Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Uni-directional Trusted Path: Transaction Confirmation on Just One Device
1. System Security Lab
Uni-directional Trusted Path:
Transaction Confirmation
on Just One Device
Atanas Filyanov1, Jonathan M. McCune2,
Ahmad-Reza Sadeghi3, Marcel Winandy1
1 Ruhr-University Bochum, Germany
2 Carnegie Mellon University, USA
3 Technical University Darmstadt, Germany
DSN 2011 - 41st Annual IEEE/IFIP International Conference on Dependable Systems and Networks
Hong Kong, China, 27-30 June 2011
Dienstag, 28. Juni 2011
2. System Security Lab
Motivation
• Malware can have strong power on commodity systems
• Keyloggers, transaction generators, ... (commit online fraud)
• Credit card companies, banks absorb most liabilities
• Users have disincentive to solve the problem
• Even e-commerce servers are under attack!
• Sony: attackers have eventually stolen credit card data from
several customers
• Recently similar attacks at other game companies
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 2
Dienstag, 28. Juni 2011
3. System Security Lab
Motivation
• Malware can have strong power on commodity systems
• Keyloggers, transaction generators, ... (commit online fraud)
• Credit card companies, banks absorb most liabilities
• Users have disincentive to solve the problem
• Even e-commerce servers are under attack!
• Sony: attackers have eventually stolen credit card data from
several customers
• Recently similar attacks at other game companies
If all had used our proposed solution,
there would have been no problem! :-)
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 2
Dienstag, 28. Juni 2011
4. System Security Lab
Threat Scenario
issue transaction request transaction
request confirmation request confirmation
confirmation confirmation
User Client System Server
• Typical scenarios: online purchases, online banking,
e-government, enrollment for online services, etc.
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 3
Dienstag, 28. Juni 2011
5. System Security Lab
Threat Scenario
Adversary
issue transaction request transaction
request confirmation request confirmation
confirmation confirmation
User Client System Server
• Typical scenarios: online purchases, online banking,
e-government, enrollment for online services, etc.
• Adversary: controls network traffic and controls client system
• only software attacks (no hardware tampering)
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 3
Dienstag, 28. Juni 2011
6. System Security Lab
Threat Scenario
Adversary
issue transaction request transaction
request confirmation request confirmation
confirmation confirmation
User Client System Server
• Typical scenarios: online purchases, online banking,
e-government, enrollment for online services, etc.
• Adversary: controls network traffic and controls client system
• only software attacks (no hardware tampering)
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 3
Dienstag, 28. Juni 2011
7. System Security Lab
Threat Scenario
Adversary
issue transaction request transaction
request confirmation request confirmation
confirmation confirmation
User Client System Server
• Typical scenarios: online purchases, online banking,
e-government, enrollment for online services, etc.
• Adversary: controls network traffic and controls client system
• only software attacks (no hardware tampering)
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 3
Dienstag, 28. Juni 2011
8. System Security Lab
Threat Scenario
Adversary
issue transaction request transaction
request confirmation request confirmation
confirmation confirmation
User Client System Server
• Typical scenarios: online purchases, online banking,
e-government, enrollment for online services, etc.
• Adversary: controls network traffic and controls client system
• only software attacks (no hardware tampering)
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 3
Dienstag, 28. Juni 2011
9. System Security Lab
Threat Scenario
Server cannot distinguish Adversary
between transactions issued/
confirmed by user or malware
?
issue transaction request transaction
request confirmation request confirmation
confirmation confirmation
User Client System Server
• Typical scenarios: online purchases, online banking,
e-government, enrollment for online services, etc.
• Adversary: controls network traffic and controls client system
• only software attacks (no hardware tampering)
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 3
Dienstag, 28. Juni 2011
10. System Security Lab
Our Goals
• Assurance to a remote server that a user indeed
confirmed a proposed action
• Technical solution without additional devices,
but compatible to existing operating systems
• Minimal/no deviation from normal user experience
• Assumption:
Client System hardware provides some form of
secure execution environment
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 4
Dienstag, 28. Juni 2011
11. System Security Lab
Our Goals
• Assurance to a remote server that a user indeed
confirmed a proposed action
• Technical solution without additional devices,
but compatible to existing operating systems
• Minimal/no deviation from normal user experience
• Assumption:
Client System hardware provides some form of
secure execution environment
Available on commodity platforms:
PC: Intel TXT, AMD SVM
Mobile: ARM TrustZone; Playstation3: Cell BE
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 4
Dienstag, 28. Juni 2011
12. Idea of the Uni-directional
Trusted Path
Dienstag, 28. Juni 2011
13. System Security Lab
Full Trusted Path
Properties:
Application 1. Isolation of I/O channels
2 3 (integrity & confidentiality)
1
Application
2. Assurance for user about
User authenticity of application
Application
3. Assurance for application
OS about user-generated input
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 6
Dienstag, 28. Juni 2011
14. System Security Lab
Trusted Path: Existing Approaches
• Secure GUI (reserved screen area)
• Requires a secure OS
• Secure Attention Sequence (e.g., Ctrl+Alt+Delete)
• Requires OS kernel to remain uncompromised
• Additional hardware indicators (e.g., color LED)
• Requires OS kernel to remain uncompromised
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 7
Dienstag, 28. Juni 2011
15. System Security Lab
Trusted Path: Existing Approaches
• Secure GUI (reserved screen area)
• Requires a secure OS
• Secure Attention Sequence (e.g., Ctrl+Alt+Delete)
• Requires OS kernel to remain uncompromised
• Additional hardware indicators (e.g., color LED)
• Requires OS kernel to remain uncompromised
No widespread adoption, or lack of interest from users
(also: usability unclear)
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 7
Dienstag, 28. Juni 2011
16. System Security Lab
Uni-directional Trusted Path (UTP)
CPU Properties:
Application 1. Isolation of I/O channels
(integrity & confidentiality)
OS
3 2. Assurance for user about
Untrusted Execution Mode
authenticity of application
1 UTP Agent 3. Assurance for application
User Secure Execution Mode about user-generated input
Server
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 8
Dienstag, 28. Juni 2011
17. System Security Lab
Uni-directional Trusted Path (UTP)
CPU Properties:
Application 1. Isolation of I/O channels
(integrity & confidentiality)
OS
3 2. Assurance for user about
Untrusted Execution Mode
authenticity of application
1 UTP Agent 3. Assurance for application
User Secure Execution Mode about user-generated input
Server
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 8
Dienstag, 28. Juni 2011
18. System Security Lab
Uni-directional Trusted Path (UTP)
CPU Properties:
Application 1. Isolation of I/O channels
(integrity & confidentiality)
OS
3 2. Assurance for user about
Untrusted Execution Mode
authenticity of application
1 UTP Agent 3. Assurance for application
User Secure Execution Mode about user-generated input
Server
Client System
• Enable remote server to gain assurance about human-initiated action
• Based on CPU‘s capability to switch between untrusted and secure execution mode
• UTP is only available in Secure Execution Mode:
• Isolated execution environment and control of user I/O devices
• Ability to provide evidence to remote system what has executed in this mode
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 8
Dienstag, 28. Juni 2011
20. System Security Lab
Transaction Initiation
CPU
Browser
OS
Untrusted Execution Mode Server
User
I/O Devices UTP Agent
Secure Execution Mode
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 10
Dienstag, 28. Juni 2011
21. System Security Lab
Transaction Initiation
CPU
Browser
1. issues
transaction OS
Untrusted Execution Mode Server
User
I/O Devices UTP Agent
Secure Execution Mode
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 10
Dienstag, 28. Juni 2011
22. System Security Lab
Transaction Initiation
CPU
2. requests transaction
Browser
1. issues
transaction OS
Untrusted Execution Mode Server
User
I/O Devices UTP Agent
Secure Execution Mode
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 10
Dienstag, 28. Juni 2011
23. System Security Lab
Transaction Initiation
CPU
2. requests transaction
Browser 3. requests confirmation
1. issues (conf. message)
transaction OS
Untrusted Execution Mode Server
User
I/O Devices UTP Agent
Secure Execution Mode
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 10
Dienstag, 28. Juni 2011
24. System Security Lab
Transaction Confirmation
CPU
Browser 3. requests confirmation
(conf. message)
OS
Untrusted Execution Mode Server
User
I/O Devices
Secure Execution Mode
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 11
Dienstag, 28. Juni 2011
25. System Security Lab
Transaction Confirmation
CPU
Browser 3. requests confirmation
(conf. message)
OS
Untrusted Execution Mode Server
User
I/O Devices
Secure Execution Mode
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 11
Dienstag, 28. Juni 2011
26. System Security Lab
Transaction Confirmation
CPU
Browser 3. requests confirmation
(conf. message)
OS
Untrusted Execution Mode Server
User
I/O Devices UTP Agent
Secure Execution Mode
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 11
Dienstag, 28. Juni 2011
27. System Security Lab
Transaction Confirmation
CPU
Browser 3. requests confirmation
(conf. message)
OS
Untrusted Execution Mode Server
User (conf. message)
I/O Devices UTP Agent
Secure Execution Mode
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 11
Dienstag, 28. Juni 2011
28. System Security Lab
Transaction Confirmation
CPU
4. show conf. message
+ request confirmation Browser 3. requests confirmation
(conf. message)
OS
Untrusted Execution Mode Server
User (conf. message)
I/O Devices UTP Agent
Secure Execution Mode
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 11
Dienstag, 28. Juni 2011
29. System Security Lab
Transaction Confirmation
CPU
4. show conf. message
+ request confirmation Browser 3. requests confirmation
(conf. message)
5. confirm/abort OS
Untrusted Execution Mode Server
User (conf. message)
I/O Devices UTP Agent
Secure Execution Mode
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 11
Dienstag, 28. Juni 2011
30. System Security Lab
Transaction Confirmation
CPU
4. show conf. message
+ request confirmation Browser 3. requests confirmation
(conf. message)
5. confirm/abort OS
Untrusted Execution Mode Server
User (conf. message)
I/O Devices UTP Agent
confirm/abort
Secure Execution Mode
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 11
Dienstag, 28. Juni 2011
31. System Security Lab
Transaction Confirmation
CPU
4. show conf. message
+ request confirmation Browser 3. requests confirmation
(conf. message)
5. confirm/abort OS
Untrusted Execution Mode Server
User (conf. message)
6. attestation evidence:
I/O Devices UTP Agent
confirm/abort - UTP Agent integrity measurement
Secure Execution Mode - conf. message from server
- confirm/abort from user
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 11
Dienstag, 28. Juni 2011
32. System Security Lab
Transaction Confirmation
CPU
4. show conf. message
+ request confirmation Browser 3. requests confirmation
(conf. message)
5. confirm/abort OS
Untrusted Execution Mode Server
User (conf. message)
6. attestation evidence:
I/O Devices UTP Agent
confirm/abort - UTP Agent integrity measurement
Secure Execution Mode - conf. message from server
- confirm/abort from user
Client System
Uni-directional Trusted Path
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 11
Dienstag, 28. Juni 2011
33. System Security Lab
Transaction Confirmation
CPU
4. show conf. message
+ request confirmation Browser 3. requests confirmation
(conf. message)
5. confirm/abort OS
Untrusted Execution Mode Server
User (conf. message)
6. attestation evidence:
I/O Devices UTP Agent
confirm/abort - UTP Agent integrity measurement
Secure Execution Mode - conf. message from server
- confirm/abort from user
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 11
Dienstag, 28. Juni 2011
34. System Security Lab
Transaction Confirmation
CPU 7. accept/discard
4. show conf. message
+ request confirmation Browser 3. requests confirmation
(conf. message)
5. confirm/abort OS
Untrusted Execution Mode Server
User (conf. message)
6. attestation evidence:
I/O Devices UTP Agent
confirm/abort - UTP Agent integrity measurement
Secure Execution Mode - conf. message from server
- confirm/abort from user
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 11
Dienstag, 28. Juni 2011
35. System Security Lab
Transaction Confirmation
CPU 7. accept/discard
4. show conf. message
+ request confirmation Browser 3. requests confirmation
(conf. message)
5. confirm/abort OS
Untrusted Execution Mode Server
User 6. attestation evidence:
I/O Devices
- UTP Agent integrity measurement
Secure Execution Mode - conf. message from server
- confirm/abort from user
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 11
Dienstag, 28. Juni 2011
36. System Security Lab
Transaction Confirmation
CPU 7. accept/discard
4. show conf. message
+ request confirmation Browser 3. requests confirmation
(conf. message)
5. confirm/abort OS
Untrusted Execution Mode Server
User 6. attestation evidence:
I/O Devices
- UTP Agent integrity measurement
Secure Execution Mode - conf. message from server
- confirm/abort from user
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 11
Dienstag, 28. Juni 2011
37. System Security Lab
Transaction Confirmation
CPU 7. accept/discard
4. show conf. message
+ request confirmation Browser 3. requests confirmation
(conf. message)
5. confirm/abort OS
Untrusted Execution Mode Server
8. show result
User 6. attestation evidence:
I/O Devices
- UTP Agent integrity measurement
Secure Execution Mode - conf. message from server
- confirm/abort from user
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 11
Dienstag, 28. Juni 2011
38. System Security Lab
Security Considerations
• Transaction generated by malware
CPU
1. requests transaction
Browser 2. requests confirmation
(conf. message)
OS
Untrusted Execution Mode Server
User (conf. message)
I/O Devices UTP Agent
Secure Execution Mode
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 12
Dienstag, 28. Juni 2011
39. System Security Lab
Security Considerations
• Transaction generated by malware
CPU
1. requests transaction
Browser 2. requests confirmation
unexpected (conf. message)
(conf. message) OS
Untrusted Execution Mode Server
User (conf. message)
I/O Devices UTP Agent
Secure Execution Mode
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 12
Dienstag, 28. Juni 2011
40. System Security Lab
Security Considerations
• Transaction generated by malware
CPU
1. requests transaction
Browser 2. requests confirmation
unexpected (conf. message)
(conf. message) OS
Untrusted Execution Mode Server
User (conf. message)
I/O Devices UTP Agent
Secure Execution Mode
User will notice
Client System
(unexpected transaction)
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 12
Dienstag, 28. Juni 2011
41. System Security Lab
Security Considerations
• Transaction manipulation + manipulated UTP agent
CPU
2. requests transaction
1. issues
transaction Browser 3. requests confirmation
(conf. message)
OS
Untrusted Execution Mode Server
User
I/O Devices UTP Agent
Secure Execution Mode
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 13
Dienstag, 28. Juni 2011
42. System Security Lab
Security Considerations
• Transaction manipulation + manipulated UTP agent
CPU
2. requests transaction
1. issues
transaction Browser 3. requests confirmation
(conf. message)
OS
Untrusted Execution Mode Server
User
I/O Devices UTP Agent
Secure Execution Mode
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 13
Dienstag, 28. Juni 2011
43. System Security Lab
Security Considerations
• Transaction manipulation + manipulated UTP agent
CPU
2. requests transaction
1. issues
transaction Browser 3. requests confirmation
(conf. message)
OS
Untrusted Execution Mode Server
User (conf. message)
I/O Devices UTP Agent
Secure Execution Mode
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 13
Dienstag, 28. Juni 2011
44. System Security Lab
Security Considerations
• Transaction manipulation + manipulated UTP agent
CPU
2. requests transaction
1. issues
transaction Browser 3. requests confirmation
expected (conf. message)
(conf. message) OS
Untrusted Execution Mode Server
User (conf. message)
I/O Devices UTP Agent
Secure Execution Mode
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 13
Dienstag, 28. Juni 2011
45. System Security Lab
Security Considerations
• Transaction manipulation + manipulated UTP agent
CPU
2. requests transaction
1. issues
transaction Browser 3. requests confirmation
expected (conf. message)
(conf. message) OS
Untrusted Execution Mode Server
User (conf. message) 6. attestation evidence:
I/O Devices UTP Agent - UTP Agent integrity measurement
- conf. message from server
Secure Execution Mode
- confirm/abort from user
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 13
Dienstag, 28. Juni 2011
46. System Security Lab
Security Considerations
• Transaction manipulation + manipulated UTP agent
CPU
2. requests transaction
1. issues
transaction Browser 3. requests confirmation
expected (conf. message)
(conf. message) OS
Untrusted Execution Mode Server
User (conf. message) 6. attestation evidence:
I/O Devices UTP Agent - UTP Agent integrity measurement
- conf. message from server
Secure Execution Mode
- confirm/abort from user
Client System
Server will notice and reject
(UTP integrity violation)
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 13
Dienstag, 28. Juni 2011
47. System Security Lab
Security Considerations
• Transaction manipulation + faked confirmation dialog
CPU
2. requests transaction
1. issues
transaction Browser 3. requests confirmation
(conf. message)
OS
Untrusted Execution Mode Server
User
I/O Devices
Secure Execution Mode
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 14
Dienstag, 28. Juni 2011
48. System Security Lab
Security Considerations
• Transaction manipulation + faked confirmation dialog
CPU
2. requests transaction
1. issues
transaction Browser 3. requests confirmation
(conf. message)
4. faked conf. OS
message Untrusted Execution Mode Server
User
I/O Devices
Secure Execution Mode
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 14
Dienstag, 28. Juni 2011
49. System Security Lab
Security Considerations
• Transaction manipulation + faked confirmation dialog
CPU
2. requests transaction
1. issues
transaction Browser 3. requests confirmation
(conf. message)
4. faked conf. OS
message Untrusted Execution Mode Server
User 6. attestation evidence:
I/O Devices
- ???
Secure Execution Mode
Client System
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 14
Dienstag, 28. Juni 2011
50. System Security Lab
Security Considerations
• Transaction manipulation + faked confirmation dialog
CPU
2. requests transaction
1. issues
transaction Browser 3. requests confirmation
(conf. message)
4. faked conf. OS
message Untrusted Execution Mode Server
User 6. attestation evidence:
I/O Devices
- ???
Secure Execution Mode
Client System Server will notice and reject
(no UTP execution)
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 14
Dienstag, 28. Juni 2011
51. System Security Lab
Setup: Device Enrollment
• Server knows that a human confirmed a transaction
• But how does the server know which user?
• Solution: binding the device to the user account
• Requires to register user devices in a setup phase
• Establishes a cryptographic credential to perform login
(e.g. public key protected by Secure Execution Mode)
• Protects against misuse of stolen account data!
• Attackers cannot use data (e.g. credit card number) because
their devices are not registered with that account at the server
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 15
Dienstag, 28. Juni 2011
53. System Security Lab
PC-Based Implementation
• Evidence attestation: Trusted Platform Module (TPM)
• Hardware root of trust (secure storage for keys; cryptographic operations)
• PCRs: registers that can be extended with integrity measurements of code
• Attestation: cryptographic signature of PCRs with a TPM-protected key
• Secure Execution Mode: Intel Trusted Execution Technology (TXT)
• Late Launch creates dynamic root of trust (DRTM)
• Reinitializes CPU and memory controller into known-good state
• Resets dynamic PCRs of the TPM (only CPU can reset these registers)
• Software framework: Flicker
• Allows to execute very small code in DRTM mode (without any OS)
• During DRTM mode, normal OS is halted; after switch back, OS is resumed
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 17
Dienstag, 28. Juni 2011
54. System Security Lab
Implementation Architecture
Client Server
CPU (Intel TXT)
Webserver
Web Browser Application
HTTPS
Script Extension
Extension
Client Utility Program Verification Program
Flicker
OS Launch
CPU Secure Mode
UTP Agent
TPM
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 18
Dienstag, 28. Juni 2011
55. System Security Lab
Implementation Architecture
Client Server
CPU (Intel TXT)
Webserver
Web Browser Application
HTTPS
Script Extension
Extension
Client Utility Program Verification Program
Flicker
OS Launch
CPU Secure Mode
+ 488
UTP Agent LOC
TPM
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 18
Dienstag, 28. Juni 2011
56. System Security Lab
Implementation Architecture
Client Server
CPU (Intel TXT)
Webserver
Web Browser Application
HTTPS
Script Extension
}
Extension
+ 956 LOC
(non-TCB)
Client Utility Program Verification Program
Flicker
OS Launch
CPU Secure Mode
+ 488
UTP Agent LOC
TPM
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 18
Dienstag, 28. Juni 2011
57. System Security Lab
Implementation Architecture
Client Server
CPU (Intel TXT)
Webserver
Web Browser Application
HTTPS
Script Extension
}
Extension
+ 956 LOC
(non-TCB)
Client Utility Program Verification Program
Flicker
OS Launch
CPU Secure Mode
+ 488
UTP Agent 2335 LOC LOC
(TCB)
TPM
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 18
Dienstag, 28. Juni 2011
58. System Security Lab
Screenshot (Transaction Initiation)
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 19
Dienstag, 28. Juni 2011
59. System Security Lab
Screenshot (Transaction Initiation)
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 19
Dienstag, 28. Juni 2011
60. System Security Lab
Screenshot (Transaction Confirmation)
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 20
Dienstag, 28. Juni 2011
61. System Security Lab
Evaluation
• Code complexity:
• Very small total TCB: 2335 LOC (seL4 about 9000 [Klein et al. SOSP 2009])
• Including VGA and PS/2 keyboard driver (USB would add another 2000)
• Deployment:
• Server-side: only minor modifications necessary
• Client-side: users just need to download UTP software
• Performance:
• Switching time about 1 sec
• Remaining actions: waiting for user input, or in untrusted mode
• Usability:
• Confirmation message should not be simply "Press OK" (user tend to ignore)
• UTP is generic, confirmation message can be provided by service providers
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 21
Dienstag, 28. Juni 2011
62. System Security Lab
Conclusion
• Existing solutions against transaction generators are
inconvenient or not widely deployed
• Our proposal: a one-way trusted path to enable
service providers to gain assurance about user-
initiated transactions
• Realization based on on-demand isolated execution
environment and temporal control of user I/O devices
• Very small TCB and compatible to existing software
• Deployable on commodity systems today
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 22
Dienstag, 28. Juni 2011
63. System Security Lab
Questions?
Contact:
Marcel Winandy
Ruhr-University Bochum
marcel.winandy@trust.rub.de
http://www.trust.rub.de
Twitter: @mwinandy
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 23
Dienstag, 28. Juni 2011
65. System Security Lab
Implementation of UTP with Flicker
Marcel Winandy Uni-directional Trusted Path:Transaction Confirmation on Just One Device (DSN 2011) 25
Dienstag, 28. Juni 2011