TrustOTP: Transforming Smartphones into Secure One-Time Password - - PowerPoint PPT Presentation

trustotp transforming smartphones into secure one time
SMART_READER_LITE
LIVE PREVIEW

TrustOTP: Transforming Smartphones into Secure One-Time Password - - PowerPoint PPT Presentation

Sep 03, 2023 367 likes •640 views

TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens He Sun, Kun Sun, Yuewu Wang, and Jiwu Jing Presented by Fengwei Zhang Wayne State University CSC 6991 Topics in Computer Security 1 Outline IntroducLon MoLvaLon

slide-1
SLIDE 1

TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens

He Sun, Kun Sun, Yuewu Wang, and Jiwu Jing

Presented by Fengwei Zhang

Wayne State University CSC 6991 Topics in Computer Security 1

slide-2
SLIDE 2

Outline

  • IntroducLon
  • MoLvaLon
  • Architecture
  • ImplementaLon
  • EvaluaLon
  • Summary

Wayne State University CSC 6991 Topics in Computer Security 2

slide-3
SLIDE 3

Outline

  • IntroducLon
  • MoLvaLon
  • Architecture
  • ImplementaLon
  • EvaluaLon
  • Summary

Wayne State University CSC 6991 Topics in Computer Security 3

slide-4
SLIDE 4

One-Lme Password (OTP)

  • A password that is valid for only one login

session or transacLon

– Not vulnerable to reply aUacks – Widely used in Two-factor AuthenLcaLon – HOTP (Hash-based OTP)

  • Event triggered, key & counter

– TOTP (Time-based OTP)

  • Time synchronized, key & clock

– Hardware token & soXware App

Wayne State University CSC 6991 Topics in Computer Security 4

slide-5
SLIDE 5

ExisLng SoluLons

  • Hardware-based

– RSA SecurID – Yubikey

  • SoXware-based

– Google authenLcator – McAfee one-Lme password

Wayne State University CSC 6991 Topics in Computer Security 5

slide-6
SLIDE 6

Outline

  • IntroducLon
  • MoLvaLon
  • Architecture
  • ImplementaLon
  • EvaluaLon
  • Summary

Wayne State University CSC 6991 Topics in Computer Security 6

slide-7
SLIDE 7

LimitaLon

  • Hardware-based --- not flexible

– Unprogrammable – Expensive

  • SoXware-based --- not secure

– Vulnerable to external aUacks

Wayne State University CSC 6991 Topics in Computer Security 7

slide-8
SLIDE 8

Goals

  • ConfidenLality

– Malicious mobile OS cannot compromise the keying material (seed) in the OTP generator – It cannot read the OTP

  • Reliability and Availability

– Trusted inputs (e.g., clock Lme) for the OTP genreator – Trusted display – OTP works even If mobile OS crashes

  • Small TCB

Wayne State University CSC 6991 Topics in Computer Security 8

slide-9
SLIDE 9

TrustZone-related Work

  • TrustICE (Sun et al.[1])

– Isolated CompuLng Environment in the normal domain

  • SeCReT (Jang et al.[2])

– Secure channel between secure domain and normal applicaLon

  • Hypervision (Azab et al.[3])

– Real-Lme kernel protecLon in the normal domain

  • TrustDump (Sun et al.[4])

– Reliable Memory AcquisiLon of the mobile OS

  • Smartphone as locaLon verificaLon token for payments

(Marforio et al.[5])

  • Trusted Language RunLme for trusted applicaLons in the

secure domain (Santos et al.[6])

Wayne State University CSC 6991 Topics in Computer Security 9

slide-10
SLIDE 10

Outline

  • IntroducLon
  • MoLvaLon
  • Architecture
  • ImplementaLon
  • EvaluaLon
  • Summary

Wayne State University CSC 6991 Topics in Computer Security 10

slide-11
SLIDE 11

TrustOTP Architecture

– In the secure domain – Shared I/O device with the rich OS – Reliable switch between domains

Framebuffer Driver Display with Touchscreen Non-secure Permanent Storage Secure Permanent Storage

Rich OS TrustOTP

Normal Domain Secure Domain TOTP HOTP OTP Generator Secure Clock Secure Counters Non-secure Framebuffer Secure Framebuffer Secure Touchscreen Driver

Reliable Switch

Secure Display Controller Touchscreen Driver User Input of TrustOTP User Input of the Rich OS

Wayne State University CSC 6991 Topics in Computer Security 11

slide-12
SLIDE 12

Challenges

  • Secure input and display though shared

touchscreen

  • Reliable switch
  • Generator protecLon

– StaLc code – ExecuLon environment

  • Availability

Wayne State University CSC 6991 Topics in Computer Security 12

slide-13
SLIDE 13

Outline

  • IntroducLon
  • MoLvaLon
  • Architecture
  • ImplementaLon
  • EvaluaLon
  • Summary

Wayne State University CSC 6991 Topics in Computer Security 13

slide-14
SLIDE 14

Security Analysis

  • InformaLon leakage

– Generated OTPs – Shared keys

  • Control flow tampering

– Code integrity – ExecuLon integrity (e.g., Interrupt)

  • Denial-of-service

– Switch between domains – StaLc & dynamic code – Display

Wayne State University CSC 6991 Topics in Computer Security 14

slide-15
SLIDE 15

Boot Sequence

  • Secure storage

– MicroSD card

  • Memory IsolaLon

– TZASC (TrustZone Address Space Controller) – Watermark mechanism – Secure boot

  • Secure bootloader

– Non-secure bootloader – Rich OS

USB Flash Drive MicroSD card Non-secure Memory Secure Memory Secure Bootloader TrustOTP Kernel Non-secure Bootloader TrustOTP Secure Bootloader Kernel Non-secure Bootloader Filesystem Normal Domain Secure Domain 2 1 4 3

Wayne State University CSC 6991 Topics in Computer Security 15

slide-16
SLIDE 16

TrustOTP Triggering

  • Reliable switch

– Non-maskable interrupt (NMI)

  • The rich OS cannot block or intercept

– Secure Interrupt (FIQ)

  • The rich OS cannot manipulate

– Interrupt source (configurable)

  • Physical buUon
  • Timer

Wayne State University CSC 6991 Topics in Computer Security 16

slide-17
SLIDE 17

OTP GeneraLon

  • Hash-based one-Lme password (HOTP)

– Key, counter

  • Time-based one-Lme password (TOTP)

– Key, Clock

Wayne State University CSC 6991 Topics in Computer Security 17

slide-18
SLIDE 18

OTP Display

  • Secure I/O

– Display: IPU (Image Processing Unit) + LCD – Input: 4-wire resisLve touchscreen

  • User-friendly manner

– Rich OS and TrustOTP run concurrently – Watchdog Lmer – 1.5 seconds / cycle

  • 0.5 second for display
  • 1 second for input 2~3 numbers

Wayne State University CSC 6991 Topics in Computer Security 18

slide-19
SLIDE 19

Outline

  • IntroducLon
  • MoLvaLon
  • Architecture
  • ImplementaLon
  • EvaluaLon
  • Summary

Wayne State University CSC 6991 Topics in Computer Security 19

slide-20
SLIDE 20

EvaluaLon

  • Freescale i.MX53 QSB

– A Cortex-A8 1GHz processor – 1GB DD3 RAM – 4GB microSD card

  • Monsoon power monitor

– Power measurement – Power logging

Wayne State University CSC 6991 Topics in Computer Security 20

slide-21
SLIDE 21

TrustOTP Performance

  • Before OTP display (60.48 ms)
  • AXer OTP display (7.52 ms)

Wayne State University CSC 6991 Topics in Computer Security 21

slide-22
SLIDE 22

Impact on the Rich OS

  • Rich OS vs. TrustOTP
  • Anutu

– CPU & RAM – I/O devices

  • Vellamo

Wayne State University CSC 6991 Topics in Computer Security 22

slide-23
SLIDE 23

Power ConsumpLon

  • Rich OS

– Average = 2,128 mW

  • TrustOTP running

– Average =2,230 mW

  • TrustOTP without

display

Wayne State University CSC 6991 Topics in Computer Security 23

slide-24
SLIDE 24

Outline

  • IntroducLon
  • MoLvaLon
  • Architecture
  • ImplementaLon
  • EvaluaLon
  • Summary

Wayne State University CSC 6991 Topics in Computer Security 24

slide-25
SLIDE 25

Summary

  • TrustOTP: Hardware-assisted OTP Token on

smartphones

– Security (confidenLality, integrity, availability) – Flexibility (various and mulLple OTPs)

  • Low performance overhead on the Rich OS

– No need to modify the Rich OS – Low power consumpLon

Wayne State University CSC 6991 Topics in Computer Security 25

slide-26
SLIDE 26

References

1.

  • H. Sun, K. Sun, Y. Wang, J. Jing, and H. Wang, “TrustICE: Hardware-assisted Isolated CompuLng

Environments on Mobile Devices,” in Proceedings of the 45th Annual IEEE/IFIP InternaLonal Conference on Dependable Systems and Networks (DSN’15), June 22-25, 2015. 2.

  • J. Jang, S. Kong, M. Kim, D. Kim, and B. B. Kang, “Secret: Secure channel between rich execuLon

environment and trusted execuLon environment,” in 21st Annual Network and Distributed System Security Symposium, NDSS 2015, February 8-11, 2015. 3.

  • A. M. Azab, P. Ning, J. Shah, Q. Chen, R. Bhutkar, G. Ganesh, J. Ma, and W. Shen, “Hypervision

across worlds: Real-Lme kernel protecLon from the ARM trustzone secure world,” in Proceedings

  • f the 2014 ACM SIGSAC Conference on Computer and CommunicaLons Security, November 3-7,

2014. 4.

  • H. Sun, K. Sun, Y. Wang, J. Jing, and S. Jajodia, “Trustdump: Reliable memory acquisiLon on

smartphones,” in Proceedings of 19th European Symposium on Research in Computer Security (ESORICS’14), September 7-11, 2014. 5.

  • C. Marforio, N. Karapanos, C. Soriente, K. KosLainen, and S. Capkun, “Smartphones as pracLcal and

secure locaLon verificaLon tokens for payments,” in 21st Annual Network and Distributed System Security Symposium, NDSS 2014, February 23-26, 2014. 6.

  • N. Santos, H. Raj, S. Saroiu, and A. Wolman, “Using ARM trustzone to build a trusted language

runLme for mobile applicaLons,” in Architectural Support for Programming Languages and OperaLng Systems, ASPLOS ’14, March 1-5, 2014

Wayne State University CSC 6991 Topics in Computer Security 26