Uni-directional Trusted Path: Transaction Confirmation on Just One Device

Similar documents
Patterns for Secure Boot and Secure Storage in Computer Systems

Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution

Digital Rights Management Demonstrator

Building Blocks Towards a Trustworthy NFV Infrastructure

Property Based TPM Virtualization

Securing the E-Health Cloud

KASPERSKY FRAUD PREVENTION FOR ENDPOINTS

Secure Data Management in Trusted Computing

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

Embedding Trust into Cars Secure Software Delivery and Installation

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

Chapter 1: Introduction

SecureSwitch: BIOS-Assisted Isolation and Switch between Trusted and Untrusted Commodity OSes!

Securing Network Input via a Trusted Input Proxy

Parental controls NOTICE TO PARENTS. Vita system before allowing your child to play. Set parental controls on the PlayStation (1)

NSi Mobile Installation Guide. Version 6.2

One-Stop Intel TXT Activation Guide

USB Portable Storage Device: Security Problem Definition Summary

A Proxy-Based Data Security Solution in Mobile Cloud

Index. BIOS rootkit, 119 Broad network access, 107

Compulink Advantage Cloud sm Software Installation, Configuration, and Performance Guide for Windows

How To Test Your Web Site On Wapt On A Pc Or Mac Or Mac (Or Mac) On A Mac Or Ipad Or Ipa (Or Ipa) On Pc Or Ipam (Or Pc Or Pc) On An Ip

Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere

Angel Dichev RIG, SAP Labs

Intel Identity Protection Technology with PKI (Intel IPT with PKI)

Intel Embedded Virtualization Manager

End User Devices Security Guidance: Apple OS X 10.10

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

One-Stop Intel TXT Activation Guide


Start building a trusted environment now... (before it s too late) IT Decision Makers

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust. Dan Griffin DefCon 2013

Firewalls. Chapter 3

This document is intended to make you familiar with the ServersCheck Monitoring Appliance


Penetration Testing Windows Vista TM BitLocker TM

Hardware Security for Device Authentication in the Smart Grid

UNCLASSIFIED Version 1.0 May 2012

Trusted Virtual Machine Management for Virtualization in Critical Environments

Compulink Advantage Online TM

Integration Guide. Microsoft Active Directory Rights Management Services (AD RMS) Microsoft Windows Server 2008

A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1

Windows Server Virtualization & The Windows Hypervisor

PrivateServer HSM Integration with Microsoft IIS

MAC Web Based VPN Connectivity Details and Instructions

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation

TPM Key Backup and Recovery. For Trusted Platforms

LBSEC.

Using RD Gateway with Azure Multifactor Authentication

Customer Release Notes for Xerox Integrated Fiery Color Server for the Xerox Color C75 Press, version 1.0

Secure Web Access Solution

How to Secure Infrastructure Clouds with Trusted Computing Technologies

Spyware Doctor Enterprise Technical Data Sheet

Guardian: Hypervisor as Security Foothold for Personal Computers

M-Shield mobile security technology

Attestation and Authentication Protocols Using the TPM

Network Licensing. White Paper 0-15Apr014ks(WP02_Network) Network Licensing with the CRYPTO-BOX. White Paper

BitDefender Security for Exchange

BioCatch Fraud Detection CHECKLIST. 6 Use Cases Solved with Behavioral Biometrics Technology

New Systems and Services Security Guidance

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken

Procedure for How to Enroll for Digital Signature

Avaya TM G700 Media Gateway Security. White Paper

Avaya G700 Media Gateway Security - Issue 1.0

That Point of Sale is a PoS

2. Installation and System requirements

Agilent System Protocol Test Release Note

Citrix XenClient 1.0

Hardware Security Modules for Protecting Embedded Systems

WIND RIVER SECURE ANDROID CAPABILITY

Windows Web Based VPN Connectivity Details & Instructions

Shakambaree Technologies Pvt. Ltd.

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Secure Messaging Server Console... 2

Trusteer Rapport. User Guide. Version April 2014

Avira Server Security. HowTo

Protect Your Business and Customers from Online Fraud

SmartCenter for Pointsec - MI Overview

Owner of the content within this article is Written by Marc Grote

TrustDefender Mobile Technical Brief

USB Portable Storage Device: Security Problem Definition Summary

A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing

20 System Overview. Note: It is a good idea to schedule an automatic backup of your configuration. See Scheduling for details. ACP ThinManager 6.

This document is intended to make you familiar with the ServersCheck Monitoring Appliance

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

LEARNING SOLUTIONS website milner.com/learning phone

BYOD Guidance: BlackBerry Secure Work Space

CSE543 Computer and Network Security Module: Cloud Computing

NetWrix USB Blocker. Version 3.6 Administrator Guide

Windows 7. Qing Liu Michael Stevens

Remote Deposit Capture Installation Guide

TrustKey Tool User Manual

Validity 1. Improvements in STEP 7 2. Improvements in WinCC 3. Simatic. Readme. Readme

Entrust Certificate Services for Adobe CDS

Transcription:

Uni-directional Trusted Path: Transaction Confirmation on Just One Device Atanas Filyanov 1, Jonathan M. McCune 2, Ahmad-Reza Sadeghi 3, Marcel Winandy 1 1 Ruhr-University Bochum, Germany 2 Carnegie Mellon University, USA 3 Technical University Darmstadt, Germany DSN 2011-41st Annual IEEE/IFIP International Conference on Dependable Systems and Networks Hong Kong, China, 27-30 June 2011

Motivation Malware can have strong power on commodity systems Keyloggers, transaction generators,... (commit online fraud) Credit card companies, banks absorb most liabilities s have disincentive to solve the problem Even e-commerce servers are under attack! Sony: attackers have eventually stolen credit card data from several customers Recently similar attacks at other game companies 2

Motivation Malware can have strong power on commodity systems Keyloggers, transaction generators,... (commit online fraud) Credit card companies, banks absorb most liabilities s have disincentive to solve the problem Even e-commerce servers are under attack! Sony: attackers have eventually stolen credit card data from several customers Recently similar attacks at other game companies If all had used our proposed solution, there would have been no problem! :-) 2

Threat Scenario issue transaction request confirmation confirmation request transaction request confirmation confirmation Typical scenarios: online purchases, online banking, e-government, enrollment for online services, etc. 3

Threat Scenario Adversary issue transaction request confirmation confirmation request transaction request confirmation confirmation Typical scenarios: online purchases, online banking, e-government, enrollment for online services, etc. Adversary: controls network traffic and controls client system only software attacks (no hardware tampering) 3

Threat Scenario Adversary issue transaction request confirmation confirmation request transaction request confirmation confirmation Typical scenarios: online purchases, online banking, e-government, enrollment for online services, etc. Adversary: controls network traffic and controls client system only software attacks (no hardware tampering) 3

Threat Scenario Adversary issue transaction request confirmation confirmation request transaction request confirmation confirmation Typical scenarios: online purchases, online banking, e-government, enrollment for online services, etc. Adversary: controls network traffic and controls client system only software attacks (no hardware tampering) 3

Threat Scenario Adversary issue transaction request confirmation confirmation request transaction request confirmation confirmation Typical scenarios: online purchases, online banking, e-government, enrollment for online services, etc. Adversary: controls network traffic and controls client system only software attacks (no hardware tampering) 3

Threat Scenario cannot distinguish between transactions issued/ confirmed by user or malware Adversary issue? transaction request confirmation confirmation request transaction request confirmation confirmation Typical scenarios: online purchases, online banking, e-government, enrollment for online services, etc. Adversary: controls network traffic and controls client system only software attacks (no hardware tampering) 3

Our Goals Assurance to a remote server that a user indeed confirmed a proposed action Technical solution without additional devices, but compatible to existing operating systems Minimal/no deviation from normal user experience Assumption: hardware provides some form of secure execution environment 4

Our Goals Assurance to a remote server that a user indeed confirmed a proposed action Technical solution without additional devices, but compatible to existing operating systems Minimal/no deviation from normal user experience Assumption: hardware provides some form of secure execution environment Available on commodity platforms: PC: Intel TXT, AMD SVM Mobile: ARM TrustZone; Playstation3: Cell BE 4

Idea of the Uni-directional Trusted Path

Full Trusted Path Properties: 2 1 3 Application Application Application 1. Isolation of I/O channels (integrity & confidentiality) 2. Assurance for user about authenticity of application 3. Assurance for application about user-generated input 6

Trusted Path: Existing Approaches Secure GUI (reserved screen area) Requires a secure Secure Attention Sequence (e.g., Ctrl+Alt+Delete) Requires kernel to remain uncompromised Additional hardware indicators (e.g., color LED) Requires kernel to remain uncompromised 7

Trusted Path: Existing Approaches Secure GUI (reserved screen area) Requires a secure Secure Attention Sequence (e.g., Ctrl+Alt+Delete) Requires kernel to remain uncompromised Additional hardware indicators (e.g., color LED) Requires kernel to remain uncompromised No widespread adoption, or lack of interest from users (also: usability unclear) 7

Uni-directional Trusted Path (UTP) Properties: Application 3 1. Isolation of I/O channels (integrity & confidentiality) 2. Assurance for user about authenticity of application 1 UTP Agent 3. Assurance for application about user-generated input 8

Uni-directional Trusted Path (UTP) Properties: Application 3 1. Isolation of I/O channels (integrity & confidentiality) 2. Assurance for user about authenticity of application 1 UTP Agent 3. Assurance for application about user-generated input 8

Uni-directional Trusted Path (UTP) Properties: Application 3 1. Isolation of I/O channels (integrity & confidentiality) 2. Assurance for user about authenticity of application 1 UTP Agent 3. Assurance for application about user-generated input Enable remote server to gain assurance about human-initiated action Based on s capability to switch between untrusted and secure execution mode UTP is only available in : Isolated execution environment and control of user I/O devices Ability to provide evidence to remote system what has executed in this mode 8

Transaction Confirmation with UTP

Transaction Initiation Browser I/O Devices UTP Agent 10

Transaction Initiation 1. issues transaction Browser I/O Devices UTP Agent 10

Transaction Initiation 2. requests transaction 1. issues transaction Browser I/O Devices UTP Agent 10

Transaction Initiation 2. requests transaction 1. issues transaction Browser 3. requests confirmation I/O Devices UTP Agent 10

Transaction Confirmation Browser 3. requests confirmation I/O Devices 11

Transaction Confirmation Browser 3. requests confirmation I/O Devices 11

Transaction Confirmation Browser 3. requests confirmation I/O Devices UTP Agent 11

Transaction Confirmation Browser 3. requests confirmation I/O Devices UTP Agent 11

Transaction Confirmation 4. show conf. message + request confirmation Browser 3. requests confirmation I/O Devices UTP Agent 11

Transaction Confirmation 4. show conf. message + request confirmation 5. confirm/abort I/O Devices Browser UTP Agent 3. requests confirmation 11

Transaction Confirmation 4. show conf. message + request confirmation 5. confirm/abort I/O Devices Browser UTP Agent confirm/abort 3. requests confirmation 11

Transaction Confirmation 4. show conf. message + request confirmation 5. confirm/abort I/O Devices Browser UTP Agent confirm/abort 3. requests confirmation 6. attestation evidence: - UTP Agent integrity measurement - conf. message from server - confirm/abort from user 11

Transaction Confirmation 4. show conf. message + request confirmation 5. confirm/abort I/O Devices Browser UTP Agent confirm/abort 3. requests confirmation 6. attestation evidence: - UTP Agent integrity measurement - conf. message from server - confirm/abort from user Uni-directional Trusted Path 11

Transaction Confirmation 4. show conf. message + request confirmation 5. confirm/abort I/O Devices Browser UTP Agent confirm/abort 3. requests confirmation 6. attestation evidence: - UTP Agent integrity measurement - conf. message from server - confirm/abort from user 11

Transaction Confirmation 4. show conf. message + request confirmation 5. confirm/abort I/O Devices Browser UTP Agent confirm/abort 7. accept/discard 3. requests confirmation 6. attestation evidence: - UTP Agent integrity measurement - conf. message from server - confirm/abort from user 11

Transaction Confirmation 4. show conf. message + request confirmation 5. confirm/abort I/O Devices Browser 7. accept/discard 3. requests confirmation 6. attestation evidence: - UTP Agent integrity measurement - conf. message from server - confirm/abort from user 11

Transaction Confirmation 4. show conf. message + request confirmation 5. confirm/abort I/O Devices Browser 7. accept/discard 3. requests confirmation 6. attestation evidence: - UTP Agent integrity measurement - conf. message from server - confirm/abort from user 11

Transaction Confirmation 4. show conf. message + request confirmation 5. confirm/abort 8. show result I/O Devices Browser 7. accept/discard 3. requests confirmation 6. attestation evidence: - UTP Agent integrity measurement - conf. message from server - confirm/abort from user 11

Security Considerations Transaction generated by malware 1. requests transaction Browser 2. requests confirmation I/O Devices UTP Agent 12

Security Considerations Transaction generated by malware 1. requests transaction unexpected Browser 2. requests confirmation I/O Devices UTP Agent 12

Security Considerations Transaction generated by malware 1. requests transaction unexpected Browser 2. requests confirmation I/O Devices UTP Agent will notice (unexpected transaction) 12

Security Considerations Transaction manipulation + manipulated UTP agent 1. issues transaction Browser 2. requests transaction 3. requests confirmation I/O Devices UTP Agent 13

Security Considerations Transaction manipulation + manipulated UTP agent 1. issues transaction Browser 2. requests transaction 3. requests confirmation I/O Devices UTP Agent 13

Security Considerations Transaction manipulation + manipulated UTP agent 1. issues transaction Browser 2. requests transaction 3. requests confirmation I/O Devices UTP Agent 13

Security Considerations Transaction manipulation + manipulated UTP agent 1. issues transaction expected Browser 2. requests transaction 3. requests confirmation I/O Devices UTP Agent 13

Security Considerations Transaction manipulation + manipulated UTP agent 1. issues transaction expected Browser 2. requests transaction 3. requests confirmation I/O Devices UTP Agent 6. attestation evidence: - UTP Agent integrity measurement - conf. message from server - confirm/abort from user 13

Security Considerations Transaction manipulation + manipulated UTP agent 1. issues transaction expected Browser 2. requests transaction 3. requests confirmation I/O Devices UTP Agent 6. attestation evidence: - UTP Agent integrity measurement - conf. message from server - confirm/abort from user will notice and reject (UTP integrity violation) 13

Security Considerations Transaction manipulation + faked confirmation dialog 1. issues transaction Browser 2. requests transaction 3. requests confirmation I/O Devices 14

Security Considerations Transaction manipulation + faked confirmation dialog 1. issues transaction 4. faked conf. message I/O Devices Browser 2. requests transaction 3. requests confirmation 14

Security Considerations Transaction manipulation + faked confirmation dialog 1. issues transaction 4. faked conf. message I/O Devices Browser 2. requests transaction 3. requests confirmation 6. attestation evidence: -??? 14

Security Considerations Transaction manipulation + faked confirmation dialog 1. issues transaction 4. faked conf. message I/O Devices Browser 2. requests transaction 3. requests confirmation 6. attestation evidence: -??? will notice and reject (no UTP execution) 14

Setup: Device Enrollment knows that a human confirmed a transaction But how does the server know which user? Solution: binding the device to the user account Requires to register user devices in a setup phase Establishes a cryptographic credential to perform login (e.g. public key protected by ) Protects against misuse of stolen account data! Attackers cannot use data (e.g. credit card number) because their devices are not registered with that account at the server 15

Realization of UTP

PC-Based Implementation Evidence attestation: Trusted Platform Module (TPM) Hardware root of trust (secure storage for keys; cryptographic operations) PCRs: registers that can be extended with integrity measurements of code Attestation: cryptographic signature of PCRs with a TPM-protected key : Intel Trusted Execution Technology (TXT) Late Launch creates dynamic root of trust (DRTM) Reinitializes and memory controller into known-good state Resets dynamic PCRs of the TPM (only can reset these registers) Software framework: Flicker Allows to execute very small code in DRTM mode (without any ) During DRTM mode, normal is halted; after switch back, is resumed 17

Implementation Architecture Client (Intel TXT) Web Browser Extension HTTPS Webserver Application Script Extension Client Utility Program Verification Program Flicker Launch Secure Mode UTP Agent TPM 18

Implementation Architecture Client (Intel TXT) Web Browser Extension HTTPS Webserver Application Script Extension Client Utility Program Verification Program Flicker Launch Secure Mode UTP Agent + 488 LOC TPM 18

Implementation Architecture Client (Intel TXT) Web Browser Extension Client Utility Program } HTTPS + 956 LOC (non-tcb) Webserver Application Script Extension Verification Program Flicker Launch Secure Mode UTP Agent + 488 LOC TPM 18

Implementation Architecture Client (Intel TXT) Web Browser Extension Client Utility Program } HTTPS + 956 LOC (non-tcb) Webserver Application Script Extension Verification Program Flicker Launch TPM Secure Mode UTP Agent 2335 LOC (TCB) + 488 LOC 18

Screenshot (Transaction Initiation) 19

Screenshot (Transaction Initiation) 19

Screenshot (Transaction Confirmation) 20

Evaluation Code complexity: Very small total TCB: 2335 LOC (sel4 about 9000 [Klein et al. SP 2009]) Including VGA and PS/2 keyboard driver (USB would add another 2000) Deployment: -side: only minor modifications necessary Client-side: users just need to download UTP software Performance: Switching time about 1 sec Remaining actions: waiting for user input, or in untrusted mode Usability: Confirmation message should not be simply "Press OK" (user tend to ignore) UTP is generic, confirmation message can be provided by service providers 21

Conclusion Existing solutions against transaction generators are inconvenient or not widely deployed Our proposal: a one-way trusted path to enable service providers to gain assurance about userinitiated transactions Realization based on on-demand isolated execution environment and temporal control of user I/O devices Very small TCB and compatible to existing software Deployable on commodity systems today 22

Questions? Contact: Marcel Winandy Ruhr-University Bochum marcel.winandy@trust.rub.de http://www.trust.rub.de Twitter: @mwinandy 23

BACKUP

Implementation of UTP with Flicker 25

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information