TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication
Upcoming SlideShare
Loading in...5
×
 

TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication

on

  • 416 views

 

Statistics

Views

Total Views
416
Views on SlideShare
415
Embed Views
1

Actions

Likes
0
Downloads
4
Comments
0

1 Embed 1

http://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution-NoDerivs LicenseCC Attribution-NoDerivs License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication Presentation Transcript

  • RuhR-University Bochum System Security Lab TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication Sebastian Gajek1, Hans Löhr2, Ahmad-Reza Sadeghi2, Marcel Winandy2 Tel Aviv University, Israel 1 2 Ruhr-University Bochum, Germany ACM STC 2009 – 4th Annual Workshop on Scalable Trusted Computing Chicago, Illinois, USA – November 13, 2009
  • RuhR-University Bochum System Security Lab Introduction ● Identity theft is a growing crime on the Internet (especially phishing) ● Classical phishing: faked web sites password password Adversary A Phishing Server ● Malware phishing: attacking users device password password Adversary A Phishing ServerMarcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 2
  • RuhR-University Bochum System Security Lab Introduction ● Countermeasures against phishing – A broad range of approaches exists ● Promising: “wallet” (authentication agent) – Stores all user login credentials – Authenticates web sites for their legitimacy – Performs login on behalf of user +Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 3
  • RuhR-University Bochum System Security Lab Introduction ● However: needs strong protection mechanism (malware could attack wallet directly)Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 4
  • RuhR-University Bochum System Security Lab Introduction ● However: needs strong protection mechanism (malware could attack wallet directly) ● We have trusted computing – so what? (secure boot, sealing, attestation, etc.)Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 5
  • RuhR-University Bochum System Security Lab Introduction ● However: needs strong protection mechanism (malware could attack wallet directly) ● We have trusted computing – so what? (secure boot, sealing, attestation, etc.) ● Scalability issues: – PKI dependency: server can change SSL certificate (update, new CA, new URL, etc.) – Device restriction: wallet locked-down to one platformMarcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 6
  • RuhR-University Bochum System Security Lab TruWallet - Overview ● High-level architecture ● Automated login with SSL-PKI-independent server authentication ● Secure migration of wallet data to other devices ● ImplementationMarcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 7
  • RuhR-University Bochum System Security Lab TruWallet ArchitectureMarcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 8
  • RuhR-University Bochum System Security Lab TruWallet ArchitectureMarcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 9
  • RuhR-University Bochum System Security Lab TruWallet ArchitectureMarcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 10
  • RuhR-University Bochum System Security Lab TruWallet ArchitectureMarcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 11
  • RuhR-University Bochum System Security Lab TruWallet ArchitectureMarcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 12
  • RuhR-University Bochum System Security Lab SSL-PKI-Independent Server AuthenticationMarcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 13
  • RuhR-University Bochum System Security Lab SSL-PKI-Independent Server Authentication ● Registration (user creates new account)Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 14
  • RuhR-University Bochum System Security Lab SSL-PKI-Independent Server Authentication ● Registration (user creates new account) – TruWallet creates high-entropy password new passwordMarcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 15
  • RuhR-University Bochum System Security Lab SSL-PKI-Independent Server Authentication ● Registration (user creates new account) – TruWallet creates high-entropy password – Derive shared secret from server_finished client_hello SSL handshake encSSL(server_finished)Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 16
  • RuhR-University Bochum System Security Lab SSL-PKI-Independent Server Authentication ● Registration (user creates new account) – TruWallet creates high-entropy password – Derive shared secret from server_finished client_hello SSL handshake shared shared secret encSSL(server_finished) secretMarcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 17
  • RuhR-University Bochum System Security Lab SSL-PKI-Independent Server Authentication ● Registration (user creates new account) – TruWallet creates high-entropy password – Derive shared secret from server_finished new password client_hello SSL handshake shared shared secret encSSL(server_finished) secret Link password with shared secret (and server URL)Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 18
  • RuhR-University Bochum System Security Lab SSL-PKI-Independent Server Authentication ● Login (user connects to registered account) – Server is authenticated via challenge-response client_hello SSL handshake encSSL(server_finished)Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 19
  • RuhR-University Bochum System Security Lab SSL-PKI-Independent Server Authentication ● Login (user connects to registered account) – Server is authenticated via challenge-response nonce client_hello SSL handshake encSSL(server_finished)Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 20
  • RuhR-University Bochum System Security Lab SSL-PKI-Independent Server Authentication ● Login (user connects to registered account) – Server is authenticated via challenge-response nonce client_hello SSL handshake encSSL(server_finished || HMACsharedsecret(trnscrpt))Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 21
  • RuhR-University Bochum System Security Lab SSL-PKI-Independent Server Authentication ● Login (user connects to registered account) – Server is authenticated via challenge-response nonce client_hello SSL handshake shared secret shared secret encSSL(server_finished || HMACsharedsecret(trnscrpt)) Only if server can prove knowledge of shared secret, user password is sent.Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 22
  • RuhR-University Bochum System Security Lab Secure Migration of Wallet DataMarcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 23
  • RuhR-University Bochum System Security Lab Secure Migration of Wallet Data ● Another Wallet on destination platform ● Establish a trusted channel between platforms – Secure channel (confidentiality) – Bound to TCB configuration of destination ● Send wallet data through trusted channel ● Trusted Channel based on [Asokan+2007], – But here: less components, less stepsMarcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 24
  • RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd)Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 25
  • RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd)Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 26
  • RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd)Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 27
  • RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd)Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 28
  • RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd)Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 29
  • RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd)Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 30
  • RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd)Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 31
  • RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd)Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 32
  • RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd)Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 33
  • RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd)Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 34
  • RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd)Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 35
  • RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd)Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 36
  • RuhR-University Bochum System Security Lab Implementation ● Security Kernel: Turaya/L4 – L4 microkernel – security services ● TruWallet: – Java implementation – Uses Paros HTTP/HTTPS Proxy – Running in a Linux VM ● Web Browser: – Firefox, running in separate Linux VMMarcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 37
  • RuhR-University Bochum System Security Lab Implementation Overview Linux Linux Virtual Machine Virtual Machine Firefox Paros Wallet Network Storage Trust mGUI Security Kernel Mgr Mgr Mgr (Turaya) L4 microkernel Hardware TPMMarcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 38
  • RuhR-University Bochum System Security Lab Implementation Overview Linux Linux Virtual Machine Virtual Machine Firefox Paros Wallet Network Storage Trust mGUI Security Kernel Mgr Mgr Mgr (Turaya) L4 microkernel Hardware TPM Video NIC DiskMarcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 39
  • RuhR-University Bochum System Security Lab Implementation Overview Linux Linux Virtual Machine Virtual Machine Firefox Paros Wallet Network Storage Trust mGUI Security Kernel Mgr Mgr Mgr (Turaya) L4 microkernel Hardware TPM NICMarcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 40
  • RuhR-University Bochum System Security Lab Conclusion ● Phishing is a serious threat ● Wallets can perform login on behalf of user ● TruWallet provides: – Secure execution environment – Server authentication with less SSL PKI dependency – Secure migration to other computing devices ● Prototype based on L4 microkernel and virtualization ● Future work: – TruWallet on dynamic root of trust (Intel TXT)Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 41
  • RuhR-University Bochum System Security Lab Questions? Marcel Winandy Ruhr-University Bochum marcel.winandy@trust.rub.deMarcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 42