Path Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 11Dienstag, 28. Juni 2011
  33. 33. System Security Lab Transaction Confirmation CPU 4. show conf. message + request confirmation Browser 3. requests confirmation (conf. message) 5. confirm/abort OS Untrusted Execution Mode Server User (conf. message) 6. attestation evidence: I/O Devices UTP Agent confirm/abort - UTP Agent integrity measurement Secure Execution Mode - conf. message from server - confirm/abort from user Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 11Dienstag, 28. Juni 2011
  34. 34. System Security Lab Transaction Confirmation CPU 7. accept/discard 4. show conf. message + request confirmation Browser 3. requests confirmation (conf. message) 5. confirm/abort OS Untrusted Execution Mode Server User (conf. message) 6. attestation evidence: I/O Devices UTP Agent confirm/abort - UTP Agent integrity measurement Secure Execution Mode - conf. message from server - confirm/abort from user Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 11Dienstag, 28. Juni 2011
  35. 35. System Security Lab Transaction Confirmation CPU 7. accept/discard 4. show conf. message + request confirmation Browser 3. requests confirmation (conf. message) 5. confirm/abort OS Untrusted Execution Mode Server User 6. attestation evidence: I/O Devices - UTP Agent integrity measurement Secure Execution Mode - conf. message from server - confirm/abort from user Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 11Dienstag, 28. Juni 2011
  36. 36. System Security Lab Transaction Confirmation CPU 7. accept/discard 4. show conf. message + request confirmation Browser 3. requests confirmation (conf. message) 5. confirm/abort OS Untrusted Execution Mode Server User 6. attestation evidence: I/O Devices - UTP Agent integrity measurement Secure Execution Mode - conf. message from server - confirm/abort from user Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 11Dienstag, 28. Juni 2011
  37. 37. System Security Lab Transaction Confirmation CPU 7. accept/discard 4. show conf. message + request confirmation Browser 3. requests confirmation (conf. message) 5. confirm/abort OS Untrusted Execution Mode Server 8. show result User 6. attestation evidence: I/O Devices - UTP Agent integrity measurement Secure Execution Mode - conf. message from server - confirm/abort from user Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 11Dienstag, 28. Juni 2011
  38. 38. System Security Lab Security Considerations • Transaction generated by malware CPU 1. requests transaction Browser 2. requests confirmation (conf. message) OS Untrusted Execution Mode Server User (conf. message) I/O Devices UTP Agent Secure Execution Mode Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 12Dienstag, 28. Juni 2011
  39. 39. System Security Lab Security Considerations • Transaction generated by malware CPU 1. requests transaction Browser 2. requests confirmation unexpected (conf. message) (conf. message) OS Untrusted Execution Mode Server User (conf. message) I/O Devices UTP Agent Secure Execution Mode Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 12Dienstag, 28. Juni 2011
  40. 40. System Security Lab Security Considerations • Transaction generated by malware CPU 1. requests transaction Browser 2. requests confirmation unexpected (conf. message) (conf. message) OS Untrusted Execution Mode Server User (conf. message) I/O Devices UTP Agent Secure Execution Mode User will notice Client System (unexpected transaction) Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 12Dienstag, 28. Juni 2011
  41. 41. System Security Lab Security Considerations • Transaction manipulation + manipulated UTP agent CPU 2. requests transaction 1. issues transaction Browser 3. requests confirmation (conf. message) OS Untrusted Execution Mode Server User I/O Devices UTP Agent Secure Execution Mode Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 13Dienstag, 28. Juni 2011
  42. 42. System Security Lab Security Considerations • Transaction manipulation + manipulated UTP agent CPU 2. requests transaction 1. issues transaction Browser 3. requests confirmation (conf. message) OS Untrusted Execution Mode Server User I/O Devices UTP Agent Secure Execution Mode Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 13Dienstag, 28. Juni 2011
  43. 43. System Security Lab Security Considerations • Transaction manipulation + manipulated UTP agent CPU 2. requests transaction 1. issues transaction Browser 3. requests confirmation (conf. message) OS Untrusted Execution Mode Server User (conf. message) I/O Devices UTP Agent Secure Execution Mode Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 13Dienstag, 28. Juni 2011
  44. 44. System Security Lab Security Considerations • Transaction manipulation + manipulated UTP agent CPU 2. requests transaction 1. issues transaction Browser 3. requests confirmation expected (conf. message) (conf. message) OS Untrusted Execution Mode Server User (conf. message) I/O Devices UTP Agent Secure Execution Mode Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 13Dienstag, 28. Juni 2011
  45. 45. System Security Lab Security Considerations • Transaction manipulation + manipulated UTP agent CPU 2. requests transaction 1. issues transaction Browser 3. requests confirmation expected (conf. message) (conf. message) OS Untrusted Execution Mode Server User (conf. message) 6. attestation evidence: I/O Devices UTP Agent - UTP Agent integrity measurement - conf. message from server Secure Execution Mode - confirm/abort from user Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 13Dienstag, 28. Juni 2011
  46. 46. System Security Lab Security Considerations • Transaction manipulation + manipulated UTP agent CPU 2. requests transaction 1. issues transaction Browser 3. requests confirmation expected (conf. message) (conf. message) OS Untrusted Execution Mode Server User (conf. message) 6. attestation evidence: I/O Devices UTP Agent - UTP Agent integrity measurement - conf. message from server Secure Execution Mode - confirm/abort from user Client System Server will notice and reject (UTP integrity violation) Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 13Dienstag, 28. Juni 2011
  47. 47. System Security Lab Security Considerations • Transaction manipulation + faked confirmation dialog CPU 2. requests transaction 1. issues transaction Browser 3. requests confirmation (conf. message) OS Untrusted Execution Mode Server User I/O Devices Secure Execution Mode Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 14Dienstag, 28. Juni 2011
  48. 48. System Security Lab Security Considerations • Transaction manipulation + faked confirmation dialog CPU 2. requests transaction 1. issues transaction Browser 3. requests confirmation (conf. message) 4. faked conf. OS message Untrusted Execution Mode Server User I/O Devices Secure Execution Mode Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 14Dienstag, 28. Juni 2011
  49. 49. System Security Lab Security Considerations • Transaction manipulation + faked confirmation dialog CPU 2. requests transaction 1. issues transaction Browser 3. requests confirmation (conf. message) 4. faked conf. OS message Untrusted Execution Mode Server User 6. attestation evidence: I/O Devices - ??? Secure Execution Mode Client System Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 14Dienstag, 28. Juni 2011
  50. 50. System Security Lab Security Considerations • Transaction manipulation + faked confirmation dialog CPU 2. requests transaction 1. issues transaction Browser 3. requests confirmation (conf. message) 4. faked conf. OS message Untrusted Execution Mode Server User 6. attestation evidence: I/O Devices - ??? Secure Execution Mode Client System Server will notice and reject (no UTP execution) Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 14Dienstag, 28. Juni 2011
  51. 51. System Security Lab Setup: Device Enrollment • Server knows that a human confirmed a transaction • But how does the server know which user? • Solution: binding the device to the user account • Requires to register user devices in a setup phase • Establishes a cryptographic credential to perform login (e.g. public key protected by Secure Execution Mode) • Protects against misuse of stolen account data! • Attackers cannot use data (e.g. credit card number) because their devices are not registered with that account at the server Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 15Dienstag, 28. Juni 2011
  52. 52. Realization of UTPDienstag, 28. Juni 2011
  53. 53. System Security Lab PC-Based Implementation • Evidence attestation: Trusted Platform Module (TPM) • Hardware root of trust (secure storage for keys; cryptographic operations) • PCRs: registers that can be extended with integrity measurements of code • Attestation: cryptographic signature of PCRs with a TPM-protected key • Secure Execution Mode: Intel Trusted Execution Technology (TXT) • Late Launch creates dynamic root of trust (DRTM) • Reinitializes CPU and memory controller into known-good state • Resets dynamic PCRs of the TPM (only CPU can reset these registers) • Software framework: Flicker • Allows to execute very small code in DRTM mode (without any OS) • During DRTM mode, normal OS is halted; after switch back, OS is resumed Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 17Dienstag, 28. Juni 2011
  54. 54. System Security Lab Implementation Architecture Client Server CPU (Intel TXT) Webserver Web Browser Application HTTPS Script Extension Extension Client Utility Program Verification Program Flicker OS Launch CPU Secure Mode UTP Agent TPM Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 18Dienstag, 28. Juni 2011
  55. 55. System Security Lab Implementation Architecture Client Server CPU (Intel TXT) Webserver Web Browser Application HTTPS Script Extension Extension Client Utility Program Verification Program Flicker OS Launch CPU Secure Mode + 488 UTP Agent LOC TPM Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 18Dienstag, 28. Juni 2011
  56. 56. System Security Lab Implementation Architecture Client Server CPU (Intel TXT) Webserver Web Browser Application HTTPS Script Extension } Extension + 956 LOC (non-TCB) Client Utility Program Verification Program Flicker OS Launch CPU Secure Mode + 488 UTP Agent LOC TPM Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 18Dienstag, 28. Juni 2011
  57. 57. System Security Lab Implementation Architecture Client Server CPU (Intel TXT) Webserver Web Browser Application HTTPS Script Extension } Extension + 956 LOC (non-TCB) Client Utility Program Verification Program Flicker OS Launch CPU Secure Mode + 488 UTP Agent 2335 LOC LOC (TCB) TPM Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 18Dienstag, 28. Juni 2011
  58. 58. System Security Lab Screenshot (Transaction Initiation) Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 19Dienstag, 28. Juni 2011
  59. 59. System Security Lab Screenshot (Transaction Initiation) Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 19Dienstag, 28. Juni 2011
  60. 60. System Security Lab Screenshot (Transaction Confirmation) Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 20Dienstag, 28. Juni 2011
  61. 61. System Security Lab Evaluation • Code complexity: • Very small total TCB: 2335 LOC (seL4 about 9000 [Klein et al. SOSP 2009]) • Including VGA and PS/2 keyboard driver (USB would add another 2000) • Deployment: • Server-side: only minor modifications necessary • Client-side: users just need to download UTP software • Performance: • Switching time about 1 sec • Remaining actions: waiting for user input, or in untrusted mode • Usability: • Confirmation message should not be simply "Press OK" (user tend to ignore) • UTP is generic, confirmation message can be provided by service providers Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 21Dienstag, 28. Juni 2011
  62. 62. System Security Lab Conclusion • Existing solutions against transaction generators are inconvenient or not widely deployed • Our proposal: a one-way trusted path to enable service providers to gain assurance about user- initiated transactions • Realization based on on-demand isolated execution environment and temporal control of user I/O devices • Very small TCB and compatible to existing software • Deployable on commodity systems today Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 22Dienstag, 28. Juni 2011
  63. 63. System Security Lab Questions? Contact: Marcel Winandy Ruhr-University Bochum marcel.winandy@trust.rub.de http://www.trust.rub.de Twitter: @mwinandy Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 23Dienstag, 28. Juni 2011
  64. 64. BACKUPDienstag, 28. Juni 2011
  65. 65. System Security Lab Implementation of UTP with Flicker Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 25Dienstag, 28. Juni 2011

×