notary a device for secure transaction approval
play

Notary: A Device for Secure Transaction Approval Anish Athalye - PowerPoint PPT Presentation

Notary: A Device for Secure Transaction Approval Anish Athalye Adam Belay Frans Kaashoek Robert Morris Nickolai Zeldovich MIT CSAIL 1 How to securely approve transactions? Users perform sensitjve transactjonal operatjons Bank


  1. Notary: A Device for Secure Transaction Approval Anish Athalye Adam Belay Frans Kaashoek Robert Morris Nickolai Zeldovich MIT CSAIL 1

  2. How to securely approve transactions? • Users perform sensitjve transactjonal operatjons • Bank transfers • Cryptocurrency transactjons • Deletjng backups • Modifying DNS records 2

  3. Common solution: smartphone apps • Sufgers from isolatjon bugs (e.g. jailbreaks) Approval agent on smartphone 3

  4. Hardware wallets for transaction approval Display TX Bu � ons Sign(TX) Ledger wallet 4

  5. Challenge: wallets need to isolate agents Ledger app store: 50+ third-party agents 5

  6. Challenge: wallets need to isolate agents Ledger app store: 50+ third-party agents 5

  7. Problems with existing hardware wallets • OS bugs • Over 10 found in Ledger and Trezor wallets • Potentjal hardware bugs • Shared hardware state could leak secrets (e.g. Spectre) 6

  8. Contribution: Notary • Agent separatjon architecture • Reset-based switching • Verifjed deterministjc start • Physical hardware wallet prototype 7

  9. Threat model • Some agents are malicious • Physical atuacks out of scope • Could be addressed by tamper-proof hardware 8

  10. Separation architecture provides isolation User I/O Reset bu � on uart Agent Kernel USB Storage rst SoC SoC Runs third-party code Manages storage, No OS, full access to hardware agent switching Notary separatjon architecture 9

  11. Separation architecture provides isolation User I/O Reset bu � on uart Agent Kernel USB Storage rst SoC SoC Runs third-party code Manages storage, No OS, full access to hardware agent switching Kernel SoC 9

  12. Separation architecture provides isolation User I/O Reset bu � on uart Agent Kernel USB Storage rst SoC SoC Runs third-party code Manages storage, No OS, full access to hardware agent switching Agent SoC 9

  13. Separation architecture provides isolation User I/O Reset bu � on uart Agent Kernel USB Storage rst SoC SoC Runs third-party code Manages storage, No OS, full access to hardware agent switching Connected only by UART (and reset wire) 9

  14. Separation architecture provides isolation User I/O Reset bu � on uart Agent Kernel USB Storage rst SoC SoC Runs third-party code Manages storage, No OS, full access to hardware agent switching Kernel resets Agent SoC 9

  15. Separation architecture provides isolation User I/O Reset bu � on uart Agent Kernel USB Storage rst SoC SoC Runs third-party code Manages storage, No OS, full access to hardware agent switching launch() : load agent code + data 9

  16. Separation architecture provides isolation User I/O Reset bu � on uart Agent Kernel USB Storage rst SoC SoC Runs third-party code Manages storage, No OS, full access to hardware agent switching Agent runs on Agent SoC, independently of Kernel SoC 9

  17. Separation architecture provides isolation User I/O Reset bu � on uart Agent Kernel USB Storage rst SoC SoC Runs third-party code Manages storage, No OS, full access to hardware agent switching exit(state) : save state and terminate 9

  18. Desired property: noninterference Agent A runs switch Agent B runs � me 10

  19. Desired property: noninterference steal A's secrets? Agent A runs switch Agent B runs � me 10

  20. Desired property: noninterference steal A's secrets? Agent A runs switch Agent B runs � me 10

  21. Deterministic start ensures noninterference • Run before startjng any agent • Clears state in SoC (puts chip in deterministjc state) 11

  22. Deterministic start ensures noninterference World 0 (secret = 0) World 1 (secret = 1) 11

  23. Deterministic start ensures noninterference World 0 (secret = 0) World 1 (secret = 1) Agent A runs 11

  24. Deterministic start ensures noninterference World 0 (secret = 0) World 1 (secret = 1) Agent A runs Determinis � c start 11

  25. Deterministic start ensures noninterference World 0 (secret = 0) World 1 (secret = 1) Agent A runs Determinis � c start Agent B runs 11

  26. Deterministic start ensures noninterference Determinis � c start 11

  27. Challenge: completeness • Lots of state • Registers • Microarchitectural state: CPU caches, ... • RAM • SoC peripherals: UART, SPI, ... • Must work for all states 12

  28. Simple approaches fail • Reset pin • Clears minimal state necessary to restart • Power cycling • State takes minutes to decay (cold boot atuacks) 13

  29. Notary’s approach: use software • Reset returns control start code clk rst (clears state) • Sofuware in boot ROM can ROM (1 KB) clear internal state CPU (PicoRV32) RAM (128 KB) • How to write this code? • Must clear every single bit UART UART GPIO SPI of internal state 14

  30. = Gate-level description captures all internal state ⇒ SMT-compatjble format (for symbolic circuit simulatjon) RTL (e.g. Verilog): all digital state is explicit 15

  31. Verifying deterministic start for Notary’s SoC 16

  32. Verifying deterministic start for Notary’s SoC /* no reset code */ 16

  33. Verifying deterministic start for Notary’s SoC error, state not cleared: /* no reset code */ soc.cpu.latched_rd 16

  34. Verifying deterministic start for Notary’s SoC nop nop nop 16

  35. Verifying deterministic start for Notary’s SoC error, state not cleared: nop nop soc.cpu.cpuregs[1] nop 16

  36. Verifying deterministic start for Notary’s SoC nop nop nop /* clear registers */ li x1, 0 /* ... */ li x31, 0 16

  37. Verifying deterministic start for Notary’s SoC nop error, state not cleared: nop nop soc.cpu.mem_wdata /* clear registers */ li x1, 0 /* ... */ li x31, 0 16

  38. Verifying deterministic start for Notary’s SoC nop nop nop /* clear registers */ li x1, 0 /* ... */ li x31, 0 /* clear buffer */ sw zero, 0(zero) 16

  39. Verifying deterministic start for Notary’s SoC nop nop error, state not cleared: nop /* clear registers */ soc.ram.data[0] li x1, 0 /* ... */ li x31, 0 /* clear buffer */ sw zero, 0(zero) 16

  40. Verifying deterministic start for Notary’s SoC nop nop nop /* clear registers */ li x1, 0 /* ... */ li x31, 0 /* clear buffer */ sw zero, 0(zero) /* clear ram */ la t0, _sram_start la t1, _sram_end loop: sw zero, 0(t0) addi t0, t0, 4 bne t0, t1, loop 16

  41. Verifying deterministic start for Notary’s SoC nop nop nop /* clear registers */ li x1, 0 /* ... */ li x31, 0 error, state not cleared: /* clear buffer */ sw zero, 0(zero) soc.uart.cr0 /* clear ram */ la t0, _sram_start la t1, _sram_end loop: sw zero, 0(t0) addi t0, t0, 4 bne t0, t1, loop 16

  42. Verifying deterministic start for Notary’s SoC nop nop nop /* clear registers */ li x1, 0 /* ... */ li x31, 0 /* clear buffer */ sw zero, 0(zero) /* clear ram */ la t0, _sram_start la t1, _sram_end loop: sw zero, 0(t0) addi t0, t0, 4 bne t0, t1, loop /* clear uart control register */ la t0, _uart0 sw zero, 0(t0) 16

  43. Verifying deterministic start for Notary’s SoC nop nop nop /* clear registers */ li x1, 0 /* ... */ li x31, 0 deterministjc start verifjed! /* clear buffer */ sw zero, 0(zero) n = 180342 cycles , < 10 ms /* clear ram */ la t0, _sram_start (mostly spent clearing RAM) la t1, _sram_end loop: sw zero, 0(t0) addi t0, t0, 4 bne t0, t1, loop /* clear uart control register */ la t0, _uart0 sw zero, 0(t0) 16

  44. Notary hardware and system software • Additjonal hardware: $8 (extra chips) • TCB: 4000 LOC (mostly drivers) Notary prototype 17

  45. Notary agent: Bitcoin Bitcoin app (lefu) and agent (right) 18

  46. Notary agent: web-app approval Web app (lefu) and agent (right) 19

  47. Evaluation summary: Notary is practical Notary’s design prevents bugs while preserving developer and user experience. (see paper) 20

  48. Related work • Non-wallet security devices [iOS enclave, Yubikey] • Verifjed kernels [SeL4, Hyperkernel, Nickel, CertjKOS] • Verifjed hardware [Kami, Hyperfmow] (see paper) 21

  49. Conclusion • Notary separatjon architecture • Reset-based switching : clearing state between switching agents • Verifjed deterministjc start : ensuring state clearing is correct • Notary prototype • RISC-V-based prototype • 2 agents: Bitcoin, web-app approval anish.io/notary 22

Recommend


More recommend