Security Hardware

1
Security Hardware

• CS498IA
• Spring 2007

2
Reading Material

• Magic Boxes and Boots Security in Hardware, Sean
  Smith, IEEE Computer
• http//www.cs.dartmouth.edu/sws/pubs/magic-boxes.
  pdf
• Security Engineering, Chapter 14 Physical Tamper
  Resistance
• http//www.cl.cam.ac.uk/rja14/Papers/SE-14.pdf
• Intel Pentium II Software Developers Manual
  Volume 3. Sections 4.5 through 4.8
• http//developer.intel.com/design/pentium4/manuals
  /253668.htm
• TCG Specification Architecture Overview. Section
  4 through 4.4.
• https//www.trustedcomputinggroup.org/groups/TCG_1
  _0_Architecture_Overview.pdf

3
Motivation

• As CS folks we have concentrated on security
  abstractions or software implementations
• Judicious use of security specific HW is
  beneficial
• Feature Restriction
• Physical separation
• Performance benefits

4
Outline

• Architectural support for security
• Memory management
• No execute bits
• Secure co-processors
• Smart cards
• Trusted Platform Modules

5
OS Security

• Reference Monitor OS mediates accesses to
  objects, protects them according to policy
• Who protects the operating system?

6
Memory Management
Virtual Memory
Physical Memory
Process
7
Memory Management

• Virtual Memory managed by a page table
• Page Table Entry includes permission flags
• Read
• Write
• (Execute)
• Each process uses different page table

8
Who watches the watchers?

• Page tables cannot be modified
• Except in privileged mode
• OS runs in privileged mode, processes run in user
  mode
• How do you switch between them?
• Call gates

9
Call Gate
OS code
Process Code
Gate 1
Address
Privileges
enter
call Gate 1
return
10
Call Gate

• Upon call to gate
• Raise privilege level
• Switch to kernel stack (why?)
• Save process registers
• Upon call gate return
• Switch to user stack
• Restore registers
• Lower privilege level

11
Memory Protection Rings

• Originally in Multics
• In Intel arch since x386
• Now used for virtualization

12
Limiting Memory Access Type

• The Pentium architecture supports making pages
  read/only versus read/write
• A recent development is the Execute Disable Bit
  (XD-bit)
• Added in 2001 but only available in systems
  recently
• Supported by Windows XP SP2
• Similar functionality in AMD Altheon 64
• Called No Execute bit (NX-bit)
• Actually in machines on the market sooner than
  Intel

13
Windows Support

• Enabled in Windows XP SP2 as Data Execution
  Prevention (DEP)
• Software version if no hardware support
• Check to see if you have the bit
• Control Panel -gt System -gt Advanced -gt DEP tab

14
Delay to widespread deployment

• First hardware in 2001
• Wait for OS support
• Wait for vendors willing to sell
• Generally available in 2005

15
Consider encrypted files

• Each file or directory may be encrypted with a
  unique key
• How are the encryption keys stored?
• Protected by the file system access control?
• What if system root is compromised?
• Encrypted by a master key?
• How is the master key stored?
• Protected by pass phrase?
• Then human must be present
• If multiple users use system, all must know pass
  phrase
• Hide it in a good place and hope nobody finds it?

16
Another solution

• Secure separate storage for root keys
• Smart card
• Secure co-processor
• Keys never leave security processor
• Protocol to send encrypted blob to security
  processor and return decrypted data
• Tamper resistant
• Data is destroyed when tampering is detected
• Prevents sophisticated adversary from pulling
  secrets from data

17
Uses of Smart Cards

• Pay TV channels
• Decryption keys kept on smart card
• GSM SIM cards
• Keys to authenticate cell phone account
• Pre-pay cards
• Meters, phones, vending machines, transit, ...
• Crypto material
• Decryption keys
• Signatures

18
Smart Card Security

• History of increasing sophistication of both
  manufacturers and attackers
• Memory remanence - RAM savers
• Freezing RAM - temperature sensors
• Radiation attack - radiation sensors
• EM noise - shielding
• Power analysis - power smoothing
• Micro-drills, micro-probes, optical probing and
  manipulation - ???
• Defenses make cards more expensive and are prone
  to false positives

19
Secure Co-Processors

• Co-located on a server or laptop
• Prevents secure root information from being
  accessed by malicious programs on the general CPU
• IBM sells security processors
• http//www-03.ibm.com/security/cryptocards/
• http//www.research.ibm.com/journal/sj/403/smith.p
  df

20
Uses of Co-processors

• Copy protection
• Store software in co-processor
• Secure boot
• Verify integrity of kernel upon load
• Security services
• Keep key material locked up
• Regulate access to other data

21
Trusted Computing Group

• Consortium developing standards for computer
  architectures using secure co-processors
• Called the Trusted Platform Module (TPM)
• http//trustedcomputinggroup.org
• Numerous computers (particularly laptops) already
  ship with TPMs
• http//www.tonymcfadden.net/tpmvendors.html
• Many vendors targeting specific enterprises like
  Health Care that are particularly concerned with
  privacy (due to HIPAA)
• Supported by Vista/Longhorn

22
TPM Functions

• Integrity measurement
• Attestation
• Sealed Storage

23
Integrity measurement

• Verify running software
• Defeat rootkits
• Report via secure channel
• Secure display / keyboard support
• Attestation (see below)
• Hierarchical model

24
Transitive Trust
25
Attestation

• TPM includes a set of public/private keys
• Issued at manufacture time
• Sign hash of measurement remote challenge
• Prove to 3rd party that software is running
• Integrate with session establishment
• Establish secure channel to the right software

26
Sealed Storage

• TPM encrypts data with its key
• Cannot be decrypted if hard drive stolen
• Bind decryption to a particular state
• Same computer, same application running

27
TPM DRM example

• Music store wants to sell song X
• Contacts TPM, asks for attestation about the
  receiver
• Running authorized player which does not permit
  copies
• Running protected operating system that
  disables debugging, memory inspection
• Sends song over secure channel to player
• Other applications cannot see song
• Stores song in sealed storage
• Only the same music player can read it

28
Other applications

• Games
• Ensure no cheating happens
• Personal privacy
• Ensure your personal data gets erased
• HIPAA
• Software management
• Ensure company computers running correct software
  / antivirus before connecting to the network / VPN

29
Key Points

• A little bit of hardware support can enable a
  great many security options
• Hardware protection to protect from malicious
  software
• Putting too much support in hardware not
  practical
• Turn around time in HW is long
• Specialized hardware lags high volume hardware in
  performance
• HW is expensive
• Often cost point is very low in target application