Protecting Data with Short-
Lived Encryption Keys and
Hardware Root of Trust
Dan Griffin
Time-Bound Keys
Announcements
• New tool: TimedKey.exe
• New whitepaper: Trusted Tamperproof
Time on Mobile Devices
• Chec...
What does the NSA think?
• The NSA has been public about:
– Inevitability of mobile computing
– Need to support cloud-base...
How does the cloud know…
• Who you are?
• Where you are?
• Is your computer acting on your behalf?
Device Integrity
• A device is silicon
• It might be pretending to be me
• It might be pretending to be you
• Define devic...
Current Technology Landscape
• Why are mobile devices less secure?
– Inconvenience of good passwords
– Current antivirus i...
Mobile Vulnerabilities
• Rootkits got harder, bad apps got much
easier
• Mobile threat landscape:
– Easy to steal the devi...
What is needed to be secure?
• Encrypt user data
• Sandbox apps
• Secure, measured boot (TPM)
• Remote platform attestation
How to use a hardware root of trust
• Device receives TPM-bound token
– Sends token to relying party to prove status
– Tok...
What is Remote Attestation?
• Remote attestation is enabled by the TPM
– Can a server know the truth about the client?
– U...
Remote Attestation Service (RAS)
• Needs secure data from manufacturer or telco
– Hashes of known good code
• Only “early ...
How does the RAS trust the Device?
TPM
BIOS
Boot
Loader
Kernel
Early
Drivers
Hash of next item(s)
Boot Log
[PCR data]
[AIK...
Is remote attestation really
secure?
• Hardware root of trust within TPM (but might be
firmware)
• PCRs are accumulated in...
Time-based Authorization
• Secure local time reduces attack surface
• Devices now use authorization windows
– Limit token ...
Mechanics of secure time
• See our whitepaper:
– Trusted Tamperproof Time on Mobile Devices
– http://www.jwsecure.com/dan
...
TimedKey.exe Tool
• Requires 32-bit Windows 8 with TPM 2.0
• See http://www.jwsecure.com/dan
• CLI:
C:>TimedKey.exe
TimedK...
Policy-Enforced File Access
• BYOD
• Download sensitive files
• Leave device in taxi
The threat model
Known Threats
• TPM setup on legacy devices = fail
• TPM reset attacks
• Hardware attacked, e.g., Black Hat
– Given enough...
BitLocker Attacks
• Cold boot, Firewire, BIOS keyboard
• Keys in TPM can be used if PIN is weak
• Incorrectly configured l...
What remains to be done?
• Database of known-good hashes
• Heuristics to determine provisional trust of
new code
• What me...
Thank you!
• Dan Griffin is the founder of JW Secure and is a
Microsoft Enterprise Security MVP. Dan is the author of
the ...
Supporting Files
• http://fedscoop.com/gen-alexander-cloud-
key-to-network-security/
• Endpoint Security and Trusted Boot
...
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Upcoming SlideShare
Loading in …5
×

Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust

1,553 views

Published on

The US National Security Agency has been public about the inevitability of mobile computing and the need to support cloud-based service use for secret projects. General Alexander, head of the NSA, recently spoke of using smartphones as ID cards on classified networks.

And yet, mobile devices have a poor security track record, both as data repositories and as sources of trustworthy identity information. Cloud services are no better: current security features are oriented toward compliance and not toward real protection.

What if we could provide a strong link between mobile device identity, integrity, and the lifecycle of data retrieved from the cloud using only the hardware shipped with modern smartphones and tablets?

The good news is that we can do that with the trusted execution environment (TEE) features of the common system on a chip (SOC) mobile processor architectures using 'measurement-bound' encryption. This presentation describes how data can be encrypted to a specific device, how decryption is no longer possible when the device is compromised, and where the weaknesses are. I demonstrate measurement-bound encryption in action. I also announce the release of an open-source tool that implements it as well as a paper that describes the techniques for time-bound keys.

This is likely the very same way that NSA will be protecting the smartphones that will be used for classified information retrieval. Learn how your government plans to keep its own secrets and how you can protect yours.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,553
On SlideShare
0
From Embeds
0
Number of Embeds
193
Actions
Shares
0
Downloads
18
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust

  1. 1. Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust Dan Griffin
  2. 2. Time-Bound Keys Announcements • New tool: TimedKey.exe • New whitepaper: Trusted Tamperproof Time on Mobile Devices • Check out http://www.jwsecure.com/dan
  3. 3. What does the NSA think? • The NSA has been public about: – Inevitability of mobile computing – Need to support cloud-based services – Even for use with secret data in the field • What works for them can work for you
  4. 4. How does the cloud know… • Who you are? • Where you are? • Is your computer acting on your behalf?
  5. 5. Device Integrity • A device is silicon • It might be pretending to be me • It might be pretending to be you • Define device integrity to be “truth telling” – Is the device faithfully asserting delegation? – Is it faithfully representing the user’s intent?
  6. 6. Current Technology Landscape • Why are mobile devices less secure? – Inconvenience of good passwords – Current antivirus is not up to the task – User-owned (BYOD/consumerization trends) • But mobile devices do have security features – Screen lock – Secure storage – TrustZone & Trusted Execution Environment – Trusted Platform Module
  7. 7. Mobile Vulnerabilities • Rootkits got harder, bad apps got much easier • Mobile threat landscape: – Easy to steal the device – Easy to steal services – Easy to install apps that steal data – Even remote eavesdropping
  8. 8. What is needed to be secure? • Encrypt user data • Sandbox apps • Secure, measured boot (TPM) • Remote platform attestation
  9. 9. How to use a hardware root of trust • Device receives TPM-bound token – Sends token to relying party to prove status – Token can carry decryption key as well • If device is measured to be insecure – The good guys win! – Need to reset machine to clean it
  10. 10. What is Remote Attestation? • Remote attestation is enabled by the TPM – Can a server know the truth about the client? – Use root of trust to measure boot chain and configuration • Remote attestation is a means to the truth – The TPM attests to device attributes – Rootkit-resistant, though not perfect
  11. 11. Remote Attestation Service (RAS) • Needs secure data from manufacturer or telco – Hashes of known good code • Only “early boot” code is hashed by the TPM • Still rely on traditional antivirus for user mode protection • The data/content provider must trust the RAS
  12. 12. How does the RAS trust the Device? TPM BIOS Boot Loader Kernel Early Drivers Hash of next item(s) Boot Log [PCR data] [AIK pub] [Signature]
  13. 13. Is remote attestation really secure? • Hardware root of trust within TPM (but might be firmware) • PCRs are accumulated in secure location • Send PCRs + boot log to RAS signed by TPM • TPM 2.0 time counter – Can be expressed as policy – What advantage does that give us?
  14. 14. Time-based Authorization • Secure local time reduces attack surface • Devices now use authorization windows – Limit token lifetime – Otherwise, attacker can sleep the device, change the clock, continue to access data • Great way to protect downloaded data
  15. 15. Mechanics of secure time • See our whitepaper: – Trusted Tamperproof Time on Mobile Devices – http://www.jwsecure.com/dan • Applicability to DLP and DRM
  16. 16. TimedKey.exe Tool • Requires 32-bit Windows 8 with TPM 2.0 • See http://www.jwsecure.com/dan • CLI: C:>TimedKey.exe TimedKey.exe - JW Secure Demo: Policy bound hardware keys CREATE : -c:[1024, 2048] -k:KeyFile {-decrypt -sign -t:60 -p:PIN} ENCRYPT : -e:ClearText -k:KeyFile -o:CipherFile DECRYPT : -d:CipherFile -k:KeyFile {-p:PIN} SIGN : -s:Data -k:KeyFile -o:SignFile {-p:PIN} VERIFY : -v:Data -k:KeyFile -i:SignFile
  17. 17. Policy-Enforced File Access • BYOD • Download sensitive files • Leave device in taxi
  18. 18. The threat model
  19. 19. Known Threats • TPM setup on legacy devices = fail • TPM reset attacks • Hardware attacked, e.g., Black Hat – Given enough money it is always possible • Attacking the supply chain
  20. 20. BitLocker Attacks • Cold boot, Firewire, BIOS keyboard • Keys in TPM can be used if PIN is weak • Incorrectly configured local DLP – E.g., Bitlocker can be set to Standby • Same considerations for similar apps
  21. 21. What remains to be done? • Database of known-good hashes • Heuristics to determine provisional trust of new code • What measurements to enforce, and when?
  22. 22. Thank you! • Dan Griffin is the founder of JW Secure and is a Microsoft Enterprise Security MVP. Dan is the author of the books Cloud Security and Control and The Four Pillars of Endpoint Security and is a frequent conference speaker and blogger. • Dan holds a Master’s degree in Computer Science from the University of Washington and a Bachelor’s degree in Computer Science from Indiana University.
  23. 23. Supporting Files • http://fedscoop.com/gen-alexander-cloud- key-to-network-security/ • Endpoint Security and Trusted Boot http://www.jwsecure.com/jw-secure- informer-15/ • Hacking Measured Boot and UEFI at DefCon 20

×