Partha Dasgupta, Arizona State University

Consumer Identity and Consumer Identity and Consumer Computing SecurityConsumer Computing Security

Rev.2–Feb. 2004

Background

Personal Authentication Stop ID theft

Hardware Based Security Beyond TCG HTM – Hardware Trust Management

Software based security STM – Software Trust Management

If I didn't wake up, I'd still be sleeping.

““Look what a fine mess Look what a fine mess you've gotten us into, Ollie!”you've gotten us into, Ollie!”

Fine Mess?

The Internet for the masses, deployed about 9 years ago Internet security measures phased in over the next 3-4

years: SSL/IPSec firewalls antivirus software. IDS systems Certificates

Yet the e-commerce infrastructure is totally insecure Viruses, Phishing attacks, Scams, Social Engineering

Identity theft and financial embezzlement are increasing at an alarming rate

Pharming attacks, Rootkits more insidious methods coming

The Problem

Private information is easy to compromise Viruses, keyboard sniffers, rootkits Getting common and threats are significant

Financial and business information at risk Money is involved Losses can be large (even if consumers are not held responsible)

Trusted platform designs are immediately needed All known software methods are at risk Rootkits are undetectable

Viruses have “unlimited power” Steal, cheat, fool, spoof, masquerade, change input/output

A nickel ain't worth a dime anymore

Personal Identity Security

Identity A property of humans, devices, entities Authentication: “What you know, what you have and who you are”.

Transactions run on behalf of Alice MUST be initiated by Alice, with the knowledge of Alice.

Identity assurance in the present day is irretrievably broken.

Shared Secrets do not work

The Undeniable Truth:Any “private” information can and will be misused.

System Security

Network Security has been studied in depth and countermeasures deployed effectively

Sniffing TCP-IP stack attacks Firewalls Replay attacks Modification Attacks DoS attacks

DoS vs. other attacks DoS is not in the same class

System Security has taken a back seat Virus detectors Not effective

Nero fiddled while Rome burned

“What is your Threat Model?”

To design effective security procedures we need a good threat model

Threat models formalizes risks Solutions can be tailored to meet risks contained in the threat model Realistic threat models are needed Threat models can be “too strong”

The network security solutions are based on the “Internet Threat Model (ITM)”

Hosts are Secure, and trustable, the network is not.

What is a good threat model for system security?

You should always go to other people's funerals. Otherwise they won't come to yours.

The Thompson Threat Model

Ken Thompson, Turing Award Lecture 1984

Reflections on Trusting Trust

Bottom Line: If you did not write the code, and the

compiler and the assembler you cannot trust a program

Software cannot be trusted.

Ken Thompson: “The moral is obvious. You can't trust code that you did not totally create yourself….

“No amount of source-level verification or scrutiny will protect you from using untrusted code…..

“A well installed microcode bug will be almost impossible to detect….

Viral Threat Model

The Thompson Threat Model (TTM) is “too strong”, Viral Threat Model (VTM)

Network can be trusted; Hosts are not to be trusted. Network security solved all network problem Even without security, networks are remarkably secure

Why? Viruses are pervasive and anti-viral software is myopic and

ineffective. General purpose software has continually shown vulnerabilities.

If all software is subject to viral threat, then the VTM becomes equivalent to TTM.

Modify the threat model to include trusted software

You've got to be very careful if you don't know where you're going, because you might not get there.

Viral Threat Model

Viral Threat Model (VTM) Network can be trusted; Hosts are not to be trusted. Network security solved all network problem Even without security, networks are remarkably secure

Why? Viruses are pervasive and anti-viral software is myopic and

ineffective. General purpose software has continually shown vulnerabilities.

– (Will not get fixed, installed base is large)

If all software is subject to viral threat, then the VTM becomes equivalent to TTM.

Modify the threat model to include trusted software

Modified Viral Threat Model

Some software is assumed to be immune to viral attack

Weaker, ineffective?

Cannot prevent every attack – but

Can we make threats low incidence and tolerable?

Like crime in society? Detection, punishment, effective policies? “Trust but Verify”

Commodity applications have (and will have) vulnerabilities

Commodity Operating Systems have (and will have) vulnerabilities

We made too many wrong mistakes.

Bottom Line

No PKI, no security

Secure processors need a “human in the loop”

Human in the loop means the need for a human to see securely and communicate securely

Secure Display Secure Keyboard (not software controlled)

Programmability may be a curse

Multi Factor Authentication

What you know.

What you have.

Who you are. Password

ID Card

Biometrics

Sniffable, phishable,

leaky

Depends on the card

VERY VULNERABLE – not to be used for ID

at a distanceID theft vulnerability

Multi Factor Authentication

What you know.

What you have.

Who you are. Password

ID Card

Biometrics

Sniffable, phishable,

leaky

Depends on the card

VERY VULNERABLE – not to be used for ID

at a distanceID theft vulnerability

Public Key Infrastructure

Too complicated(for consumers)

Unnecessary Everything works “all right” without PKI No one understands PKI Will my grandma use PKI?

Reality Check – nothing is working “all right” right now!

Public KeyPrivate Key

CertificateCertificate Authority

Keep this secret

Why PKI?

Can shared secret elimination be done? Make all “secret information” public (privacy is a separate issue). Use public keys as ID and challenge response as the authentication

technique Need mobile gadgets that work in e-commerce as well as brick and

mortar locations “Smart Cards” – PKI enabled

Bad news: This approach is vulnerable to the VTM.

DoD Common Access Card A well designed authentication system….. But……

Common Access Card Private Keys are Secure on the card Challenge response ensures non-spoofable identification and

signatures Certificates provide MITM resilience All transactions can be signed by the card

A virus on the host can trick the card into performing signatures and challenge responses without the owner’s permission

PIN Phishing Malicious Log-on Fraudulent Signatures and transactions Possible software download vulnerabilities

Solution?

Human in the Loop Each time a PKI operation is

performed a human has to know what is going on

Need out of band methods for verfication of trasactions

Cell phone calls?

Research Issue 1: How to put the human in charge?

Research Issue 2: How to minimize human interference,

without compromising security?

This is Secure

Yeah, Right

Security Appliance

ComputerApplications

Web BrowserPlug-insViruses

Secure Processor

PKI softwareKeys

CertificatesTrusted keys

NOT secure

Secure – preferably non-programmable

More Secure Devices

Mobile devices Movable devices Wireless enabled Infrastructural

devices Server Security

Products Anti Virus Protection “Secure Downloads”

“Secure”Processor

Bus Access

OS

Check the OS for untrusted

code

Check the Applications for untrusted code

Applications

MVTM Software Approach

How to secure computing systems under the MTVM?

What is the solution under MVTM? Some software has to be declared trusted! Trusted software: Functions as advertised, independently verified,

cannot be “easily” compromised Compromise of trusted software should be detectable Hardware techniques may be used to “check” or “verify” Trust delegation – trusted software can declare other software to the

trusted (trust level would be lower). Leads to hierarchies of trust.

Above solution is a start, we plan to refine it.

Two Approaches

The Software Approach A VMM that is trusted [augment with hardware

checking] The VMM checks on the OS Add vault features to VMM [not advisable, see later] Secure human I/O needed

The hardware approach Have a hardware “OS” in hardware Vault + Checker for software OS [similar to the software above] Works independently from the software (is the “boss”) Has complete access to physical memory (and virtual memory) Secure human I/O needed

Both approaches need “Human in the Loop”

Hierarchical Trust Management

Chain of “Checkers” Levels of Trust

Need not be single chain

Attacking a VMM

Application

OS

VMM

Rootkit the OS

Rootkit the VMM

Install Attack Code

Attacker

VMMs are not impervious, but they may be harder to attack and can be made hardened

Securing the VMM

VMM is small, vulnerability testing can be simpler (hopefully)

Do not include networking support in VMM Do not include security/trust management in VMM

VMM can check OS for rootkits OS can run virus detectors for applications “Signed applications only” for secure systems

Add a special trusted system as a HOS on VMM: Security Manager - SM

SM can check VMM for rootkits [verification] VM can check SM for rootkits [verification]

The Software Trust Manager

SM is a small OS+Application suite that runs in a separate virtual machine

It has at least the following: Network Stack and Termination SSL-IPSec terminations NAT Server, DHCP Key Vault + Signature software Stores hashes of

applications/OS/VMM Stores trusted public keys Secure I/O to human

Functions: Checking Software, Signature

Verification Digital signatures Human in the Loop - policies

Why Humans?

SM needs to “talk” to a human, and know its talking to a humanWHY?

Sign financial transactions Authentication, logging into secure sites Updating keys, certificates Updating hashes, trusted public keys Provide Alerts More?

HOW? Separate hardware channel, separate hardware display/keyboard

No system can be made secure without a secure human interface!

Key things

Security =Private keys + humans + key vaults + hash checks on software

PKI is essential for authentication (shared secrets are a problem).

“Trusted Public Keys” and “Trusted Hashes” need human verification

Any financial transaction signing should use human verification

Bottom Line: Prevent viruses, and yet assume viral attacks will happen and create defenses for that situation

Trusted Hardware TCG/TPM

A good direction Hardware is resilient to tampering, cannot be reprogrammed easily Secure vault for keys/certificates

Vulnerabilities TPM can be “fooled” by viral software TPM is under the control of the OS – can be bypassed

Complex software layers – may have vulnerabilities

If the world were perfect, it wouldn't be.

The HTM Approach

Use a Hardware Module to check the Operating System

HTM must have secure I/O to user

Combined Trust Hierarchy

Hardware Checker

VMM

SM

HOS

Antivirus

Signed apps

app

app

app

Near Term Research Plan

Fast Prototyping: VMM off the shelf with minor modifications SM: Application run on stock OS SM: Add cryptographic protocols and SM: Secure I/O is simulated Hardware checker is an FPGA board VMM OS rootkit detector, with simple hashing scheme

Testing and Verification Insert code into applications and operating systems using “helpers”

to check detection capabilities Attempt to update VMM or SM and/or hardware simulator

I really didn't say everything I said.

Conclusions

System Security is the next frontier Cryptography is useless when keys can be stolen Shared secret schemes are bad, public keys can be

ineffective too.

Integrated design needed: Human Verification Some hardware or robust software

+ protocols + protocols + policies