on smartphones tablets
play

on Smartphones & Tablets with Trusted Computing Stefan Saroiu - PowerPoint PPT Presentation

Apr 05, 2024 •490 likes •1.34k views

Protecting Data on Smartphones & Tablets with Trusted Computing Stefan Saroiu Microsoft Research (Redmond) Smartphones have displaced PCs as the primary computing device Smartphones Store Sensitive Data Sensor Readings Have Value

  1. Protecting Data on Smartphones & Tablets with Trusted Computing Stefan Saroiu Microsoft Research (Redmond)

  2. Smartphones have displaced PCs as the primary computing device

  3. Smartphones Store Sensitive Data

  4. Sensor Readings Have Value

  5. Implications ▪ High value of smartphone data creates incentives for “bad” guys: ▪ 3 rd -parties want to steal data ▪ 1 st -parties want to fabricate/alter data Data is under attack from malware, apps, or users

  6. Smartphones and Tablets Are Easily Lost or Stolen

  7. Implications ▪ Data loss due to device loss is common ▪ Attackers have easy access to device ▪ Memory-based attacks are inexpensive ▪ Cold-boot, bus snooping/monitoring, DMA Cannot afford to neglect physical attacks

  8. This Talk: Two Approaches 1. Software abstractions for mobile devices: ▪ Firmware-TPM (trusted platform module) ▪ Trusted sensors ▪ Cloud-TPM: cross-device TPM-protection 2. New systems leveraging trusted hardware ▪ Sentry: protect data against memory attacks ▪ TLR: small secure runtime at the language-level

  9. Acknowledgements ▪ Microsoft Research researchers & engineers: ▪ Alec Wolman, Himanshu Raj, and many others (next slide) ▪ Microsoft Research interns: ▪ Patrick Colp (U. of British Columbia) ▪ He Liu (U. of California at San Diego, now with Google) ▪ Chen Chen (ETH Zurich) ▪ Nuno Santos (MPI-SWS, now with U. of Lisbon) ▪ External collaborators: ▪ Jiawen Zhang, James Gleeson, Sahil Suneja, Eyal de Lara U. of T oronto ▪ Krishna Gummadi (MPI-SWS) ▪ Rodrigo Rodrigues (MPI-SWS, now with IST, Portugal)

  10. fTPM: A Software-only Implementation of a TPM Chip Himanshu Raj, Stefan Saroiu, Alec Wolman, Ronald Aigner, Jeremiah Cox, Paul England, Chris Fenner, Kinshuman Kinshumann, Jork Loeser, Dennis Mattoon, Magnus Nystrom, David Robinson, Rob Spiger, Stefan Thom, David Wooten Microsoft (published at USENIX Security 2016)

  11. Motivation ▪ Many systems ms in indu dustr stry & r & resear arch ch rely on TPMs ▪ Bitlocker, trusted sensors, Chrome OS, etc … ▪ Chall llen enge ge: Smartphones & tablets lack TPMs today ▪ TPM: never designed to meet space, cost, power constraints } ? ▪ Obs bservatio ion:

  12. Big Problem These CPU features omit several secure resources found on trusted hardware

  13. Research Question Can we overcome these limitations to build systems whose security ~trusted hardware? Answer swer: : Yes Contrib ntributions utions: • 3 approaches to overcome TrustZone’s limitations (lessons relevant to SGX also) • Security analysis of fTPM vs TPM chips • fTPM shipped millions of Microsoft Surface & WP

  14. Outline ▪ Motivation ▪ Background on TPM ▪ ARM TrustZone and its shortcomings ▪ High-level architecture & threat model ▪ Overcoming TrustZone limitations: three approaches ▪ Performance evaluation ▪ Conclusions

  15. What are TPMs? ▪ Hardware root of trust offering: ▪ Strong machine identity ▪ Software rollback prevention ▪ Secure credentials store ▪ Software attestation

  16. What are TPMs good for? ▪ Shipped Products by Industry: ▪ Protects “data -at- rest” (Google, Microsoft) ▪ Prevents rollback (Google) ▪ Virtual smart cards (Microsoft) ▪ Early-Launch Anti-Malware (Microsoft) ▪ Research: ▪ Secure VMs for the cloud [SOSP’11] ▪ Secure offline data access [OSDI ‘12] ▪ Trusted sensors for mobile devices [MobiSys ’11, SenSys ‘11] ▪ Cloaking malware [Sec ‘11]

  17. TPM: 1.0  1.1  1.2  2.0 ▪ Late 1999 : TCPA is formed (IBM, HP , Intel, Microsoft, …) ▪ 2001 2001: TPM specification 1.0 is released ▪ Never adopted by any hardware AFAIK ▪ Late 2001: TPM 1.1 is released ▪ 2002 2002: IBM Thinkpad T30 uses first discrete TPM chip ▪ 2003 2003: TCPA morphs into TCG ▪ 2007 2007: pin reset attack ▪ 2008 2008: TPM 1.2 ▪ Very popular, many hardware vendors built chips ▪ 2014 2014: TPM 2.0

  18. New in TPM 2.0 ▪ Newer cryptography ▪ TPM 1.2: SHA-1, RSA ▪ TPM 2.0: SHA-1, RSA, SHA-256, ECC ▪ TPM 2.0 provides a reference implementation ▪ “the code is the spec” ▪ Much more flexible policy support ▪ Read this as “more (useful) bells and whistles”

  19. Outline ▪ Motivation ▪ Background on TPM ▪ ARM TrustZone and its shortcomings ▪ High-level architecture & threat model ▪ Overcoming TrustZone limitations: three approaches ▪ Performance evaluation ▪ Conclusions

  20. Normal World (NW) Secure World (SW) Secure Monitor Layer (software) ARM Hardware

  21. Booting Up ARM Hardware

  22. Booting Up Secure Monitor Layer (software) ARM Hardware

  23. Booting Up Allocates memory Restricts its access to Secure World-only More setup… Secure Monitor Layer ARM Hardware

  24. Booting Up Secure World (SW) Secure Monitor Layer ARM Hardware

  25. Booting Up Secure World (SW) Secure Monitor Layer ARM Hardware

  26. Normal World (NW) Secure World (SW) Secure Monitor Layer ARM Hardware

  27. ARM TrustZone Properties ▪ Isolated runtime that boots first ▪ Curtained memory ▪ Ability to map interrupts delivered to Secure World ▪ Secure monitor dispatches interrupts

  28. ARM TrustZone Limitations Lack of accessibility Lack of virtualization

  29. Outline ▪ Motivation ▪ Background on TPM ▪ ARM TrustZone and its shortcomings ▪ High-level architecture & threat model ▪ Overcoming TrustZone limitations: three approaches ▪ Performance evaluation ▪ Conclusions

  30. High-Level architecture Normal World Secure World fTPM Other secure services Commodity OS TEE Runtime Linux/Windows TEE Dispatcher TEE Monitor ARM SoC Hardware ▪ TEE: trusted execution environment (small codebase) ▪ Monitor, dispatcher, runtime ▪ Most hardware resources mapped to Normal World ▪ For better perf.

  31. Threat Model: What Threats are In-Scope? Goals fTPM TPM chip Malicious software (e.g., malware, compromised OS) Time-based side-channel Cache-based side-channel Denial-of-Service Power analysis-based side-channel Memory attacks (e.g., coldboot, bus sniffing, JTAG) See “Memory Attacks” (ASPLOS 2015)

  32. Outline ▪ Motivation ▪ Background on TPM ▪ ARM TrustZone and its shortcomings ▪ High-level architecture & threat model ▪ Overcoming TrustZone limitations: three approaches ▪ Performance evaluation ▪ Conclusions

  33. ARM TrustZone Limitations Helpful observation: huge ARM eco-system out there ▪ eMMC controller present on many ARM SoCs ▪ Has provisions for trusted storage ▪ Secure fuses: write-once, read-always registers ▪ Can act as “seed” for deriving crypto keys ▪ Entropy for TrustZone can be added easily

  34. ARM Eco-system Offers eMMC ▪ eMMC controllers can setup one partition as Replay-Protected Memory Block (RPMB) ▪ RPMB primitives: ▪ One-time programmable authentication keys: ▪ fTPM uses “seed” from secure fuse to generate auth. keys ▪ fTPM writes auth. keys to eMMC controller upon provisioning ▪ Authenticated reads and writes (uses internal counters) ▪ Nonces

  35. ARM TrustZone Limitations eMMC & Secure fuses Entropy Timer & changed semantics of TPM commands

  36. Three Approaches 1. Provision additional trusted hardware 2. Make design compromises 3. Change semantics of TPM commands Do not affect TPM’s security!

  37. Problem: Long-Running Commands ▪ Design requirements: ▪ Code running in secure world must be minimal ▪ e.g., TEE lacks pre-emptive scheduler ▪ fTPM commands cannot be long-lived ▪ Commodity OS “freezes” during fTPM command ▪ Creating RSA keys can take 10+ seconds on slow mobile devices!!!

  38. Solution: Cooperative Checkpointing … … Oops, it’s been a long time Normal World Secure World

  39. Three Approaches 1. Provision additional trusted hardware 2. Make design compromises 3. Change semantics of TPM commands Do not affect TPM’s security!

  40. Background: TPM Unseal Guess PIN Guess PIN Guess PIN 2 nd time 1 st time 3 rd time TPM w/ storage Failed Failed Failed Lockout Attempts++ Attempts++ Attempts++ Period

  41. Problem: Dark Periods ▪ During dark periods: ▪ Problem: storage unavailable ▪ Danger: TPM Unseal commands not safe ▪ Example of dark period: During boot: ▪ Firmware (UEFI) finished running and unloaded ▪ OS loader is running (OS not fully loaded)

  42. Possible Attack during Dark Period Guess PIN Guess PIN Guess PIN Guess PIN 2 nd time 1 st time 3 rd time Reboot 4 th time TPM without Failed Failed Failed storage Attempts++ Attempts++ Attempts++ Dark period entered here

  43. Solution: Dirty Bit ▪ Write dirty bit to storage before enter dark period ▪ If dark period exited, dirty bit is cleared ▪ If machine reboots during dark period, bit remains dirty ▪ Possibility #1: Legitimate user reboots machine ▪ Possibility #2: Attacker attempts to guess PIN ▪ Solution: Upon fTPM bootup, if bit dirty enter lockout

  44. Dirty Bit Stops Attack Guess PIN Guess PIN Guess PIN 2 nd time 1 st time 3 rd time Reboot fTPM Set Dirty Failed Failed Failed Lockout Bit Attempts++ Attempts++ Attempts++ Period Dark period entered here

  45. Outline ▪ Motivation ▪ Background on TPM ▪ ARM TrustZone and its shortcomings ▪ High-level architecture & threat model ▪ Overcoming TrustZone limitations: three approaches ▪ Performance evaluation ▪ Conclusions

Recommend

CORPORATE PRESENTATION 2014 ABOUT DIGITAL GAMING Digital gaming is everywhere Smartphones &

CORPORATE PRESENTATION 2014 ABOUT DIGITAL GAMING Digital gaming is everywhere Smartphones &

CORPORATE PRESENTATION 2014 ABOUT DIGITAL GAMING Digital gaming is everywhere Smartphones & Tablets Feature phones TVs & STBs Smartphones, tablets, smart TVs, STBs, smart watches Installed base of 2 billion smartphones and

433 views • 25 slides
Device Disinfection Challenges Staff & visitor devices (smartphones, tablets, etc) pose

Device Disinfection Challenges Staff & visitor devices (smartphones, tablets, etc) pose

Device Disinfection Challenges Staff & visitor devices (smartphones, tablets, etc) pose environmental contamination risk Chemical solutions often damage sensitive touchscreens (and chemical cleaners are excluded from mobile device OEM

557 views • 14 slides
PayCard and Payroll Best Practices Smartphones, Tablets and Watches in Payroll Presenter: Dallas

PayCard and Payroll Best Practices Smartphones, Tablets and Watches in Payroll Presenter: Dallas

PayCard and Payroll Best Practices Smartphones, Tablets and Watches in Payroll Presenter: Dallas Wilfong Agenda PayCards today Millennials in the work force? Apps in Payroll Recent paycard regulation changes Speaker Dallas

658 views • 47 slides
audience on their smartphones, tablets, websites, email, text, social media, and mobile apps

audience on their smartphones, tablets, websites, email, text, social media, and mobile apps

Personal engagement with consumers on their mobile devices Mobile marketing is a multi-channel, digital marketing strategy aimed at reaching a target audience on their smartphones, tablets, websites, email, text, social media, and mobile apps

384 views • 19 slides
Mobile Devices Smartphones, tablets and other devices Design considerations Android as a

Mobile Devices Smartphones, tablets and other devices Design considerations Android as a

Mobile Devices Smartphones, tablets and other devices Design considerations Android as a platform Design What makes mobile design different? Touch Interfaces In this course, we have mostly discussed the development of computer interfaces,

366 views • 33 slides
http://jdsp.asu.edu http://jdsp.asu.edu iJDSP: A Mobile Signal Analysis App for iOS Smartphones

http://jdsp.asu.edu http://jdsp.asu.edu iJDSP: A Mobile Signal Analysis App for iOS Smartphones

http://jdsp.asu.edu http://jdsp.asu.edu iJDSP: A Mobile Signal Analysis App for iOS Smartphones and Tablets Student Programmers: Jinru Liu and Shuang Hu Student Support Team: Jayaraman Thiagarajan, Karthikeyan Ramamurthy, Deepta Rajan, Sophia

549 views • 22 slides
Natural Charcoal Tablets TM Natural Charcoal Tablets Freshness, with a touch of Heritage

Natural Charcoal Tablets TM Natural Charcoal Tablets Freshness, with a touch of Heritage

TM TM Natural Charcoal T ablets Natural Charcoal Tablets Presenting TM Natural Charcoal Tablets TM Natural Charcoal Tablets Freshness, with a touch of Heritage Safety, with added Convenience Irfaz brings to you an exclusive range of

294 views • 16 slides
Smart Charcoal Tablets from Malaysia Smart Charcoal Tablets from Malaysia Freshness, with a

Smart Charcoal Tablets from Malaysia Smart Charcoal Tablets from Malaysia Freshness, with a

TM Natural Charcoal T ablets Smart Charcoal Tablets from Malaysia Presenting Smart Charcoal Tablets from Malaysia Smart Charcoal Tablets from Malaysia Freshness, with a touch of Heritage Safety, with added Convenience Irfaz brings to you

690 views • 16 slides
Premium Charcoal Tablets from Malaysia Premium Charcoal Tablets from Malaysia Freshness, with a

Premium Charcoal Tablets from Malaysia Premium Charcoal Tablets from Malaysia Freshness, with a

TM Natural Charcoal T ablets Premium Charcoal Tablets from Malaysia Presenting Premium Charcoal Tablets from Malaysia Premium Charcoal Tablets from Malaysia Freshness, with a touch of Heritage Safety, with added Convenience Irfaz brings

373 views • 16 slides
Mobile - Smartphones, Tablets, Wearable (Smartwatch) ENABLES EXTRA FREE SPACE Fits Minimal Form

Mobile - Smartphones, Tablets, Wearable (Smartwatch) ENABLES EXTRA FREE SPACE Fits Minimal Form

KLIKE - The SMART INTERFACE COMPANY For the POST-PC devices Where Usability and Texting are Critical Minimal Form Factor 3D Camera

609 views • 8 slides
Technology, Tablets and Tips Managing Your Business on the Go l o c a l l y r e l e v a n t ,

Technology, Tablets and Tips Managing Your Business on the Go l o c a l l y r e l e v a n t ,

Technology, Tablets and Tips Managing Your Business on the Go l o c a l l y r e l e v a n t , p e r s o n a l i s e d t r a i n i n g Background Each state identified training priorities Using tablets ranked highly Not for

146 views • 11 slides
Privacy on Smartphones Presentation by Claude Barthels Roadmap TaintDroid: An

Privacy on Smartphones Presentation by Claude Barthels Roadmap TaintDroid: An

Privacy on Smartphones Presentation by Claude Barthels Roadmap TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones MockDroid: Trading Privacy for Application Functionality on Smartphones

429 views • 38 slides
New Generation TCO Certified Available for all product categories Displays

New Generation TCO Certified Available for all product categories Displays

New Generation TCO Certified Available for all product categories Displays Notebooks Tablets Smartphones All-in-one PCs Headsets Projectors Update purchasing document to: Latest version of TCO

857 views • 9 slides
1 Welcome! In this session we will explore computers and coding and how to talk to

1 Welcome! In this session we will explore computers and coding and how to talk to

1 Welcome! In this session we will explore computers and coding and how to talk to computers! First, lets play some Fact or Fiction Games. Game 1: Of the following three statements. Which one is false? 1. Smartphones and tablets are

649 views • 22 slides
Looking to the Future: Use of Smartphones & Beyond Mick Foy 15 th September 2014 Vigilance

Looking to the Future: Use of Smartphones & Beyond Mick Foy 15 th September 2014 Vigilance

Looking to the Future: Use of Smartphones & Beyond Mick Foy 15 th September 2014 Vigilance and Risk Management of Medicines Agenda Use of smartphones & social media What does this mean for pharmacovigilance Introducing WEB-RADR

498 views • 20 slides
Mobile Computing Solutions vs Tablets What defines a true mobile computing solution for a field

Mobile Computing Solutions vs Tablets What defines a true mobile computing solution for a field

D E -R ISKING E NTERPRISE M OBILITY Mobile Computing Solutions vs Tablets What defines a true mobile computing solution for a field worker? Why your users/clients are asking for Tablets Customers are demanding anytime access to data, and

385 views • 19 slides
iOS Security 101 -ish Vadim Drobinin | @valzevul About me 1. Why? iOS Security 101-ish /

iOS Security 101 -ish Vadim Drobinin | @valzevul About me 1. Why? iOS Security 101-ish /

iOS Security 101 -ish Vadim Drobinin | @valzevul About me 1. Why? iOS Security 101-ish / @valzevul 3 The average time spend on smartphones and tablets is 4h 33 mins a day BankMyCell iOS Security 101-ish / @valzevul 4 In 2018,

579 views • 55 slides
Presenting a live 90-minute webinar with interactive Q&A Employee Use of Dual-Purpose

Presenting a live 90-minute webinar with interactive Q&A Employee Use of Dual-Purpose

Presenting a live 90-minute webinar with interactive Q&A Employee Use of Dual-Purpose Electronic Devices: Legal Challenges for Employers Protecting Company Interests When Employees Use Personal Smartphones, Tablets and Laptops for Work

881 views • 64 slides
The Spatial Web A New Data Management Frontier Christian S. Jensen www.cs.au.dk/~csj The

The Spatial Web A New Data Management Frontier Christian S. Jensen www.cs.au.dk/~csj The

The Spatial Web A New Data Management Frontier Christian S. Jensen www.cs.au.dk/~csj The Web Is Going Mobile A quickly evolving mobile Internet infrastructure. Mobile devices, e.g., smartphones, tablets, laptops, navigation devices,

818 views • 56 slides
Sensing ng everyw ywhe here re: Towa owards rds Safer and More Relia iable ble Sensor

Sensing ng everyw ywhe here re: Towa owards rds Safer and More Relia iable ble Sensor

Sensing ng everyw ywhe here re: Towa owards rds Safer and More Relia iable ble Sensor nsor-enabled bled Device ices Marta Kwiatkowska University of Oxford SAFECOM 2012, Magdeburg Sensing everywhere 2 Smartphones, tablets

919 views • 48 slides
for Smartphones Hyojun Kim Cristian Ungureanu Nitin Agrawal Life in the Post - PC Mobile

for Smartphones Hyojun Kim Cristian Ungureanu Nitin Agrawal Life in the Post - PC Mobile

Revisiting Storage for Smartphones Hyojun Kim Cristian Ungureanu Nitin Agrawal Life in the Post - PC Mobile Era Smartphone and tablet markets are huge & growing Mobile 100 Million smartphones shipped in Q4 2010, 92 M PCs [IDC]

853 views • 28 slides
Some Reflections on the MPI Forum 1992-95 David W. Walker Professor of High Performance

Some Reflections on the MPI Forum 1992-95 David W. Walker Professor of High Performance

Some Reflections on the MPI Forum 1992-95 David W. Walker Professor of High Performance Computing Cardiff University http://www.cardiff.ac.uk/people/view/118172-walker-david 1 25 Years Ago No smartphones or tablets. No Internet, as

466 views • 21 slides
Mobile Learning The Good, The Bad, and the Ugly April 2014 ATMC 2014 2 The Opportunities

Mobile Learning The Good, The Bad, and the Ugly April 2014 ATMC 2014 2 The Opportunities

Mobile Learning The Good, The Bad, and the Ugly April 2014 ATMC 2014 2 The Opportunities & Challenges of Mobile Learning Smartphones and tablets play an increasingly large role in peoples personal and professional

487 views • 24 slides
Mobile Security: how smart are mobile phones today? Prof. Alessio Merlo DIBRIS University of

Mobile Security: how smart are mobile phones today? Prof. Alessio Merlo DIBRIS University of

Mobile Security: how smart are mobile phones today? Prof. Alessio Merlo DIBRIS University of Genoa 1 Before starting . Take you time to answer these question, w.r.t. your everyday use of smartphones and tablets: 1. How long do you

952 views • 61 slides

More recommend