The Role of Trustworthy Computing to Build Future Secure Internet Architectures
|
|
- Gwendoline Gardner
- 5 years ago
- Views:
Transcription
1 The Role of Trustworthy Computing to Build Future Secure Internet Architectures Adrian Perrig Network Security Group ETH Zürich
2 Overview Trusted Compu-ng Overview Cuckoo a7ack Secure rou-ng and BGP with trusted compu-ng TrueNet: Secure fault localiza-on SCION: Isola-on- based Future Internet Architecture proposal 2
3 Central Message Trusted compu-ng mechanisms enable fundamentally new proper-es On host: protect code & data even from admin In distributed applica-ons: simple data verifica-on based on code that produced it Trusted compu-ng mechanisms provide new primi-ves to build secure system However: Proper-es only hold locally
4 Isolated Execution Environment (IEE) Execu-on environment that is defined by code S execu-ng on a specific plaporm Code is iden-fied based on cryptographic hash H(S) PlaPorm is iden-fied based on TPM creden-als App OS App IEE execu-on protected from any other code S DMA Devices (Network, Disk, USB, etc.) CPU, RAM TPM, Chipset
5 Basic Trusted Computing Primitives Create isolated execu-on environment (IEE) Create data that can only be accessed within isolated environment Remote verifica-on of IEE Establish secure channel into IEE Externally verify that output O was generated by S on input I running within IEE
6 Basic Trusted Computing Primitives How to create IEE? How to remotely verify IEE? How to establish a secure channel into IEE? How to externally verify that output O is from S s computa-on on input I within IEE?
7 TPM Background The Trusted PlaPorm Module (TPM) is a dedicated security chip Contains a public/private keypair {K Pub, K Priv } Contains a cer-ficate indica-ng that K Pub belongs to a legi-mate TPM Not tamper- resistant
8 How to Create IEE? AMD / Intel late launch extensions Secure Loader Block (SLB) to execute in IEE SKINIT / SENTER execute atomically Sets CPU state similar to INIT (so` reset) Enables DMA protec-on for en-re 64 KB SLB Sends [length bytes of] SLB contents to TPM Begins execu-ng at SLB s entry point SLB SKINIT SENTER
9 How to Remotely Verify IEE? V S Nonce N Nonce N S N S N S N Means H(S) and N are signed by plaporm key
10 Secure Channel to IEE V S Nonce N S N, K Nonce N S N, K Gen {K, K - 1 } Encrypt K (secret) Encrypt K (secret)
11 O=S(I) within IEE? V S Nonce N, Input I S N, I, O Nonce N, Input I S N, I, O O=S(I)
12 The Cuckoo Attack Bryan Parno, The Cuckoo A7ack, HotSec Problem: how can we ensure that a7esta-on originates from correct host?
13 Bootstrapping Trust with a TPM Module 1 Module 2 conf BIOS Boot Loader OS Kernel BIOS App 1 App 2 Apps TPM PCRs K Priv Hardware So`ware 13
14 Bootstrapping Trust with a TPM Nonce Trustworthy! K Pub Module 1 Module 2 conf Guarantees Guarantees freshness key App 1 originated from a real TPM BIOS Boot Loader OS Kernel Apps App 2 TPM a7ests TPM to the so`ware PCRs K Priv Sign (, K ) Priv Nonce
15 The Cuckoo Attack Trustworthy! Nonce Guarantees freshness TPM a7ests to the so`ware Nonce Guarantees key originated from a 15 real TPM Sign (, K ) Priv Nonce K Pub
16 What went wrong? An a7esta-on says that a TPM vouches for a so`ware state, but not which TPM Sign (, K ) Priv Nonce Sign (, K ) Priv Nonce K Pub K Pub
17 Assumptions Assump-ons for building secure systems Verifier has correct public keys No hardware a7acks Isolated code has no vulnerabili-es Observa-ons So far, trusted compu-ng does not prevent local physical a7acks However, prevents remote a7acks which are most frequent a7acks
18 Application: Secure Routing Challenge: Malicious routers distribute bogus rou-ng informa-on Observa-ons If receiving router R knows route update U was created by code S, then U must be correct If S also contains verifica-on code that checks previous routers update, then en-re rou-ng path must be correct
19 Sample BGP Update Message R4 R9: C1, {AS1} R7 R11: C1, {AS1, AS2} R8 R15: C1, {AS1, AS2} R12 R16: C1, {AS1, AS2, AS3} R16 R1 R2 R6 R7 R11 R12 R3 R9 R13 R8 R5 R4 R10 R15 R14 C1 C2 C3 19
20 Secure BGP Update Message C1 AS1: {C1, AS1} KC1-1 R4 R9: {C1, AS1} KC1-1, [AS1], {AS1, AS2} KAS1-1 R7 R11: {C1, AS1} KC1-1, [AS1, AS2], {AS1, AS2} KAS1-1, {AS2, AS3} KAS2-1 R1 R2 R6 R7 R11 R12 R3 R9 R13 R8 R5 R4 R10 R15 R14 C1 C2 C3 20
21 Observations on Secure BGP Cryptographic mechanisms ensure append- only property of AS path Each BGP Update message that contains X ASes, also contains X+1 signatures and X+1 cer-ficates Different rou-ng protocols need different security mechanisms For each rou-ng protocol, o`en several secure versions exist Challenging to design secure rou-ng protocols
22 Trusted Computing Approach: Secure BGP Routers implement code S: Set up secure channels with peering routers, ensure that peering routers execute valid S Verify that received route update was generated by valid S (check O=S(I)) Append own AS# to incoming route updates and send new route updates to peering routers Observa-ons Single MAC verifica-on ensures correctness of en-re path! General mechanism to secure rou-ng protocol
23 What is Fault Localization? Problem defini-on Iden-fy faulty links during packet forwarding A7acker Model Drop, modify, misroute, or inject packets at data plane Challenges Selec-ve a7ack: break ping, traceroute, etc High overhead Slander & framing Only drop node 5 s ACKs Got it Got it Got it Got it Got it Source Dest 23
24 What is Fault Localization? Challenges (cont d) A7acks against sampling Forgery a7ack: break NePlow, Bloom Filter, etc Natural packet loss 100 pkts Source is not sampled, drop it! Got 100 Got 100 Got 100 Got 100 Got Only modify packets Dest 24
25 Why is Fault Localization Important? The current Internet Best effort, purely end- to- end Fault localiza-on enables: Data- plane accountability Intelligent path selec-on Linear path explora-on cost Worst case: 3 vs 2 3 trials Worst case: 2 3 Source Des-na-on 25
26 Design Goals Security Against drop, modify, inject, and replay packets Against mul-ple colluding nodes Efficiency Low detec-on delay Low storage, communica-on and computa-on overhead Provable bounds Upper bound of damage without being detected Lower bound of forwarding correctness if no fault detected 26
27 Previous Fault Localization Approaches Theore-cally proven high overhead per- source key storage (some-mes per- path state)! Cannot globally share Fault Localiza-on results Delayed failure recovery, inconsistent rou-ng tables Node 5 is malicious! Mallory Fundamental reason: Lack of trust rela-onship Alice Bob 27
28 How Trusted Computing can Help Bootstrapping trust of code among nodes Remote a7esta-on and isola-on code integrity Sealed storage data secrecy I expect Bob to be: So store: H( ) signed H( ) Alice R u Bob? Bob Data sealed by P; accessible only when H(P) is correct 28
29 Opportunities and Challenges Transi-vity of verifica-on A chain of 1- hop verifica-ons provide end- to- end verifica-on per- neighbor state & key storage source A7est to the en-re network stack? command- line input and configura-on! large Trusted Compu-ng Base (TCB)! Code isn t modified Code is bug- free Large TCB == low security dest 29
30 TrueNet Goals Minimize the TCB small piece of code can be more trusted efficient a7esta-on without compromising performance Approach Do not a7est to of network stack A7est to behavior of network stack 1- hop monitoring module (MM): monitor behavior, in TCB 30
31 TrueNet Overview Setup secure channel between MMs neighboring MMs share secret keys (per- neighbor only!) Secret keys sealed to the MMs MM Opera-ons and fault localiza-on Packets go through each MM m N SA [m, N SA ]K SA m N AB SA [m, N AB SA ]K AB SA Router S Router A Auth ACK Sam Alice 1- hop Router B Bob Network Stack Network Stack Network Stack 31
32 TrueNet Overview Trustworthy compu-ng to protect packet processing packets go through and leave footprints in each Monitoring Module (MM) comparing footprints between neighboring MMs enables fault localiza-on Router S Router A Router B Router C MM S MM A MM B MM C Network Stack Network Stack Network Stack Network Stack 32
33 Secure Channel Secure channel between MMs neighboring MMs share secret keys (per- neighbor only!) Secret keys sealed to the MMs authen-cated communica-on; footprint cannot be forged Logical protected path Router S Router A Router B Router C MM S MM A MM B MM C Network Stack Network Stack Network Stack Network Stack Actual path 33
34 Send a packet Receive a packet Forward a packet Secure Channel m N SA [m, N SA ]K SA m N AB [m, N AB ]K AB Router S Router A Router B MM S MM A MM B Network Stack Network Stack Network Stack 34
35 Implementation A TrueNet router architecture App App Router OS Hypervisor MM CPU Subsystem Switch Fabric RAM Computation Module Hardware TPM MAC Module Trusted Untrusted Network Interface... Network Interface Network Interface We implement the MAC Module in so`ware 35
36 Applications Accountable packet monitoring Global sharing of FL results Assist secure topology and path discovery Resource alloca-on and per- flow monitoring can provide guaranteed throughput and delay Level separa-on in routers, separate MM for each level 36
37 Evaluation Prototype (w/ TrustVisor): li7le computa-on overhead Storage measurement and comparison Key Storage Overhead (# keys) Other Schemes TrueNet Worst TrueNet Average ATT Sprint L3 Verio VSNL Tele (India) stra I2 Storage Overhead (bytes) 1e+09 1e+08 1e+07 1e ATL CHI HOU KAN Stat. FL Monitoring State Stat FL Key Storage Overhead TruNet Overhead LA NYC SLC SEA WAS Avg 37
38 However Both TC- BGP and TrueNet assume that trusted HW is not tampered with Does not hold in an Internet sezng! Remote malicious ISPs exist Approach: Global network isola-on architecture Define Trust Domains, which provide enforceable accountability 38
39 SCION Architectural Goals High availability, even for networks with malicious par-es Communica-on should be available if a7acker- free path exists Explicit trust for network opera-ons Minimal TCB: minimize trusted en--es for any opera-on Strong isola-on from untrusted par-es Operate with mutually distrus-ng en--es No single root of trust Balanced route control for ISPs, receivers, senders No circular dependencies during setup: enable rebootability Simplicity, efficiency, flexibility, and scalability 39
40 SCION Architecture Overview Trust domain (TD)s Isola-on and scalability Enforceable accountability Path construc-on Path construc-on beacons (PCBs) Path resolu-on Control Explicit trust Route joining (shortcuts) Efficiency, flexibility PCB PCB PCB Source TD TD Core path srv S: blue paths D: red paths Des-na-on 40
41 SCION Trust Domain Decomposition TD1 Core TD2 Core TD Core Interconnect TD 4 Core TD 3 Core Trust Domain Boundary
42 Conclusion Trusted compu-ng mechanisms enable new ways to build secure applica-ons Examples TC- BGP only requires single MAC computa-on to verify en-re rou-ng update, while S- BGP requires O(N) signature verifica-ons TrueNet enables efficient fault localiza-on based on trusted compu-ng primi-ves However, network isola-on architecture is needed to prevent remote HW- based a7acks
ShortMAC: Efficient Data-plane Fault Localization. Xin Zhang, Zongwei Zhou, Hsu- Chun Hsiao, Tiffany Hyun- Jin Kim Adrian Perrig and Patrick Tague
ShortMAC: Efficient Data-plane Fault Localization Xin Zhang, Zongwei Zhou, Hsu- Chun Hsiao, Tiffany Hyun- Jin Kim Adrian Perrig and Patrick Tague What is Fault LocalizaDon? Problem defini-on Iden-fy faulty
More informationNetwork Fault Localization Adrian Perrig. Overview
Network Fault Localization Adrian Perrig CyLab / Carnegie Mellon University Overview Fault localiza/on overview Four fault localiza/on schemes PAAI ShortMAC TrueNet DynaFL 2 1 What is Fault Localization?
More informationFlicker: An Execution Infrastructure for TCB Minimization
Flicker: An Execution Infrastructure for TCB Minimization Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Hiroshi Isozaki (EuroSys 08) Presented by: Tianyuan Liu Oct 31, 2017 Outline Motivation
More informationTrueNet: Efficient Fault Localization with Small TCB
TrueNet: Efficient Fault Localization with Small TCB Xin Zhang, Zongwei Zhou, Geoff Hasker, Adrian Perrig and Virgil Gligor Abstract Clear evidence indicates the existence of compromised routers in ISP
More informationDistributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing
Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing 02/06/14 Goals Understand principles of: Authenticated booting, diference to (closed) secure
More informationDistributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing
Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing 30/05/11 Goals Understand principles of: Authenticated booting The difference to (closed) secure
More informationSCION: Scalability, Control and Isolation On Next-Generation Networks
SCION: Scalability, Control and Isolation On Next-Generation Networks Xin Zhang, Hsu-Chun Hsiao, Geoff Hasker, Haowen Chan, Adrian Perrig, David Andersen 1 After years of patching, the Internet is Reliable
More informationTerra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)
Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006) Trusted Computing Hardware What can you do if you have
More informationNetwork Fault Localization with Small TCB
Network Fault Localization with Small TCB Xin Zhang, Zongwei Zhou, Geoff Hasker, Adrian Perrig and Virgil Gligor {xzhang1, zongweiz, hasker, perrig, gligor}@cmu.edu Carnegie Mellon University Abstract
More informationAuthenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2009
Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing Hermann Härtig Technische Universität Dresden Summer Semester 2009 Goals Understand principles of: authenticated booting the
More informationAuthenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2007
Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing Hermann Härtig Technische Universität Dresden Summer Semester 2007 Goals Understand: authenticated booting the difference
More informationSCION: Scalability, Control and Isola2on On Next- Genera2on Networks
SCION: Scalability, Control and Isola2on On Next- Genera2on Networks Xin Zhang, Hsu- Chun Hsiao, Geoff Hasker, Haowen Chan, Adrian Perrig, David Andersen 1 Reasons for Clean-Slate Design Someone may just
More informationDepartment of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD
Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD THIS LECTURE... Today: Technology Lecture discusses basics in context of TPMs
More informationINFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD OVERVIEW Fundamental
More informationSCION: PKI Overview. Adrian Perrig Network Security Group, ETH Zürich
SCION: PKI Overview Adrian Perrig Network Security Group, ETH Zürich PKI Concepts: Brief Introduction PKI: Public-Key Infrastructure Purpose of PKI: enable authentication of an entity Various types of
More informationDepartment of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD
Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD THIS LECTURE... Today: Technology Lecture discusses basics in context of TPMs
More informationDepartment of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD
Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD THIS LECTURE... Today: Technology Lecture discusses basics in context of TPMs
More informationOVAL + The Trusted Platform Module
OVAL + The Trusted Platform Module Charles Schmidt June 14, 2010 Overview OVAL Can assess a vast diversity of system state Usually software based software attacks can compromise Trusted Platform Module
More informationA Routing Infrastructure for XIA
A Routing Infrastructure for XIA Aditya Akella and Peter Steenkiste Dave Andersen, John Byers, David Eckhardt, Sara Kiesler, Jon Peha, Adrian Perrig, Srini Seshan, Marvin Sirbu, Hui Zhang FIA PI Meeting,
More informationROTE: Rollback Protection for Trusted Execution
ROTE: Rollback Protection for Trusted Execution Sinisa Matetic, Mansoor Ahmed, Kari Kostiainen, Aritra Dhar, David Sommer, Arthur Gervais, Ari Juels, Srdjan Capkun Siniša Matetić ETH Zurich Institute of
More informationJonathan M. McCune. Carnegie Mellon University. March 27, Bryan Parno, Arvind Seshadri Adrian Perrig, Michael Reiter
Jonathan M. McCune Carnegie Mellon University March 27, 2008 Bryan Parno, Arvind Seshadri Adrian Perrig, Michael Reiter 1 Password Reuse People often use 1 password for 2+ websites Banking, social networking,
More informationEXTERNALLY VERIFIABLE CODE EXECUTION
By ARVIND SESHADRI, MARK LUK, ADRIAN PERRIG, LEENDERT VAN DOORN, and PRADEEP KHOSLA EXTERNALLY VERIFIABLE CODE EXECUTION Using hardware- and software-based techniques to realize a primitive Cfor externally
More informationApplications of Attestation:
Lecture Secure, Trusted and Trustworthy Computing : IMA and TNC Prof. Dr. Ing. Ahmad Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Winter Term 2011/2012 1 Roadmap: TC
More informationUnicorn: Two- Factor Attestation for Data Security
ACM CCS - Oct. 18, 2011 Unicorn: Two- Factor Attestation for Data Security M. Mannan Concordia University, Canada B. Kim, A. Ganjali & D. Lie University of Toronto, Canada 1 Unicorn target systems q High
More informationLecture Secure, Trusted and Trustworthy Computing Trusted Platform Module
1 Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Winter Term 2016/17 Roadmap: TPM
More informationAn Execution Infrastructure for TCB Minimization
An Execution Infrastructure for TCB Minimization Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, Hiroshi Isozaki December 18, 2007 CMU-CyLab-07-018 CyLab Carnegie Mellon University Pittsburgh,
More informationWireless Network Security Spring 2015
Wireless Network Security Spring 2015 Patrick Tague Class #12 Forwarding Security 2015 Patrick Tague 1 SoW Presentation SoW Thursday in class I'll post a template Each team gets ~5-8 minutes Written SoW
More informationXSEDE Iden ty Management Use Cases
XSEDE Iden ty Management Use Cases January 6, 2017 Version 1.3 These use cases describe how researchers, scien sts, and other community members register themselves with the XSEDE system, manage their profile
More informationLecture Embedded System Security Trusted Platform Module
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Summer Term 2015 Roadmap: TPM Introduction to TPM TPM architecture
More informationContent Distribu-on Networks (CDNs)
Second Half of the Course Content Distribu-on Networks (CDNs) Mike Freedman COS 461: Computer Networks h@p://www.cs.princeton.edu/courses/archive/spr14/cos461/ Applica-on case studies Content distribu-on,
More informationthe Presence of Adversaries Sharon Goldberg David Xiao, Eran Tromer, Boaz Barak, Jennifer Rexford
Internet Path-Quality Monitoring in the Presence of Adversaries Sharon Goldberg David Xiao, Eran Tromer, Boaz Barak, Jennifer Rexford Princeton University Penn State University CS Seminar November 29,
More informationLockdown: A Safe and Practical Environment for Security Applications
Lockdown: A Safe and Practical Environment for Security Applications Amit Vasudevan, Bryan Parno, Ning Qu, Virgil D. Gligor, Adrian Perrig July 14, 2009 CMU-CyLab-09-011 CyLab Carnegie Mellon University
More informationSGX Security Background. Masab Ahmad Department of Electrical and Computer Engineering University of Connecticut
SGX Security Background Masab Ahmad masab.ahmad@uconn.edu Department of Electrical and Computer Engineering University of Connecticut 1 Security Background Outline Cryptographic Primitives Cryptographic
More informationTechnical Brief Distributed Trusted Computing
Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,
More informationSCION: A Secure Multipath Interdomain Routing Architecture. Adrian Perrig Network Security Group, ETH Zürich
SCION: A Secure Multipath Interdomain Routing Architecture Adrian Perrig Network Security Group, ETH Zürich SCION: Next-generation Internet Architecture Path-aware networking: sender knows packet s path
More informationINF3510 Information Security Spring Lecture 4 Computer Security. University of Oslo Audun Jøsang
INF3510 Information Security Spring 2015 Lecture 4 Computer Security University of Oslo Audun Jøsang Lecture Overview Fundamental computer security concepts CPU and OS kernel security mechanisms Virtualization
More informationPast, Present, and Future Justin Johnson Senior Principal Firmware Engineer
Dell Firmware Security Past, Present, and Future Justin Johnson Senior Principal Firmware Engineer justin.johnson1@dell.com Dell Security 2 What does BIOS do? Configure and Test System Memory Configure
More informationTrusted Disk Loading in the Emulab Network Testbed. Cody Cutler, Eric Eide, Mike Hibler, Rob Ricci
Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Eric Eide, Mike Hibler, Rob Ricci 1 Emulab Public network testbed Create complex experiments quickly 500+ nodes at Utah Emulab 2 Emulab Nodes
More informationCIS 4360 Secure Computer Systems Secured System Boot
CIS 4360 Secure Computer Systems Secured System Boot Professor Qiang Zeng Spring 2017 Previous Class Attacks against System Boot Bootkit Evil Maid Attack Bios-kit Attacks against RAM DMA Attack Cold Boot
More informationTERRA. Boneh. A virtual machine-based platform for trusted computing. Presented by: David Rager November 10, 2004
TERRA Authored by: Garfinkel,, Pfaff, Chow, Rosenblum,, and Boneh A virtual machine-based platform for trusted computing Presented by: David Rager November 10, 2004 Why there exists a need Commodity OS
More informationLecture Secure, Trusted and Trustworthy Computing Trusted Platform Module
1 Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Winter Term 2017/18 Roadmap: TPM
More informationIntel Software Guard Extensions (Intel SGX) Memory Encryption Engine (MEE) Shay Gueron
Real World Cryptography Conference 2016 6-8 January 2016, Stanford, CA, USA Intel Software Guard Extensions (Intel SGX) Memory Encryption Engine (MEE) Shay Gueron Intel Corp., Intel Development Center,
More informationVerified Secure Routing
Verified Secure Routing David Basin ETH Zurich EPFL, Summer Research Institute June 2017 Team Members Verification Team Information Security David Basin Tobias Klenze Ralf Sasse Christoph Sprenger Thilo
More informationTrust-Propagation Based Authentication Protocol in Multihop Wireless Home Networks
Trust-Propagation Based Authentication Protocol in Multihop Wireless Home Networks Han Sang Kim, Jin Wook Lee*, Sandeep K. S. Gupta and Yann-Hang Lee Department of Computer Science and Engineering Arizona
More informationWireless Network Security Spring 2016
Wireless Network Security Spring 2016 Patrick Tague Class #12 Routing Security; Forwarding Security 2016 Patrick Tague 1 SoW Presentation SoW Thursday in class I'll post a template Each team gets ~5 minutes
More informationTrusted Computing and O/S Security
Computer Security Spring 2008 Trusted Computing and O/S Security Aggelos Kiayias University of Connecticut O/S Security Fundamental concept for O/S Security: separation. hardware kernel system user Each
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Introduction to Trusted Computing Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Summer Term 2017 Roadmap: Trusted Computing Motivation
More informationComputer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley
Intra- AS Rou-ng h0p://kcd.com/85/ Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesle Some materials copright 1996-2012 J.F Kurose and K.W. Ross, All Rights Reserved
More informationIntel s s Security Vision for Xen
Intel s s Security Vision for Xen Carlos Rozas Intel Corporation Xen Summit April 7-8, 7 2005 INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. EXCEPT AS PROVIDED IN INTEL'S TERMS
More informationCrypto Background & Concepts SGX Software Attestation
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 4b Slide deck extracted from Kamran s tutorial on SGX, presented during ECE 6095 Spring 2017 on Secure Computation and Storage, a precursor to this course
More informationHow to create a trust anchor with coreboot.
How to create a trust anchor with coreboot. Trusted Computing vs Authenticated Code Modules Philipp Deppenwiese About myself Member of a hackerspace in germany. 10 years of experience in it-security. Did
More informationBootstrapping Trust in Commodity Computers
Bootstrapping Trust in Commodity Computers Bryan Parno Jonathan M. McCune Adrian Perrig CyLab, Carnegie Mellon University Abstract Trusting a computer for a security-sensitive task (such as checking email
More informationCIS 4360 Secure Computer Systems. Trusted Platform Module
CIS 4360 Secure Computer Systems Trusted Platform Module Professor Qiang Zeng Spring 2017 Some slides were stolen from Stanford s Security Course, Bruce Maggs, and Bryan Parno Signed Integer Representation
More informationNot a Bot (NAB): Improving Service Availability in the Face of Botnet A=acks
Not a Bot (NAB): Improving Service Availability in the Face of Botnet A=acks Ramakrishna (Ramki) Gummadi MIT Hari Balakrishnan (MIT), Petros Maniatis and Sylvia Ratnasamy (Intel Research) The problem:
More informationComputer Security CS 426 Lecture 17
Computer Security CS 426 Lecture 17 Trusted Computing Base. Orange Book, Common Criteria Elisa Bertino Purdue University IN, USA bertino@cs.purdue.edu 1 Trusted vs. Trustworthy A component of a system
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2015 Roadmap: Trusted Computing Motivation Notion of trust
More informationPolicy-Sealed Data: A New Abstraction for Building Trusted Cloud Services
Max Planck Institute for Software Systems Policy-Sealed Data: A New Abstraction for Building Trusted Cloud Services 1, Rodrigo Rodrigues 2, Krishna P. Gummadi 1, Stefan Saroiu 3 MPI-SWS 1, CITI / Universidade
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2012 Roadmap: Trusted Computing Motivation Notion of trust
More informationEmbedded System Security Mobile Hardware Platform Security
1 Embedded System Security Mobile Hardware Platform Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Summer Term 2017 Acknowledgement This slide set
More informationTPM v.s. Embedded Board. James Y
TPM v.s. Embedded Board James Y What Is A Trusted Platform Module? (TPM 1.2) TPM 1.2 on the Enano-8523 that: How Safe is your INFORMATION? Protects secrets from attackers Performs cryptographic functions
More informationFlicker: An Execution Infrastructure for TCB Minimization
ACM, 2008. This is the authors' version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version is available at http://doi.acm.org/10.1145/1352592.1352625.
More informationEmbedded System Security Mobile Hardware Platform Security
1 Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Summer Term 2016 Acknowledgement This slide set is based on slides provided by
More informationOS Security IV: Virtualization and Trusted Computing
1 OS Security IV: Virtualization and Trusted Computing Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 More questions? 3 Virtual machine monitor +-----------+----------------+-------------+
More informationRISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas
RISCV with Sanctum Enclaves Victor Costan, Ilia Lebedev, Srini Devadas Today, privilege implies trust (1/3) If computing remotely, what is the TCB? Priviledge CPU HW Hypervisor trusted computing base OS
More informationTrusted Computing and O/S Security. Aggelos Kiayias Justin Neumann
Trusted Computing and O/S Security Aggelos Kiayias Justin Neumann O/S Security Fundamental concept for O/S Security: separation. hardware kernel system user Each layer may try to verify the outer layer
More informationConnecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
More informationTrusted Disk Loading in the Emulab Network Testbed. Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci
Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1 Emulab Public network testbed Create complex experiments quickly 500+ nodes at Utah Emulab 2 Emulab Nodes
More informationFall 2005 Joseph/Tygar/Vazirani/Wagner Final
CS 161 Computer Security Fall 2005 Joseph/Tygar/Vazirani/Wagner Final PRINT your name:, (last) SIGN your name: (first) PRINT your Unix account name: PRINT your TA s name: You may consult any books, notes,
More informationComputer Networks. Wenzhong Li. Nanjing University
Computer Networks Wenzhong Li Nanjing University 1 Chapter 7. Network Security Network Attacks Cryptographic Technologies Message Integrity and Authentication Key Distribution Firewalls Transport Layer
More informationTrojan-tolerant Hardware & Supply Chain Security in Practice
Trojan-tolerant Hardware & Supply Chain Security in Practice Who we are Vasilios Mavroudis Doctoral Researcher, UCL Dan Cvrcek CEO, Enigma Bridge George Danezis Professor, UCL Petr Svenda CTO, Enigma Bridge
More informationI Don't Want to Sleep Tonight:
I Don't Want to Sleep Tonight: Subverting Intel TXT with S3 Sleep Seunghun Han, Jun-Hyeok Park (hanseunghun parkparkqw)@nsr.re.kr Wook Shin, Junghwan Kang, HyoungChun Kim (wshin ultract khche)@nsr.re.kr
More informationInterdomain Routing Design for MobilityFirst
Interdomain Routing Design for MobilityFirst October 6, 2011 Z. Morley Mao, University of Michigan In collaboration with Mike Reiter s group 1 Interdomain routing design requirements Mobility support Network
More informationSystems View -- Current. Trustworthy Computing. TC Advantages. Systems View -- Target. Bootstrapping a typical PC. Boot Guarantees
Trustworthy Computing s View -- Current Trent Jaeger February 18, 2004 Process 1 Web server Process 2 Mail server Process 3 Java VM Operating Hardware (CPU, MMU, I/O devices) s View -- Target TC Advantages
More informationAbstract. 1 Introduction /07 $ IEEE 267
Minimal TCB Code Execution (Extended Abstract) Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, and Arvind Seshadri Carnegie Mellon University Abstract We propose an architecture that
More informationCIS 4360 Secure Computer Systems SGX
CIS 4360 Secure Computer Systems SGX Professor Qiang Zeng Spring 2017 Some slides are stolen from Intel docs Previous Class UEFI Secure Boot Windows s Trusted Boot Intel s Trusted Boot CIS 4360 Secure
More informationIntel Software Guard Extensions
Intel Software Guard Extensions Dr. Matthias Hahn, Intel Deutschland GmbH July 12 th 2017 cryptovision Mindshare, Gelsenkirchen Intel SGX Making Headlines Premium Content requiring Intel SGX on PC Intel
More informationTRUSTED COMPUTING TRUSTED COMPUTING. Overview. Why trusted computing?
Overview TRUSTED COMPUTING Why trusted computing? Intuitive model of trusted computing Hardware versus software Root-of-trust concept Secure boot Trusted Platforms using hardware features Description of
More informationSTM. Computing. Specifica on Topics. High Level Skills you should think about to take your work to the next level:
Specifica on Topics High Level Skills you should think about to take your work to the next level: Discussing the advantages and disadvantages of the different topology types Describing the key fields in
More informationTRESCCA Trustworthy Embedded Systems for Secure Cloud Computing
TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing IoT Week 2014, 2014 06 17 Ignacio García Wellness Telecom Outline Welcome Motivation Objectives TRESCCA client platform SW framework for
More informationTrusted Platform Modules Automotive applications and differentiation from HSM
Trusted Platform Modules Automotive applications and differentiation from HSM Cyber Security Symposium 2017, Stuttgart Martin Brunner, Infineon Technologies Axiom: Whatever is connected can (and will)
More informationAuthenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, Victor Costan, Nickolai Zeldovich, and Srini Devadas
Authenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, Victor Costan, Nickolai Zeldovich, and Srini Devadas Massachusetts Institute of Technology November 8th, CCSW 2013 Cloud Storage Model
More informationCertifying Program Execution with Secure Processors. Benjie Chen Robert Morris Laboratory for Computer Science Massachusetts Institute of Technology
Certifying Program Execution with Secure Processors Benjie Chen Robert Morris Laboratory for Computer Science Massachusetts Institute of Technology Motivation All PCs may soon include trusted computing
More informationTowards Deployment of a Next- Generation Secure Internet Architecture
Towards Deployment of a Next- Generation Secure Internet Architecture Adrian Perrig Network Security Group, ETH Zürich http://www.scion-architecture.net 1 monumental structure stood the test of time &
More informationEfficient and Secure Source Authentication for Multicast
Efficient and Secure Source Authentication for Multicast Authors: Adrian Perrig, Ran Canetti Dawn Song J. D. Tygar Presenter: Nikhil Negandhi CSC774 Network Security Outline: Background Problem Related
More informationChapter 9: Key Management
Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #9-1 Overview Key exchange Session vs. interchange
More informationLecture 7 - Applied Cryptography
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Lecture 7 - Applied Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger
More informationAn Introduction to Trusted Platform Technology
An Introduction to Trusted Platform Technology Siani Pearson Hewlett Packard Laboratories, UK Siani_Pearson@hp.com Content What is Trusted Platform technology and TCPA? Why is Trusted Platform technology
More informationDistributed Systems Principles and Paradigms
Distributed Systems Principles and Paradigms Chapter 09 (version April 7, 2008) Maarten van Steen Vrije Universiteit Amsterdam, Faculty of Science Dept. Mathematics and Computer Science Room R4.20. Tel:
More informationMassively Parallel Hardware Security Platform
Massively Parallel Hardware Security Platform Dan Cvrček, Enigma Bridge, UK dan@enigmabridge.com Petr Švenda, CRoCS, Masaryk University, CZ svenda@fi.muni.cz Overview 1. Cryptography as a Service 2. Usage
More informationINF3510 Information Security. Lecture 6: Computer Security. Universitetet i Oslo Audun Jøsang
INF3510 Information Security Lecture 6: Computer Security Universitetet i Oslo Audun Jøsang Lecture Overview Secure computer architectures Virtualisation architectures Trusted computing Security Evaluation
More informationSoftware Vulnerability Assessment & Secure Storage
Software Vulnerability Assessment & Secure Storage 1 Software Vulnerability Assessment Vulnerability assessment is the process of identifying flaws that reside in an OS, application software or devices
More informationRefresher: Applied Cryptography
Refresher: Applied Cryptography (emphasis on common tools for secure processors) Chris Fletcher Fall 2017, 598 CLF, UIUC Complementary reading Intel SGX Explained (ISE) Victor Costan, Srini Devadas https://eprint.iacr.org/2016/086.pdf
More informationLecture 3 MOBILE PLATFORM SECURITY
Lecture 3 MOBILE PLATFORM SECURITY You will be learning: What techniques are used in mobile software platform security? What techniques are used in mobile hardware platform security? Is there a common
More informationMiniBox: A Two-Way Sandbox for x86 Native Code
MiniBox: A Two-Way Sandbox for x86 Native Code Yanlin Li CyLab/CMU Jonathan McCune CyLab/CMU, Google Inc. James Newsome CyLab/CMU, Google Inc. Adrian Perrig CyLab/CMU Brandon Baker Google Inc. Will Drewry
More informationSecuring IoT with the ARM mbed ecosystem
Securing IoT with the ARM mbed ecosystem Xiao Sun / Senior Applications Engineer / ARM ARM mbed Connect / Shenzhen, China December 5, 2016 Lots of interest in IoT security Researchers are looking into
More informationTrInc: Small Trusted Hardware for Large Distributed Systems
TrInc: Small Trusted Hardware for Large Distributed Systems University of Maryland John R. Douceur Jacob R. Lorch Thomas Moscibroda Microsoft Research Trust in distributed systems Selfish Participants
More informationCryptographic Checksums
Cryptographic Checksums Mathematical function to generate a set of k bits from a set of n bits (where k n). k is smaller then n except in unusual circumstances Example: ASCII parity bit ASCII has 7 bits;
More informationMobile Platform Security Architectures A perspective on their evolution
Mobile Platform Security Architectures A perspective on their evolution N. Asokan CARDIS 2012 Graz, Austria November 29, 2012 1 NA, KKo, JEE, Nokia Resarch Center 2011-2012 Introduction Recent interest
More informationQualifying exam: operating systems, 1/6/2014
Qualifying exam: operating systems, 1/6/2014 Your name please: Part 1. Fun with forks (a) What is the output generated by this program? In fact the output is not uniquely defined, i.e., it is not always
More informationDemonstration Lecture: Cyber Security (MIT Department) Trusted cloud hardware and advanced cryptographic solutions. Andrei Costin
Demonstration Lecture: Cyber Security (MIT Department) Trusted cloud hardware and advanced cryptographic solutions Topic Prerequisites Security concepts Security-related concepts (e.g., entropy) Virtualization
More information