TrustOTP: Smartphone as One-Time Password Token

Slides:

Advertisements

Similar presentations

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

Advertisements

1 September 1,  Motivation  Background  TrustDump Architecture  Implementation Details  Evaluation  Summary 2.

Operating System Structure

Computer Science HyperSentry: Enabling Stealthy In-context Measurement of Hypervisor Integrity Ahmed M. Azab, Peng Ning, Zhi Wang, Xuxian Jiang North Carolina.

Threads, SMP, and Microkernels Chapter 4. Process Resource ownership - process is allocated a virtual address space to hold the process image Scheduling/execution-

1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.

Dongyan Wang GlobalPlatform Technical Program Manager

Introduction to Operating Systems CS-2301 B-term Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.

OS Fall ’ 02 Introduction Operating Systems Fall 2002.

1 How Low Can You Go? Recommendations for Hardware- Supported Minimal TCB Code Execution Bryan Parno Arvind Seshadri Adrian Perrig Carnegie Mellon University.

OS Spring’03 Introduction Operating Systems Spring 2003.

University College Cork IRELAND Hardware Concepts An understanding of computer hardware is a vital prerequisite for the study of operating systems.

Figure 1.1 Interaction between applications and the operating system.

1 Last Class: Introduction Operating system = interface between user & architecture Importance of OS OS history: Change is only constant User-level Applications.

Real-Time Kernels and Operating Systems. Operating System: Software that coordinates multiple tasks in processor, including peripheral interfacing Types.

outline Purpose Design Implementation Market Conclusion presentation Outline.

Towards Application Security On Untrusted OS

1 OS & Computer Architecture Modern OS Functionality (brief review) Architecture Basics Hardware Support for OS Features.

Software Design Division 秘 CONFIDENTIAL Panther Content Security Mar. 14, 2014 Sony Corporation.

Building Trusted Path on Untrusted Device Drivers for Mobile Devices

Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

Hsu-Chen Cheng, *Wen-Wei Liao, Tian-Yow Chi, Siao-Yun Wei

Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,

Jakub Szefer, Eric Keller, Ruby B. Lee Jennifer Rexford Princeton University CCS October, 2011 報告人：張逸文.

Chapter 1. Introduction What is an Operating System? Mainframe Systems

Operating System Review September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1.

Kenichi Kourai (Kyushu Institute of Technology) Takuya Nagata (Kyushu Institute of Technology) A Secure Framework for Monitoring Operating Systems Using.

Architecture for Protecting Critical Secrets in Microprocessors Ruby Lee Peter Kwan Patrick McGregor Jeffrey Dwoskin Zhenghong Wang Princeton Architecture.

Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.

Composition and Evolution of Operating Systems Introduction to Operating Systems: Module 2.

Rensselaer Polytechnic Institute CSCI-4210 – Operating Systems CSCI-6140 – Computer Operating Systems David Goldschmidt, Ph.D.

Sogang University Advanced Computing System Chap 1. Computer Architecture Hyuk-Jun Lee, PhD Dept. of Computer Science and Engineering Sogang University.

© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.

1 CS/COE0447 Computer Organization & Assembly Language Chapter 5 part 4 Exceptions.

Kyushu University Koji Inoue ICECS'061 Supporting A Dynamic Program Signature: An Intrusion Detection Framework for Microprocessors Koji Inoue Department.

30 October Agenda for Today Introduction and purpose of the course Introduction and purpose of the course Organization of a computer system Organization.

Operating Systems David Goldschmidt, Ph.D. Computer Science The College of Saint Rose CIS 432.

Operating System 2 Overview. OPERATING SYSTEM OBJECTIVES AND FUNCTIONS.

Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319.

Overview of Operating Systems Introduction to Operating Systems: Module 0.

Wireless and Mobile Security

1 Lecture 1: Computer System Structures We go over the aspects of computer architecture relevant to OS design  overview  input and output (I/O) organization.

MIDORI The Windows Killer!! by- Sagar R. Yeole Under the guidance of- Prof. T. A. Chavan.

Exploiting Instruction Streams To Prevent Intrusion Milena Milenkovic.

INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.

CS4315A. Berrached:CMS:UHD1 Introduction to Operating Systems Chapter 1.

Presentation subtitle: 20pt Arial Regular, green R223 | G255 | B102 Recommended maximum length: 2 lines Confidentiality/date line: 13pt Arial Regular,

1 Device Controller I/O units typically consist of A mechanical component: the device itself An electronic component: the device controller or adapter.

HOTP IETF Draft David M’Raihi IETF Meeting - March 10, 2005.

Interrupts and Exception Handling. Execution We are quite aware of the Fetch, Execute process of the control unit of the CPU –Fetch and instruction as.

Embedded Real-Time Systems Processing interrupts Lecturer Department University.

1 Security Architecture and Designs  Security Architecture Description and benefits  Definition of Trusted Computing Base (TCB)  System level and Enterprise.

1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.

A Framework For Trusted Instruction Execution Via Basic Block Signature Verification Milena Milenković, Aleksandar Milenković, and Emil Jovanov Electrical.

Embedded Real-Time Systems

Introduction to Operating Systems Concepts

Hardware-rooted Trust for Secure Key Management & Transient Trust

Andy Wang COP 5611 Advanced Operating Systems

What is an Operating System?

Advanced Network Security

Chapter 15, Exploring the Digital Domain

User-mode Secret Protection (SP) architecture

Cloud Security 李芮，蒋希坤，崔男 2018年4月.

Lecture Topics: 11/1 General Operating System Concepts Processes

Operating Systems Lecture 1.

Shielding applications from an untrusted cloud with Haven

Co-designed Virtual Machines for Reliable Computer Systems

Presentation transcript:

TrustOTP: Smartphone as One-Time Password Token Instructor: Kun Sun, Ph.D.

Outline Introduction Background Design & Implementation Evaluation Related work Summary

Outline Introduction Background Related work Design & Implementation Evaluation Summary

One-time Password (OTP) A password that is valid for only one login session or transaction Not vulnerable to replay attacks Widely used in Two-factor Authentication HOTP (Hash-based) & TOTP (Time-based) Hardware Token & Software APP

Existing Solutions Hardware-based Software-based Limitations RSA SecurID Yubikey Software-based Google Authenticator McAfee One-time Password Limitations Hardware: not flexible Unprogrammable Software: not secure Vulnerable to external attacks

Outline Introduction Background Related work Design & Implementation Evaluation Summary

TrustZone Background TrustZone A system-wide approach Two isolated execution domains: secure domain and normal domain TZIC (TrustZone Interrupt Controller) Secure interrupt--FIQ Non-secure interrupt-- IRQ GPIO (General Purpose I/O) TrustZone is a system-wide approach to provide hardware-level isolation on ARM platforms. It creates two isolated execution domains: secure domain and normal domain. The secure domain has a higher access privilege than the normal domain, so it can access the resources of the normal domain such as memory, CPU registers and peripherals, but not vice versa. There’s an NS bit in the CPU processor to control and indicate the state of the CPU - 0 means the secure state and is in secure domain while 1 means the normal state and is in normal domain. There’s an additional CPU mode, monitor mode, which only runs in the secure domain regardless of the value of the NS bit. The monitor mode serves as a gatekeeper between the normal domain and the secure domain. If the normal domain requests to switch to the secure domain, the CPU must first enter the monitor mode. The system bus also contains a bit to indicate the state of the bus transaction. Thus, normal peripherals can only perform normal transactions, but not the secure transactions.

Outline Introduction Background Related work Design & Implementation Evaluation Summary

TrustZone-related work TrustICE (Sun et al.[1]) Isolated Computing Environment in the normal domain SeCReT (Jang et al.[2]) Secure channel between secure domain and normal application Hypervision (Azab et al.[3]) Real-time kernel protection in the normal domain TrustDump (Sun et al.[4]) Reliable Memory Acquisition of the mobile OS Smartphone as location verification token for payments (Marforio et al.[5]) Trusted Language Runtime for trusted applications in the secure domain (Santos et al.[6])

Outline Introduction Background Related work Design & Implementation Evaluation Summary

One-time Password on Smartphone Integrate physical tokens into smartphone Requirements: Security Malicious mobile OS cannot compromise the keying material in the one-time password (OTP) generator It cannot read the OTP Reliability and Availability OTP works even if mobile OS crashes Trusted inputs (e.g., clock time) for the OTP generator Trusted display

TrustZone-based Solution ARM TrustZone Technology Two isolated execution environments Mobile OS cannot access the disk, memory, CPU states of the OTP generator. A secure clock for OTP generator A self-contained display and touchscreen.

TrustOTP Framework In the Secure domain Shard I/O device with the Rich OS Reliable switch between domains

Boot Sequence Secure storage Memory Isolation Secure boot MicroSD card Watermark Mechanism TZASC (TrustZone Address Space Controller) Secure boot Secure bootloader Non-secure bootloader Rich OS

TrustOTP Trigger Reliable switch Non-maskable interrupt (NMI) The Rich OS cannot block or intercept Secure interrupt (FIQ) The Rich OS cannot manipulate Interrupt source (Configurable) Physical button Timer

OTP Generation Hash-based One-time Password (HOTP) Event triggered Key & Counter Time-based One-time Password (TOTP) Time synchronized Key & Clock

OTP Display Secure I/O User-friendly manner Display: IPU (Image Processing Unit)+LCD Input: 4-wire resistive touchscreen User-friendly manner Rich OS and TrustOTP run concurrently Watchdog timer 1.5 seconds / cycle (Through experiment) 0.5 second for display 1 second for input 2~3 numbers

Control Flow Tampering Security Analysis Information Leakage Generated OTPs Shared Keys Control Flow Tampering Code Integrity Execution Integrity (Interrupt) Denial-of-Service Switch between domains Static & dynamic code Display

Outline Introduction Background Related work Design & Implementation Evaluation Summary

Before OTP display (60.48 ms) TrustOTP Performance Before OTP display (60.48 ms) After OTP display (7.52 ms) Step Operation Time (ms) 1 Domain Switching 0.002 2 Context Saving 0.0006 3 TOTP/HOTP Generation 0.048/0.044 4 Background Matching 49.85 5 OTP Drawing 8.029 6 IPU Check 2.22 7 Framebuffer Replacement 0.28 Step Operation Time (ms) 1 Flushing IPU & Rich OS Recovery 7.47 2 Domain Switching 0.05

Impact on the Rich OS Rich OS vs. TrustOTP Antutu Vellamo CPU & RAM I/O devices Vellamo

TrustOTP without Display Power Consumption Rich OS Average=2,128 mW TrustOTP Running Average=2,230 mW TrustOTP without Display

Outline Introduction Background Related work Design & Implementation Evaluation Summary

TrustOTP: Hardware-assisted OTP Token Summary TrustOTP: Hardware-assisted OTP Token Security (Confidentiality, Integrity, Availability) Flexibility (Various and multiple ICEs) Little Impact on the Rich OS No need to modify the Rich OS Little Power Consumption Difference

References H. Sun, K. Sun, Y. Wang, J. Jing, and H. Wang, “TrustICE: Hardware-assisted Isolated Computing Environments on Mobile Devices,” in Proceedings of the 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’15), June 22-25, 2015. J. Jang, S. Kong, M. Kim, D. Kim, and B. B. Kang, “Secret: Secure channel between rich execution environment and trusted execution environment,” in 21st Annual Network and Distributed System Security Symposium, NDSS 2015, February 8-11, 2015. A. M. Azab, P. Ning, J. Shah, Q. Chen, R. Bhutkar, G. Ganesh, J. Ma, and W. Shen, “Hypervision across worlds: Real-time kernel protection from the ARM trustzone secure world,” in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 3-7, 2014. H. Sun, K. Sun, Y. Wang, J. Jing, and S. Jajodia, “Trustdump: Reliable memory acquisition on smartphones,” in Proceedings of 19th European Symposium on Research in Computer Security (ESORICS’14), September 7-11, 2014. C. Marforio, N. Karapanos, C. Soriente, K. Kostiainen, and S. Capkun, “Smartphones as practical and secure location verification tokens for payments,” in 21st Annual Network and Distributed System Security Symposium, NDSS 2014, February 23-26, 2014. N. Santos, H. Raj, S. Saroiu, and A. Wolman, “Using ARM trustzone to build a trusted language runtime for mobile applications,” in Architectural Support for Programming Languages and Operating Systems, ASPLOS ’14, March 1-5, 2014