Citizen Electronic Identities using TPM 2.0

Electronic Identification (eID) is becoming commonplace in several European countries. eID is typically used to authenticate to government e-services, but is also used for other services, such as public transit, e-banking, and physical security access control. Typical eID tokens take the form of physical smart cards, but successes in merging eID into phone operator SIM cards show that eID tokens integrated into a personal device can offer better usability compared to standalone tokens. At the same time, trusted hardware that enables secure storage and isolated processing of sensitive data have become commonplace both on PC platforms as well as mobile devices. Some time ago, the Trusted Computing Group (TCG) released the version 2.0 of the Trusted Platform Module (TPM) specification. We propose an eID architecture based on the new, rich authorization model introduced in the TCGs TPM 2.0. The goal of the design is to improve the overall security and usability compared to traditional smart card-based solutions. We also provide, to the best our knowledge, the first accessible description of the TPM 2.0 authorization model.Comment: This work is based on an earlier work: Citizen Electronic Identities using TPM 2.0, to appear in the Proceedings of the 4th international workshop on Trustworthy embedded devices, TrustED'14, November 3, 2014, Scottsdale, Arizona, USA, http://dx.doi.org/10.1145/2666141.266614

Trusted Computing and Secure Virtualization in Cloud Computing

Large-scale deployment and use of cloud computing in industry is accompanied and in the same time hampered by concerns regarding protection of data handled by cloud computing providers. One of the consequences of moving data processing and storage off company premises is that organizations have less control over their infrastructure. As a result, cloud service (CS) clients must trust that the CS provider is able to protect their data and infrastructure from both external and internal attacks. Currently however, such trust can only rely on organizational processes declared by the CS provider and can not be remotely verified and validated by an external party. Enabling the CS client to verify the integrity of the host where the virtual machine instance will run, as well as to ensure that the virtual machine image has not been tampered with, are some steps towards building trust in the CS provider. Having the tools to perform such verifications prior to the launch of the VM instance allows the CS clients to decide in runtime whether certain data should be stored- or calculations should be made on the VM instance offered by the CS provider. This thesis combines three components -- trusted computing, virtualization technology and cloud computing platforms -- to address issues of trust and security in public cloud computing environments. Of the three components, virtualization technology has had the longest evolution and is a cornerstone for the realization of cloud computing. Trusted computing is a recent industry initiative that aims to implement the root of trust in a hardware component, the trusted platform module. The initiative has been formalized in a set of specifications and is currently at version 1.2. Cloud computing platforms pool virtualized computing, storage and network resources in order to serve a large number of customers customers that use a multi-tenant multiplexing model to offer on-demand self-service over broad network. Open source cloud computing platforms are, similar to trusted computing, a fairly recent technology in active development. The issue of trust in public cloud environments is addressed by examining the state of the art within cloud computing security and subsequently addressing the issues of establishing trust in the launch of a generic virtual machine in a public cloud environment. As a result, the thesis proposes a trusted launch protocol that allows CS clients to verify and ensure the integrity of the VM instance at launch time, as well as the integrity of the host where the VM instance is launched. The protocol relies on the use of Trusted Platform Module (TPM) for key generation and data protection. The TPM also plays an essential part in the integrity attestation of the VM instance host. Along with a theoretical, platform-agnostic protocol, the thesis also describes a detailed implementation design of the protocol using the OpenStack cloud computing platform. In order the verify the implementability of the proposed protocol, a prototype implementation has built using a distributed deployment of OpenStack. While the protocol covers only the trusted launch procedure using generic virtual machine images, it presents a step aimed to contribute towards the creation of a secure and trusted public cloud computing environment

Implementing total productive maintenance in Nigerian manufacturing industries

Remarkable improvements have occurred recently in the maintenance management of physical assets and productive systems, so that less wastages of energy and resources occur. The requirement for optimal preventive maintenance using, for instance, justin-time (JIT) and total quality-management (TQM) techniques has given rise to whathas been called the total productive-maintenance (TPM) approach. This study explores the ways in which Nigerian manufacturing industries can implement TPM as a strategy and culture for improving its performance and suggests self-auditing and bench-marking as desirable prerequisites before TPM implementation

Implementing Trusted Terminals with a and SITDRM

AbstractThe SITDRM Enterprise system [N. Sheppard, R. Safavi-Naini “Protecting Privacy with the MPEG-21 IPMP Framework”. International Workshop on Privacy Enhancing Technologies 2006, pp. 152–171] protects private customer data by allowing customers to provide policies in the form of a machine-readable license. When employees of an organization want to use customers' data, they must be forced to abide by the licences provided. Some sort of hardened terminal must be used to ensure that not only the hardware and software will cooperate, but that the user of the terminal will too. We use the Trusted Computing Group's specifications for a trusted platform upon which to build a data user terminal that can be proved to implement correct license-enforcing behavior. A Trusted Platform Module (TPM) and a TPM-using operating system are all that may be required to construct a verifiably secure terminal

Secure entity authentication

According to Wikipedia, authentication is the act of confirming the truth of an attribute of a single piece of a datum claimed true by an entity. Specifically, entity authentication is the process by which an agent in a distributed system gains confidence in the identity of a communicating partner (Bellare et al.). Legacy password authentication is still the most popular one, however, it suffers from many limitations, such as hacking through social engineering techniques, dictionary attack or database leak. To address the security concerns in legacy password-based authentication, many new authentication factors are introduced, such as PINs (Personal Identification Numbers) delivered through out-of-band channels, human biometrics and hardware tokens. However, each of these authentication factors has its own inherent weaknesses and security limitations. For example, phishing is still effective even when using out-of-band-channels to deliver PINs (Personal Identification Numbers). In this dissertation, three types of secure entity authentication schemes are developed to alleviate the weaknesses and limitations of existing authentication mechanisms: (1) End user authentication scheme based on Network Round-Trip Time (NRTT) to complement location based authentication mechanisms; (2) Apache Hadoop authentication mechanism based on Trusted Platform Module (TPM) technology; and (3) Web server authentication mechanism for phishing detection with a new detection factor NRTT. In the first work, a new authentication factor based on NRTT is presented. Two research challenges (i.e., the secure measurement of NRTT and the network instabilities) are addressed to show that NRTT can be used to uniquely and securely identify login locations and hence can support location-based web authentication mechanisms. The experiments and analysis show that NRTT has superior usability, deploy-ability, security, and performance properties compared to the state-of-the-art web authentication factors. In the second work, departing from the Kerb eros-centric approach, an authentication framework for Hadoop that utilizes Trusted Platform Module (TPM) technology is proposed. It is proven that pushing the security down to the hardware level in conjunction with software techniques provides better protection over software only solutions. The proposed approach provides significant security guarantees against insider threats, which manipulate the execution environment without the consent of legitimate clients. Extensive experiments are conducted to validate the performance and the security properties of the proposed approach. Moreover, the correctness and the security guarantees are formally proved via Burrows-Abadi-Needham (BAN) logic. In the third work, together with a phishing victim identification algorithm, NRTT is used as a new phishing detection feature to improve the detection accuracy of existing phishing detection approaches. The state-of-art phishing detection methods fall into two categories: heuristics and blacklist. The experiments show that the combination of NRTT with existing heuristics can improve the overall detection accuracy while maintaining a low false positive rate. In the future, to develop a more robust and efficient phishing detection scheme, it is paramount for phishing detection approaches to carefully select the features that strike the right balance between detection accuracy and robustness in the face of potential manipulations. In addition, leveraging Deep Learning (DL) algorithms to improve the performance of phishing detection schemes could be a viable alternative to traditional machine learning algorithms (e.g., SVM, LR), especially when handling complex and large scale datasets

Rootkit Guard (RG) - an architecture for rootkit resistant file-system implementation based on TPM

Recent rootkit-attack mitigation work neglected to address the integrity of the mitigation tool itself. Both detection and prevention arms of current rootkit-attack mitigation solutions can be given credit for the advancement of multiple methodologies for rootkit defense but if the defense system itself is compromised, how is the defense system to be trusted? Another deficiency not addressed is how platform integrity can be preserved without availability of current RIDS or RIPS solutions, which operate only upon the loading of the kernel i.e. without availability of a trusted boot environment. To address these deficiencies, we present our architecture for solving rootkit persistence – Rootkit Guard (RG). RG is a marriage between TrustedGRUB (providing trusted boot), IMA (Integrity Measurement Architecture) (serves as RIDS) and SELinux (serves as RIPS). TPM hardware is utilised to provide total integrity of our platform via storage of the aggregate of the clean snapshot of our platform OS kernel into TPM hardware registers (i.e. the PCR) – of which no software attacks have been demonstrated to date. RG solves rootkit persistence by leveraging on one vital but simple strategy: the mounting of rootkit defense via prevention of the execution of configuration binaries or build initialisation scripts. We adopted the technique of rootkit persistence prevention via thwarting the initialisation of a rootkit’s installation procedure; if the rootkit is successfully installed, proper deployment via thwarting of the rootkit’s configuration is prevented. We had subjected the RG to 8 real world Linux 2.6 rootkits and the RG was successful in solving rootkit persistence in all 8 evaluated rootkits. In terms of performance, the RG introduced a maximum of 11% overhead and an average of 4% overhead, hence permitting deployment in production environments

Privacy in cloud computing

Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2010O paradigma cloud computing está progressivamente a integrar-se nas tecnologias de informação e é também visto por muitos como a próxima grande viragem na indústria da computação. A sua integração significa grandes alterações no modo como olhamos para a segurança dos dados de empresas que decidem confiar informação confidencial aos fornecedores de serviços cloud. Esta alteração implica um nível muito elevado de confiança no fornecedor do serviço. Ao mudar para a cloud, uma empresa relega para o fornecedor do serviço controlo sobre os seus dados, porque estes vão executar em hardware que é propriedade do fornecedor e sobre o qual a empresa não tem qualquer controlo. Este facto irá pesar muito na decisão, de mudar para a cloud, de empresas que tratam informação delicada (p.ex., informação médica ou financeira). Neste trabalho propomos demonstrar de que forma um administrador malicioso, com acesso ao hardware do fornecedor, consegue violar a privacidade dos dados que o utilizador da cloud confiou ao prestador desses serviços. Definimos como objectivo uma análise detalhada de estratégias de ataque que poderão ajudar um administrador malicioso a quebrar a privacidade de clientes da cloud, bem como a eficácia demonstrada contra esses mesmos ataques por mecanismos de protecção já propostos para a cloud. Pretendemos que este trabalho seja capaz de alertar a comunidade científica para a gravidade dos problemas de segurança que actualmente existem na cloud e, que ao mesmo tempo, sirva como motivação para uma acção célere desta, de forma a encontrar soluções para esses problemas.The paradigm of cloud computing is progressively integrating itself in the Information Technology industry and it is also seen by many experts as the next big shift in this industry. This integration implies considerable alterations in the security schemes used to ensure that the privacy of confidential information, companies entrust to the cloud provider, is kept. It also means that the level of trust in the cloud provider must be considerably high. When moving to the cloud, a company relinquishes control over its data to the cloud provider. This happens because, when operating in the cloud, the data is going to execute on top of the hardware owned by the cloud provider and, in this scenario, the client has no control over that hardware. Companies that deal with sensitive data (e.g., medical or financial records) have to weigh the importance of this problem when considering moving their data to the cloud. In this work, we provide a demonstration of how a malicious administrator, with access to the hardware of the cloud provider, is capable of violating the privacy of the data entrusted to the cloud provider by his clients. Our objective is to offer a detailed analysis of attack strategies that can be used by a malicious administrator to break the privacy of cloud clients, as well as the level of efficacy demonstrated by some protection mechanism that have already been proposed for the cloud. We also hope that this work is capable of capturing the attention of the research community to the security problems existent in the cloud and, that at the same time, it works as a motivation factor for a prompt action in order to find solutions for these problems