Zhangkai Zhang
Gene Tsudik
ABSTRACT
Many popular modern processors include an important hardware security feature in the form of a DRTM (Dynamic Root of Trust for Measurement) that helps bootstrap trust and resists software attacks. However, despite substantial body of prior research on trust establishment, security of DRTM was treated without involvement of the human user, who represents a vital missing link. The basic challenge is: how can a human user determine whether an expected DRTM is currently active on her device?
In this paper, we define the notion of "presence attestation", which is based on mandatory, though minimal, user participation. We present three concrete presence attestation schemes: sight-based, location-based and scene-based. They vary in terms of security and usability features, and are suitable for different application contexts. After analyzing their security, we assess their usability and performance based on prototype implementations.
Supplemental Material
- T. Abera, N. Asokan, L. Davi, J.-E. Ekberg, T. Nyman, A. Paverd, A.-R. Sadegi, and G. Tsudik. C-FLAT: Control-flow ATtestation for embedded systems software. In Proceedings of ACM CCS, 2016. Google Scholar
Digital Library
- AMD. Secure virtual machine architecture reference manual. Technical report, Advanced Micro Devices, 2005.Google Scholar
- ARM. ARM security technology - building a secure system using trustzone technology. http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf.Google Scholar
- A. M. Azab, P. Ning, J. Shah, Q. Chen, R. Bhutkar, G. Ganesh, J. Ma, and W. Shen. Hypervision across worlds: Real-time kernel protection from the arm trustzone secure world. In Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS), 2014. Google ScholarDigital Library
- A. M. Azab, K. Swidowski, R. Bhutkar, J. Ma, W. Shen, R. Wang, and P. Ning. SKEE: A lightweight secure kernel-level execution environment for ARM. In Proceedings of NDSS, 2016. Google ScholarCross Ref
- M. Barbosa, B. Portela, G. Scerri, and B. Warinschi. Foundations of hardware-based attested computation and application to sgx. In Proceedings of IEEE European Symposium on Security and Privacy (EuroS&P), 2016. Google ScholarCross Ref
- E. F. Brickell, J. Camenisch, and L. Chen. Direct anonymous attestation. In V. Atluri, B. Pfitzmann, and P. D. McDaniel, editors, ACM Conference on Computer and Communications Security, pages 132--145. ACM, 2004. Google ScholarDigital Library
- S. Capkun and J.-P. Hubaux. Secure positioning in wireless networks. IEEE Journal on Selected Areas in Communications: Special Issue on Security in Wireless Ad Hoc Networks, February.Google Scholar
- L. Chen, R. Landfermann, H. Löhr, M. Rohe, A.-R. Sadeghi, and C. Stüble. A protocol for property-based attestation. In STC '06: Proceedings of the first ACM workshop on Scalable trusted computing, pages 7--16, New York, NY, USA, 2006. ACM Press. Google ScholarDigital Library
- Y. Cho, J. Shin, D. Kwon, M. J. Ham, Y. Kim, and Y. Paek. Hardware-assisted on-demand hypervisor activation for efficient security critical code execution on mobile devices. In USENIX ATC, 2016.Google Scholar
- I. Corporation. Innovative instructions and software model for isolated execution. http://privatecore.com/wp-content/uploads/2013/06/HASP-instruction-presentation-release.pdf.Google Scholar
- I. Corporation. Intel Trusted Execution Technology (Intel TXT) software development guide, Dec 2009.Google Scholar
- J. Danisevskis, M. Peter, J. Nordholz, M. Petschick, and J. Vetter. Graphical user interface for virtualized mobile handsets. In MOST, 2015.Google Scholar
- K. Eldefrawy, A. Francillon, D. Perito, and G. Tsudik. SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust. In Proceedings of the 19th Annual Network and Distributed System Security Symposium, February 5--8, San Diego, USA, San Diego, UNITED STATES, 02 2012.Google Scholar
- O. S. Hofmann, S. Kim, A. M. Dunn, M. Z. Lee, and E. Witchel. Inktag: secure applications on an untrusted operating system. In Proceedings of the 18th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2013. Google ScholarDigital Library
- M. Lange and S. Liebergeld. Crossover: secure and usable user interface for mobile devices with multiple isolated OS personalities. In Annual Computer Security Applications Conference, ACSAC '13, New Orleans, LA, USA, December 9--13, 2013, pages 249--257, 2013. Google ScholarDigital Library
- Y. Li, J. McCune, J. Newsome, A. Perrig, B. Baker, and W. Drewry. Minibox: A two-way sandbox for x86 native code. In 2014 USENIX Annual Technical Conference, 2014.Google ScholarDigital Library
- Y. Li, J. M. McCune, and A. Perrig. VIPER: verifying the integrity of peripheral's firmware. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS), 2011. Google ScholarDigital Library
- J. M. McCune, Y. Li, N. Qu, Z. Zhou, A. Datta, V. Gligor, and A. Perrig. Trustvisor: Efficient TCB reduction and attestation. In Proceedings of the 2010 IEEE Symposium on Security and Privacy (S&P), 2010.Google ScholarDigital Library
- J. M. McCune, B. Parno, A. Perrig, M. K. Reiter, and H. Isozaki. Flicker: An execution infrastructure for TCB minimization. In Proceedings of the ACM European Conference in Computer Systems (EuroSys), Apr. 2008. Google ScholarDigital Library
- J. M. McCune, A. Perrig, and M. K. Reiter. Seeing-is-believing: Using camera phones for human-verifiable authentication. In Proceedings of the 2005 IEEE Symposium on Security and Privacy (S&P'05, 2005.Google ScholarDigital Library
- J. Nordholz, J. Vetter, M. Peter, M. Junker-Petschick, and J. Danisevskis. Xnpro: Low-impact hypervisor-based execution prevention on arm. In Proceedings of the 5th International Workshop on Trustworthy Embedded Devices, TrustED '15, pages 55--64, New York, NY, USA, 2015. ACM. Google ScholarDigital Library
- B. Parno, J. M. McCune, and A. Perrig. Bootstrapping Trust in Modern Computers. Springer, 2011. Google ScholarCross Ref
- K. B. Rasmussen and S. Capkun. Realization of rf distance bounding. In Proceedings of the 19th USENIX Security Symposium, 2010.Google Scholar
- R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and implementation of a TCG-based integrity measurement architecture. In Proceedings of the 13th conference on USENIX Security Symposium, pages 16--16, 2004.Google ScholarDigital Library
- F. Schuster, M. Costa, C. Fournet, C. Gkantsidis, M. Peinado, G. Mainar-Ruiz, and M. Russinovich. Trustworthy data analytics in the cloud using sgx. In Proceedings of the 35th IEEE Symposium on Security and Privacy (S&P), 2015. Google ScholarDigital Library
- A. Seshadri, M. Luk, N. Qu, and A. Perrig. Secvisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. In Proceedings of the 21st ACM Symposium on Operating Systems Principles (SOSP), 2007. Google ScholarDigital Library
- A. Seshadri, A. Perrig, L. van Doorn, and P. K. Khosla. SWATT: Software-based attestation for embedded devices. In IEEE Symposium on Security and Privacy, pages 272--, 2004. Google ScholarCross Ref
- D. Shen, Z. Zhang, X. Ding, Z. Li, and R. Deng. H-binder: A hardened binder framework on android systems. In Proceedings of SecureComm, 2016.Google Scholar
- H. Sun, K. Sun, Y. Wang, J. Jing, and H. Wang. Trustice: Hardware-assisted isolated computing environments on mobile devices. In Ieee/ifip International Conference on Dependable Systems and Networks, pages 367--378, 2015.Google ScholarDigital Library
- Trusted Computing Group. TPM main specification. Main Specification Version 1.2 rev. 85, Feb. 2005.Google Scholar
- A. Vasudevan, S. Chaki, L. Jia, J. McCune, J. Newsome, and A. Datta. Design, implementation and verification of an extensible and modular hypervisor framework. In Proceedings of the 34th IEEE Symposium on Security and Privacy (S&P), 2014.Google Scholar
- Z. Zhou, V. D. Gligor, J. Newsome, and J. M. McCune. Building Verifiable Trusted Path on Commodity x86 Computers. In Proceedings of the 33rd IEEE Symposium on Security and Privacy, S&P, May 2012.endthebibliography Google ScholarDigital Library
Index Terms
- Presence Attestation: The Missing Link in Dynamic Trust Bootstrapping
Recommendations
Single Attestation Image for a Trusted and Scalable Grid
Traditionally, Grid users are forced to trust the Grid platforms, but the users are not always regarded as trustworthy. This trust asymmetry hinders the commercializing of Grid resources. Trusted Grid is proposed to tackle this challenge by leveraging ...
Mutual Attestation Using TPM for Trusted RFID Protocol
NETAPPS '10: Proceedings of the 2010 Second International Conference on Network Applications, Protocols and ServicesThe massive deployment of RFID tag to various systems raises some issues regarding security and privacy. RFID system without trust enhancement poses security threat because secret data can be easily revealed to adversary system by due to unverified ...
Direct anonymous attestation
CCS '04: Proceedings of the 11th ACM conference on Computer and communications securityThis paper describes the direct anonymous attestation scheme (DAA). This scheme was adopted by the Trusted Computing Group (TCG) as the method for remote authentication of a hardware module, called Trusted Platform Module (TPM), while preserving the ...
Comments