trustotp transforming smartphones into secure one time
play

TrustOTP: Transforming Smartphones into Secure One-Time Password - PowerPoint PPT Presentation

Sep 03, 2023 •367 likes •638 views

TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens He Sun, Kun Sun, Yuewu Wang, and Jiwu Jing Presented by Fengwei Zhang Wayne State University CSC 6991 Topics in Computer Security 1 Outline IntroducLon MoLvaLon

  1. TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens He Sun, Kun Sun, Yuewu Wang, and Jiwu Jing Presented by Fengwei Zhang Wayne State University CSC 6991 Topics in Computer Security 1

  2. Outline • IntroducLon • MoLvaLon • Architecture • ImplementaLon • EvaluaLon • Summary Wayne State University CSC 6991 Topics in Computer Security 2

  3. Outline • IntroducLon • MoLvaLon • Architecture • ImplementaLon • EvaluaLon • Summary Wayne State University CSC 6991 Topics in Computer Security 3

  4. One-Lme Password (OTP) • A password that is valid for only one login session or transacLon – Not vulnerable to reply aUacks – Widely used in Two-factor AuthenLcaLon – HOTP (Hash-based OTP) • Event triggered, key & counter – TOTP (Time-based OTP) • Time synchronized, key & clock – Hardware token & soXware App Wayne State University CSC 6991 Topics in Computer Security 4

  5. ExisLng SoluLons • Hardware-based – RSA SecurID – Yubikey • SoXware-based – Google authenLcator – McAfee one-Lme password Wayne State University CSC 6991 Topics in Computer Security 5

  6. Outline • IntroducLon • MoLvaLon • Architecture • ImplementaLon • EvaluaLon • Summary Wayne State University CSC 6991 Topics in Computer Security 6

  7. LimitaLon • Hardware-based --- not flexible – Unprogrammable – Expensive • SoXware-based --- not secure – Vulnerable to external aUacks Wayne State University CSC 6991 Topics in Computer Security 7

  8. Goals • ConfidenLality – Malicious mobile OS cannot compromise the keying material (seed) in the OTP generator – It cannot read the OTP • Reliability and Availability – Trusted inputs (e.g., clock Lme) for the OTP genreator – Trusted display – OTP works even If mobile OS crashes • Small TCB Wayne State University CSC 6991 Topics in Computer Security 8

  9. TrustZone-related Work • TrustICE (Sun et al.[1]) – Isolated CompuLng Environment in the normal domain • SeCReT (Jang et al.[2]) – Secure channel between secure domain and normal applicaLon • Hypervision (Azab et al.[3]) – Real-Lme kernel protecLon in the normal domain • TrustDump (Sun et al.[4]) – Reliable Memory AcquisiLon of the mobile OS • Smartphone as locaLon verificaLon token for payments (Marforio et al.[5]) • Trusted Language RunLme for trusted applicaLons in the secure domain (Santos et al.[6]) Wayne State University CSC 6991 Topics in Computer Security 9

  10. Outline • IntroducLon • MoLvaLon • Architecture • ImplementaLon • EvaluaLon • Summary Wayne State University CSC 6991 Topics in Computer Security 10

  11. TrustOTP Architecture – In the secure domain – Shared I/O device with the rich OS – Reliable switch between domains Normal Domain Secure Domain Rich OS TrustOTP Secure Clock Secure TOTP Non-secure OTP Permanent Permanent Generator Storage HOTP Secure Counters Storage Non-secure Framebuffer Reliable Switch Secure Framebuffer Secure Secure Touchscreen Display Framebuffer Touchscreen Driver Controller Driver Driver User Input of the Rich OS Display with User Input of Touchscreen TrustOTP Wayne State University CSC 6991 Topics in Computer Security 11

  12. Challenges • Secure input and display though shared touchscreen • Reliable switch • Generator protecLon – StaLc code – ExecuLon environment • Availability Wayne State University CSC 6991 Topics in Computer Security 12

  13. Outline • IntroducLon • MoLvaLon • Architecture • ImplementaLon • EvaluaLon • Summary Wayne State University CSC 6991 Topics in Computer Security 13

  14. Security Analysis • InformaLon leakage – Generated OTPs – Shared keys • Control flow tampering – Code integrity – ExecuLon integrity (e.g., Interrupt) • Denial-of-service – Switch between domains – StaLc & dynamic code – Display Wayne State University CSC 6991 Topics in Computer Security 14

  15. Boot Sequence Secure storage • – MicroSD card Memory IsolaLon • – TZASC (TrustZone Address Space Controller) – Watermark mechanism Normal Domain Secure Domain – Secure boot Secure bootloader • USB Flash MicroSD Drive card – Non-secure bootloader Kernel Filesystem – Rich OS Non-secure Secure TrustOTP Bootloader Bootloader 4 2 1 Non-secure 3 Memory Kernel Secure Memory Secure Non-secure TrustOTP Bootloader Bootloader Wayne State University CSC 6991 Topics in Computer Security 15

  16. TrustOTP Triggering • Reliable switch – Non-maskable interrupt (NMI) • The rich OS cannot block or intercept – Secure Interrupt (FIQ) • The rich OS cannot manipulate – Interrupt source (configurable) • Physical buUon • Timer Wayne State University CSC 6991 Topics in Computer Security 16

  17. OTP GeneraLon • Hash-based one-Lme password (HOTP) – Key, counter • Time-based one-Lme password (TOTP) – Key, Clock Wayne State University CSC 6991 Topics in Computer Security 17

  18. OTP Display • Secure I/O – Display: IPU (Image Processing Unit) + LCD – Input: 4-wire resisLve touchscreen • User-friendly manner – Rich OS and TrustOTP run concurrently – Watchdog Lmer – 1.5 seconds / cycle • 0.5 second for display • 1 second for input 2~3 numbers Wayne State University CSC 6991 Topics in Computer Security 18

  19. Outline • IntroducLon • MoLvaLon • Architecture • ImplementaLon • EvaluaLon • Summary Wayne State University CSC 6991 Topics in Computer Security 19

  20. EvaluaLon • Freescale i.MX53 QSB – A Cortex-A8 1GHz processor – 1GB DD3 RAM – 4GB microSD card • Monsoon power monitor – Power measurement – Power logging Wayne State University CSC 6991 Topics in Computer Security 20

  21. TrustOTP Performance • Before OTP display (60.48 ms) • AXer OTP display (7.52 ms) Wayne State University CSC 6991 Topics in Computer Security 21

  22. Impact on the Rich OS • Rich OS vs. TrustOTP • Anutu – CPU & RAM – I/O devices • Vellamo Wayne State University CSC 6991 Topics in Computer Security 22

  23. Power ConsumpLon • Rich OS – Average = 2,128 mW • TrustOTP running – Average =2,230 mW • TrustOTP without display Wayne State University CSC 6991 Topics in Computer Security 23

  24. Outline • IntroducLon • MoLvaLon • Architecture • ImplementaLon • EvaluaLon • Summary Wayne State University CSC 6991 Topics in Computer Security 24

  25. Summary • TrustOTP: Hardware-assisted OTP Token on smartphones – Security (confidenLality, integrity, availability) – Flexibility (various and mulLple OTPs) • Low performance overhead on the Rich OS – No need to modify the Rich OS – Low power consumpLon Wayne State University CSC 6991 Topics in Computer Security 25

  26. References 1. H. Sun, K. Sun, Y. Wang, J. Jing, and H. Wang, “TrustICE: Hardware-assisted Isolated CompuLng Environments on Mobile Devices,” in Proceedings of the 45 th Annual IEEE/IFIP InternaLonal Conference on Dependable Systems and Networks (DSN’15), June 22-25, 2015. 2. J. Jang, S. Kong, M. Kim, D. Kim, and B. B. Kang, “Secret: Secure channel between rich execuLon environment and trusted execuLon environment,” in 21 st Annual Network and Distributed System Security Symposium, NDSS 2015, February 8-11, 2015. 3. A. M. Azab, P. Ning, J. Shah, Q. Chen, R. Bhutkar, G. Ganesh, J. Ma, and W. Shen, “Hypervision across worlds: Real-Lme kernel protecLon from the ARM trustzone secure world,” in Proceedings of the 2014 ACM SIGSAC Conference on Computer and CommunicaLons Security, November 3-7, 2014. 4. H. Sun, K. Sun, Y. Wang, J. Jing, and S. Jajodia, “Trustdump: Reliable memory acquisiLon on smartphones,” in Proceedings of 19 th European Symposium on Research in Computer Security (ESORICS’14), September 7-11, 2014. 5. C. Marforio, N. Karapanos, C. Soriente, K. KosLainen, and S. Capkun, “Smartphones as pracLcal and secure locaLon verificaLon tokens for payments,” in 21 st Annual Network and Distributed System Security Symposium, NDSS 2014, February 23-26, 2014. 6. N. Santos, H. Raj, S. Saroiu, and A. Wolman, “Using ARM trustzone to build a trusted language runLme for mobile applicaLons,” in Architectural Support for Programming Languages and OperaLng Systems, ASPLOS ’14, March 1-5, 2014 Wayne State University CSC 6991 Topics in Computer Security 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

TrustOTP: Transforming Smartphones into Secure One-Time Password

TrustOTP: Transforming Smartphones into Secure One-Time Password

TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens He Sun, Kun Sun, Yuewu Wang, and Jiwu Jing Presented by Fengwei

474 views • 26 slides
Secure Communications Center (SCC) Secure Messaging and Location Tracking Smartphones

Secure Communications Center (SCC) Secure Messaging and Location Tracking Smartphones

Secure Communications Center (SCC) Secure Messaging and Location Tracking Smartphones Information Technology Security Location User Messaging Tracking Network * CEO A. Baar Akbay CFO PDM M. Melih H. Hakan Deirmenci Kahraman

371 views • 36 slides
A Field Study of Run-Time Location Access Disclosures on Android Smartphones Huiqing Fu Yulong

A Field Study of Run-Time Location Access Disclosures on Android Smartphones Huiqing Fu Yulong

A Field Study of Run-Time Location Access Disclosures on Android Smartphones Huiqing Fu Yulong Yang, Nileema Shingte, Janne Linqdvist, Marco Gruteser WINLAB Why Run-Time Location Access Disclosures on Smartphones? 2 Large amount of users

540 views • 18 slides
Agora Verkehrswende : Transforming Transportation to secure tomorrows mobility. 12 Insights

Agora Verkehrswende : Transforming Transportation to secure tomorrows mobility. 12 Insights

Agora Verkehrswende : Transforming Transportation to secure tomorrows mobility. 12 Insights into the Verkehrswende Christian Hochfeld Executive Director, Agora Verkehrswende Draft Presentation, Canada November, 2017 Agora Verkehrswende

882 views • 53 slides
EasyTracker Automatic Transit Tracking, Mapping, and Arrival Time Prediction Using Smartphones

EasyTracker Automatic Transit Tracking, Mapping, and Arrival Time Prediction Using Smartphones

EasyTracker Automatic Transit Tracking, Mapping, and Arrival Time Prediction Using Smartphones James Biagioni, Tomas Gerlich, Timothy Merrifield and Jakob Eriksson We love bus trackers! slide 2 Winter in Chicago slide 3 Our shuttle web

4.98k views • 94 slides
Privacy on Smartphones Presentation by Claude Barthels Roadmap TaintDroid: An

Privacy on Smartphones Presentation by Claude Barthels Roadmap TaintDroid: An

Privacy on Smartphones Presentation by Claude Barthels Roadmap TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones MockDroid: Trading Privacy for Application Functionality on Smartphones

429 views • 38 slides
VOTD: Time of Check, Time of Use Engineering Secure Software Last Revised: September 1, 2020

VOTD: Time of Check, Time of Use Engineering Secure Software Last Revised: September 1, 2020

VOTD: Time of Check, Time of Use Engineering Secure Software Last Revised: September 1, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 What is Time of Check, Time of Use? Analogy: Jill asks Dan to have tea ready for her when

383 views • 7 slides
TRANSFORMING MOMENTS Gcina Mhlope TITLE Transforming means change from one state to another.

TRANSFORMING MOMENTS Gcina Mhlope TITLE Transforming means change from one state to another.

TRANSFORMING MOMENTS Gcina Mhlope TITLE Transforming means change from one state to another. The story is about the narrator who changes from someone who has a low self-esteem to a confident female praise poet within a short space of time

427 views • 13 slides
TRANSFORMING WEB SERVICES CHOREOGRAPHIES WITH PRIORITIES AND TIME CONSTRAINTS INTO

TRANSFORMING WEB SERVICES CHOREOGRAPHIES WITH PRIORITIES AND TIME CONSTRAINTS INTO

TRANSFORMING WS-CDL WITH PRIORITIES AND TIME CONSTRAINTS INTO PRIORITIZED-TIME PETRI NETS TRANSFORMING WEB SERVICES CHOREOGRAPHIES WITH PRIORITIES AND TIME CONSTRAINTS INTO PRIORITIZED-TIME PETRI NETS V. Valero M.E. Cambronero G. Daz J.J.

837 views • 40 slides
Looking to the Future: Use of Smartphones & Beyond Mick Foy 15 th September 2014 Vigilance

Looking to the Future: Use of Smartphones & Beyond Mick Foy 15 th September 2014 Vigilance

Looking to the Future: Use of Smartphones & Beyond Mick Foy 15 th September 2014 Vigilance and Risk Management of Medicines Agenda Use of smartphones & social media What does this mean for pharmacovigilance Introducing WEB-RADR

498 views • 20 slides
Establishing Time for Professional Learning Transforming

Establishing Time for Professional Learning Transforming

4/24/14 Establishing Time for Professional Learning Transforming Professional Learning Webinar Series April 24, 2014 Our Norms Engage fully, sharing

693 views • 19 slides
27 th Annual Conference Transforming and Improving Cost and Time Estimating for the Next

27 th Annual Conference Transforming and Improving Cost and Time Estimating for the Next

27 th Annual Conference Transforming and Improving Cost and Time Estimating for the Next Decade Tuesday 20 th September Royal Institution of Naval Architects London Welcome Special welcome to new members Entitled to free

1.02k views • 15 slides
on Smartphones & Tablets with Trusted Computing Stefan Saroiu Microsoft Research (Redmond)

on Smartphones & Tablets with Trusted Computing Stefan Saroiu Microsoft Research (Redmond)

Protecting Data on Smartphones & Tablets with Trusted Computing Stefan Saroiu Microsoft Research (Redmond) Smartphones have displaced PCs as the primary computing device Smartphones Store Sensitive Data Sensor Readings Have Value

1.34k views • 83 slides
1 2 3 4 5 6 Transforming Lives Two Generations At A Time Our Mission To transform families

1 2 3 4 5 6 Transforming Lives Two Generations At A Time Our Mission To transform families

1 2 3 4 5 6 Transforming Lives Two Generations At A Time Our Mission To transform families from poverty to prosperity. Our Strategy To mobilize a broad-based coalition of community members who embrace the mission. The Need Today

472 views • 28 slides
How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research & Boston University y Michael Schapira

701 views • 54 slides
Transforming Our Workplace: Its Time OBJECTIVES Describe harassment and gender-based

Transforming Our Workplace: Its Time OBJECTIVES Describe harassment and gender-based

Transforming Our Workplace: Its Time OBJECTIVES Describe harassment and gender-based career disparities in healthcare Highlight the case for equity and safety Discuss individual & institutional solutions Introduce

598 views • 15 slides
Unbreakable Cryptosystems ??? Almost all of the practical cryptosystems are theoretically

Unbreakable Cryptosystems ??? Almost all of the practical cryptosystems are theoretically

Unbreakable Cryptosystems ??? Almost all of the practical cryptosystems are theoretically breakable given the time are theoretically breakable given the time Security Notions and computational resources. However,

307 views • 10 slides
Frequency Examination ABCDEFGHIJKLMNOPQRSTUVWXYZ 1 31004011301001300112000000 2

Frequency Examination ABCDEFGHIJKLMNOPQRSTUVWXYZ 1 31004011301001300112000000 2

Frequency Examination ABCDEFGHIJKLMNOPQRSTUVWXYZ 1 31004011301001300112000000 2 10022210013010000010404000 3 12000000201140004013021000 4 21102201000010431000000211 5 10500021200000500030020000 6 01110022311012100000030101 Letter

621 views • 36 slides
Great Theoretical Ideas in Computer Science Lecture 27: Cryptography What is cryptography about?

Great Theoretical Ideas in Computer Science Lecture 27: Cryptography What is cryptography about?

15-251 Great Theoretical Ideas in Computer Science Lecture 27: Cryptography What is cryptography about? Adversary Eavesdropper I will cut his throat I will cut his throat What is cryptography about? loru23n8uladjkfb!#@

1.41k views • 65 slides
R e l a t i o n a l R e a s o n i n g f o r M a r k o v C h a i n

R e l a t i o n a l R e a s o n i n g f o r M a r k o v C h a i n

R e l a t i o n a l R e a s o n i n g f o r M a r k o v C h a i n s i n a P r o b a b i l i s t i c G u a r d e d L a mb d a C a l c u l u s Alejandro Aguirre, Gilles Barthe, Lars

1.29k views • 59 slides
OTP Kerberos Kerberos Working Group IETF, Montreal July 2006 WORKING DRAFT: 30 June 2006

OTP Kerberos Kerberos Working Group IETF, Montreal July 2006 WORKING DRAFT: 30 June 2006

OTP Kerberos Kerberos Working Group IETF, Montreal July 2006 WORKING DRAFT: 30 June 2006 Background Proposal is to define extensions to Kerberos V5 (rfc4120) to support pre-authentication using an OTP Three main aims: Allow an OTP

180 views • 14 slides
Enterprise desktop at home with FreeIPA and GNOME Alexander Bokovoy ( abokovoy@redhat.com )

Enterprise desktop at home with FreeIPA and GNOME Alexander Bokovoy ( abokovoy@redhat.com )

January 30th, 2016 FOSDEM16 Enterprise desktop at home with FreeIPA and GNOME Alexander Bokovoy ( abokovoy@redhat.com ) Enterprise desktop at home with FreeIPA and GNOME 2 Enterprise? Enterprise desktop at home with FreeIPA and GNOME 3 *

978 views • 71 slides
YURY CHEMERKIN I have 10+ years of experience in information security. Im a multi-skilled

YURY CHEMERKIN I have 10+ years of experience in information security. Im a multi-skilled

S TILL S ECURE . W E E MPOWER W HAT W E H ARDEN B ECAUSE W E C AN C ONCEAL YURY CHEMERKIN MULTI-SKILLED SECURITY EXPERT CJSC ADVANCED MONITORING YURY CHEMERKIN I have 10+ years of experience in information security. Im a multi-skilled

1.43k views • 76 slides
Federal Advocacy and Policy Updates: What's New for HCBS and Self-Direction Alison Barkoff Dan

Federal Advocacy and Policy Updates: What's New for HCBS and Self-Direction Alison Barkoff Dan

Federal Advocacy and Policy Updates: What's New for HCBS and Self-Direction Alison Barkoff Dan Berland Director of Advocacy Director of Federal Policy Center for Public Representation NASDDDS abarkoff@cpr-us.org dberland@nasddds.org

817 views • 59 slides

More recommend