notary a device for secure transaction approval
play

Notary: A Device for Secure Transaction Approval Anish Athalye - PowerPoint PPT Presentation

Aug 08, 2023 •264 likes •760 views

Notary: A Device for Secure Transaction Approval Anish Athalye Adam Belay Frans Kaashoek Robert Morris Nickolai Zeldovich MIT CSAIL 1 How to securely approve transactions? Users perform sensitjve transactjonal operatjons Bank

  1. Notary: A Device for Secure Transaction Approval Anish Athalye Adam Belay Frans Kaashoek Robert Morris Nickolai Zeldovich MIT CSAIL 1

  2. How to securely approve transactions? • Users perform sensitjve transactjonal operatjons • Bank transfers • Cryptocurrency transactjons • Deletjng backups • Modifying DNS records 2

  3. Common solution: smartphone apps • Sufgers from isolatjon bugs (e.g. jailbreaks) Approval agent on smartphone 3

  4. Hardware wallets for transaction approval Display TX Bu � ons Sign(TX) Ledger wallet 4

  5. Challenge: wallets need to isolate agents Ledger app store: 50+ third-party agents 5

  6. Challenge: wallets need to isolate agents Ledger app store: 50+ third-party agents 5

  7. Problems with existing hardware wallets • OS bugs • Over 10 found in Ledger and Trezor wallets • Potentjal hardware bugs • Shared hardware state could leak secrets (e.g. Spectre) 6

  8. Contribution: Notary • Agent separatjon architecture • Reset-based switching • Verifjed deterministjc start • Physical hardware wallet prototype 7

  9. Threat model • Some agents are malicious • Physical atuacks out of scope • Could be addressed by tamper-proof hardware 8

  10. Separation architecture provides isolation User I/O Reset bu � on uart Agent Kernel USB Storage rst SoC SoC Runs third-party code Manages storage, No OS, full access to hardware agent switching Notary separatjon architecture 9

  11. Separation architecture provides isolation User I/O Reset bu � on uart Agent Kernel USB Storage rst SoC SoC Runs third-party code Manages storage, No OS, full access to hardware agent switching Kernel SoC 9

  12. Separation architecture provides isolation User I/O Reset bu � on uart Agent Kernel USB Storage rst SoC SoC Runs third-party code Manages storage, No OS, full access to hardware agent switching Agent SoC 9

  13. Separation architecture provides isolation User I/O Reset bu � on uart Agent Kernel USB Storage rst SoC SoC Runs third-party code Manages storage, No OS, full access to hardware agent switching Connected only by UART (and reset wire) 9

  14. Separation architecture provides isolation User I/O Reset bu � on uart Agent Kernel USB Storage rst SoC SoC Runs third-party code Manages storage, No OS, full access to hardware agent switching Kernel resets Agent SoC 9

  15. Separation architecture provides isolation User I/O Reset bu � on uart Agent Kernel USB Storage rst SoC SoC Runs third-party code Manages storage, No OS, full access to hardware agent switching launch() : load agent code + data 9

  16. Separation architecture provides isolation User I/O Reset bu � on uart Agent Kernel USB Storage rst SoC SoC Runs third-party code Manages storage, No OS, full access to hardware agent switching Agent runs on Agent SoC, independently of Kernel SoC 9

  17. Separation architecture provides isolation User I/O Reset bu � on uart Agent Kernel USB Storage rst SoC SoC Runs third-party code Manages storage, No OS, full access to hardware agent switching exit(state) : save state and terminate 9

  18. Desired property: noninterference Agent A runs switch Agent B runs � me 10

  19. Desired property: noninterference steal A's secrets? Agent A runs switch Agent B runs � me 10

  20. Desired property: noninterference steal A's secrets? Agent A runs switch Agent B runs � me 10

  21. Deterministic start ensures noninterference • Run before startjng any agent • Clears state in SoC (puts chip in deterministjc state) 11

  22. Deterministic start ensures noninterference World 0 (secret = 0) World 1 (secret = 1) 11

  23. Deterministic start ensures noninterference World 0 (secret = 0) World 1 (secret = 1) Agent A runs 11

  24. Deterministic start ensures noninterference World 0 (secret = 0) World 1 (secret = 1) Agent A runs Determinis � c start 11

  25. Deterministic start ensures noninterference World 0 (secret = 0) World 1 (secret = 1) Agent A runs Determinis � c start Agent B runs 11

  26. Deterministic start ensures noninterference Determinis � c start 11

  27. Challenge: completeness • Lots of state • Registers • Microarchitectural state: CPU caches, ... • RAM • SoC peripherals: UART, SPI, ... • Must work for all states 12

  28. Simple approaches fail • Reset pin • Clears minimal state necessary to restart • Power cycling • State takes minutes to decay (cold boot atuacks) 13

  29. Notary’s approach: use software • Reset returns control start code clk rst (clears state) • Sofuware in boot ROM can ROM (1 KB) clear internal state CPU (PicoRV32) RAM (128 KB) • How to write this code? • Must clear every single bit UART UART GPIO SPI of internal state 14

  30. = Gate-level description captures all internal state ⇒ SMT-compatjble format (for symbolic circuit simulatjon) RTL (e.g. Verilog): all digital state is explicit 15

  31. Verifying deterministic start for Notary’s SoC 16

  32. Verifying deterministic start for Notary’s SoC /* no reset code */ 16

  33. Verifying deterministic start for Notary’s SoC error, state not cleared: /* no reset code */ soc.cpu.latched_rd 16

  34. Verifying deterministic start for Notary’s SoC nop nop nop 16

  35. Verifying deterministic start for Notary’s SoC error, state not cleared: nop nop soc.cpu.cpuregs[1] nop 16

  36. Verifying deterministic start for Notary’s SoC nop nop nop /* clear registers */ li x1, 0 /* ... */ li x31, 0 16

  37. Verifying deterministic start for Notary’s SoC nop error, state not cleared: nop nop soc.cpu.mem_wdata /* clear registers */ li x1, 0 /* ... */ li x31, 0 16

  38. Verifying deterministic start for Notary’s SoC nop nop nop /* clear registers */ li x1, 0 /* ... */ li x31, 0 /* clear buffer */ sw zero, 0(zero) 16

  39. Verifying deterministic start for Notary’s SoC nop nop error, state not cleared: nop /* clear registers */ soc.ram.data[0] li x1, 0 /* ... */ li x31, 0 /* clear buffer */ sw zero, 0(zero) 16

  40. Verifying deterministic start for Notary’s SoC nop nop nop /* clear registers */ li x1, 0 /* ... */ li x31, 0 /* clear buffer */ sw zero, 0(zero) /* clear ram */ la t0, _sram_start la t1, _sram_end loop: sw zero, 0(t0) addi t0, t0, 4 bne t0, t1, loop 16

  41. Verifying deterministic start for Notary’s SoC nop nop nop /* clear registers */ li x1, 0 /* ... */ li x31, 0 error, state not cleared: /* clear buffer */ sw zero, 0(zero) soc.uart.cr0 /* clear ram */ la t0, _sram_start la t1, _sram_end loop: sw zero, 0(t0) addi t0, t0, 4 bne t0, t1, loop 16

  42. Verifying deterministic start for Notary’s SoC nop nop nop /* clear registers */ li x1, 0 /* ... */ li x31, 0 /* clear buffer */ sw zero, 0(zero) /* clear ram */ la t0, _sram_start la t1, _sram_end loop: sw zero, 0(t0) addi t0, t0, 4 bne t0, t1, loop /* clear uart control register */ la t0, _uart0 sw zero, 0(t0) 16

  43. Verifying deterministic start for Notary’s SoC nop nop nop /* clear registers */ li x1, 0 /* ... */ li x31, 0 deterministjc start verifjed! /* clear buffer */ sw zero, 0(zero) n = 180342 cycles , < 10 ms /* clear ram */ la t0, _sram_start (mostly spent clearing RAM) la t1, _sram_end loop: sw zero, 0(t0) addi t0, t0, 4 bne t0, t1, loop /* clear uart control register */ la t0, _uart0 sw zero, 0(t0) 16

  44. Notary hardware and system software • Additjonal hardware: $8 (extra chips) • TCB: 4000 LOC (mostly drivers) Notary prototype 17

  45. Notary agent: Bitcoin Bitcoin app (lefu) and agent (right) 18

  46. Notary agent: web-app approval Web app (lefu) and agent (right) 19

  47. Evaluation summary: Notary is practical Notary’s design prevents bugs while preserving developer and user experience. (see paper) 20

  48. Related work • Non-wallet security devices [iOS enclave, Yubikey] • Verifjed kernels [SeL4, Hyperkernel, Nickel, CertjKOS] • Verifjed hardware [Kami, Hyperfmow] (see paper) 21

  49. Conclusion • Notary separatjon architecture • Reset-based switching : clearing state between switching agents • Verifjed deterministjc start : ensuring state clearing is correct • Notary prototype • RISC-V-based prototype • 2 agents: Bitcoin, web-app approval anish.io/notary 22

Recommend

Notary: A Device for Secure Transaction Approval Athalye et al., presented by Jack Cook Overview

Notary: A Device for Secure Transaction Approval Athalye et al., presented by Jack Cook Overview

Notary: A Device for Secure Transaction Approval Athalye et al., presented by Jack Cook Overview Goals and Big Ideas Threat Model Strengths Weaknesses Evaluation Attack Defenses Discussion Questions

240 views • 20 slides
Course Overview What is a Notary? Colorado Notary Public Course How to Become a Notary

Course Overview What is a Notary? Colorado Notary Public Course How to Become a Notary

Course Overview What is a Notary? Colorado Notary Public Course How to Become a Notary The Notarys Toolbox Aardvark Notary Training aardvarknotarytraining.com Notary Public Powers info@aardvarknotarytraining.com Misconduct

430 views • 22 slides
1. Who is responsible, whom can you contact? We, notary Dr. Christof Hupe and notary Alexander

1. Who is responsible, whom can you contact? We, notary Dr. Christof Hupe and notary Alexander

Information about the handling personal data by K&amp;L Gates LLP notaries 1. Who is responsible, whom can you contact? We, notary Dr. Christof Hupe and notary Alexander Kollmorgen, both with official office in Berlin and notary Dr. Christian

274 views • 4 slides
Web Security: Web Security: Secure Electronic Transaction Secure Electronic Transaction

Web Security: Web Security: Secure Electronic Transaction Secure Electronic Transaction

Web Security: Web Security: Secure Electronic Transaction Secure Electronic Transaction Cunsheng Cunsheng Ding Ding HKUST, Hong Kong, CHI NA HKUST, Hong Kong, CHI NA Secure Elect ronic Transact ions An applicat ion-layer secur it y

483 views • 24 slides
Notary Best Practices and New Law Updates for Michigan Notaries 2 Todays Topics: The Role

Notary Best Practices and New Law Updates for Michigan Notaries 2 Todays Topics: The Role

6/8/2020 1 Notary Best Practices and New Law Updates for Michigan Notaries 2 Todays Topics: The Role of a Notary / Three Notary Statuses Steps to a Proper Notarization Authorized Notarial Acts/Prohibited Actions More on Remote Online

320 views • 14 slides
Secure Device Pairing What is device pairing? What is

Secure Device Pairing What is device pairing? What is

Secure Device Pairing What is device pairing? What is device pairing? What is the problem? The wireless communica8on channel is rela8vely easy to

298 views • 9 slides
What is different in the European (CE Mark) and the American medical device (FDA) approval path

What is different in the European (CE Mark) and the American medical device (FDA) approval path

What is different in the European (CE Mark) and the American medical device (FDA) approval path and what does a CE-Mark or a FDA approval mean for a physician using devices ? 7th European Symposium of Vascular Biomaterials Nicolas Thevenet,

250 views • 12 slides
ML&amp;P Transaction Approval Sale of ML&amp;P to Chugach Electric: Timeline to Date January

ML&amp;P Transaction Approval Sale of ML&amp;P to Chugach Electric: Timeline to Date January

ML&amp;P Transaction Approval Sale of ML&amp;P to Chugach Electric: Timeline to Date January 23, 2018 AO 2018-1(S) April 3, 2018 Ballot Proposition 10 Approval by more than 65% of voters April September, 2018

512 views • 16 slides
OUR ROAD TO IOT: SECURE DEVICE GRID 5 October 2015 Kresten Krab Thorup @drkrab

OUR ROAD TO IOT: SECURE DEVICE GRID 5 October 2015 Kresten Krab Thorup @drkrab

OUR ROAD TO IOT: SECURE DEVICE GRID 5 October 2015 Kresten Krab Thorup @drkrab Introduction IoT and SSL/TLS landscape Secure Device Grid design Lessons Learned ABOUT THE SPEAKER Kresten Krab Thorup, Ph.D. Trifork CTO - since 1999

948 views • 56 slides
Requirements for Secure Device Authentication Iden&amp;ty in the browser

Requirements for Secure Device Authentication Iden&amp;ty in the browser

Requirements for Secure Device Authentication Iden&amp;ty in the browser workshop, 24-25 May 2011, Mountain View Mark Watson, Mitch Zollinger, Wesley Miaw 1

327 views • 9 slides
Box Overview Box Enables Secure File Sync and Sharing from Any Device Intuitive end-user web,

Box Overview Box Enables Secure File Sync and Sharing from Any Device Intuitive end-user web,

Box Overview Box Enables Secure File Sync and Sharing from Any Device Intuitive end-user web, Box natively previews desktop and mobile apps 120+ file types Comprehensive security controls by user, content, device Not familiar with Box? 57K

580 views • 34 slides
1 Transaction State Transaction State (Cont.) Active, the initial state; the transaction stays in

1 Transaction State Transaction State (Cont.) Active, the initial state; the transaction stays in

Transactions Transaction Concept Transaction State Implementation of Atomicity and Durability Lecture 8 Concurrent Executions Transactions Serializability Recoverability Implementation of Isolation Transaction

376 views • 6 slides
Secure Device Lifecycle Stuart Kincaid Security Architect, Silicon IP skincaid@insidesecure.com

Secure Device Lifecycle Stuart Kincaid Security Architect, Silicon IP skincaid@insidesecure.com

Secure Device Lifecycle Stuart Kincaid Security Architect, Silicon IP skincaid@insidesecure.com D&amp;R IP-SOC Days Grenoble - December 2018 www.insidesecure.com www.insidesecure.com Inside Secure Proprietary Information 1 Product

426 views • 16 slides
RCC: High-Throughput Secure Transaction Processing Shawn Qiu, Di Zhao Introduction Resilient

RCC: High-Throughput Secure Transaction Processing Shawn Qiu, Di Zhao Introduction Resilient

RCC: High-Throughput Secure Transaction Processing Shawn Qiu, Di Zhao Introduction Resilient Concurrent Consensus is a paradigm used to increase throughput of consensus protocols such as PBFT , HotStuff , ZYZZYVA, etc Works with

816 views • 26 slides
The Case for Secure Connectivity Mobile Device and Internet Use in Corrections Classrooms Thank

The Case for Secure Connectivity Mobile Device and Internet Use in Corrections Classrooms Thank

The Case for Secure Connectivity Mobile Device and Internet Use in Corrections Classrooms Thank you for joining! While waiting for the webinar to start, please answer the poll on the right. This training was supported under the LINCS Regional

670 views • 45 slides
Introduction 2 Introduction - transaction All cash transaction Planned transaction $115 per

Introduction 2 Introduction - transaction All cash transaction Planned transaction $115 per

1 Introduction 2 Introduction - transaction All cash transaction Planned transaction $115 per share Delivering a 50% approximately cash premium $5 billion 3 Introduction - rationale Key strengths of StanCorp Consistent long-term

940 views • 43 slides
Transaction Processing Transaction Concept A transaction is a unit of program execution that

Transaction Processing Transaction Concept A transaction is a unit of program execution that

Transaction Processing Transaction Concept A transaction is a unit of program execution that accesses and possibly updates various data items. E.g. transaction to transfer $50 from account A to account B: 1. read ( A ) 2. A := A 50

861 views • 74 slides
Usability and Security of Out-Of-Band Channels in Secure Device Pairing Protocols Ronald Kainda,

Usability and Security of Out-Of-Band Channels in Secure Device Pairing Protocols Ronald Kainda,

Outline Introduction HISPs Proposed OOB Methods Experimental Design Results Analysis and Discussion Conclusion Usability and Security of Out-Of-Band Channels in Secure Device Pairing Protocols Ronald Kainda, Ivan Flechais, and A.W.

670 views • 41 slides
Formation of SPH REIT and Special Dividend EGM for shareholders approval 27 May 2013

Formation of SPH REIT and Special Dividend EGM for shareholders approval 27 May 2013

Formation of SPH REIT and Special Dividend EGM for shareholders approval 27 May 2013 Transaction summary EGM to seek shareholders approval on: The proposed establishment of SPH REIT and the injection of the Paragon Property and the 1

118 views • 10 slides
ndnMouse Secure Control Interface for a PC Using a Mobile Device Wesley Minner CS 217B, Spring

ndnMouse Secure Control Interface for a PC Using a Mobile Device Wesley Minner CS 217B, Spring

ndnMouse Secure Control Interface for a PC Using a Mobile Device Wesley Minner CS 217B, Spring 2017 Project Final Presentation Motivation (Recap) Primary use case: slideshow control Traditional... Wired: short cord small radius

608 views • 42 slides
Premarket Approval - PMA The route to market for Class III devices Fees required PM A

Premarket Approval - PMA The route to market for Class III devices Fees required PM A

FDA Medical Device Industry Coalition Premarket Approval - PMA The route to market for Class III devices Fees required PM A 515(c) of the Medical Device Amendments of 1976 (but no one calls it a 515(c)) 21 CFR 814

913 views • 62 slides
Secure spontaneous device authentication from ambient audio Stephan Sigg 07.02.2013, Westf

Secure spontaneous device authentication from ambient audio Stephan Sigg 07.02.2013, Westf

Information Systems Architecture Science Research Division Secure spontaneous device authentication from ambient audio Stephan Sigg 07.02.2013, Westf alische Wilhelms Universit at M unster Motivation Related work Spontaneous

611 views • 48 slides
Secure and Usable Out-Of-Band Channels for Ad hoc Mobile Device Interactions Ronald Kainda, Ivan

Secure and Usable Out-Of-Band Channels for Ad hoc Mobile Device Interactions Ronald Kainda, Ivan

Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Secure and Usable Out-Of-Band Channels for Ad hoc Mobile Device Interactions Ronald Kainda, Ivan Flechais, A.W. Roscoe Workshop in

650 views • 18 slides
IT SECURITY INTRODUCTION OVERVIEW Device Connected Devices Connected Networks DEVICE

IT SECURITY INTRODUCTION OVERVIEW Device Connected Devices Connected Networks DEVICE

LECTURE IT SECURITY INTRODUCTION OVERVIEW Device Connected Devices Connected Networks DEVICE Program Runtime Attacks Wireless Security Side Channels CONNECTED DEVICES Thread Intelligence Secure Group Communication

1.04k views • 6 slides

More recommend