563'8 Remote Attestation - PowerPoint PPT Presentation

1 / 30
About This Presentation
Title:

563'8 Remote Attestation

Description:

Digital rights management: Lock media files to one computer using sealed storage ... Online shopping: make sure the merchant is really running TRUSTe, etc. ... – PowerPoint PPT presentation

Number of Views:48
Avg rating:3.0/5.0
Slides: 31
Provided by: csU70
Category:

less

Transcript and Presenter's Notes

Title: 563'8 Remote Attestation


1
563.8 Remote Attestation
  • Presented by Michael LeMay
  • University of Illinois
  • Spring 2006

2
Problem
  • Software is controlled by machine operator
  • Machine operator, software distributor, or
    attacker can maliciously subvert software
  • Modify binary
  • Run on untrusted hardware
  • Attach debugger to monitor operation
  • Software publisher has no assurance that software
    is being used in unmodified state, as intended
  • Problem worsens when network communication is
    involved

3
Remote Attestation
  • Allows changes to computer to be detected by user
    and remote entities
  • Hardware generates certificate chain specifying
    current system configuration
  • Actually, hardware certifies 2nd-lowest layer,
    which certifies next layer up, etc.

4
Trusted Computing
  • Remote attestation just one piece of TC
  • Secure I/O
  • Memory curtaining/protected execution/process
    isolation even OS cant read everything in
    memory
  • Sealed storage
  • Basic concepts
  • Machine-specific public key and cert. chain
  • Hardware crypto implementations
  • Common applications
  • Digital rights management
  • System integrity verification
  • Similar to IBM 4758 coprocessor, but more capable

Marchesini, Smith, Wild, MacDonald
5
Secure I/O
  • Many ways to compromise user I/O
  • Screen-scrapers
  • Keyloggers
  • TC hardware verifies checksums of software
    performing I/O, detecting malicious components
  • Doesnt address hardware keyloggers, TEMPEST
    devices, etc.

6
Sealed Storage
  • Data can be encrypted using key derived from
    current software/hardware configuration
  • Key must be re-derived to decrypt data
  • Prevents modified configuration from reading data

7
TC Applications
  • Online banking protect PINs, passwords, account
    numbers using sealed storage
  • Anonymous networks process isolation prevents
    operators from inspecting mix
  • Mobile agents protect a software agent from its
    host using process isolation
  • Digital rights management Lock media files to
    one computer using sealed storage

8
Remote Attestation Applications
  • Protection of P2P only cooperate with remote
    clients if they are valid
  • Distributed computing (Folding_at_Home) ensure
    participants run valid software
  • Selling CPU cycles run an attested process with
    your idle cycles, get paid
  • Online shopping make sure the merchant is really
    running TRUSTe, etc.
  • VPNs, online games more later

Interesting Uses of Trusted Computing
9
TCG Layers
10
TCG Components
TCG 1.0 Architecture Overview
11
Credential Types
  • TPM contains 5 types of credentials
  • Endorsement or EK credential uniquely identifies
    TPM, privacy concern
  • Conformance credential Certifies that TPM meets
    specifications
  • Platform credential Identifies TPM manufacturer
    and capabilities
  • Validation credential Associated with peripheral
    or software to guarantee integrity
  • Identity or AIK credential Issued by privacy CA
    to preserve privacy of EK credential

12
Opposition
  • Trusted Computing has many opponents, because it
    considers the computer operator to be a potential
    attacker
  • EFF Trust Computing Promise and Risk
  • Against-TCPA
  • LAFKON - A movie about Trusted Computing
  • And, a rebuttal
  • TCPA Misinformation Rebuttal and Linux drivers

13
Microsoft NGSCB
  • Microsoft, AMD, HP, IBM, Infineon, Intel, Sun,
    all members of TCG
  • Uses TPM to partitionsystem into two
    partsNexus and L.H.S.
  • NCAs Nexus Comput-ing Agents
  • Only two compartments

14
NGSCB Architecture WinHEC 2004
  • Little device diversity
  • Only a few drivers
  • KLOC
  • Great device diversity
  • Thousands of drivers
  • MLOC
  • Compartments are Windows-based
  • Significantly reduced footprint
  • Strongly Isolated, hardened and armored
  • Secure device ownership
  • Nexus or service compartments
  • Windows
  • Owns most HW
  • Only real-time OS
  • Security benefits via scenarios

Biddle, 2004
15
Terra A Virtual Machine-Based Platform for
Trusted Computing
  • Similar to 2004 NGSCB architecture, supports
    multiple, isolated compartments
  • Terra supports an arbitrary number of
    user-defined VMs, more flexible than NGSCB
  • Provides both open- and closed-box
    environments
  • Implemented on VMware but didnt actually use TPM

Garfinkel, Pfaff, Chow, Rosenblum, Boneh, 2003
16
Closed-box Platforms
  • Developer has complete control over environment
  • Cell phone
  • Game console
  • ATM
  • May contain cryptographic keys
  • Allows remote attestation to server using
    pre-shared key
  • Not every application can run on closed-box
    platform, expensive!

17
Virtualization
  • Hypervisors, or virtual-machine monitors (VMMs),
    run entire guest operating system on top of host
    operating system
  • Xen (open-source)
  • Requires guest operating system to be modified,
    but runs with very little slowdown
  • VMware (now available for free download)
  • Supports unmodified operating systems, and is
    reasonably fast
  • Terra (well be discussing this one)
  • Not publicly available

18
Terra Architecture
19
Solution
  • TVMM Trusted Virtual Machine Monitor
  • Open-box VMs
  • Just like current GP systems, no protection
  • Closed-box VMs
  • VM protected from modification, inspection
  • Can attest to remote peer that VM is protected
  • Behaves like true closed-box, but with cost and
    availability benefits of open-box
  • Cant assure availability
  • Operator can always pull the plug!

20
TVMM Attestation
  • Each layer of software has a keypair
  • Lower layers certify higher layers
  • Enables attestation ofentire stack

VM
Application
Operating System
Hash of Attestable Data
TVMM (Terra)
Higher Public Key
Bootloader
Firmware
Other Application Data
Signed by Lower Level
Hardware (TPM)
Certificate
Layers
21
Additional Benefits
  • Software stack can be tailored on per-application
    basis
  • Game can run on thin, high-performance OS
  • Email client can run on highly-secure,
    locked-down OS
  • Regular applications can use standard,
    full-featured and permissively-configured OS
  • Applications are isolated and protected from each
    other
  • Reduces effectiveness of email viruses and
    spyware against system as a whole
  • Low-assurance applications can automatically be
    transformed into medium-assurance applications,
    since they are protected from external influences

22
Example 1
  • Online gaming Quake
  • Players often modify Quake to provide additional
    capabilities to their characters, or otherwise
    cheat
  • Quake can be transformed into a closed-box VM and
    distributed to players
  • Remote attestation shows that it is unmodified
  • Very little performance degradation
  • Covert channels remain, such as frame rate
    statistics

23
Trusted Quake Assurances
  • Secure Communication VM cant be inspected, so
    shared key can be embedded in VM image to protect
    network communication
  • Any software can be reverse engineered, so is
    this a good idea?
  • Client Integrity maps and media files are
    protected from modification on client
  • Server Integrity Bad clients cant connect

24
Trusted Quake Weaknesses
  • Bugs and Undesirable Features Rendered polygon
    OSD permits prediction of impending character
    appearances
  • Network DoS Attacks Terra does nothing in this
    regard
  • Out-of-Band Collusion Players can still
    communicate if theyre sitting together in a
    basement or using IM

25
My Research Question
  • How can remote attestation of virtual machines be
    used to protect consumer privacy in advanced
    distribution automation (ADA) systems?

26
Advanced Distribution Automation
  • Distributed Energy Resource management
  • Demand Reducation/Load Management
  • Automated Meter Reading/Real Time Pricing

27
Problem
  • For real-time pricing to work, power company has
    to know exactly how much power was used by each
    customer at each point in time
  • Could be privacy problem
  • Different rates may apply to devices, but meters
    dont have that granularity
  • Demand reduction should be extended to more
    devices, but requires individual switching agents

28
Advanced Distribution Automation
29
Appendix Trusted Access Points
  • VPN client can be implemented as closed-box VM
    and distributed to visitors when they first
    connect to a regulated network
  • VM can attest to VPN gateway that it is operating
    properly, and will enforce intended traffic
    regulations

30
TAP Benefits
  • Prevents source forgery TAP can reliably check
    all outgoing packets
  • Prevents DoS attacks TAP can block DoS attacks
    at their source, before they even reach the
    network
  • Scalability Clients enforce regulations on their
    own traffic
  • Network Scalability TAP can perform local
    vulnerability scan on host before permitting it
    to connect
Write a Comment
User Comments (0)
About PowerShow.com