Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enforcement of Security Policy Compliance in Virtual Private Networks Prof. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh

Similar presentations


Presentation on theme: "Enforcement of Security Policy Compliance in Virtual Private Networks Prof. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh"— Presentation transcript:

1 Enforcement of Security Policy Compliance in Virtual Private Networks Prof. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh jcb@cs.pitt.edu Joint work with Haidong Xia and Jayashree Kanchana

2 Jose' Brustoloni 2 SSI 2005 Motivation ♦ Users often telecommute from home computers shared with children, or from computers borrowed at kiosks or cybercafés ♦ However, virtual private network (VPN) gateways usually authenticate only the user, not the computer the user is employing ♦ Attackers can easily bypass firewalls by infecting such computers

3 Jose' Brustoloni 3 SSI 2005 Previous proposed solutions ♦ Verify node’s configuration before accepting node in network ♦ Node sends list with node’s software configuration and versions to a network server ♦ Server may:  accept node’s configuration, or  confine node to restricted network that allows updating node’s software ♦ Expected to become common in a few years  Cisco’s Network Admission Control (NAC)  some routers with proprietary protocols commercially available  Microsoft’s Network Access Protection (NAP)  TCG’s Trusted Network Connect (TNC)  some architecture documents out, but important details outside charter

4 Jose' Brustoloni 4 SSI 2005 Continuing vulnerability ♦ Malicious node can spoof list with node’s software configuration and versions ♦ How can network server be sure of node’s configuration?

5 Jose' Brustoloni 5 SSI 2005 Secure coprocessors ♦ Trusted Computing Group (TCG) has standardized secure coprocessors (TPM) for just this type of problem ♦ Low cost ($4) ♦ Present in increasing number of computers from Lenovo/IBM, HP, Dell, and others

6 Jose' Brustoloni 6 SSI 2005 Our contributions 1. How to integrate secure coprocessors with operating system? ♦ Straightforward answer is vulnerable to buggy components other than the kernel → TCB prelogging ♦ Straightforward answer is also vulnerable to tampering by privileged users → Security association root tripping 2. How to keep node under its owner’s control? ♦ Danger of software lock-in → Sealing-free attestation confinement 3. How to integrate secure coprocessors with network protocols? ♦ Straightforward answer is vulnerable to man-in-the-middle (MITM) attacks → Bound Keyed Attestation (BKA)

7 Jose' Brustoloni 7 SSI 2005 Authenticated boot Core Root of Trust for Measurement = BIOS boot block TPM Measurement Agents e.g., daemons and configuration files

8 Jose' Brustoloni 8 SSI 2005 How to fit many measurements into a small TPM ♦ TPM contains only a limited number of Platform Configuration Registers (PCRs) for storing measurements  TPM 1.1: 16 PCRs, each 160 bits long ♦ PCRs are initialized to known value at boot time ♦ Measurement agent (MA) stores a measurement in a PCR by  concatenating current value of PCR with measurement,  computing secure hash (SHA-1) of concatenation, and  storing the result into PCR ♦ MA also records measurement in measurement log:  each record contains module name, version, supplier name or URL, and actual measurement of each software module in chain of trust  stored in ordinary, unprotected memory outside TPM  tampering revealed by inconsistency with PCRs inside TPM  infeasible to alter log and maintain consistency with PCR

9 Jose' Brustoloni 9 SSI 2005 Attestation ♦ Challenger sends nonce to node ♦ Node’s operating system asks node’s secure coprocessor to sign quote (software digests currently stored in coprocessor) ♦ Signature uses private key generated within coprocessor ♦ A trusted third party previously verified that a compliant secure coprocessor is bound to node and issued a certificate that gives secure coprocessor’s public key ♦ Node’s operating system sends measurement log (with each software component’s secure hash), quote, and certificate to challenger ♦ Challenger verifies certificate, log, and quote

10 Jose' Brustoloni 10 SSI 2005 TCB prelogging ♦ Trusted Computing Base (TCB):  anything that could compromise node’s security  includes kernel, configuration files, daemons, root setuid applications ♦ How can we be sure that TCB is measured? ♦ Our solution: use TCB list (itself part of TCB) ♦ Kernel:  Prelogs items in TCB list into secure coprocessor at boot time  Measures these items, as well as any daemons and root setuid applications, at open or exec time  In case of discrepancy, logs it into secure coprocessor and breaks any security associations that depend on the TCB list

11 Jose' Brustoloni 11 SSI 2005 Security association root tripping ♦ Privileged users (e.g., root) can change configuration after boot time  e.g., sysctl, ifconfig ♦ Our solution: If user insists in logging in as root: 1. Drop any security associations that depend on TCB list  e.g., destroy keys necessary for network access 2. Log event into secure coprocessor  node will need to reboot before regaining access

12 Jose' Brustoloni 12 SSI 2005 Sealing-free attestation confinement ♦ Secure coprocessor also enables sealing data such that data retrieval is possible only when platform has the same configuration ♦ Danger of software lock-in: software seals to itself node owner’s data  can’t use competing applications  may lose data if software provider disappears ♦ Our solution:  Operating system supports attestation but not sealing  Integrate attestation only with intranet access control protocols, which typically cannot cross firewalls

13 Jose' Brustoloni 13 SSI 2005 MITM attack against attestation authentication server MITM conformant host nonce quote tunnel (e.g. TLS)

14 Jose' Brustoloni 14 SSI 2005 Our solution: Bound Keyed Attestation ♦ Combine attestation with Diffie-Helman to generate shared secret ♦ Cryptographically bind secret with tunnel’s keys → Guarantee that attestation and tunnel endpoints are the same

15 Jose' Brustoloni 15 SSI 2005 BKA protocol

16 Jose' Brustoloni 16 SSI 2005 Experimental results ♦ Implemented all mechanisms on FreeBSD 4.8 running on IBM ThinkPad T30 with 1.8 GHz Pentium 4 and TPM 1.1b secure coprocessor ♦ Integrated BKA with IKE ♦ VPN gateway was Dell computer with 2.4 GHz Pentium 4 without secure coprocessor ♦ TCB prelogging, security association root tripping, and sealing- free attestation confinement have negligible impact on FreeBSD 4.8 boot latency or run-time performance

17 Jose' Brustoloni 17 SSI 2005 IKE latency and projected throughput with or without BKA Unmodified IKEIKE + BKA Latency (s)1.23.6 Projected throughput (clients/min) 428277 All of the difference between latency with or without BKA can be attributed to secure coprocessor’s quote time (2.5 s) Throughput with BKA can be easily increased by using multiple authentication servers

18 Jose' Brustoloni 18 SSI 2005 Related work ♦ NAP, NAC, TNC ♦ Bear ♦ TcgLinux ♦ Microsoft’s NGSCB / Intel’s LT ♦ Terra

19 Jose' Brustoloni 19 SSI 2005 Conclusions ♦ VPN gateways need to authenticate not only users, but also users’ computers ♦ Several commercial proposals to authenticate nodes’ configuration, but they are vulnerable to spoofing ♦ Secure coprocessors can block spoofing, but have challenges of their own ♦ We introduced several new solutions to these challenges:  TCB prelogging  Security association root tripping  Sealing-free attestation confinement  Bound Keyed Attestation ♦ Experiments show that our techniques have acceptable overhead


Download ppt "Enforcement of Security Policy Compliance in Virtual Private Networks Prof. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh"

Similar presentations


Ads by Google