the security of tees
play

the Security of TEEs Master-Thesis of Fritz Alder In cooperation - PowerPoint PPT Presentation

Feb 27, 2024 •108 likes •472 views

TEE Combining Trusted Hardware to Enhance the Security of TEEs Master-Thesis of Fritz Alder In cooperation with Aalto University, Finland Supervisor: Prof. Katzenbeisser Supervisor at Aalto University: Dr. Andrew Paverd and Prof. Asokan

  1. TEE² – Combining Trusted Hardware to Enhance the Security of TEEs Master-Thesis of Fritz Alder In cooperation with Aalto University, Finland Supervisor: Prof. Katzenbeisser Supervisor at Aalto University: Dr. Andrew Paverd and Prof. Asokan Fachbereich Informatik | Security Engineering Group | Prof. Katzenbeisser | 1

  2. Motivation • Trusted Execution Environments (TEEs) provide isolated execution of security sensitive pieces of code that can be attested by remote parties. ➢ TEEs have the potential to ensure security in cloud computing environments • Real-world TEEs and their implementations are prone to attacks and bugs ➢ Trust in real-world TEEs is difficult to achieve, possibly slowing down adoption ➢ Can we combine multiple TEEs to achieve security even if all but one TEE is compromised? 2

  3. Trusted Execution Environment (TEE) • Physical host Separated from TEE Rich Execution REE TA1 Environment (REE) execute TA1 • Executes Trusted Applications (TAs) • • Provides: Code integrity verified by TEE (e.g. with certificates) • No direct access to TAs from REE • Code integrity • Access only through predefined call-gates • Isolated execution • Sealed data • TEE attestation 3

  4. Trusted Execution Environment (TEE) • Physical host Separated from TEE Rich Execution No access TA2 REE 2 TA1 Environment (REE) from other TAs • Executes Trusted No access Applications (TAs) from REE • Provides: 1 • Code integrity Sealed storage • Isolated execution • Sealed data Remote • TEE attestation attestation 4

  5. System model – Ideal TEE • Similar to Honest but Curious cloud provider model: Host Secure Access • User communicates with TEE channel to host TEE • Adversary has full control of host User Adversary • Adversary has no interest in DoS • Code integrity • Adversary goal: Undermine any • Isolated execution • Sealed data of the four TEE properties • TEE attestation 5

  6. Real-world TEE adversaries Weak attacker Strong attacker S W • • Compromises TEE confidentiality Compromises TEE confidentiality and integrity ➢ Can read run-time secrets and • sealed data Has access to architectural secrets or can influence TEE integrity ➢ But: Can not fake attestations or ➢ Can fully impersonate the TEE impact TEE integrity 6

  7. Combined TEE – Design • User communicates with two Host unique TEEs Access to • Adversary has full control over TEE all hosts both untrusted hosts • Adversary can choose to Host Adversary User compromise any TEE Secure channel TEE Can compromise • User stays unware of choice to both TEEs one TEE by • Combined TEE remains secure choice as long as at least one TEE is uncompromised Combined TEE 7

  8. Random Number Generation TEE TEE Goal: request 1. Generate a random string.. 2. ...that is unknown by an attacker response + attestation 3. ...and can be attested by remote parties as being actually randomly combine generated responses + attestations 8

  9. Random Number Generation – weak adversary TEE TEE Goal: W request 1. Generate a random string.. 2. ...that is unknown by an attacker response + attestation 3. ...and can be attested by remote parties as being actually randomly combine generated responses + attestations 9

  10. Random Number Generation – weak adversary TEE TEE Goal: W request 1. Generate a random string.. 2. ...that is unknown by an attacker response + attestation 3. ...and can be attested by remote parties as being actually randomly combine generated responses + attestations 10

  11. Random Number Generation – strong adversary TEE TEE Goal: S request 1. Generate a random string.. 2. ...that is unknown by an attacker response + attestation 3. ...and can be attested by remote parties as being actually randomly combine generated responses + attestations 11

  12. Random Number Generation – strong adversary TEE TEE Goal: S request request 1. Generate a random string.. true random 2. ...that is unknown by an attacker response + attestation 3. ...and can be attested by remote request parties as being actually randomly combine calculated generated response responses + attestations 12

  13. Random Number Generation – strong adversary TEE TEE Goal: request 1. Generate a random string.. commitment 2. ...that is unknown by an attacker bind to 3. ...and can be attested by remote commitment parties as being actually randomly reveal generated combine responses + attestations Check commitments 13

  14. Random Number Generation – strong adversary TEE TEE TEE TEE request commitment bind to commitment chain reveal combine 14

  15. Random Number Generation – strong adversary TEE TEE TEE TEE TEE S S S request commitment bind to commitment chain reveal combine 15

  16. Protocol Design • Combined TEE protocols differ from Ideal TEE protocols • No TEE can have knowledge of or control over any part of a secret TEE • Instead, protocols need to protect against S compromised TEEs • Defined a range of utility, one-party, and two- party protocols • TEE ElGamal operations • Key Exchange • Signing • Messaging • Store-and-forward • • Random Number Generation Oblivious Transfer 16

  17. ElGamal operations – key generation TEE TEE Goal: 1. Operate on private keys held by request key generation the TEEs... 2. ...that are attestable 3. ...and can not be learned during return decryption public keys 4. ...but can be used for confidential combine private key private key public keys messages to the user responses + attestations 17

  18. ElGamal operations – decryption TEE TEE Goal: 1. Operate on private keys held by Ciphertext C private key private key the TEEs... request decryption 2. ...that are attestable 3. ...and can not be learned during decryption return decryption 4. ...but can be used for confidential combine shares messages to the user shares 18

  19. ElGamal operations – decryption TEE S TEE Goal: 1. Operate on private keys held by Ciphertext C private key private key the TEEs... request decryption 2. ...that are attestable 3. ...and can not be learned during decryption return decryption 4. ...but can be used for confidential combine shares messages to the user shares 19

  20. ElGamal operations – decryption TEE S TEE Goal: 1. Operate on private keys held by Ciphertext C private key private key the TEEs... request decryption 2. ...that are attestable 3. ...and can not be learned during decryption return decryption 4. ...but can be used for confidential combine shares messages to the user shares y1 = x1 * G ; y2 = x2 * G ; Y = y1 + y2 ; C1 = k*G ; C2 = M + k*x1*G + k*x2*G C = (C1,C2); d1 = -x1 * C1 ; d2 = -x2 * C1 ; M = C2 + d1 + d2 20

  21. Two-party protocols • Both parties can try to cheat and can compromise N-1 TEEs • ..but do not collaborate • Protocols require active participation from both users • More than a simple attestation verification A B TEE TEE 21

  22. Policy based store-and-forward A B TEE TEE Goal: 1. Secretly share data with Split secret user B (XOR) 2. Only B can reveal the store secret secret request 3. B can not reveal the secret secret if a policy is not matched check check policy policy reveal secret Jump to implementation 22

  23. Oblivious transfer – ideal version A B TEE A has a list L of n items send L Goals: choose m 1. B can select up to m items items 2. B should not learn more than m items A should not learn B‘s choices 3. (except the value of m ) 4. No third party should learn any items or choices 23

  24. Oblivious transfer – Combined TEE A B TEE TEE A has a list L of n items establish n keys Goals: 1. B can select up to m items encrypt L send 2. B should not learn more with keys encrypted L than m items A should not learn B‘s 3. choices (except the value request m keys of m ) 4. No third party should learn check check reveal m any items or choices policy policy keys 24

  25. Oblivious transfer – Combined TEE A B TEE TEE A has a list L of n items establish n keys Goals: 1. B can select up to m items encrypt L send 2. B should not learn more with keys encrypted L than m items A should not learn B‘s 3. choices (except the value request m keys of m ) 4. No third party should learn check check reveal m any items or choices policy policy keys 25

  26. Oblivious transfer – Combined TEE A B TEE TEE A has a list L of n items establish n ? keys Goals: 1. B can select up to m items encrypt L send 2. B should not learn more with keys encrypted L than m items A should not learn B‘s 3. choices (except the value request m keys of m ) 4. No third party should learn check check reveal m any items or choices policy policy keys 26

  27. Oblivious transfer – Combined TEE A B TEE TEE A has a list L of n items establish n 1. Involve B keys Goals: 2. Shuffle keys 1. B can select up to m items encrypt L send 2. B should not learn more with keys encrypted L than m items A should not learn B‘s 3. choices (except the value request m keys of m ) 4. No third party should learn check check reveal m any items or choices policy policy keys 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The 25 Year Environment Plan 21 March 2018 Tees Valley Nature Partnership & Your Tees

The 25 Year Environment Plan 21 March 2018 Tees Valley Nature Partnership & Your Tees

A Green Future The 25 Year Environment Plan 21 March 2018 Tees Valley Nature Partnership & Your Tees Catchment Partnership The plans vision It is this Governments ambition to leave our environment in a better that puts the

509 views • 12 slides
Tees-Swale: naturally connected Project area Tees-Swale project area 829 sq km Project

Tees-Swale: naturally connected Project area Tees-Swale project area 829 sq km Project

Tees-Swale: naturally connected Project area Tees-Swale project area 829 sq km Project rationale More, bigger, better and joined up The first priority is to enhance the quality of remaining wildlife habitat Project rationale

323 views • 30 slides
Tees Valley Nature Partnership Steering Group 18 th December 2019 Middlesbrough Football Club

Tees Valley Nature Partnership Steering Group 18 th December 2019 Middlesbrough Football Club

Tees Valley Nature Partnership 2019 Tees Valley Nature Partnership Steering Group 18 th December 2019 Middlesbrough Football Club Tees Valley Nature Partnership 2019 Nature and economy working together Support policies & projects Embed a

342 views • 17 slides
384966 Debbie Osborne d.osborne@tees.ac.uk 01642 738257 Firstly .. Thank you for agreeing to

384966 Debbie Osborne d.osborne@tees.ac.uk 01642 738257 Firstly .. Thank you for agreeing to

Prescribing from the Community Practitioners Formulary CCH3062-N Bernadette Martin B.Martin@tees.ac.uk 01642 384966 Debbie Osborne d.osborne@tees.ac.uk 01642 738257 Firstly .. Thank you for agreeing to mentor your student Mentor website

444 views • 9 slides
TEES VALLEY OBC UPDATE FOR DARLINGTON SCRUTINY 25 TH OCTOBER 2018 JIM BUSBY AGENDA 1. Local

TEES VALLEY OBC UPDATE FOR DARLINGTON SCRUTINY 25 TH OCTOBER 2018 JIM BUSBY AGENDA 1. Local

TEES VALLEY OBC UPDATE FOR DARLINGTON SCRUTINY 25 TH OCTOBER 2018 JIM BUSBY AGENDA 1. Local Partnerships 2. Waste Management in the Tees Valley 3. OBC Summary and Content 4. Development of the Waste Management Strategy Policy Review

450 views • 16 slides
& Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic

& Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic

Hardware Security Trusted Execution Environments (TEEs) & Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic hardware-backed security solutions smartcard for users HSM (Hardware Security Module) in

774 views • 63 slides
Wildlife Group Puts County on Guard (Local Wildlife Sites in the Tees Valley) Jeremy

Wildlife Group Puts County on Guard (Local Wildlife Sites in the Tees Valley) Jeremy

Wildlife Group Puts County on Guard (Local Wildlife Sites in the Tees Valley) Jeremy Garside Tees Valley Wildlife Trust Middlesbrough's Local Wildlife Sites Wetlands Species Sites Woodlands Post-Industrial Grasslands Neutral

356 views • 21 slides
Proposed Merger of CCGs in County Durham and the Tees Valley Dr Neil OBrien, Chief Clinical

Proposed Merger of CCGs in County Durham and the Tees Valley Dr Neil OBrien, Chief Clinical

Proposed Merger of CCGs in County Durham and the Tees Valley Dr Neil OBrien, Chief Clinical Officer Darlington Clinical Commissioning Group Durham Dales, Easington and Sedgefield Clinical Commissioning Group Hartlepool and Stockton-on-Tees

473 views • 11 slides
Ordering in Tees Valley and County Durham CCGs Changes to Repeat Prescription Ordering in Tees

Ordering in Tees Valley and County Durham CCGs Changes to Repeat Prescription Ordering in Tees

Changes to Repeat Prescription Ordering in Tees Valley and County Durham CCGs Changes to Repeat Prescription Ordering in Tees Valley and County Durham CCGs Repeat prescriptions Many patients have a repeat prescription meaning that

571 views • 11 slides
RULES PRESENTATION - SUBMITTED QUESTIONS On a measured course, on the yellow or red tees how far

RULES PRESENTATION - SUBMITTED QUESTIONS On a measured course, on the yellow or red tees how far

RULES PRESENTATION - SUBMITTED QUESTIONS On a measured course, on the yellow or red tees how far in front or behind the marker can the tee of the day be in order to have a qualifying competition B) What is the overall change in length that must

88 views • 7 slides
A NATIONAL Off Site AGENCY Manufacturing WORKING LOCALLY Bill Carr Head of Area (Tees

A NATIONAL Off Site AGENCY Manufacturing WORKING LOCALLY Bill Carr Head of Area (Tees

Successful places with homes and jobs Zero Carbon and A NATIONAL Off Site AGENCY Manufacturing WORKING LOCALLY Bill Carr Head of Area (Tees Valley) Welcome from Bill Carr HCA Head of Area (Tees Valley) Bill.Carr@hca.gsi.gov.uk Workshop

343 views • 6 slides
The epidemiology, clinicopathological characteristics and outcomes of GISTs in Durham and Tees

The epidemiology, clinicopathological characteristics and outcomes of GISTs in Durham and Tees

The epidemiology, clinicopathological characteristics and outcomes of GISTs in Durham and Tees Valley ( Melissa Friel , Helen Wescott, YKS Vishwanath, Nick Wadd, Anjan Dhar) Anjan Dhar DM, MD, FRCPE, AGAF, MBBS (Hons.), Cert. Med. Ed Senior

235 views • 20 slides
Tees, Esk & Wear Valleys NHS FT Smokefree Update Smokefree Trust 1 TEWV went smokefree in

Tees, Esk & Wear Valleys NHS FT Smokefree Update Smokefree Trust 1 TEWV went smokefree in

Tees, Esk & Wear Valleys NHS FT Smokefree Update Smokefree Trust 1 TEWV went smokefree in March 2016 Over 3200 staff trained to date to a minimum of brief advice 2 All in-patient ward areas stocked with nicotine products 3 Nicotine

224 views • 10 slides
Coast astal al & Wad ading ing Bir irds ds Pr Project ject Jacky Watson Tees Valley

Coast astal al & Wad ading ing Bir irds ds Pr Project ject Jacky Watson Tees Valley

Coast astal al & Wad ading ing Bir irds ds Pr Project ject Jacky Watson Tees Valley Wildlife Trust Im Impro prove e cha hances nces for our r nesting ting and d over erwint wintering ering bi birds ds Did you know?

328 views • 28 slides
GS1 Standards improving clinical effectiveness and patient safety Chris Tulloch, North Tees and

GS1 Standards improving clinical effectiveness and patient safety Chris Tulloch, North Tees and

GS1 Standards improving clinical effectiveness and patient safety Chris Tulloch, North Tees and Hartpool Hospitals NHS Trust Friday 4 th November 2016, HSE Dr Steevens We re passionate about Putting patients first Quality, safety and

247 views • 22 slides
An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song,

An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song,

An Open Framework for Architecting TEEs Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic Trusted Execution Environment (TEE) Applications User Program and Data Remote OS Attestation Trustworthy Hardware

815 views • 50 slides
Asphalt Quality Assurance Program & Construction Inspection 2015 Asphalt Regional Seminars

Asphalt Quality Assurance Program & Construction Inspection 2015 Asphalt Regional Seminars

Asphalt Quality Assurance Program & Construction Inspection 2015 Asphalt Regional Seminars Rob Crandol, P.E. Trenton Clark, P.E. VDOT Materials Division Virginia Asphalt Association Assistant State Materials Engineer Director of

523 views • 51 slides
Objectives Probability and Random Processes To provide general theoretical results as well as

Objectives Probability and Random Processes To provide general theoretical results as well as

Objectives Probability and Random Processes To provide general theoretical results as well as mathematical tools 2013-2014. Fall term suitable for modelling random phenomena. Study of specific applications of the theoretical concepts. Josep F`

613 views • 4 slides
+ Advanced Sampling Algorithms + Mobashir Mohammad Hirak Sarkar Parvathy Sudhir

+ Advanced Sampling Algorithms + Mobashir Mohammad Hirak Sarkar Parvathy Sudhir

+ Advanced Sampling Algorithms + Mobashir Mohammad Hirak Sarkar Parvathy Sudhir Yamilet Serrano Llerena Advanced Sampling Aditya Kulkarni Algorithms Tobias Bertelsen Nirandika Wanigasekara Malay Singh +

1.81k views • 103 slides
Using math games to create fun, spark interest and build number sense Chad Madsen Astoria

Using math games to create fun, spark interest and build number sense Chad Madsen Astoria

Using math games to create fun, spark interest and build number sense Chad Madsen Astoria High School Astoria, OR Chad Madsen cmadsen@astoriak12.org Educator and Coach (17th year) * Algebra 1, Algebra Support, Pre-Algebra Co-host of the

701 views • 20 slides
GEOMETRICAL STABILITY OF CFRP LAMINATE CONSIDERING PLY ANGLE MISALIGNMENT Y. Arao 1* , J. Koyanagi

GEOMETRICAL STABILITY OF CFRP LAMINATE CONSIDERING PLY ANGLE MISALIGNMENT Y. Arao 1* , J. Koyanagi

18 TH INTERNATIONAL CONFERENCE ON COMPOSITE MATERIALS GEOMETRICAL STABILITY OF CFRP LAMINATE CONSIDERING PLY ANGLE MISALIGNMENT Y. Arao 1* , J. Koyanagi 2, S. Takeda 2 , S. Utsunomiya 2 , H. Kawada 1 1 Department of Mechanical and Systems

91 views • 5 slides
Chapter 10 : Informatics Practices Class XI ( As per Python CBSE Board) Modules New

Chapter 10 : Informatics Practices Class XI ( As per Python CBSE Board) Modules New

Chapter 10 : Informatics Practices Class XI ( As per Python CBSE Board) Modules New Syllabus 2019-20 Visit : python.mykvs.in for regular updates Python Module A module is a logical organization of Python code. Related code are grouped

377 views • 9 slides
Mobile Phone and Internet Access Among Low Income and Homeless Populations Jordan Rivera JWCH

Mobile Phone and Internet Access Among Low Income and Homeless Populations Jordan Rivera JWCH

Mobile Phone and Internet Access Among Low Income and Homeless Populations Jordan Rivera JWCH Institute, Center For Community Health Clinic Los Angeles CA Introduction Expansion of the Internet Meaningful Use: Portal System It is

477 views • 10 slides
(Aster)-picking through the pieces of short URL services An investigation into the maliciousness

(Aster)-picking through the pieces of short URL services An investigation into the maliciousness

(Aster)-picking through the pieces of short URL services An investigation into the maliciousness of short URLs Robert Diepeveen & Peter Boers 2016 Motivation Obfuscation Brute force Uniform sample Contributions:

640 views • 22 slides

More recommend