Talha Tariq (2009) Extending Secure Execution Environments Beyond the TPM.
Full text access: Open
This project discusses some of the shortcomings and limitations of secure execution with the current state of the Trusted Computing Group (TCG) specifications. Though we feel that the various industry initiatives taken by the TCG and CPU manufacturers for hardware based platform security are a step in the right direction, the problem of secure isolated code execution and TCB minimization still remains unsolved. This project proposes and implements an alternative architecture for secure code execution. Rather than proposing recommendations for hardware changes or building isolated execution environments inside a Trusted Platform Module (TPM), we use a platform that provides related, yet different services for secure / trusted code execution; couple its functionality and bind it to a TPM using cryptographic primitives. For the purpose of this study we used multi-application programmable SmartCards but similar work can also be implemented on other platforms as long as they meet some pre-requisites described in his report. Though newer hardware platforms such as IntelTXT (Trusted Execution Technology; formerly known as LaGrande) or AMD-V add support for native virtualization and secure interfacing with the TPM, the solution implemented in this project assumes a highly un-trusted environment and works on general purpose commodity hardware. Implementing a solution like this allows application developers to focus exclusively on the functionality and security of just their own code. Hence enabling them to execute their applications in isolation from numerous shortcomings and vulnerabilities that exist both in the form of hardware and software attacks. Furthermore we provide an interface to extend the existing functionality of the TPM by implementing special purpose code modules inside a smart card which can be used for all the functionalities missing in the TPM (for example replace-able cryptographic algorithms) yet required by high assurance and security sensitive applications. Furthermore by making small application closures running inside the secure execution environment of smart cards, we can minimize the TCB that a user needs to trust. We first discuss the challenges we face in the coupling process and the platform differences between the TPM and a Smart Card. We also discuss what solutions are possible and impossible in this scenario. Then we describe our implementation of a secure TPM / Smart Card cryptographic binding that gives us assurances of strong authentication with confidentiality and integrity services for the applications built with the coupled architecture. We move forward to describe our implementations of some of the enhanced TPM / Smart Card coupled services that were not possible with either a TPM or Smart Card alone and we discuss how these enhanced services add value to the current applications. With these enhanced TPM services we implement some applications that change the way conventional TPM or Smart Card applications are perceived. Finally we shed some light on potential future applications and future work.
This is a Published version This version's date is: 16/02/2009 This item is peer reviewed
https://repository.royalholloway.ac.uk/items/aaf4c28d-e55f-ece7-e004-6c952d302bee/1/
Deposited by () on 24-Jun-2010 in Royal Holloway Research Online.Last modified on 15-Dec-2010
[1] D. Grawrock, The Intel Safer Computing Initiative: Building Blocks for Trusted Computing, 1st ed. Intel Press,2006.
[2] C. J. Mitchell, Trusted Computing, C. J. Mitchell, Ed. London, UK: IEE, 2005.
[3] (2007) TCG TPM Specification Version 1.2 Revision 103.https://www.trustedcomputinggroup.org/specs/TPM/.
[4] D. Challener, K. Yoder, R. Catherman, D. Safford, and L. V. Doorn, A Practical Guide to Trusted Computing.IBM Press, 2008.
[5] K. Markantonakis and K. M. Mayes, Smart Cards, Security, Tokens and Applications. London, UK: Springer,2008.
[6] W. Rankl and W. Effing, Smart Card Handbook, 3rd ed. Wiley, 2004.
[7] I. O. f. Standardization. (1987) Identification cards - Integrated circuit(s) cards with contacts Part 1: Physicalcharacteristics.
[8] Gemalto. (2007) .NET Solutions. [Online]. http://www.netsolutions.gemalto.com/
[9] S. Microsystems. Java Card Technology.
[10] Multos. Smart Card Application Development. http://www.multos.com/developer/.
[11] J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson, and W. Paul, "LestWe Remember: Cold BootAttacks on Encryption Keys," in Proc. 2008 USENIX Security Symposium, 2008.
[12] V. Costan, L. F. G. Sarmenta, M. van Dijk, and S. Devadas, "The Trusted Execution Module CommodityGeneral-Purpose Trusted Computing," in Eighth Smart Card Research and Advanced Application Conference,London, 2008.
[13] G. E. Suh, D. Clarke, B. Gassend, M. V. Dijk, and S. Devadas, "The AEGIS processor architecture fortamperevident and tamper resistant processing," Massachusetts Institute of Technology, 2003.
[14] G. Tal, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh, "Terra: A Virtual Machine-Based Platform forTrusted Computing," in Proceedings of the 19th Symposium on Operating System, 2003.
[15] M. Nakamura, et al., "Thin Clean Client for an Instant Trusted Environment," in The Second Workshop onAdvances in Trusted Computing (WATC), Tokyo, 2006.
[16] V. Costan, L. F. G. Sarmenta, M. van Dijk, and S. Devadas, "The Trusted Execution Module CommodityGeneral-Purpose Trusted Computing," in Eighth Smart Card Research and Advanced Application Conference,2008.
[17] J. M. McCune, B. Parno, A. Perrig, M. K. Reiter, and H. Isozaki, "Flicker: An Execution Infrastructure forTCB Minimization," in Proceedings of the ACM European Conference on Computer Systems (EuroSys'08),Glasgow, 2008.
[18] D. Bruschi, L. Cavallaro, A. Lanzi, and M. Monga, "Attacking a Trusted Computing Platform. Improving theSecurity of the TCG Specification," Universit`a degli Studi di Milano, Milan, Technical Report, 2005.
[19] S. D. Network. Remote Method Invocation Home. [Online].http://java.sun.com/javase/technologies/core/basic/rmi/index.jsp
[20] I. Rammer and M. Szpuszta, Advanced .NET Remoting, 2nd ed. Apress, 2005.
[21] A. X.94. (2002) Retail Financial Services Symmetric Key Management - Part 1: Using Symmetric Techniques.
[22] P. George, "User Authentication with Smart Cards in Trusted Computing, SAM '04," in Security andManagement, H. R. Arabnia, S. Aissi, and Y. Mun, Eds. Las Vegas, USA: CSREA Press, 2004, pp. 25-31.
[23] A. Shamir and N. V. Someren, "Playing Hide and Seek with Stored Keys," in Proceedings of the ThirdInternational Conference on Financial Cryptography, vol. 1648, London, 1999, pp. 118-124.
[24] D. Brumley and D. Song, "Automatically partitioning programs for privilege separation," in Proceedings of the13th conference on USENIX Security Symposium, vol. 13, San Diego, 2004, pp. 5-5.
[25] M. Bellare and P. Rogaway, "Optimal Asymmetric Encryption - How to Encrypt with RSA," in Advances inCryptology - Eurocrypt '94 Proceedings, Lecture Notes in Computer Science, vol. Vol. 950, 1994.
[26] L. F. Sarmenta, M. Van Dijk, C. W. O'Donnell, J. Rhodes, and S. Devadas, "Virtual Monotonic Counters andCount-Limited Objects using a TPM without a Trusted OS (Extended Version)," MIT-CSAIL-TR-2006-064,2006.
[27] J.-L. Giraud and L. Rousseau, "Trust Relations in a Digital Signature System Based on a Smart Card," inProceedings of 23rd National Information Systems Security Conference, Baltimore, 2000.
[28] V. Haldar, D. Chandra, and M. Franz, "Semantic Remote Attestation - A Virtual Machine directed approach toTrusted Computing," in USENIX Virtual Machine Research and Technology Symposium, 2004, pp. 29-41.
[29] AT&T. (2008) iPhone 3G, AT&T and Apple. [Online]. http://www.wireless.att.com/cell-phoneservice/services/index.jsp
[30] V. Costan, L. F. G. Sarmenta, M. van Dijk, and S. Devadas, "The Trusted Execution Module CommodityGeneral-Purpose Trusted Computing," in Eighth Smart Card Research and Advanced Application Conference,2008.
[31] AMD64 virtualization: Secure virtual machine architecture reference manual. Advanced Micro Devices, May2005.
[32] Infineon. SLE 88 family: High End Security Controller. [Online].http://www.infineon.com/cms/en/product/channel.html?channel=ff80808112ab681d0112ab693a350166
[33] Gemalto. (2007) .NET SmartCard API Documentation. SDK.
[34] M. E. Russinovich and D. A. Solomon, Windows Internals, 4th ed. USA: Microsoft Press, 2005.
[35] (2006, Jun.) Common Language Infrastructure. ECMA Standard 335.
[36] "Flexible OS Support and Applications for Trusted Computing," in 9th Workshop on Hot Topics in OperatingSystems , 2003, pp. 145-150.
[37] S. Balfe and K. G. Paterson, "Augmenting Internet-based Card Not Present Transactions with TrustedComputing," in Proceedings of the Twelfth International Conference of Financial Cryptography and DataSecurity, Cozumel, Mexico, 2008.
[38] E. Gallery and C. J. Mitchell, "Trusted Mobile Platforms," in Foundations of Security Analysis and Design IV,Berlin, 2007, pp. 282-323.
[39] "A trusted process to digitally sign a document," in Proceedings of the 2001 workshop on New securityparadigms, Cloudcroft, New Mexico, 2001, pp. 79-86.
[40] B. Chen and R. Morris, "Certifying program execution with secure processors," in 9th Workshop on Hot Topicsin Operating Systems, 2003.
[41] R. Laboratories. (2002, Jun.) PKCS #1 v2.1: RSA Cryptography Standard.ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf.