trustotp transforming smartphones into secure one time
play

TrustOTP: Transforming Smartphones into Secure One-Time Password - PowerPoint PPT Presentation

TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens He Sun, Kun Sun, Yuewu Wang, and Jiwu Jing Presented by Fengwei Zhang Wayne State University CSC 6991 Topics in Computer Security 1 Outline IntroducLon MoLvaLon


  1. TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens He Sun, Kun Sun, Yuewu Wang, and Jiwu Jing Presented by Fengwei Zhang Wayne State University CSC 6991 Topics in Computer Security 1

  2. Outline • IntroducLon • MoLvaLon • Architecture • ImplementaLon • EvaluaLon • Summary Wayne State University CSC 6991 Topics in Computer Security 2

  3. Outline • IntroducLon • MoLvaLon • Architecture • ImplementaLon • EvaluaLon • Summary Wayne State University CSC 6991 Topics in Computer Security 3

  4. One-Lme Password (OTP) • A password that is valid for only one login session or transacLon – Not vulnerable to reply aUacks – Widely used in Two-factor AuthenLcaLon – HOTP (Hash-based OTP) • Event triggered, key & counter – TOTP (Time-based OTP) • Time synchronized, key & clock – Hardware token & soXware App Wayne State University CSC 6991 Topics in Computer Security 4

  5. ExisLng SoluLons • Hardware-based – RSA SecurID – Yubikey • SoXware-based – Google authenLcator – McAfee one-Lme password Wayne State University CSC 6991 Topics in Computer Security 5

  6. Outline • IntroducLon • MoLvaLon • Architecture • ImplementaLon • EvaluaLon • Summary Wayne State University CSC 6991 Topics in Computer Security 6

  7. LimitaLon • Hardware-based --- not flexible – Unprogrammable – Expensive • SoXware-based --- not secure – Vulnerable to external aUacks Wayne State University CSC 6991 Topics in Computer Security 7

  8. Goals • ConfidenLality – Malicious mobile OS cannot compromise the keying material (seed) in the OTP generator – It cannot read the OTP • Reliability and Availability – Trusted inputs (e.g., clock Lme) for the OTP genreator – Trusted display – OTP works even If mobile OS crashes • Small TCB Wayne State University CSC 6991 Topics in Computer Security 8

  9. TrustZone-related Work • TrustICE (Sun et al.[1]) – Isolated CompuLng Environment in the normal domain • SeCReT (Jang et al.[2]) – Secure channel between secure domain and normal applicaLon • Hypervision (Azab et al.[3]) – Real-Lme kernel protecLon in the normal domain • TrustDump (Sun et al.[4]) – Reliable Memory AcquisiLon of the mobile OS • Smartphone as locaLon verificaLon token for payments (Marforio et al.[5]) • Trusted Language RunLme for trusted applicaLons in the secure domain (Santos et al.[6]) Wayne State University CSC 6991 Topics in Computer Security 9

  10. Outline • IntroducLon • MoLvaLon • Architecture • ImplementaLon • EvaluaLon • Summary Wayne State University CSC 6991 Topics in Computer Security 10

  11. TrustOTP Architecture – In the secure domain – Shared I/O device with the rich OS – Reliable switch between domains Normal Domain Secure Domain Rich OS TrustOTP Secure Clock Secure TOTP Non-secure OTP Permanent Permanent Generator Storage HOTP Secure Counters Storage Non-secure Framebuffer Reliable Switch Secure Framebuffer Secure Secure Touchscreen Display Framebuffer Touchscreen Driver Controller Driver Driver User Input of the Rich OS Display with User Input of Touchscreen TrustOTP Wayne State University CSC 6991 Topics in Computer Security 11

  12. Challenges • Secure input and display though shared touchscreen • Reliable switch • Generator protecLon – StaLc code – ExecuLon environment • Availability Wayne State University CSC 6991 Topics in Computer Security 12

  13. Outline • IntroducLon • MoLvaLon • Architecture • ImplementaLon • EvaluaLon • Summary Wayne State University CSC 6991 Topics in Computer Security 13

  14. Security Analysis • InformaLon leakage – Generated OTPs – Shared keys • Control flow tampering – Code integrity – ExecuLon integrity (e.g., Interrupt) • Denial-of-service – Switch between domains – StaLc & dynamic code – Display Wayne State University CSC 6991 Topics in Computer Security 14

  15. Boot Sequence Secure storage • – MicroSD card Memory IsolaLon • – TZASC (TrustZone Address Space Controller) – Watermark mechanism Normal Domain Secure Domain – Secure boot Secure bootloader • USB Flash MicroSD Drive card – Non-secure bootloader Kernel Filesystem – Rich OS Non-secure Secure TrustOTP Bootloader Bootloader 4 2 1 Non-secure 3 Memory Kernel Secure Memory Secure Non-secure TrustOTP Bootloader Bootloader Wayne State University CSC 6991 Topics in Computer Security 15

  16. TrustOTP Triggering • Reliable switch – Non-maskable interrupt (NMI) • The rich OS cannot block or intercept – Secure Interrupt (FIQ) • The rich OS cannot manipulate – Interrupt source (configurable) • Physical buUon • Timer Wayne State University CSC 6991 Topics in Computer Security 16

  17. OTP GeneraLon • Hash-based one-Lme password (HOTP) – Key, counter • Time-based one-Lme password (TOTP) – Key, Clock Wayne State University CSC 6991 Topics in Computer Security 17

  18. OTP Display • Secure I/O – Display: IPU (Image Processing Unit) + LCD – Input: 4-wire resisLve touchscreen • User-friendly manner – Rich OS and TrustOTP run concurrently – Watchdog Lmer – 1.5 seconds / cycle • 0.5 second for display • 1 second for input 2~3 numbers Wayne State University CSC 6991 Topics in Computer Security 18

  19. Outline • IntroducLon • MoLvaLon • Architecture • ImplementaLon • EvaluaLon • Summary Wayne State University CSC 6991 Topics in Computer Security 19

  20. EvaluaLon • Freescale i.MX53 QSB – A Cortex-A8 1GHz processor – 1GB DD3 RAM – 4GB microSD card • Monsoon power monitor – Power measurement – Power logging Wayne State University CSC 6991 Topics in Computer Security 20

  21. TrustOTP Performance • Before OTP display (60.48 ms) • AXer OTP display (7.52 ms) Wayne State University CSC 6991 Topics in Computer Security 21

  22. Impact on the Rich OS • Rich OS vs. TrustOTP • Anutu – CPU & RAM – I/O devices • Vellamo Wayne State University CSC 6991 Topics in Computer Security 22

  23. Power ConsumpLon • Rich OS – Average = 2,128 mW • TrustOTP running – Average =2,230 mW • TrustOTP without display Wayne State University CSC 6991 Topics in Computer Security 23

  24. Outline • IntroducLon • MoLvaLon • Architecture • ImplementaLon • EvaluaLon • Summary Wayne State University CSC 6991 Topics in Computer Security 24

  25. Summary • TrustOTP: Hardware-assisted OTP Token on smartphones – Security (confidenLality, integrity, availability) – Flexibility (various and mulLple OTPs) • Low performance overhead on the Rich OS – No need to modify the Rich OS – Low power consumpLon Wayne State University CSC 6991 Topics in Computer Security 25

  26. References 1. H. Sun, K. Sun, Y. Wang, J. Jing, and H. Wang, “TrustICE: Hardware-assisted Isolated CompuLng Environments on Mobile Devices,” in Proceedings of the 45 th Annual IEEE/IFIP InternaLonal Conference on Dependable Systems and Networks (DSN’15), June 22-25, 2015. 2. J. Jang, S. Kong, M. Kim, D. Kim, and B. B. Kang, “Secret: Secure channel between rich execuLon environment and trusted execuLon environment,” in 21 st Annual Network and Distributed System Security Symposium, NDSS 2015, February 8-11, 2015. 3. A. M. Azab, P. Ning, J. Shah, Q. Chen, R. Bhutkar, G. Ganesh, J. Ma, and W. Shen, “Hypervision across worlds: Real-Lme kernel protecLon from the ARM trustzone secure world,” in Proceedings of the 2014 ACM SIGSAC Conference on Computer and CommunicaLons Security, November 3-7, 2014. 4. H. Sun, K. Sun, Y. Wang, J. Jing, and S. Jajodia, “Trustdump: Reliable memory acquisiLon on smartphones,” in Proceedings of 19 th European Symposium on Research in Computer Security (ESORICS’14), September 7-11, 2014. 5. C. Marforio, N. Karapanos, C. Soriente, K. KosLainen, and S. Capkun, “Smartphones as pracLcal and secure locaLon verificaLon tokens for payments,” in 21 st Annual Network and Distributed System Security Symposium, NDSS 2014, February 23-26, 2014. 6. N. Santos, H. Raj, S. Saroiu, and A. Wolman, “Using ARM trustzone to build a trusted language runLme for mobile applicaLons,” in Architectural Support for Programming Languages and OperaLng Systems, ASPLOS ’14, March 1-5, 2014 Wayne State University CSC 6991 Topics in Computer Security 26

Recommend


More recommend