Presentation is loading. Please wait.

Presentation is loading. Please wait.

TrustOTP: Smartphone as One-Time Password Token

Published byHugo Stanley Modified over 9 years ago

Similar presentations

Presentation on theme: "TrustOTP: Smartphone as One-Time Password Token"— Presentation transcript:

1 TrustOTP: Smartphone as One-Time Password Token
Instructor: Kun Sun, Ph.D.

2 Outline Introduction Background Design & Implementation Evaluation Related work Summary

3 Outline Introduction Background Related work Design & Implementation Evaluation Summary

4 One-time Password (OTP)
A password that is valid for only one login session or transaction Not vulnerable to replay attacks Widely used in Two-factor Authentication HOTP (Hash-based) & TOTP (Time-based) Hardware Token & Software APP

5 Existing Solutions Hardware-based Software-based Limitations
RSA SecurID Yubikey Software-based Google Authenticator McAfee One-time Password Limitations Hardware: not flexible Unprogrammable Software: not secure Vulnerable to external attacks

6 Outline Introduction Background Related work Design & Implementation Evaluation Summary

7 TrustZone Background TrustZone A system-wide approach
Two isolated execution domains: secure domain and normal domain TZIC (TrustZone Interrupt Controller) Secure interrupt--FIQ Non-secure interrupt-- IRQ GPIO (General Purpose I/O) TrustZone is a system-wide approach to provide hardware-level isolation on ARM platforms. It creates two isolated execution domains: secure domain and normal domain. The secure domain has a higher access privilege than the normal domain, so it can access the resources of the normal domain such as memory, CPU registers and peripherals, but not vice versa. There’s an NS bit in the CPU processor to control and indicate the state of the CPU - 0 means the secure state and is in secure domain while 1 means the normal state and is in normal domain. There’s an additional CPU mode, monitor mode, which only runs in the secure domain regardless of the value of the NS bit. The monitor mode serves as a gatekeeper between the normal domain and the secure domain. If the normal domain requests to switch to the secure domain, the CPU must first enter the monitor mode. The system bus also contains a bit to indicate the state of the bus transaction. Thus, normal peripherals can only perform normal transactions, but not the secure transactions.

8 Outline Introduction Background Related work Design & Implementation Evaluation Summary

9 TrustZone-related work
TrustICE (Sun et al.[1]) Isolated Computing Environment in the normal domain SeCReT (Jang et al.[2]) Secure channel between secure domain and normal application Hypervision (Azab et al.[3]) Real-time kernel protection in the normal domain TrustDump (Sun et al.[4]) Reliable Memory Acquisition of the mobile OS Smartphone as location verification token for payments (Marforio et al.[5]) Trusted Language Runtime for trusted applications in the secure domain (Santos et al.[6])

10 Outline Introduction Background Related work Design & Implementation Evaluation Summary

11 One-time Password on Smartphone
Integrate physical tokens into smartphone Requirements: Security Malicious mobile OS cannot compromise the keying material in the one-time password (OTP) generator It cannot read the OTP Reliability and Availability OTP works even if mobile OS crashes Trusted inputs (e.g., clock time) for the OTP generator Trusted display

12 TrustZone-based Solution
ARM TrustZone Technology Two isolated execution environments Mobile OS cannot access the disk, memory, CPU states of the OTP generator. A secure clock for OTP generator A self-contained display and touchscreen.

13 TrustOTP Framework In the Secure domain
Shard I/O device with the Rich OS Reliable switch between domains

14 Boot Sequence Secure storage Memory Isolation Secure boot MicroSD card
Watermark Mechanism TZASC (TrustZone Address Space Controller) Secure boot Secure bootloader Non-secure bootloader Rich OS

15 TrustOTP Trigger Reliable switch Non-maskable interrupt (NMI)
The Rich OS cannot block or intercept Secure interrupt (FIQ) The Rich OS cannot manipulate Interrupt source (Configurable) Physical button Timer

16 OTP Generation Hash-based One-time Password (HOTP)
Event triggered Key & Counter Time-based One-time Password (TOTP) Time synchronized Key & Clock

17 OTP Display Secure I/O User-friendly manner
Display: IPU (Image Processing Unit)+LCD Input: 4-wire resistive touchscreen User-friendly manner Rich OS and TrustOTP run concurrently Watchdog timer 1.5 seconds / cycle (Through experiment) 0.5 second for display 1 second for input 2~3 numbers

18 Control Flow Tampering
Security Analysis Information Leakage Generated OTPs Shared Keys Control Flow Tampering Code Integrity Execution Integrity (Interrupt) Denial-of-Service Switch between domains Static & dynamic code Display

19 Outline Introduction Background Related work Design & Implementation Evaluation Summary

20 Before OTP display (60.48 ms)
TrustOTP Performance Before OTP display (60.48 ms) After OTP display (7.52 ms) Step Operation Time (ms) 1 Domain Switching 0.002 2 Context Saving 0.0006 3 TOTP/HOTP Generation 0.048/0.044 4 Background Matching 49.85 5 OTP Drawing 8.029 6 IPU Check 2.22 7 Framebuffer Replacement 0.28 Step Operation Time (ms) 1 Flushing IPU & Rich OS Recovery 7.47 2 Domain Switching 0.05

21 Impact on the Rich OS Rich OS vs. TrustOTP Antutu Vellamo CPU & RAM
I/O devices Vellamo

22 TrustOTP without Display
Power Consumption Rich OS Average=2,128 mW TrustOTP Running Average=2,230 mW TrustOTP without Display

23 Outline Introduction Background Related work Design & Implementation Evaluation Summary

24 TrustOTP: Hardware-assisted OTP Token
Summary TrustOTP: Hardware-assisted OTP Token Security (Confidentiality, Integrity, Availability) Flexibility (Various and multiple ICEs) Little Impact on the Rich OS No need to modify the Rich OS Little Power Consumption Difference

25 References H. Sun, K. Sun, Y. Wang, J. Jing, and H. Wang, “TrustICE: Hardware-assisted Isolated Computing Environments on Mobile Devices,” in Proceedings of the 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’15), June 22-25, 2015. J. Jang, S. Kong, M. Kim, D. Kim, and B. B. Kang, “Secret: Secure channel between rich execution environment and trusted execution environment,” in 21st Annual Network and Distributed System Security Symposium, NDSS 2015, February 8-11, A. M. Azab, P. Ning, J. Shah, Q. Chen, R. Bhutkar, G. Ganesh, J. Ma, and W. Shen, “Hypervision across worlds: Real-time kernel protection from the ARM trustzone secure world,” in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 3-7, 2014. H. Sun, K. Sun, Y. Wang, J. Jing, and S. Jajodia, “Trustdump: Reliable memory acquisition on smartphones,” in Proceedings of 19th European Symposium on Research in Computer Security (ESORICS’14), September 7-11, 2014. C. Marforio, N. Karapanos, C. Soriente, K. Kostiainen, and S. Capkun, “Smartphones as practical and secure location verification tokens for payments,” in 21st Annual Network and Distributed System Security Symposium, NDSS 2014, February 23-26, 2014. N. Santos, H. Raj, S. Saroiu, and A. Wolman, “Using ARM trustzone to build a trusted language runtime for mobile applications,” in Architectural Support for Programming Languages and Operating Systems, ASPLOS ’14, March 1-5, 2014

Download ppt "TrustOTP: Smartphone as One-Time Password Token"

Similar presentations

1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
1 September 1, 2014.  Motivation  Background  TrustDump Architecture  Implementation Details  Evaluation  Summary 2.

1 September 1,  Motivation  Background  TrustDump Architecture  Implementation Details  Evaluation  Summary 2.
Operating System Structure

Operating System Structure
Computer Science HyperSentry: Enabling Stealthy In-context Measurement of Hypervisor Integrity Ahmed M. Azab, Peng Ning, Zhi Wang, Xuxian Jiang North Carolina.

Computer Science HyperSentry: Enabling Stealthy In-context Measurement of Hypervisor Integrity Ahmed M. Azab, Peng Ning, Zhi Wang, Xuxian Jiang North Carolina.
Threads, SMP, and Microkernels Chapter 4. Process Resource ownership - process is allocated a virtual address space to hold the process image Scheduling/execution-

Threads, SMP, and Microkernels Chapter 4. Process Resource ownership - process is allocated a virtual address space to hold the process image Scheduling/execution-
1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.

1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.
Dongyan Wang GlobalPlatform Technical Program Manager

Dongyan Wang GlobalPlatform Technical Program Manager
Introduction to Operating Systems CS-2301 B-term 20081 Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.

Introduction to Operating Systems CS-2301 B-term Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.
OS Fall ’ 02 Introduction Operating Systems Fall 2002.

OS Fall ’ 02 Introduction Operating Systems Fall 2002.
1 How Low Can You Go? Recommendations for Hardware- Supported Minimal TCB Code Execution Bryan Parno Arvind Seshadri Adrian Perrig Carnegie Mellon University.

1 How Low Can You Go? Recommendations for Hardware- Supported Minimal TCB Code Execution Bryan Parno Arvind Seshadri Adrian Perrig Carnegie Mellon University.
OS Spring’03 Introduction Operating Systems Spring 2003.

OS Spring’03 Introduction Operating Systems Spring 2003.
University College Cork IRELAND Hardware Concepts An understanding of computer hardware is a vital prerequisite for the study of operating systems.

University College Cork IRELAND Hardware Concepts An understanding of computer hardware is a vital prerequisite for the study of operating systems.
Figure 1.1 Interaction between applications and the operating system.

Figure 1.1 Interaction between applications and the operating system.
1 Last Class: Introduction Operating system = interface between user & architecture Importance of OS OS history: Change is only constant User-level Applications.

1 Last Class: Introduction Operating system = interface between user & architecture Importance of OS OS history: Change is only constant User-level Applications.
Real-Time Kernels and Operating Systems. Operating System: Software that coordinates multiple tasks in processor, including peripheral interfacing Types.

Real-Time Kernels and Operating Systems. Operating System: Software that coordinates multiple tasks in processor, including peripheral interfacing Types.
outline Purpose Design Implementation Market Conclusion presentation Outline.

outline Purpose Design Implementation Market Conclusion presentation Outline.
Towards Application Security On Untrusted OS

Towards Application Security On Untrusted OS
1 OS & Computer Architecture Modern OS Functionality (brief review) Architecture Basics Hardware Support for OS Features.

1 OS & Computer Architecture Modern OS Functionality (brief review) Architecture Basics Hardware Support for OS Features.
Software Design Division 秘 CONFIDENTIAL Panther Content Security Mar. 14, 2014 Sony Corporation.

Software Design Division 秘 CONFIDENTIAL Panther Content Security Mar. 14, 2014 Sony Corporation.
Building Trusted Path on Untrusted Device Drivers for Mobile Devices

Building Trusted Path on Untrusted Device Drivers for Mobile Devices

Similar presentations

Ads by Google