HardSSH Cryptographic Hardware Key Team May07-20: Steven Schulteis (Cpr E) Joseph Sloan (EE, Cpr E, Com S) Michael Ekstrand (Cpr E) Taylor Schreck (Cpr.

Slides:

Advertisements

Similar presentations

A mobile single sign-on system Master thesis 2006 Mats Byfuglien.

Advertisements

Team 7 / May 24, 2006 Web Based Automation & Security Client Capstone Design Advisor Prof. David Bourner Team Members Lloyd Emokpae (team Lead) Vikash.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.

Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

University of Massachusetts Amherst InteLock TM Team: Emmanuel Seguin Josh Coffin Anh-Kiet Huynh Christos Tsiokos Remote Access and Proximity Key Advisor:

Remote Surveillance Vehicle Design Review By: Bill Burgdorf Tom Fisher Eleni Binopolus-Rumayor.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

SD Dec Team Members Client / Advisor Acknowledgements Victor Villagomez Cpr E Joe Grady E E Dr. Gary Tuttle Leland Harker Prakalp Sudhakar E E James.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

PIC Evaluation/ Development Board Dec02-12 December 10, 2002 Client: ECpE Department Faculty Advisors: Dr. Rover, Dr. Weber Chad Berg, Luke Bishop, Tyson.

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )

Computation for Physics 計算物理概論 Introduction to Linux.

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Serial Port to Serial Port Switch Design team May03-11 Abstract: This project requires the design of a new serial port switching matrix to replace a current.

draft-kwatsen-netconf-zerotouch-01

Abstract Other Resources Financial Resources Project Schedule Personnel Efforts Item DescriptionCost STK300 Microcontrollerdonated (Kanda) GM28 Cellular.

Optical Encoder for a Game Steering Wheel May Team members Sam DahlkeCpr E Peter FecteauCpr E Dan PatesEE Lorenzo SubidoEE Advisors Dr. James Davis.

Pump Controller Team Number: May06-12 Team Members Dwayne Stammer CprE Francois Munyakazi EE Dan Paulsen CprE/EE Faculity Advisor Nicola Elia Client Viking.

Abstract Evidence can be the key to convicting someone of a crime, or acquitting a person of charges brought against them. To make sure the evidence is.

Attack Tool Repository and Player for ISEAGE May Team:Jeremy Brotherton Timothy Hilby Brett Mastbergen Jasen Stoeker Faculty Advisor:Doug Jacobson.

The group will focus on the design of a “smart” device. This includes researching the best method of design and fabricating the design to create a working.

Smart Appliance / May Home Automation via the Web Client Senior Design Faculty Advisor Doug Jacobson Team Members Mark Melville (EE) Brendan Hickey.

Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.

Problem Statement Expanding the capabilities of an auto repair paint drying system that uses newly developed ultraviolet (UV) light activated paint. This.

Design Objectives The design should fulfill the functional requirements listed below Functional Requirements Hardware design – able to calculate transforms.

Attack Tool Repository and Player for ISEAGE May06-11 Abstract Today’s world is changing shape as it increases its dependency on computer technology. As.

Expert System Job Offer Evaluation Software May Abstract The project’s focus is to decide what criteria should be used to determine which job offer.

Testing Considerations Because of potential life threatening consequences resulting from device malfunction, it is critical that the device be fully tested.

Network Enabled Wearable Sensors The Combined Research Curriculum Development (CRCD) project works with the Virtual Reality Applications Center (VRAC)

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Abstract Evidence can be the key to convicting someone of a crime, or acquitting a person of charges brought against them. To make sure evidence is carefully.

Abstract Introduction End Product & Deliverables Resources Project Requirements Team Members: Faculty Advisors: Client: Team Members: Faculty Advisors:

Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.

Timothy Kritzler and Joseph Mintun Sponsor: Martin Engineering, Illinois Advisors: Dr. Malinowski and Dr. Ahn Bradley University Electrical and Computer.

Abstract The goal of our project is the continued restoration of the 8.5 meter dish at the Fick observatory in Boone, IA. Before restoration began, the.

Design Team : Advisor: Dr. Edwin Project Web Site: Client: Paul

| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.

Optical Encoder for a Game Steering Wheel May05-26 Client: Thomas Enterprises Advisors: Dr. James Davis Dr. Douglas Jacobson Team Members: Sam Dahlke,

D R A T D R A T ABSTRACT Every semester each department at Iowa State University has to assign its faculty members and teaching assistants (TAs) to the.

Introduction ProjectRequirements Project Requirements In a previous senior design project, a wireless front-end was added to Iowa State University’s Teradyne.

 Project overview  Block diagram  Design challenges  Individual contributions  Project demonstration  Questions / discussion.

Abstract Reiman Gardens is looking to provide more educational material on their website. They are seeking a web program that provides an enjoyable experience.

OSCAR Octagonal Speech Controlled Autonomous Robot ME Seth Alberty Henry Venes EE Matt FrerichsHuy Nguyen Daniel HumkeDavid Staab Daniel MarquisFahad Wajid.

Abstract Due to a change in demand, high voltage transmission circuits can become overloaded. Overloads are resolved by the dispatch of power based on.

Problem Statement The goal of this project is to complete the basic automated functions of the Dream Green putting surface. The objective is to produce.

Athletic Field Management System Faculty Advisors: John Lamont Ralph Patterson Tom Baird Project Client: Mary Beth Chinery Boone Area Recreation Department.

Project May07-14: Restaurant Automation April 24, 2007.

Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1.

LIGHTNING PROTECTION OF TRANSMISSION AND DISTRIBUTION LINES Team Members Eric Nelson, EE – Project LeaderDavid Dieterich, EE Tim Conrad, EE – Com. CoordinatorSam.

Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.

SECURE LAB: CREATING A CISCO 3550 VLSM NETWORK

Globey’s World K-6 Teaching Application Support and Software Ongo-08b

Outline What does the OS protect? Authentication for operating systems

Control system network security issues and recommendations

A Secure Wireless Interface between Personal Digital Assistants (PDAs)

Software Support Framework

Outline What does the OS protect? Authentication for operating systems

Java Embedded Network Intrusion Security

Personnel Effort Budget

A mobile single sign-on system

Globey’s World Ongo-08b Abstract End-Product Description Introduction

Automated Printed Circuit Board Development

Resources and Schedule

Final Conference in Paris WP6 – Protection Profiles Specification

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Kriti shreshtha.

Presentation transcript:

HardSSH Cryptographic Hardware Key Team May07-20: Steven Schulteis (Cpr E) Joseph Sloan (EE, Cpr E, Com S) Michael Ekstrand (Cpr E) Taylor Schreck (Cpr E) Faculty Adviser:Doug Jacobson Clients:Michael Ekstrand Steven Schulteis Abstract The Secure Shell (SSH) protocol allows for secure logins on remote computers without disclosing passwords or keys to intermediate devices on the network. However, when using an untrusted public computer which may have various malicious programs running, it is still possible for authentication credentials to be disclosed. This project focuses on building a device which will perform all the encryption and authentication operations necessary for SSH connections. Host software is being developed which will run on the untrusted computer and use the device to make an SSH connection to a remote server. Since all authentication is done on the device, using keys programmed into the device from a private, trusted computer, a user can establish a secure connection without compromising their authentication credentials in a public computing lab. Introduction Problem Statement When users log in to a Secure Shell (SSH) server from an untrusted computer (e.g., at a library), they have no way of protecting their authentication information from an attacker who may have tampered with the machine (left figure below). We solve this problem by storing authentication information in the device and passing it through the untrusted host in a way that the host can’t read it (see right figure below). Operating Environment Frequently transported (must withstand jostling/dropping) Access to USB port Room temperature during operation Intended Users SSH users who use public computing resources (students, hobbyists, employees) Some technical knowledge Intended Uses Protect authentication credentials from compromise Does not provide extra security after login Assumptions User can access a trusted computer User has USB read/write access on trusted & untrusted computers Limitations Device enclosure no larger than 2”x3.5”x.5” Powered by USB only Deliverables/End Product Working prototype and firmware Host software for using and managing the device User’s manual Project Requirements Design Objective To develop an implementation of SSH on an external USB device, with necessary accompanying software, to allow secure access to SSH servers from untrusted public computers. Functional Requirements Design Constraints The device must be powered solely by USB The device must be small, about 2" x 3.5" x 0.5“ All software and firmware must be buildable with free toolchains Milestones Problem defined Technology considered & selected Product designed Prototype implemented Product tested Product documentation completed Product demonstration completed Proposed Approach & Considerations Proposed Approach Build a small USB device with an embedded microcontroller which will implement the authentication and encryption layers of the SSH protocol. A host software program will provide data transfer between the device and the remote server and provide a user interface for using the SSH connection (data flow during operation will occur as in the diagram below). When run on a private trusted computer, the host software will allow the firmware, keys, and other sensitive data items on the device to be updated. Technologies Considered Testing Considerations Test each component as it is developed Perform final integration testing Have non-team-members test the product for usability Estimated Resources & Schedule Personnel Effort Project Schedule Financial Resources Other resources Freely available software packages (GCC compiler suite, Eclipse IDE, Java) IAR Embedded Workbench compiler (came with prototype board) JTAG debugging stub (provided by senior design) Prototype board paid for by the Information Assurance Center Itemw/ laborw/o labor Prototype board$300 Parts$182 PCB$120 Labor 10.50/hr)$9188$0 Totals$9790$602 Closing Summary The HardSSH device provides a more secure mechanism for using SSH software on untrusted systems. The project's solution includes the device hardware itself, the firmware implementing the SSH encryption and authentication, and the host software to use the device. With this solution, the user can login with SSH on an untrusted computer without compromising authentication information. The device shall connect to and be fully powered by USB User can define servers, load SSH private key, and perform other trusted functions The project shall allow the user to connect to a remote SSH server without disclosing authentication credentials to the local computer The device shall have updatable firmware Hardware Custom-built USB device (chosen) Firmware Embedded Linux FreeRTOS or eCos Custom software stack (chosen) Host Software C Python Java (chosen) Problem Solution End Product Data Flow