50 research outputs found
Citizen Electronic Identities using TPM 2.0
Electronic Identification (eID) is becoming commonplace in several European
countries. eID is typically used to authenticate to government e-services, but
is also used for other services, such as public transit, e-banking, and
physical security access control. Typical eID tokens take the form of physical
smart cards, but successes in merging eID into phone operator SIM cards show
that eID tokens integrated into a personal device can offer better usability
compared to standalone tokens. At the same time, trusted hardware that enables
secure storage and isolated processing of sensitive data have become
commonplace both on PC platforms as well as mobile devices.
Some time ago, the Trusted Computing Group (TCG) released the version 2.0 of
the Trusted Platform Module (TPM) specification. We propose an eID architecture
based on the new, rich authorization model introduced in the TCGs TPM 2.0. The
goal of the design is to improve the overall security and usability compared to
traditional smart card-based solutions. We also provide, to the best our
knowledge, the first accessible description of the TPM 2.0 authorization model.Comment: This work is based on an earlier work: Citizen Electronic Identities
using TPM 2.0, to appear in the Proceedings of the 4th international workshop
on Trustworthy embedded devices, TrustED'14, November 3, 2014, Scottsdale,
Arizona, USA, http://dx.doi.org/10.1145/2666141.266614
C-FLAT: Control-FLow ATtestation for Embedded Systems Software
Remote attestation is a crucial security service particularly relevant to
increasingly popular IoT (and other embedded) devices. It allows a trusted
party (verifier) to learn the state of a remote, and potentially
malware-infected, device (prover). Most existing approaches are static in
nature and only check whether benign software is initially loaded on the
prover. However, they are vulnerable to run-time attacks that hijack the
application's control or data flow, e.g., via return-oriented programming or
data-oriented exploits. As a concrete step towards more comprehensive run-time
remote attestation, we present the design and implementation of Control- FLow
ATtestation (C-FLAT) that enables remote attestation of an application's
control-flow path, without requiring the source code. We describe a full
prototype implementation of C-FLAT on Raspberry Pi using its ARM TrustZone
hardware security extensions. We evaluate C-FLAT's performance using a
real-world embedded (cyber-physical) application, and demonstrate its efficacy
against control-flow hijacking attacks.Comment: Extended version of article to appear in CCS '16 Proceedings of the
23rd ACM Conference on Computer and Communications Securit
Color My World: Deterministic Tagging for Memory Safety
Hardware-assisted memory protection features are increasingly being deployed
in COTS processors. ARMv8.5 Memory Tagging Extensions (MTE) is a recent
example, which has been used to provide probabilistic checks for memory safety.
This use of MTE is not secure against the standard adversary with arbitrary
read/write access to memory. Consequently MTE is used as a software development
tool. In this paper we present the first design for deterministic memory
protection using MTE that can resist the standard adversary, and hence is
suitable for post-deployment memory safety. We describe our compiler extensions
for LLVM Clang implementing static analysis and subsequent MTE instrumentation.
Via a comprehensive evaluation we show that our scheme is effective
Trusted Hart for Mobile RISC-V Security
The majority of mobile devices today are based on Arm architecture that
supports the hosting of trusted applications in Trusted Execution Environment
(TEE). RISC-V is a relatively new open-source instruction set architecture that
was engineered to fit many uses. In one potential RISC-V usage scenario, mobile
devices could be based on RISC-V hardware.
We consider the implications of porting the mobile security stack on top of a
RISC-V system on a chip, identify the gaps in the open-source Keystone
framework for building custom TEEs, and propose a security architecture that,
among other things, supports the GlobalPlatform TEE API specification for
trusted applications. In addition to Keystone enclaves the architecture
includes a Trusted Hart -- a normal core that runs a trusted operating system
and is dedicated for security functions, like control of the device's keystore
and the management of secure peripherals.
The proposed security architecture for RISC-V platform is verified
experimentally using the HiFive Unleashed RISC-V development board.Comment: This is an extended version of a paper that has been published in
Proceedings of TrustCom 202
Programvarusystem för sÀkra processorarkitekturer
Processor hardware support for security dates back to the 1970s, and such features were then primarily used for hardening operating systems. This idea has re-emerged as hardware security features in contemporary cost-efficient mobile processors. These support specific operating-system functionality such as communication stack isolation and identity binding, which are needed on mobile devices to satisfy regulatory requirements for e.g. cellular phones.
This thesis builds on these hardware security features to implement a generic trusted execution environment (TEE) that can be used for a larger variety of applications. We present software building blocks and infrastructure for isolated trustworthy execution on these hardware environments. The goal is to achieve the same level of isolation as in smart cards or trusted platform modules implemented as separate integrated circuits. The thesis contributes to the state of the art in several ways: We present mechanisms for isolated piecemeal execution of code and processing of data in these very memory-constrained hardware environments. Isolation, freshness and data commit guarantees are provided by cryptographic means. We present security proofs for selected cryptographic primitives used in this hardware context. The thesis also improves on the integrity guarantees of contemporary processor support by implementing rollback protection even when the device is powered down. This is done by combining the security functionality of the processor with auxilliary hardware and firmware logic. We advance the understanding of trusted execution by describing a minimal set of hardware trust roots needed to implement an engine for isolated execution.
Ideally, advancement of computer science can be translated into implementable designs with real-world impact. The mechanims presented in this thesis were implemented and deployed in the On-board Credentials (ObC) architecture, and partly standardized as features for the Mobile Trusted Module (MTM). These technologies enable implementation of isolated execution at significant cost savings compared to the deployment of discrete hardware components. The MTM specification, co-designed by the author, is the first global security standard that provides an adaptation to processor hardware mechanisms for isolated execution. The TEE part of On-board Credentials, designed and implemented by the author, is deployed in more than 100 million devices in the field, and has already been used in several public trials and demonstrations of end-user applications. Both ObC and MTM rely on the results of this thesis research. ăProcessorstöd för sĂ€kerhet introducerades pĂ„ 1970-talet, frĂ€mst för att förbĂ€ttra operativsystemens intergritet. Med de öppna PC-plattformernas genombrott försvann dessa mekanismer för nĂ„gra tiotal Ă„r, men motsvarande mekanismer togs Ă„ter i bruk för omkring tio Ă„r sedan i mobila hĂ„rdvaruplattformer, nu frĂ€mst för att garantera protokollintegritet för kommunikation och för att binda upp den mobila hĂ„rdvarans identitet - typiska villkor för att kunna erhĂ„lla t.ex. radiolicens för en mobiltelefon.
Denna avhandling bygger frÄn dessa existerande hÄrdvarumekanismer och presenterar programvarubyggstenar för att kunna implementera sÀker, isolerad tolkning av programvara i en arkitektur som externt motsvarar en diskret hÄrdvarukomponent sÄsom t.ex. ett smartkort. Avhandlingen bidrar till den senaste kunskapen frÄn mÄnga infallsvinklar. Den presenterar mekanismer för isolerad tolkning av programvara och associerad data i stycken i dessa högst begrÀnsade omgivningar, dÀr garantierna för isolation, versionshantering och dataflöde mÄste byggas upp med kryptografiska metoder. Avhandlingen bidrar ocksÄ med sÀkerhetsbevis för valda kryptografiska algoritmer i denna omgivning. Vi förbÀttrar nivÄn av off-line integritet med att presentera en lösning dÀr det sÀkra processorstödet kombineras med extern, diskret logik för att sÀkra mot rollback. Avhandlingen presenterar Àven en minimal uppsÀttning av sÀkerhetsfundament som en processor mÄste stöda i hÄrdvara för att isolerad tolkning skall kunna implementeras. Den beskriver ocksÄ tvÄ arkitekturer som uppbyggts baserat pÄ de byggstenar som presenteras i denna avhandling, och vilka var för sig erbjuder grÀnssnitt för mobilapplikationer och i sista hand anvÀndare.
Sin största verkan fÄr datavetenskapen nÀr den ibruktas medelst implementationer. Byggstenarna som presenteras i denna avhandling möjliggör isolerad programvarutolkning till en betydligt lÀgre kostnad Àn vad som Àr möjligt med diskret hÄrvara, t.ex. smartkort. Författaren har aktivt bidragit till standarden Mobile Trusted Module (MTM) - den första globala sÀkerhetsstandarden som definierar och möjliggör en adaptering baserad pÄ isolation byggd utgÄende frÄn processorer med sÀkerhetsfunktioner. SÀkerhetskÀrnan i OnBoard Credentials arkitekturen, som planerats och implementerats av författaren, finns tillgÀnglig i över 100 miljoner mobiltelefoner, och har redan anvÀnts i flera publika forskningsprojekt och demonstrationer. BÄda dessa arkitekturer baserar sig pÄ metodologi och Àven programvara som hÀrrör sig frÄn denna avhandling