170 research outputs found
Keys in the Clouds: Auditable Multi-device Access to Cryptographic Credentials
Personal cryptographic keys are the foundation of many secure services, but
storing these keys securely is a challenge, especially if they are used from
multiple devices. Storing keys in a centralized location, like an
Internet-accessible server, raises serious security concerns (e.g. server
compromise). Hardware-based Trusted Execution Environments (TEEs) are a
well-known solution for protecting sensitive data in untrusted environments,
and are now becoming available on commodity server platforms.
Although the idea of protecting keys using a server-side TEE is
straight-forward, in this paper we validate this approach and show that it
enables new desirable functionality. We describe the design, implementation,
and evaluation of a TEE-based Cloud Key Store (CKS), an online service for
securely generating, storing, and using personal cryptographic keys. Using
remote attestation, users receive strong assurance about the behaviour of the
CKS, and can authenticate themselves using passwords while avoiding typical
risks of password-based authentication like password theft or phishing. In
addition, this design allows users to i) define policy-based access controls
for keys; ii) delegate keys to other CKS users for a specified time and/or a
limited number of uses; and iii) audit all key usages via a secure audit log.
We have implemented a proof of concept CKS using Intel SGX and integrated this
into GnuPG on Linux and OpenKeychain on Android. Our CKS implementation
performs approximately 6,000 signature operations per second on a single
desktop PC. The latency is in the same order of magnitude as using
locally-stored keys, and 20x faster than smart cards.Comment: Extended version of a paper to appear in the 3rd Workshop on
Security, Privacy, and Identity Management in the Cloud (SECPID) 201
A Trusted and Privacy-Enhanced In-Memory Data Store
The recent advent of hardware-based trusted execution environments provides isolated
execution, protected from untrusted operating systems, allowing for the establishment
of hardware-shielded trust computing base components. As the processor provides such
a “shielded” trusted execution environment (TEE), their use will allow users to run appli cations securely, for example on the remote cloud servers, whose operating systems and
hardware are exposed to potentially malicious remote attackers, non-controlled system
administrators and staff from the cloud providers. On the other hand, Linux containers
managed by Docker or Kubernetes are interesting solutions to provide lower resource
footprints, faster and flexible startup times, and higher I/O performance, compared with
virtual machines (VM) enabled by hypervisors. However, these solutions suffer from soft ware kernel mechanisms, easier to be compromised in confidentiality and integrity as sumptions of supported application data. In this dissertation we designed, implemented
and evaluated a Trusted and Privacy-Enhanced In-Memory Data Store, making use of a
hardware-shielded containerised OS-library to support its trust-ability assumptions. To
support large datasets, requiring data to be mapped outside those hardware-enabled con tainers, our solution uses partial homomorphic encryption, allowing trusted operations
executed in the protected execution environment to manage in-memory always-encrypted
data, that can be or not mapped inside the TEE.Os recentes avanços de ambientes de execução confiáveis baseados em hardware fornecem execução isolada, protegida contra sistemas operativos não confiáveis, permitindo o
estabelecimento de componentes base de computação de confiança protegidos por hardware. Como o processador fornece esses ambientes de execução confiável e "protegida"
(TEE), o seu uso permitirá que os utilizadores executem aplicações com segurança, por
exemplo em servidores cloud remotos, cujos sistemas operativos e hardware estão expostos a atacantes potencialmente maliciosos assim como administradores de sistema não
controlados e membros empregados dos sistemas de cloud. Por outro lado, os containers
Linux geridos por sistemas Docker ou Kubernetes são soluções interessantes para poupar
recursos físicos, obter tempos de inicialização mais rápidos e flexíveis e maior desempenho de I/O (interfaces de entrada e saída), em comparação com as tradicionais máquinas
virtuais (VM) activadas pelos hipervisores. No entanto, essas soluções sofrem com software e mecanismos de kernel mais fáceis de comprometerem os dados das aplicações na
sua integridade e privacidade.
Nesta dissertação projectamos, implementamos e avaliamos um Sistema de Armazenamento de Dados em Memória Confiável e Focado na Privacidade, utilizando uma
biblioteca conteinerizada e protegida por hardware para suportar as suas suposições de
capacidade de confiança. Para oferecer suporte para grandes conjuntos de dados, exigindo assim que os dados sejam mapeados fora dos containers seguros pelo hardware,
a solução utiliza encriptação homomórfica parcial, permitindo que operações executadas no ambiente de execução protegido façam gestão de dados na memória que estão
permanentemente cifrados, estando eles mapeados dentro ou fora dos containers seguros
SEEDS: Secure Decentralized Storage for Authentication Material
Applications that use passwords or cryptographic keys to authenticate users or perform cryptographic operations rely on centralized solutions. Trusted Platform Modules (TPMs) do not offer a way to replicate material, making accessing this information in a heterogeneous environment difficult. Meanwhile, remote services require a constant network connection and are a central point of failure.
We present SEEDS, a secure decentralized multi-user data store that generates, stores, and operates on users’ authentication material such as passwords and cryptographic keys on local machines. To ensure the confidentiality and integrity of user accounts and cryptographic keys, SEEDS leverages Intel SGX—a hardware-based trusted execution environment, to store and operate on this data while protecting from a compromised host. We support user-defined policies that restrict users’ operations to protect against a malicious user attempting to access data without sufficient privileges. In addition, we replicate data across machines to improve accessibility and support offline participants for high availability. We implement the storage data structure using Conflict Free Replicated Data Types (CRDTs) to replicate data, recover from network partitions gracefully and offer a horizontally scalable system.
We developed two applications that demonstrate the benefits of our system. First, we address centralized user authentication issues by implementing a database module that replaces and decentralizes LDAP user authentication. Next, we improve the management of users’ cryptographic keys by developing a software U2F token that replicates this material across machines for high availability
SGXIO: Generic Trusted I/O Path for Intel SGX
Application security traditionally strongly relies upon security of the
underlying operating system. However, operating systems often fall victim to
software attacks, compromising security of applications as well. To overcome
this dependency, Intel introduced SGX, which allows to protect application code
against a subverted or malicious OS by running it in a hardware-protected
enclave. However, SGX lacks support for generic trusted I/O paths to protect
user input and output between enclaves and I/O devices.
This work presents SGXIO, a generic trusted path architecture for SGX,
allowing user applications to run securely on top of an untrusted OS, while at
the same time supporting trusted paths to generic I/O devices. To achieve this,
SGXIO combines the benefits of SGX's easy programming model with traditional
hypervisor-based trusted path architectures. Moreover, SGXIO can tweak insecure
debug enclaves to behave like secure production enclaves. SGXIO surpasses
traditional use cases in cloud computing and makes SGX technology usable for
protecting user-centric, local applications against kernel-level keyloggers and
likewise. It is compatible to unmodified operating systems and works on a
modern commodity notebook out of the box. Hence, SGXIO is particularly
promising for the broad x86 community to which SGX is readily available.Comment: To appear in CODASPY'1
- …