using trusted execution environments in two factor
play

Using Trusted Execution Environments in Two-Factor Authentication - PowerPoint PPT Presentation

Dec 27, 2022 •143 likes •299 views

Introduction Trusted Execution and Two-Factor Authentication User Interaction Discussion Conclusions and Future Work Using Trusted Execution Environments in Two-Factor Authentication Roland van Rijswijk-Deij M.Sc. rijswijk@cs.ru.nl

  1. Introduction Trusted Execution and Two-Factor Authentication User Interaction Discussion Conclusions and Future Work Using Trusted Execution Environments in Two-Factor Authentication Roland van Rijswijk-Deij M.Sc. rijswijk@cs.ru.nl http://www.cs.ru.nl/~rijswijk/ Institute for Computing and Information Sciences – Digital Security Radboud University Nijmegen SURFnet bv Open Identity Summit 2013, Kloster Banz, Germany September 10th 2013 Roland van Rijswijk-Deij M.Sc. OID 2013 Trusted Execution and 2-factor AuthN 1 / 14

  2. Introduction Trusted Execution and Two-Factor Authentication User Interaction Discussion Conclusions and Future Work What is a Trusted Execution Environment? ◮ Isolated Execution applications execute isolated from and unhindered by others; application code and data is protected at run-time ◮ Secure Storage all persistently stored data (e.g. cryptographic keys) of an application is protected against access by other applications ◮ Remote Attestation enables remote parties to ascertain they are dealing with a particular trusted application on a particular TEE ◮ Secure Provisioning remote parties can communicate with a specific application on a specific TEE while protecting integrity and confidentiality ◮ Trusted Path protected I/O channel(s) for data input by the user and data output to the user based on definition from Vasudevan et al., LNCS 7344, pp 159-178, Springer 2012 [VOZ + ] Roland van Rijswijk-Deij M.Sc. OID 2013 Trusted Execution and 2-factor AuthN 2 / 14

  3. Introduction Trusted Execution and Two-Factor Authentication User Interaction Discussion Conclusions and Future Work Our interest in TEEs ◮ Our research group is working on a privacy-friendly attribute-based identity card ◮ One of the open problems is how to convey to the user what information is disclosed about them ◮ Smart cards don’t have a UI :-( ◮ https://www.irmacard.org/ Roland van Rijswijk-Deij M.Sc. OID 2013 Trusted Execution and 2-factor AuthN 3 / 14

  4. Introduction Trusted Execution and Two-Factor Authentication User Interaction Discussion Conclusions and Future Work Relation to Two-Factor Authentication ◮ Most two-factor authentication solutions are based on something you have and something you know ◮ In practice, something you have is often a physical token ◮ In the age of laptops and mobile phones this is often perceived as inconvenient ◮ Why not use something you already have ? ◮ Vendors have started to embrace this with a whole host of apps* ◮ But can these really be trusted? ◮ Platform manufacturers provide solutions for this, let’s look at two of them *e.g. van Rijswijk & van Dijk, tiqr: a novel take on two-factor authentication, USENIX, 2011 [vRvD11] Roland van Rijswijk-Deij M.Sc. OID 2013 Trusted Execution and 2-factor AuthN 4 / 14

  5. Introduction Trusted Execution and Two-Factor Authentication User Interaction Discussion Conclusions and Future Work Intel IPT ◮ Built-in to certain Intel chipsets (“vPro” in “Sandy Bridge”, “Ivy Bridge”, “Haswell”) ◮ RISC CPU separate from the main x86 cores ◮ Platform for trusted applications ◮ Runs applications developed by Intel partners (e.g. Vasco, Symantec, . . . ) ◮ Closed development environment subject to NDAs and licensing ◮ Current applications: built-in OTP & PKI token, “Protected Transaction Display” ◮ Not to be confused with “Trusted Execution Technology” (TXT)! ◮ Note: technical information about IPT is very hard to find! Roland van Rijswijk-Deij M.Sc. OID 2013 Trusted Execution and 2-factor AuthN 5 / 14

  6. Introduction Trusted Execution and Two-Factor Authentication User Interaction Discussion Conclusions and Future Work ARM TrustZone ◮ ARM is not a silicon manufacturer; they sell chip designs ◮ TrustZone is like a box of Lego for building TEEs ◮ Chief components: ◮ CPU with separate security worlds (normal & secure) ◮ System bus (for interaction with on-die components) ◮ Peripheral bus (for interaction with external components like a touch screen) ◮ Some pieces of the puzzle are missing (i.e. not supplied by ARM), e.g. secure storage ◮ The overall security of a TZ system depends on both the system-on-a-chip design as well as the software running on it Roland van Rijswijk-Deij M.Sc. OID 2013 Trusted Execution and 2-factor AuthN 6 / 14

  7. Introduction Trusted Execution and Two-Factor Authentication User Interaction Discussion Conclusions and Future Work User Interaction ◮ Can a user trust that: ◮ what they enter on a token is not intercepted? ◮ transaction information that is displayed has not been altered? ◮ Increasingly important if we start merging what used to be separate tokens into devices the user already has Roland van Rijswijk-Deij M.Sc. OID 2013 Trusted Execution and 2-factor AuthN 7 / 14

  8. Introduction Trusted Execution and Two-Factor Authentication User Interaction Discussion Conclusions and Future Work “Classic” Two-Factor Authentication Token User device Trusted Untrusted Physical Display #1 Display #2 Boundary CPU #1 CPU #2 User input #1 User input #2 ◮ Strict physical separation ◮ It is always clear whether the user is dealing with a trusted or an untrusted environment source: Vasco Roland van Rijswijk-Deij M.Sc. OID 2013 Trusted Execution and 2-factor AuthN 8 / 14

  9. Introduction Trusted Execution and Two-Factor Authentication User Interaction Discussion Conclusions and Future Work Intel IPT Trusted Mixed Untrusted Display ◮ There is no trusted Physical Boundary input path (!) merge ◮ Display is protected but probably only if the built-in graphics User Virtual Disp. #1 Virtual Disp. #2 capabilities of the chipset are used CPU #1 CPU #2 Driver SW User input Roland van Rijswijk-Deij M.Sc. OID 2013 Trusted Execution and 2-factor AuthN 9 / 14

  10. Introduction Trusted Execution and Two-Factor Authentication User Interaction Discussion Conclusions and Future Work ARM TrustZone Trusted Mixed Untrusted Display ◮ Figure is based on Physical Boundary “ideal” chip design * merge or * switch ◮ On a small(-ish) device the display User could exclusively Virt. Display #1 Virt. Display #2 show either trusted Virtual CPU #1 CPU Virtual CPU #2 or untrusted content User input Roland van Rijswijk-Deij M.Sc. OID 2013 Trusted Execution and 2-factor AuthN 10 / 14

  11. Introduction Trusted Execution and Two-Factor Authentication User Interaction Discussion Conclusions and Future Work Local Attestation Local user Trusted Mixed Untrusted Local attestation Untrusted Display System Network Trusted Execution Remote attestation Environment Remote entity Input devices ◮ Both systems have a similar issue: how can a user tell they’re interacting with a trusted application? ◮ All TEEs have this issue and there are many solutions ◮ This is going to be important if these kind of systems gain real traction Roland van Rijswijk-Deij M.Sc. OID 2013 Trusted Execution and 2-factor AuthN 11 / 14

  12. Introduction Trusted Execution and Two-Factor Authentication User Interaction Discussion Conclusions and Future Work Industry View on Trusted Execution ◮ Industry perception seems to be that TEEs can be used to deal with all these “untrustworthy” users ◮ TEEs are marketed as a means to enforce Digital Rights Management (DRM) ◮ Developer access to TEEs is highly restricted ◮ Consequently, open development for industry-provided TEEs is almost impossible ◮ In our opinion this is a missed opportunity! ◮ TEEs can be an asset for both the user as well as relying parties when applied to authentication ◮ They can offer convenience to the user and can save relying parties that now issue physical tokens money Roland van Rijswijk-Deij M.Sc. OID 2013 Trusted Execution and 2-factor AuthN 12 / 14

  13. Introduction Trusted Execution and Two-Factor Authentication User Interaction Discussion Conclusions and Future Work Conclusions ◮ Classic two-factor authentication solutions have favourable security properties ◮ The authentication industry is embracing “use-your-own-device” ◮ TEEs can approach this level of security but cannot match it (yet) ◮ The biggest problem is convincing the user they are dealing with a trusted environment Roland van Rijswijk-Deij M.Sc. OID 2013 Trusted Execution and 2-factor AuthN 13 / 14

  14. Introduction Trusted Execution and Two-Factor Authentication User Interaction Discussion Conclusions and Future Work Future Work Consists of: The “ π -vacy”: ◮ Raspberry Pi mini-computer ◮ TFT touch-panel riser board ◮ NFC dongle that can act as target Basically: a very fat smart card Allows us to experiment with: ◮ Trusted user interaction ◮ TEEs based on µ -kernels ◮ Local attestation Roland van Rijswijk-Deij M.Sc. OID 2013 Trusted Execution and 2-factor AuthN 14 / 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Preliminary Study of Trusted Execution Environments on Heterogeneous Edge Platforms Zhenyu Ning,

Preliminary Study of Trusted Execution Environments on Heterogeneous Edge Platforms Zhenyu Ning,

Preliminary Study of Trusted Execution Environments on Heterogeneous Edge Platforms Zhenyu Ning, Jinghui Liao, Fengwei Zhang, Weisong Shi COMPASS Lab Wayne State University October 27, 2018 1 Outline Introduction Trusted Execution

607 views • 40 slides
TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V Trusted Execution

TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V Trusted Execution

TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V Trusted Execution Environments Gui Andrade Krste Asanovi Dayeol Lee David Kohlbrenner Dawn Song University of California, Berkeley TRUSTED MEMORY? Securing data/code

703 views • 48 slides
Trusted Execution Environments Chester Rebeiro IIT Madras Some of the slides borrowed from

Trusted Execution Environments Chester Rebeiro IIT Madras Some of the slides borrowed from

Trusted Execution Environments Chester Rebeiro IIT Madras Some of the slides borrowed from Intel; CDACH; ARM 1 Previously in SSE We looked at techniques to run an untrusted code safely System Run Program Here If misbehaves Kill it

976 views • 50 slides
DELEGATEE: BROKERED DELEGATION USING TRUSTED EXECUTION ENVIRONMENTS Sinisa Matetic, Moritz

DELEGATEE: BROKERED DELEGATION USING TRUSTED EXECUTION ENVIRONMENTS Sinisa Matetic, Moritz

DELEGATEE: BROKERED DELEGATION USING TRUSTED EXECUTION ENVIRONMENTS Sinisa Matetic, Moritz Schneider, Andrew Miller, Ari Juels, Srdjan Capkun OVERVIEW 1. Introduction 2. Motivations and Problem Statement 3. DelagaTEE 4. Security Analysis 5.

946 views • 46 slides
Boomerang: Exploiting the Semantic Gap in Trusted Execution Environments Aravind Machiry , Eric

Boomerang: Exploiting the Semantic Gap in Trusted Execution Environments Aravind Machiry , Eric

Boomerang: Exploiting the Semantic Gap in Trusted Execution Environments Aravind Machiry , Eric Gustafson, Chad Spensky, Chris Salls, Nick Stephens, Ruoyu Wang, Antonio Bianchi, Yung Ryn Choe, Christopher Kruegel, and Giovanni Vigna Sandia

1.1k views • 51 slides
DELEGA TE TEE : Brokered Delegation DELE Using Trusted Execution Environments Sinisa Matetic and

DELEGA TE TEE : Brokered Delegation DELE Using Trusted Execution Environments Sinisa Matetic and

DELEGA TE TEE : Brokered Delegation DELE Using Trusted Execution Environments Sinisa Matetic and Moritz Schneider, ETH Zurich ; Andrew Miller, UIUC ; Ari Juels, Cornell Tech ; Srdjan Capkun, ETH Zurich CSC 6991 Presented by: Shikha Sikligar

596 views • 18 slides
Enhancing Security and Privacy of Tors Ecosystem by using Trusted Execution Environments

Enhancing Security and Privacy of Tors Ecosystem by using Trusted Execution Environments

Enhancing Security and Privacy of Tors Ecosystem by using Trusted Execution Environments Seongmin Kim , Juhyeng Han, Jaehyeong Ha, Taesoo Kim *, Dongsu Han * 1 Tor anonymity network Tor: the most popular anonymity network for Internet

600 views • 36 slides
Trusted Execution Environments on Mobile Devices ACM CCS 2013 tutorial Jan-Erik Ekberg, Trustonic

Trusted Execution Environments on Mobile Devices ACM CCS 2013 tutorial Jan-Erik Ekberg, Trustonic

Trusted Execution Environments on Mobile Devices ACM CCS 2013 tutorial Jan-Erik Ekberg, Trustonic Kari Kostiainen, ETH Zurich N. Asokan, University of Helsinki and Aalto University What is a TEE? Processor, memory, storage, peripherals

1.23k views • 112 slides
Enarx Protection for data in use Mike Bursell Office of the CTO https://enarx.io Nathaniel

Enarx Protection for data in use Mike Bursell Office of the CTO https://enarx.io Nathaniel

Enarx Protection for data in use Mike Bursell Office of the CTO https://enarx.io Nathaniel McCallum Sr. Principal Engineer Trusted Execution Environments Trusted Execution Environments Host TEE TEE is a protected area within the host,

1.05k views • 22 slides
Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Florian

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Florian

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Florian Tramr (joint work with Dan Boneh) Intel, Santa Clara August 30 th 2018 Trusted execution of ML: 3 motivating scenarios 1. Outsourced ML Data

781 views • 21 slides
& Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic

& Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic

Hardware Security Trusted Execution Environments (TEEs) & Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic hardware-backed security solutions smartcard for users HSM (Hardware Security Module) in

774 views • 63 slides
Unearthing the TrustedCore A Critical Review on Huaweis Trusted Execution Environment August

Unearthing the TrustedCore A Critical Review on Huaweis Trusted Execution Environment August

Unearthing the TrustedCore A Critical Review on Huaweis Trusted Execution Environment August 11, 2020 Marcel Busch , Johannes Westphal, Tilo Mller Friedrich-Alexander-University Erlangen-Nrnberg, Germany Motivation TEEs are the backbone

696 views • 35 slides
EndBox: Scalable M iddlebox Functions Using Client-Side Trusted Execution Image CC-BY-SA

EndBox: Scalable M iddlebox Functions Using Client-Side Trusted Execution Image CC-BY-SA

Institute of Operating Systems and Computer Networks EndBox: Scalable M iddlebox Functions Using Client-Side Trusted Execution Image CC-BY-SA Victorgrigas David Goltzsche, 1 Signe Rsch, 1 Manuel Nieke, 1 Sbastien Vaucher, 2 Nico Weichbrodt, 1

630 views • 46 slides
Finding 1-Day Vulnerabilities in Trusted Applications using Selective Symbolic Execution Marcel

Finding 1-Day Vulnerabilities in Trusted Applications using Selective Symbolic Execution Marcel

Finding 1-Day Vulnerabilities in Trusted Applications using Selective Symbolic Execution Marcel Busch , Kalle Dirsch 2020-02-23 Friedrich-Alexander-University Erlangen-Nrnberg, Germany BAR20 BAR20 Motivation How secure are

352 views • 16 slides
! Apps Apps RAM ! Ring 0 - 2 OS / Hypervisor OS / Hypervisor Remote Attestation Protected

! Apps Apps RAM ! Ring 0 - 2 OS / Hypervisor OS / Hypervisor Remote Attestation Protected

Keystone : An Open Framework for Architecting Trusted Execution Environments Dayeol Lee , David Kohlbrenner, Shweta Shinde, Krste Asanovic, Dawn Song Dept. of Electrical Engineering and Computer Sciences University of California, Berkeley

599 views • 30 slides
System Architectures and Techniques for Efficient, Secure, and Trusted Code Execution Mario

System Architectures and Techniques for Efficient, Secure, and Trusted Code Execution Mario

System Architectures and Techniques for Efficient, Secure, and Trusted Code Execution Mario Werner May 7, 2020 Graz University of Technology Why do we care about code? www.tugraz.at 10:20 July 18 W i r e l e s s - G A D S L G

599 views • 49 slides
12 December 2018 YOUR PARTNER IN GROUND ENGINEERING Extraordinary General Meeting 2018

12 December 2018 YOUR PARTNER IN GROUND ENGINEERING Extraordinary General Meeting 2018

CSC Holdings Limited Extraordinary General Meeting 12 December 2018 YOUR PARTNER IN GROUND ENGINEERING Extraordinary General Meeting 2018 Introduction Proposed Adoption of General Mandate for Interested Persons Transactions (IPT)

92 views • 7 slides
nanotechnology Rachel Horta Arduin Natalia Neto Pereira Cerize Claudia Echevengua Teixeira IPT

nanotechnology Rachel Horta Arduin Natalia Neto Pereira Cerize Claudia Echevengua Teixeira IPT

Brazilian scenario in sustainable nanotechnology Rachel Horta Arduin Natalia Neto Pereira Cerize Claudia Echevengua Teixeira IPT Institute for Technological Research One of Brazils largest research institutes. Eleven technology centers

407 views • 17 slides
http://socialwork.sdsu.edu/fie http://socialwork.sdsu.edu/field/student-forms Review

http://socialwork.sdsu.edu/fie http://socialwork.sdsu.edu/field/student-forms Review

2/3/2017 Overview for Planning Foundation Year Announcements Field Placement SW 650 Fall 2017 Who needs to be here! Three and Four Year Students MSW I Placement Planning Orientation Sign-In Please! (Students in 3year or 4 Year MSW

280 views • 4 slides
Netflow Malicious activities detection Cedric Foll @follc Goal Being able to detect (most of)

Netflow Malicious activities detection Cedric Foll @follc Goal Being able to detect (most of)

Netflow Malicious activities detection Cedric Foll @follc Goal Being able to detect (most of) malicious activities without having to read logs Logs are boring, reading them takes a lot of time Graphic visualisation is more effective, fast

855 views • 30 slides
Reminders 3 1 10/23/17 Registration Form Date Translated Entered in the Top 3 on A03

Reminders 3 1 10/23/17 Registration Form Date Translated Entered in the Top 3 on A03

10/23/17 Bilingual ESOL Department Quarterly ESOL Contact Meeting September 27, 2017 Agenda Reminders State/District Updates What needs to happen before October FTE? Resources 2 Reminders 3 1 10/23/17 Registration Form

476 views • 19 slides
Country Update Singapore APRICOT 2005 Dickson Loh, Consultant 23 rd Feb 2005 ENUM

Country Update Singapore APRICOT 2005 Dickson Loh, Consultant 23 rd Feb 2005 ENUM

Country Update Singapore APRICOT 2005 Dickson Loh, Consultant 23 rd Feb 2005 ENUM Proof-of-Concept Obtained ENUM delegation (5.6.e164.arpa) from ITU in 2003 Internal Trial (Proof-of-Concept) on IP Telephony using ENUM with open source

978 views • 12 slides
Efficient Management of Configura4ons in the Model-Based System

Efficient Management of Configura4ons in the Model-Based System

Efficient Management of Configura4ons in the Model-Based System Development of a Common Submarine Combat System 25 May 2011 Brandon C. Gibson MBSE Technical Lead Lockheed Martin

530 views • 24 slides
Load Balancing with nftables by Laura Garca (Zen Load Balancer Team) Netdev 1.1 Prototype of

Load Balancing with nftables by Laura Garca (Zen Load Balancer Team) Netdev 1.1 Prototype of

Load Balancing with nftables by Laura Garca (Zen Load Balancer Team) Netdev 1.1 Prototype of Load Balancing with nftables Goal: High Performance Load Balancer Load Balancing Solutions Load Balancing Solutions Linux Virtual Server

1.31k views • 40 slides

More recommend