Security Hardware - PowerPoint PPT Presentation

1 / 29
About This Presentation
Title:

Security Hardware

Description:

Security Engineering, Chapter 14: Physical Tamper Resistance ... Pre-pay cards. Meters, phones, vending machines, transit, ... Crypto material. Decryption keys ... – PowerPoint PPT presentation

Number of Views:41
Avg rating:3.0/5.0
Slides: 30
Provided by: susanhi
Category:

less

Transcript and Presenter's Notes

Title: Security Hardware


1
Security Hardware
  • CS498IA
  • Spring 2007

2
Reading Material
  • Magic Boxes and Boots Security in Hardware, Sean
    Smith, IEEE Computer
  • http//www.cs.dartmouth.edu/sws/pubs/magic-boxes.
    pdf
  • Security Engineering, Chapter 14 Physical Tamper
    Resistance
  • http//www.cl.cam.ac.uk/rja14/Papers/SE-14.pdf
  • Intel Pentium II Software Developers Manual
    Volume 3. Sections 4.5 through 4.8
  • http//developer.intel.com/design/pentium4/manuals
    /253668.htm
  • TCG Specification Architecture Overview. Section
    4 through 4.4.
  • https//www.trustedcomputinggroup.org/groups/TCG_1
    _0_Architecture_Overview.pdf

3
Motivation
  • As CS folks we have concentrated on security
    abstractions or software implementations
  • Judicious use of security specific HW is
    beneficial
  • Feature Restriction
  • Physical separation
  • Performance benefits

4
Outline
  • Architectural support for security
  • Memory management
  • No execute bits
  • Secure co-processors
  • Smart cards
  • Trusted Platform Modules

5
OS Security
  • Reference Monitor OS mediates accesses to
    objects, protects them according to policy
  • Who protects the operating system?

6
Memory Management
Virtual Memory
Physical Memory
Process
7
Memory Management
  • Virtual Memory managed by a page table
  • Page Table Entry includes permission flags
  • Read
  • Write
  • (Execute)
  • Each process uses different page table

8
Who watches the watchers?
  • Page tables cannot be modified
  • Except in privileged mode
  • OS runs in privileged mode, processes run in user
    mode
  • How do you switch between them?
  • Call gates

9
Call Gate
OS code
Process Code
Gate 1
Address
Privileges
enter
call Gate 1
return
10
Call Gate
  • Upon call to gate
  • Raise privilege level
  • Switch to kernel stack (why?)
  • Save process registers
  • Upon call gate return
  • Switch to user stack
  • Restore registers
  • Lower privilege level

11
Memory Protection Rings
  • Originally in Multics
  • In Intel arch since x386
  • Now used for virtualization

12
Limiting Memory Access Type
  • The Pentium architecture supports making pages
    read/only versus read/write
  • A recent development is the Execute Disable Bit
    (XD-bit)
  • Added in 2001 but only available in systems
    recently
  • Supported by Windows XP SP2
  • Similar functionality in AMD Altheon 64
  • Called No Execute bit (NX-bit)
  • Actually in machines on the market sooner than
    Intel

13
Windows Support
  • Enabled in Windows XP SP2 as Data Execution
    Prevention (DEP)
  • Software version if no hardware support
  • Check to see if you have the bit
  • Control Panel -gt System -gt Advanced -gt DEP tab

14
Delay to widespread deployment
  • First hardware in 2001
  • Wait for OS support
  • Wait for vendors willing to sell
  • Generally available in 2005

15
Consider encrypted files
  • Each file or directory may be encrypted with a
    unique key
  • How are the encryption keys stored?
  • Protected by the file system access control?
  • What if system root is compromised?
  • Encrypted by a master key?
  • How is the master key stored?
  • Protected by pass phrase?
  • Then human must be present
  • If multiple users use system, all must know pass
    phrase
  • Hide it in a good place and hope nobody finds it?

16
Another solution
  • Secure separate storage for root keys
  • Smart card
  • Secure co-processor
  • Keys never leave security processor
  • Protocol to send encrypted blob to security
    processor and return decrypted data
  • Tamper resistant
  • Data is destroyed when tampering is detected
  • Prevents sophisticated adversary from pulling
    secrets from data

17
Uses of Smart Cards
  • Pay TV channels
  • Decryption keys kept on smart card
  • GSM SIM cards
  • Keys to authenticate cell phone account
  • Pre-pay cards
  • Meters, phones, vending machines, transit, ...
  • Crypto material
  • Decryption keys
  • Signatures

18
Smart Card Security
  • History of increasing sophistication of both
    manufacturers and attackers
  • Memory remanence - RAM savers
  • Freezing RAM - temperature sensors
  • Radiation attack - radiation sensors
  • EM noise - shielding
  • Power analysis - power smoothing
  • Micro-drills, micro-probes, optical probing and
    manipulation - ???
  • Defenses make cards more expensive and are prone
    to false positives

19
Secure Co-Processors
  • Co-located on a server or laptop
  • Prevents secure root information from being
    accessed by malicious programs on the general CPU
  • IBM sells security processors
  • http//www-03.ibm.com/security/cryptocards/
  • http//www.research.ibm.com/journal/sj/403/smith.p
    df

20
Uses of Co-processors
  • Copy protection
  • Store software in co-processor
  • Secure boot
  • Verify integrity of kernel upon load
  • Security services
  • Keep key material locked up
  • Regulate access to other data

21
Trusted Computing Group
  • Consortium developing standards for computer
    architectures using secure co-processors
  • Called the Trusted Platform Module (TPM)
  • http//trustedcomputinggroup.org
  • Numerous computers (particularly laptops) already
    ship with TPMs
  • http//www.tonymcfadden.net/tpmvendors.html
  • Many vendors targeting specific enterprises like
    Health Care that are particularly concerned with
    privacy (due to HIPAA)
  • Supported by Vista/Longhorn

22
TPM Functions
  • Integrity measurement
  • Attestation
  • Sealed Storage

23
Integrity measurement
  • Verify running software
  • Defeat rootkits
  • Report via secure channel
  • Secure display / keyboard support
  • Attestation (see below)
  • Hierarchical model

24
Transitive Trust
25
Attestation
  • TPM includes a set of public/private keys
  • Issued at manufacture time
  • Sign hash of measurement remote challenge
  • Prove to 3rd party that software is running
  • Integrate with session establishment
  • Establish secure channel to the right software

26
Sealed Storage
  • TPM encrypts data with its key
  • Cannot be decrypted if hard drive stolen
  • Bind decryption to a particular state
  • Same computer, same application running

27
TPM DRM example
  • Music store wants to sell song X
  • Contacts TPM, asks for attestation about the
    receiver
  • Running authorized player which does not permit
    copies
  • Running protected operating system that
    disables debugging, memory inspection
  • Sends song over secure channel to player
  • Other applications cannot see song
  • Stores song in sealed storage
  • Only the same music player can read it

28
Other applications
  • Games
  • Ensure no cheating happens
  • Personal privacy
  • Ensure your personal data gets erased
  • HIPAA
  • Software management
  • Ensure company computers running correct software
    / antivirus before connecting to the network / VPN

29
Key Points
  • A little bit of hardware support can enable a
    great many security options
  • Hardware protection to protect from malicious
    software
  • Putting too much support in hardware not
    practical
  • Turn around time in HW is long
  • Specialized hardware lags high volume hardware in
    performance
  • HW is expensive
  • Often cost point is very low in target application
Write a Comment
User Comments (0)
About PowerShow.com