on smartphones tablets
play

on Smartphones & Tablets with Trusted Computing Stefan Saroiu - PowerPoint PPT Presentation

Apr 05, 2024 •490 likes •1.34k views

Protecting Data on Smartphones & Tablets with Trusted Computing Stefan Saroiu Microsoft Research (Redmond) Smartphones have displaced PCs as the primary computing device Smartphones Store Sensitive Data Sensor Readings Have Value

  1. Protecting Data on Smartphones & Tablets with Trusted Computing Stefan Saroiu Microsoft Research (Redmond)

  2. Smartphones have displaced PCs as the primary computing device

  3. Smartphones Store Sensitive Data

  4. Sensor Readings Have Value

  5. Implications ▪ High value of smartphone data creates incentives for “bad” guys: ▪ 3 rd -parties want to steal data ▪ 1 st -parties want to fabricate/alter data Data is under attack from malware, apps, or users

  6. Smartphones and Tablets Are Easily Lost or Stolen

  7. Implications ▪ Data loss due to device loss is common ▪ Attackers have easy access to device ▪ Memory-based attacks are inexpensive ▪ Cold-boot, bus snooping/monitoring, DMA Cannot afford to neglect physical attacks

  8. This Talk: Two Approaches 1. Software abstractions for mobile devices: ▪ Firmware-TPM (trusted platform module) ▪ Trusted sensors ▪ Cloud-TPM: cross-device TPM-protection 2. New systems leveraging trusted hardware ▪ Sentry: protect data against memory attacks ▪ TLR: small secure runtime at the language-level

  9. Acknowledgements ▪ Microsoft Research researchers & engineers: ▪ Alec Wolman, Himanshu Raj, and many others (next slide) ▪ Microsoft Research interns: ▪ Patrick Colp (U. of British Columbia) ▪ He Liu (U. of California at San Diego, now with Google) ▪ Chen Chen (ETH Zurich) ▪ Nuno Santos (MPI-SWS, now with U. of Lisbon) ▪ External collaborators: ▪ Jiawen Zhang, James Gleeson, Sahil Suneja, Eyal de Lara U. of T oronto ▪ Krishna Gummadi (MPI-SWS) ▪ Rodrigo Rodrigues (MPI-SWS, now with IST, Portugal)

  10. fTPM: A Software-only Implementation of a TPM Chip Himanshu Raj, Stefan Saroiu, Alec Wolman, Ronald Aigner, Jeremiah Cox, Paul England, Chris Fenner, Kinshuman Kinshumann, Jork Loeser, Dennis Mattoon, Magnus Nystrom, David Robinson, Rob Spiger, Stefan Thom, David Wooten Microsoft (published at USENIX Security 2016)

  11. Motivation ▪ Many systems ms in indu dustr stry & r & resear arch ch rely on TPMs ▪ Bitlocker, trusted sensors, Chrome OS, etc … ▪ Chall llen enge ge: Smartphones & tablets lack TPMs today ▪ TPM: never designed to meet space, cost, power constraints } ? ▪ Obs bservatio ion:

  12. Big Problem These CPU features omit several secure resources found on trusted hardware

  13. Research Question Can we overcome these limitations to build systems whose security ~trusted hardware? Answer swer: : Yes Contrib ntributions utions: • 3 approaches to overcome TrustZone’s limitations (lessons relevant to SGX also) • Security analysis of fTPM vs TPM chips • fTPM shipped millions of Microsoft Surface & WP

  14. Outline ▪ Motivation ▪ Background on TPM ▪ ARM TrustZone and its shortcomings ▪ High-level architecture & threat model ▪ Overcoming TrustZone limitations: three approaches ▪ Performance evaluation ▪ Conclusions

  15. What are TPMs? ▪ Hardware root of trust offering: ▪ Strong machine identity ▪ Software rollback prevention ▪ Secure credentials store ▪ Software attestation

  16. What are TPMs good for? ▪ Shipped Products by Industry: ▪ Protects “data -at- rest” (Google, Microsoft) ▪ Prevents rollback (Google) ▪ Virtual smart cards (Microsoft) ▪ Early-Launch Anti-Malware (Microsoft) ▪ Research: ▪ Secure VMs for the cloud [SOSP’11] ▪ Secure offline data access [OSDI ‘12] ▪ Trusted sensors for mobile devices [MobiSys ’11, SenSys ‘11] ▪ Cloaking malware [Sec ‘11]

  17. TPM: 1.0  1.1  1.2  2.0 ▪ Late 1999 : TCPA is formed (IBM, HP , Intel, Microsoft, …) ▪ 2001 2001: TPM specification 1.0 is released ▪ Never adopted by any hardware AFAIK ▪ Late 2001: TPM 1.1 is released ▪ 2002 2002: IBM Thinkpad T30 uses first discrete TPM chip ▪ 2003 2003: TCPA morphs into TCG ▪ 2007 2007: pin reset attack ▪ 2008 2008: TPM 1.2 ▪ Very popular, many hardware vendors built chips ▪ 2014 2014: TPM 2.0

  18. New in TPM 2.0 ▪ Newer cryptography ▪ TPM 1.2: SHA-1, RSA ▪ TPM 2.0: SHA-1, RSA, SHA-256, ECC ▪ TPM 2.0 provides a reference implementation ▪ “the code is the spec” ▪ Much more flexible policy support ▪ Read this as “more (useful) bells and whistles”

  19. Outline ▪ Motivation ▪ Background on TPM ▪ ARM TrustZone and its shortcomings ▪ High-level architecture & threat model ▪ Overcoming TrustZone limitations: three approaches ▪ Performance evaluation ▪ Conclusions

  20. Normal World (NW) Secure World (SW) Secure Monitor Layer (software) ARM Hardware

  21. Booting Up ARM Hardware

  22. Booting Up Secure Monitor Layer (software) ARM Hardware

  23. Booting Up Allocates memory Restricts its access to Secure World-only More setup… Secure Monitor Layer ARM Hardware

  24. Booting Up Secure World (SW) Secure Monitor Layer ARM Hardware

  25. Booting Up Secure World (SW) Secure Monitor Layer ARM Hardware

  26. Normal World (NW) Secure World (SW) Secure Monitor Layer ARM Hardware

  27. ARM TrustZone Properties ▪ Isolated runtime that boots first ▪ Curtained memory ▪ Ability to map interrupts delivered to Secure World ▪ Secure monitor dispatches interrupts

  28. ARM TrustZone Limitations Lack of accessibility Lack of virtualization

  29. Outline ▪ Motivation ▪ Background on TPM ▪ ARM TrustZone and its shortcomings ▪ High-level architecture & threat model ▪ Overcoming TrustZone limitations: three approaches ▪ Performance evaluation ▪ Conclusions

  30. High-Level architecture Normal World Secure World fTPM Other secure services Commodity OS TEE Runtime Linux/Windows TEE Dispatcher TEE Monitor ARM SoC Hardware ▪ TEE: trusted execution environment (small codebase) ▪ Monitor, dispatcher, runtime ▪ Most hardware resources mapped to Normal World ▪ For better perf.

  31. Threat Model: What Threats are In-Scope? Goals fTPM TPM chip Malicious software (e.g., malware, compromised OS) Time-based side-channel Cache-based side-channel Denial-of-Service Power analysis-based side-channel Memory attacks (e.g., coldboot, bus sniffing, JTAG) See “Memory Attacks” (ASPLOS 2015)

  32. Outline ▪ Motivation ▪ Background on TPM ▪ ARM TrustZone and its shortcomings ▪ High-level architecture & threat model ▪ Overcoming TrustZone limitations: three approaches ▪ Performance evaluation ▪ Conclusions

  33. ARM TrustZone Limitations Helpful observation: huge ARM eco-system out there ▪ eMMC controller present on many ARM SoCs ▪ Has provisions for trusted storage ▪ Secure fuses: write-once, read-always registers ▪ Can act as “seed” for deriving crypto keys ▪ Entropy for TrustZone can be added easily

  34. ARM Eco-system Offers eMMC ▪ eMMC controllers can setup one partition as Replay-Protected Memory Block (RPMB) ▪ RPMB primitives: ▪ One-time programmable authentication keys: ▪ fTPM uses “seed” from secure fuse to generate auth. keys ▪ fTPM writes auth. keys to eMMC controller upon provisioning ▪ Authenticated reads and writes (uses internal counters) ▪ Nonces

  35. ARM TrustZone Limitations eMMC & Secure fuses Entropy Timer & changed semantics of TPM commands

  36. Three Approaches 1. Provision additional trusted hardware 2. Make design compromises 3. Change semantics of TPM commands Do not affect TPM’s security!

  37. Problem: Long-Running Commands ▪ Design requirements: ▪ Code running in secure world must be minimal ▪ e.g., TEE lacks pre-emptive scheduler ▪ fTPM commands cannot be long-lived ▪ Commodity OS “freezes” during fTPM command ▪ Creating RSA keys can take 10+ seconds on slow mobile devices!!!

  38. Solution: Cooperative Checkpointing … … Oops, it’s been a long time Normal World Secure World

  39. Three Approaches 1. Provision additional trusted hardware 2. Make design compromises 3. Change semantics of TPM commands Do not affect TPM’s security!

  40. Background: TPM Unseal Guess PIN Guess PIN Guess PIN 2 nd time 1 st time 3 rd time TPM w/ storage Failed Failed Failed Lockout Attempts++ Attempts++ Attempts++ Period

  41. Problem: Dark Periods ▪ During dark periods: ▪ Problem: storage unavailable ▪ Danger: TPM Unseal commands not safe ▪ Example of dark period: During boot: ▪ Firmware (UEFI) finished running and unloaded ▪ OS loader is running (OS not fully loaded)

  42. Possible Attack during Dark Period Guess PIN Guess PIN Guess PIN Guess PIN 2 nd time 1 st time 3 rd time Reboot 4 th time TPM without Failed Failed Failed storage Attempts++ Attempts++ Attempts++ Dark period entered here

  43. Solution: Dirty Bit ▪ Write dirty bit to storage before enter dark period ▪ If dark period exited, dirty bit is cleared ▪ If machine reboots during dark period, bit remains dirty ▪ Possibility #1: Legitimate user reboots machine ▪ Possibility #2: Attacker attempts to guess PIN ▪ Solution: Upon fTPM bootup, if bit dirty enter lockout

  44. Dirty Bit Stops Attack Guess PIN Guess PIN Guess PIN 2 nd time 1 st time 3 rd time Reboot fTPM Set Dirty Failed Failed Failed Lockout Bit Attempts++ Attempts++ Attempts++ Period Dark period entered here

  45. Outline ▪ Motivation ▪ Background on TPM ▪ ARM TrustZone and its shortcomings ▪ High-level architecture & threat model ▪ Overcoming TrustZone limitations: three approaches ▪ Performance evaluation ▪ Conclusions

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CORPORATE PRESENTATION 2014 ABOUT DIGITAL GAMING Digital gaming is everywhere Smartphones &

CORPORATE PRESENTATION 2014 ABOUT DIGITAL GAMING Digital gaming is everywhere Smartphones &

CORPORATE PRESENTATION 2014 ABOUT DIGITAL GAMING Digital gaming is everywhere Smartphones & Tablets Feature phones TVs & STBs Smartphones, tablets, smart TVs, STBs, smart watches Installed base of 2 billion smartphones and

433 views • 25 slides
Device Disinfection Challenges Staff & visitor devices (smartphones, tablets, etc) pose

Device Disinfection Challenges Staff & visitor devices (smartphones, tablets, etc) pose

Device Disinfection Challenges Staff & visitor devices (smartphones, tablets, etc) pose environmental contamination risk Chemical solutions often damage sensitive touchscreens (and chemical cleaners are excluded from mobile device OEM

557 views • 14 slides
PayCard and Payroll Best Practices Smartphones, Tablets and Watches in Payroll Presenter: Dallas

PayCard and Payroll Best Practices Smartphones, Tablets and Watches in Payroll Presenter: Dallas

PayCard and Payroll Best Practices Smartphones, Tablets and Watches in Payroll Presenter: Dallas Wilfong Agenda PayCards today Millennials in the work force? Apps in Payroll Recent paycard regulation changes Speaker Dallas

658 views • 47 slides
audience on their smartphones, tablets, websites, email, text, social media, and mobile apps

audience on their smartphones, tablets, websites, email, text, social media, and mobile apps

Personal engagement with consumers on their mobile devices Mobile marketing is a multi-channel, digital marketing strategy aimed at reaching a target audience on their smartphones, tablets, websites, email, text, social media, and mobile apps

384 views • 19 slides
Mobile Devices Smartphones, tablets and other devices Design considerations Android as a

Mobile Devices Smartphones, tablets and other devices Design considerations Android as a

Mobile Devices Smartphones, tablets and other devices Design considerations Android as a platform Design What makes mobile design different? Touch Interfaces In this course, we have mostly discussed the development of computer interfaces,

366 views • 33 slides
http://jdsp.asu.edu http://jdsp.asu.edu iJDSP: A Mobile Signal Analysis App for iOS Smartphones

http://jdsp.asu.edu http://jdsp.asu.edu iJDSP: A Mobile Signal Analysis App for iOS Smartphones

http://jdsp.asu.edu http://jdsp.asu.edu iJDSP: A Mobile Signal Analysis App for iOS Smartphones and Tablets Student Programmers: Jinru Liu and Shuang Hu Student Support Team: Jayaraman Thiagarajan, Karthikeyan Ramamurthy, Deepta Rajan, Sophia

549 views • 22 slides
Natural Charcoal Tablets TM Natural Charcoal Tablets Freshness, with a touch of Heritage

Natural Charcoal Tablets TM Natural Charcoal Tablets Freshness, with a touch of Heritage

TM TM Natural Charcoal T ablets Natural Charcoal Tablets Presenting TM Natural Charcoal Tablets TM Natural Charcoal Tablets Freshness, with a touch of Heritage Safety, with added Convenience Irfaz brings to you an exclusive range of

294 views • 16 slides
Smart Charcoal Tablets from Malaysia Smart Charcoal Tablets from Malaysia Freshness, with a

Smart Charcoal Tablets from Malaysia Smart Charcoal Tablets from Malaysia Freshness, with a

TM Natural Charcoal T ablets Smart Charcoal Tablets from Malaysia Presenting Smart Charcoal Tablets from Malaysia Smart Charcoal Tablets from Malaysia Freshness, with a touch of Heritage Safety, with added Convenience Irfaz brings to you

690 views • 16 slides
Premium Charcoal Tablets from Malaysia Premium Charcoal Tablets from Malaysia Freshness, with a

Premium Charcoal Tablets from Malaysia Premium Charcoal Tablets from Malaysia Freshness, with a

TM Natural Charcoal T ablets Premium Charcoal Tablets from Malaysia Presenting Premium Charcoal Tablets from Malaysia Premium Charcoal Tablets from Malaysia Freshness, with a touch of Heritage Safety, with added Convenience Irfaz brings

373 views • 16 slides
Mobile - Smartphones, Tablets, Wearable (Smartwatch) ENABLES EXTRA FREE SPACE Fits Minimal Form

Mobile - Smartphones, Tablets, Wearable (Smartwatch) ENABLES EXTRA FREE SPACE Fits Minimal Form

KLIKE - The SMART INTERFACE COMPANY For the POST-PC devices Where Usability and Texting are Critical Minimal Form Factor 3D Camera

609 views • 8 slides
Technology, Tablets and Tips Managing Your Business on the Go l o c a l l y r e l e v a n t ,

Technology, Tablets and Tips Managing Your Business on the Go l o c a l l y r e l e v a n t ,

Technology, Tablets and Tips Managing Your Business on the Go l o c a l l y r e l e v a n t , p e r s o n a l i s e d t r a i n i n g Background Each state identified training priorities Using tablets ranked highly Not for

146 views • 11 slides
Privacy on Smartphones Presentation by Claude Barthels Roadmap TaintDroid: An

Privacy on Smartphones Presentation by Claude Barthels Roadmap TaintDroid: An

Privacy on Smartphones Presentation by Claude Barthels Roadmap TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones MockDroid: Trading Privacy for Application Functionality on Smartphones

429 views • 38 slides
New Generation TCO Certified Available for all product categories Displays

New Generation TCO Certified Available for all product categories Displays

New Generation TCO Certified Available for all product categories Displays Notebooks Tablets Smartphones All-in-one PCs Headsets Projectors Update purchasing document to: Latest version of TCO

857 views • 9 slides
1 Welcome! In this session we will explore computers and coding and how to talk to

1 Welcome! In this session we will explore computers and coding and how to talk to

1 Welcome! In this session we will explore computers and coding and how to talk to computers! First, lets play some Fact or Fiction Games. Game 1: Of the following three statements. Which one is false? 1. Smartphones and tablets are

649 views • 22 slides
Looking to the Future: Use of Smartphones & Beyond Mick Foy 15 th September 2014 Vigilance

Looking to the Future: Use of Smartphones & Beyond Mick Foy 15 th September 2014 Vigilance

Looking to the Future: Use of Smartphones & Beyond Mick Foy 15 th September 2014 Vigilance and Risk Management of Medicines Agenda Use of smartphones & social media What does this mean for pharmacovigilance Introducing WEB-RADR

498 views • 20 slides
Mobile Computing Solutions vs Tablets What defines a true mobile computing solution for a field

Mobile Computing Solutions vs Tablets What defines a true mobile computing solution for a field

D E -R ISKING E NTERPRISE M OBILITY Mobile Computing Solutions vs Tablets What defines a true mobile computing solution for a field worker? Why your users/clients are asking for Tablets Customers are demanding anytime access to data, and

385 views • 19 slides
Understanding Software System Behavior With ML and Time Series Data QCon.ai SF April 11,

Understanding Software System Behavior With ML and Time Series Data QCon.ai SF April 11,

Understanding Software System Behavior With ML and Time Series Data QCon.ai SF April 11, 2018 David Andrzejewski - @davidandrzej Engineering, Sumo Logic Sumo Logic Confidential Intro / context Currently: Sumo Logic since 2011

1.21k views • 99 slides
Obstacles in Numerical Calculations Erik Schnetter Paris, November 2006 Obstacles in Numerical

Obstacles in Numerical Calculations Erik Schnetter Paris, November 2006 Obstacles in Numerical

Obstacles in Numerical Calculations Erik Schnetter Paris, November 2006 Obstacles in Numerical Calculations General Numerical Relativity Analysis Numerical Relativity Layout Hawking Energy Ricci tensor and higher derivatives

494 views • 13 slides
October 7th, 1997 6:00pm Arrive hotel in New York City. Phone system does not support

October 7th, 1997 6:00pm Arrive hotel in New York City. Phone system does not support

October 7th, 1997 6:00pm Arrive hotel in New York City. Phone system does not support my modem. Cell phone reception is terrible. 8:45pm Phone call from Eric Bates. I think that we have a visitor. Wed October

836 views • 37 slides
Evaluating Technologies UNC COMP 523 Wed Sep 2, 2020 Prof. Jeff Terrell 1 / 30 Announcements

Evaluating Technologies UNC COMP 523 Wed Sep 2, 2020 Prof. Jeff Terrell 1 / 30 Announcements

Evaluating Technologies UNC COMP 523 Wed Sep 2, 2020 Prof. Jeff Terrell 1 / 30 Announcements intro music: Any Colour You Like by Pink Floyd, because (a) you get to pick colors (colours) in your designs and (b) most of you get some say in what

621 views • 30 slides
Functional Programming June 2, 2019 Functional Programming June 2, 2019 1 / 24 Mayer Goldberg \

Functional Programming June 2, 2019 Functional Programming June 2, 2019 1 / 24 Mayer Goldberg \

Functional Programming June 2, 2019 Functional Programming June 2, 2019 1 / 24 Mayer Goldberg \ Ben-Gurion University Mayer Goldberg \ Ben-Gurion University Road Map Functional Programming June 2, 2019 2 / 24 Introduction to Functional

411 views • 24 slides
rs t rs

rs t rs

rs t rs t rt Ptr r r

619 views • 18 slides
2 nd semester Topic 35: Messages on the phone In our daily life we are trying to save our

2 nd semester Topic 35: Messages on the phone In our daily life we are trying to save our

2 nd semester Topic 35: Messages on the phone In our daily life we are trying to save our time by sending short, but understandable messages to our friends This movement is on trend now Since we have connection to the internet

317 views • 6 slides
Timo Sirainen Dovecot Solutions Oy http://www.dovecot.org/ Talk Overview Quick introduction

Timo Sirainen Dovecot Solutions Oy http://www.dovecot.org/ Talk Overview Quick introduction

Timo Sirainen Dovecot Solutions Oy http://www.dovecot.org/ Talk Overview Quick introduction v2.1: Statistics, Full Text Search changes v2.1/v2.2: dsync-based replication v2.1: IMAP Adaptor Questions Dovecot? IMAP, POP3

572 views • 20 slides

More recommend