TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication
1. RuhR-University Bochum System Security Lab
TruWallet: Trustworthy and Migratable
Wallet-Based Web Authentication
Sebastian Gajek1, Hans Löhr2, Ahmad-Reza Sadeghi2,
Marcel Winandy2
Tel Aviv University, Israel
1
2
Ruhr-University Bochum, Germany
ACM STC 2009 – 4th Annual Workshop on Scalable Trusted Computing
Chicago, Illinois, USA – November 13, 2009
2. RuhR-University Bochum System Security Lab
Introduction
● Identity theft is a growing crime on the Internet
(especially phishing)
● Classical phishing: faked web sites
password
password
Adversary A Phishing Server
● Malware phishing: attacking user's device
password
password
Adversary A Phishing Server
Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 2
3. RuhR-University Bochum System Security Lab
Introduction
● Countermeasures against phishing
– A broad range of approaches exists
● Promising: “wallet” (authentication agent)
– Stores all user login credentials
– Authenticates web sites for their legitimacy
– Performs login on behalf of user
+
Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 3
4. RuhR-University Bochum System Security Lab
Introduction
● However: needs strong protection mechanism
(malware could attack wallet directly)
Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 4
5. RuhR-University Bochum System Security Lab
Introduction
● However: needs strong protection mechanism
(malware could attack wallet directly)
● We have trusted computing – so what?
(secure boot, sealing, attestation, etc.)
Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 5
6. RuhR-University Bochum System Security Lab
Introduction
● However: needs strong protection mechanism
(malware could attack wallet directly)
● We have trusted computing – so what?
(secure boot, sealing, attestation, etc.)
● Scalability issues:
– PKI dependency: server can change SSL certificate
(update, new CA, new URL, etc.)
– Device restriction: wallet locked-down to one platform
Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 6
7. RuhR-University Bochum System Security Lab
TruWallet - Overview
● High-level architecture
● Automated login with SSL-PKI-independent
server authentication
● Secure migration of wallet data to other devices
● Implementation
Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 7
8. RuhR-University Bochum System Security Lab
TruWallet Architecture
Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 8
9. RuhR-University Bochum System Security Lab
TruWallet Architecture
Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 9
10. RuhR-University Bochum System Security Lab
TruWallet Architecture
Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 10
11. RuhR-University Bochum System Security Lab
TruWallet Architecture
Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 11
12. RuhR-University Bochum System Security Lab
TruWallet Architecture
Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 12
13. RuhR-University Bochum System Security Lab
SSL-PKI-Independent Server
Authentication
Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 13
14. RuhR-University Bochum System Security Lab
SSL-PKI-Independent Server
Authentication
● Registration (user creates new account)
Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 14
15. RuhR-University Bochum System Security Lab
SSL-PKI-Independent Server
Authentication
● Registration (user creates new account)
– TruWallet creates high-entropy password
new password
Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 15
16. RuhR-University Bochum System Security Lab
SSL-PKI-Independent Server
Authentication
● Registration (user creates new account)
– TruWallet creates high-entropy password
– Derive shared secret from server_finished
client_hello
SSL handshake
encSSL(server_finished)
Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 16
17. RuhR-University Bochum System Security Lab
SSL-PKI-Independent Server
Authentication
● Registration (user creates new account)
– TruWallet creates high-entropy password
– Derive shared secret from server_finished
client_hello
SSL handshake
shared shared
secret encSSL(server_finished) secret
Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 17
18. RuhR-University Bochum System Security Lab
SSL-PKI-Independent Server
Authentication
● Registration (user creates new account)
– TruWallet creates high-entropy password
– Derive shared secret from server_finished
new password client_hello
SSL handshake
shared shared
secret encSSL(server_finished) secret
Link password with shared secret (and server URL)
Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 18
19. RuhR-University Bochum System Security Lab
SSL-PKI-Independent Server
Authentication
● Login (user connects to registered account)
– Server is authenticated via challenge-response
client_hello
SSL handshake
encSSL(server_finished)
Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 19
20. RuhR-University Bochum System Security Lab
SSL-PKI-Independent Server
Authentication
● Login (user connects to registered account)
– Server is authenticated via challenge-response
nonce
client_hello
SSL handshake
encSSL(server_finished)
Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 20
21. RuhR-University Bochum System Security Lab
SSL-PKI-Independent Server
Authentication
● Login (user connects to registered account)
– Server is authenticated via challenge-response
nonce
client_hello
SSL handshake
encSSL(server_finished || HMACsharedsecret(trnscrpt))
Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 21
22. RuhR-University Bochum System Security Lab
SSL-PKI-Independent Server
Authentication
● Login (user connects to registered account)
– Server is authenticated via challenge-response
nonce
client_hello
SSL handshake shared
secret
shared
secret encSSL(server_finished || HMACsharedsecret(trnscrpt))
Only if server can prove knowledge of shared secret, user password is sent.
Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 22
23. RuhR-University Bochum System Security Lab
Secure Migration of Wallet Data
Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 23
24. RuhR-University Bochum System Security Lab
Secure Migration of Wallet Data
● Another Wallet on destination platform
● Establish a trusted channel between platforms
– Secure channel (confidentiality)
– Bound to TCB configuration of destination
● Send wallet data through trusted channel
● Trusted Channel based on [Asokan+2007],
– But here: less components, less steps
Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 24
37. RuhR-University Bochum System Security Lab
Implementation
● Security Kernel: Turaya/L4
– L4 microkernel
– security services
● TruWallet:
– Java implementation
– Uses Paros HTTP/HTTPS Proxy
– Running in a Linux VM
● Web Browser:
– Firefox, running in separate Linux VM
Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 37
39. RuhR-University Bochum System Security Lab
Implementation Overview
Linux Linux
Virtual Machine Virtual Machine
Firefox
Paros Wallet
Network Storage Trust
mGUI Security Kernel
Mgr Mgr Mgr
(Turaya)
L4 microkernel
Hardware TPM
Video NIC Disk
Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 39
40. RuhR-University Bochum System Security Lab
Implementation Overview
Linux Linux
Virtual Machine Virtual Machine
Firefox
Paros Wallet
Network Storage Trust
mGUI Security Kernel
Mgr Mgr Mgr
(Turaya)
L4 microkernel
Hardware TPM
NIC
Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 40
41. RuhR-University Bochum System Security Lab
Conclusion
● Phishing is a serious threat
● Wallets can perform login on behalf of user
● TruWallet provides:
– Secure execution environment
– Server authentication with less SSL PKI dependency
– Secure migration to other computing devices
● Prototype based on L4 microkernel and virtualization
● Future work:
– TruWallet on dynamic root of trust (Intel TXT)
Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 41