Keys in the Clouds: Auditable Multi-device Access to Cryptographic Credentials

Personal cryptographic keys are the foundation of many secure services, but storing these keys securely is a challenge, especially if they are used from multiple devices. Storing keys in a centralized location, like an Internet-accessible server, raises serious security concerns (e.g. server compromise). Hardware-based Trusted Execution Environments (TEEs) are a well-known solution for protecting sensitive data in untrusted environments, and are now becoming available on commodity server platforms. Although the idea of protecting keys using a server-side TEE is straight-forward, in this paper we validate this approach and show that it enables new desirable functionality. We describe the design, implementation, and evaluation of a TEE-based Cloud Key Store (CKS), an online service for securely generating, storing, and using personal cryptographic keys. Using remote attestation, users receive strong assurance about the behaviour of the CKS, and can authenticate themselves using passwords while avoiding typical risks of password-based authentication like password theft or phishing. In addition, this design allows users to i) define policy-based access controls for keys; ii) delegate keys to other CKS users for a specified time and/or a limited number of uses; and iii) audit all key usages via a secure audit log. We have implemented a proof of concept CKS using Intel SGX and integrated this into GnuPG on Linux and OpenKeychain on Android. Our CKS implementation performs approximately 6,000 signature operations per second on a single desktop PC. The latency is in the same order of magnitude as using locally-stored keys, and 20x faster than smart cards.Comment: Extended version of a paper to appear in the 3rd Workshop on Security, Privacy, and Identity Management in the Cloud (SECPID) 201

SoK: A Systematic Review of TEE Usage for Developing Trusted Applications

Trusted Execution Environments (TEEs) are a feature of modern central processing units (CPUs) that aim to provide a high assurance, isolated environment in which to run workloads that demand both confidentiality and integrity. Hardware and software components in the CPU isolate workloads, commonly referred to as Trusted Applications (TAs), from the main operating system (OS). This article aims to analyse the TEE ecosystem, determine its usability, and suggest improvements where necessary to make adoption easier. To better understand TEE usage, we gathered academic and practical examples from a total of 223 references. We summarise the literature and provide a publication timeline, along with insights into the evolution of TEE research and deployment. We categorise TAs into major groups and analyse the tools available to developers. Lastly, we evaluate trusted container projects, test performance, and identify the requirements for migrating applications inside them.Comment: In The 18th International Conference on Availability, Reliability and Security (ARES 2023), August 29 -- September 01, 2023, Benevento, Italy. 15 page

Mitigator: Privacy policy compliance using Intel SGX

Privacy policies have been known to be hard to read and understand by internet users and yet users are obliged to accept these one-sided terms of usage of their data before they can effectively use websites. Although research has been conducted into alternative representations of privacy policies, it does not consider whether the website provider actually adheres to the data handling practices outlined in the privacy policy. However, there has been significant research towards achieving compliance of internal processing systems to access control policies that capture some aspects of privacy policies, such as those related to confidentiality of collected information, the time period of its retention, and its disclosure to third parties. Apart from the fact that these access control policies may not be designed to be translatable to machine-readable or simplified text policies, such systems suffer from two related drawbacks: first, they assume a large trusted computing base (TCB) and in particular, the operating system is included within their TCB. Secondly, as they are only aimed at achieving compliance of different internal data processing systems to these access control policies, they do not seek to provide users of any proof of a compliant system. On the other hand, trusted hardware seeks to reduce the TCB on a remote machine that a user needs to trust in order to run a program and obtain its results. Trusted hardware platforms provide two novel security properties: they disallow a malicious operating system from learning secrets from the program state and secondly, they allow the user to verify that the OS has not modified the program before or while running it, as long as the user trusts the hardware platform. Our goal is to design an architecture that uses an underlying trusted hardware platform to run a program, named the decryptor, that only hands users' data to a target program that has been determined to be compliant with a privacy policy model. As both of these programs are run on a trusted hardware platform, users can verify that the decryptor is indeed the correct, unmodified program. Most importantly, in our architecture, we provide trustworthy information about the verifier program used on the server side to a client program such that it can ensure that the target program has been checked for compliance with a privacy policy model by a valid verifier program. Such a verifier program should be made open-sourced so that it can be checked by experts. Our second contribution lies in implementing this architecture on the Intel SGX hardware platform, using a shim layer, namely the Graphene-SGX library. Finally, we also evaluate our system for its efficiency and find that it has a very small overhead in comparison with a setup that does not provide such guarantees

Towards more Secure and Efficient Password Databases

Password databases form one of the backbones of nowadays web applications. Every web application needs to store its users’ credentials (email and password) in an efficient way, and in popular applications (Google, Facebook, Twitter, etc.) these databases can grow to store millions of user credentials simultaneously. However, despite their critical nature and susceptibility to targeted attacks, the techniques used for securing password databases are still very rudimentary, opening the way to devastating attacks. Just in the year of 2016, and as far as publicly disclosed, there were more than 500 million passwords stolen in internet hacking attacks. To solve this problem we commit to study several schemes like property-preserving encryption schemes (e.g. deterministic encryption), encrypted data-structures that support operations (e.g. searchable encryption), partially homomorphic encryption schemes, and commodity trusted hardware (e.g. TPM and Intel SGX). In this thesis we propose to make a summary of the most efficient and secure techniques for password database management systems that exist today and recreating them to accommodate a new and simple universal API. We also propose SSPM(Simple Secure Password Management), a new password database scheme that simultaneously improves efficiency and security of current solutions existing in literature. SSPM is based on Searchable Symmetric Encryption techniques, more specifically ciphered data structures, that allow efficient queries with the minimum leak of access patterns. SSPM adapts these structures to work with the necessary operation of password database schemes preserving the security guarantees. Furthermore, SSPM explores the use of trusted hardware to minimize the revelation of access patterns during the execution of operations and protecting the storage of cryptographic keys. Experimental results with real password databases shows us that SSPM has a similar performance compared with the solutions used today in the industry, while simultaneous increasing the offered security conditions

TMPS: Ticket-Mediated Password Strengthening

We introduce the notion of Ticket-Mediated Password Strengthening (TMPS), a technique for allowing users to derive keys from passwords while imposing a strict limit on the number of guesses of their password any attacker can make, and strongly protecting the users\u27 privacy. We describe the security requirements of TMPS, and then a set of efficient and practical protocols to implement a TMPS scheme, requiring only hash functions, CCA2-secure encryption, and blind signatures. We provide several variant protocols, including an offline symmetric-only protocol that uses a local trusted computing environment, and online variants that use group signatures or stronger trust assumptions instead of blind signatures. We formalize the security of our scheme by defining an ideal functionality in the Universal Composability (UC) framework, and by providing game-based definitions of security. We prove that our protocol realizes the ideal functionality in the random oracle model (ROM) under adaptive corruptions with erasures, and prove that security with respect to the ideal/real definition implies security with respect to the game-based definitions

Privacy Preserving Deep Neural Network Prediction using Trusted Hardware

In recent years machine learning has gained a lot of attention not only in the scientific community but also in user-facing applications. Today, many applications utilise machine learning to take advantage of its capabilities. With such applications, users actively or passively input data that is used by state-of-the-art algorithms to generate accurate predictions. Due to the extensive work necessary to fine-tune these algorithms for a specific task, they are predominantly executed in the cloud where they can be protected from competitors or malicious users. As a result, users' privacy might be at risk as their data is sent to and processed by remote cloud services. Depending on the application, users might expose highly sensitive data, meaning a malicious provider could harvest extensive amounts of personal data from its users. In order to protect user privacy without compromising the confidentiality guarantees of traditional solutions, we propose using trusted hardware for privacy preserving deep neural network predictions. Our solution consists of a hardware-backed prediction service and a client device that connects to said service. All machine learning computations executed by the prediction service that depend on input data are protected by a trusted hardware component, called a Trusted Execution Environment. This can be verified by users via remote attestation to ensure their data remains protected. In addition, we have built a proof-of-concept implementation of our solution using Intel Software Guard Extensions (SGX). Compared to existing solutions relying on homomorphic encryption, our proof-of-concept implementation vastly increases the set of supported machine learning algorithms. Moreover, our implementation is tightly integrated into the existing pipeline of machine learning tools by supporting the Open Neural Network Exchange (ONNX) Format. Furthermore, we focus on minimising our Trusted Computing Base (TCB), thus our proof-of-concept implementation only consists of 4,500 lines of code. Additionally, we achieve a 7x increase in throughput whilst decreasing the latency 40x compared to prior work. In our tests, SGX reduced throughput by 11% and increased latency by 21% compared to our baseline implementation without SGX

Modelos de gerenciamento de enclaves para execução segura de componentes de software

Orientador: Carlos Alberto MazieroTese (doutorado) - Universidade Federal do Paraná, Setor de Ciências Exatas, Programa de Pós-Graduação em Informática. Defesa : Curitiba, 04/12/2020Inclui referências: p. 106-115Área de concentração: Ciência da ComputaçãoResumo: A confidencialidade dos dados está se mostrando cada vez mais importante para os usuários de computadores, seja em um ambiente corporativo ou até mesmo em um ambiente doméstico. Atualmente, não somente dados sensíveis às empresas estão trafegando pela rede ou sendo manipulados pelos mais diversos programas de computador, mas também tem-se um intenso uso de aplicações para transações bancárias e outras aplicações de uso corriqueiro que manipulam dados sensíveis dos usuários, os quais devem ter sua confidencialidade e integridade garantidas. Nesse sentido, tem-se variadas soluções sendo propostas para manter a confidencialidade e integridade dos dados, dentre elas a arquitetura Intel SGX (Software Guard Extensions), a qual possui mecanismos para que as aplicações e os dados sejam encapsulados em uma área protegida da memória com acesso restrito, impossibilitando o acesso nessa região de memória a outras aplicações ou ao próprio sistema operacional. A utilização de tais mecanismos para prover a confidencialidade e integridade dos dados sensíveis da aplicação acarreta em um impacto de desempenho durante a sua execução, devido às restrições e verificações impostas pela arquitetura Intel SGX. O presente trabalho busca analisar os modelos de programação que são aplicados em soluções que utilizam a arquitetura Intel SGX e apresentar alternativas que buscam um uso mais eficiente dos recursos providos por tal arquitetura e também a redução do impacto de desempenho decorrente de sua utilização. Assim, são apresentados dois modelos de gerenciamento: (i) compartilhamento de enclaves; e (ii) pool de enclaves. Para a aplicação de tais modelos, é proposta uma arquitetura de um provedor de enclaves, que oferece um desacoplamento entre o enclave e a aplicação que o utiliza, permitindo aplicar os modelos de gerenciamento propostos e oferecer os recursos providos pelos enclaves às aplicações na forma de serviços. Um protótipo é construído para avaliar a arquitetura e modelos propostos, com os testes de desempenho demonstrando consideráveis reduções no impacto para requisição de enclaves, enquanto garante boa resposta para atender múltiplas requisições simultâneas. Assim, conclui-se que a utilização de modelos arquiteturais de software podem trazer benefícios no gerenciamento de recursos e ganho de desempenho na execução de aplicações seguras. Palavras-chave: Intel SGX, modelos de programação, arquitetura de software, padrões de projeto, desempenho, otimização de recursos.Abstract: Data confidentiality is becoming increasingly important to computer users, whether in a corporate environment or even in a home environment. Not only are business-sensitive data currently being trafficked across the network or being handled by a variety of software, but there is also an intense use of applications for banking transactions and other commonly used applications that manipulate sensitive user data, which must have their confidentiality and integrity guaranteed. In this sense, there are several solutions being proposed to maintain the confidentiality and integrity of the data, among them the Intel SGX (Software Guard Extensions) architecture, which has mechanisms to encapsulate applications and data in a protected area of memory having restricted access, making it impossible to access this region of memory to other applications or to the operating system. The use of such mechanisms to provide the confidentiality and integrity of sensitive data results in a performance impact during the application execution, due to the restrictions and verifications imposed by the Intel SGX architecture. The present work aims to analyze the programming models that are applied in solutions that use the Intel SGX architecture and present alternatives that seek a more efficient use of the resources provided by this architecture and also the reduction of the performance impact due to its use. Thus, two management models are presented: (i) enclave sharing; and (ii) enclave pool. In order to apply such models, an architecture of an enclave provider is proposed, which offers a decoupling between the enclave and the application that uses it, allowing to apply the proposed management models and offering the resources provided by the enclaves to the applications in "as a service" format. A prototype is built to evaluate the proposed architecture and models, with the performance tests demonstrating considerable reductions in the impact for enclave requests, while guaranteeing good response to attend simultaneous requests. Thus, it is concluded that the use of architectural software models can bring benefits in resource management and performance gains in the execution of secure applications. Keywords: Intel SGX, programming models, software architecture, design patterns, performance, resource optimization