SlideShare a Scribd company logo

TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication

Marcel Winandy
Marcel Winandy
1 of 42
Download to read offline
RuhR-University Bochum System Security Lab TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication Sebastian Gajek1, Hans Löhr2, Ahmad-Reza Sadeghi2, Marcel Winandy2 Tel Aviv University, Israel 1 2 Ruhr-University Bochum, Germany ACM STC 2009 – 4th Annual Workshop on Scalable Trusted Computing Chicago, Illinois, USA – November 13, 2009
RuhR-University Bochum System Security Lab Introduction ● Identity theft is a growing crime on the Internet (especially phishing) ● Classical phishing: faked web sites password password Adversary A Phishing Server ● Malware phishing: attacking user's device password password Adversary A Phishing Server Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 2
RuhR-University Bochum System Security Lab Introduction ● Countermeasures against phishing – A broad range of approaches exists ● Promising: “wallet” (authentication agent) – Stores all user login credentials – Authenticates web sites for their legitimacy – Performs login on behalf of user + Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 3
RuhR-University Bochum System Security Lab Introduction ● However: needs strong protection mechanism (malware could attack wallet directly) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 4
RuhR-University Bochum System Security Lab Introduction ● However: needs strong protection mechanism (malware could attack wallet directly) ● We have trusted computing – so what? (secure boot, sealing, attestation, etc.) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 5
RuhR-University Bochum System Security Lab Introduction ● However: needs strong protection mechanism (malware could attack wallet directly) ● We have trusted computing – so what? (secure boot, sealing, attestation, etc.) ● Scalability issues: – PKI dependency: server can change SSL certificate (update, new CA, new URL, etc.) – Device restriction: wallet locked-down to one platform Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 6
RuhR-University Bochum System Security Lab TruWallet - Overview ● High-level architecture ● Automated login with SSL-PKI-independent server authentication ● Secure migration of wallet data to other devices ● Implementation Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 7
RuhR-University Bochum System Security Lab TruWallet Architecture Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 8
RuhR-University Bochum System Security Lab TruWallet Architecture Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 9
RuhR-University Bochum System Security Lab TruWallet Architecture Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 10
RuhR-University Bochum System Security Lab TruWallet Architecture Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 11
RuhR-University Bochum System Security Lab TruWallet Architecture Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 12
RuhR-University Bochum System Security Lab SSL-PKI-Independent Server Authentication Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 13
RuhR-University Bochum System Security Lab SSL-PKI-Independent Server Authentication ● Registration (user creates new account) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 14
RuhR-University Bochum System Security Lab SSL-PKI-Independent Server Authentication ● Registration (user creates new account) – TruWallet creates high-entropy password new password Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 15
RuhR-University Bochum System Security Lab SSL-PKI-Independent Server Authentication ● Registration (user creates new account) – TruWallet creates high-entropy password – Derive shared secret from server_finished client_hello SSL handshake encSSL(server_finished) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 16
RuhR-University Bochum System Security Lab SSL-PKI-Independent Server Authentication ● Registration (user creates new account) – TruWallet creates high-entropy password – Derive shared secret from server_finished client_hello SSL handshake shared shared secret encSSL(server_finished) secret Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 17
RuhR-University Bochum System Security Lab SSL-PKI-Independent Server Authentication ● Registration (user creates new account) – TruWallet creates high-entropy password – Derive shared secret from server_finished new password client_hello SSL handshake shared shared secret encSSL(server_finished) secret Link password with shared secret (and server URL) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 18
RuhR-University Bochum System Security Lab SSL-PKI-Independent Server Authentication ● Login (user connects to registered account) – Server is authenticated via challenge-response client_hello SSL handshake encSSL(server_finished) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 19
RuhR-University Bochum System Security Lab SSL-PKI-Independent Server Authentication ● Login (user connects to registered account) – Server is authenticated via challenge-response nonce client_hello SSL handshake encSSL(server_finished) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 20
RuhR-University Bochum System Security Lab SSL-PKI-Independent Server Authentication ● Login (user connects to registered account) – Server is authenticated via challenge-response nonce client_hello SSL handshake encSSL(server_finished || HMACsharedsecret(trnscrpt)) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 21
RuhR-University Bochum System Security Lab SSL-PKI-Independent Server Authentication ● Login (user connects to registered account) – Server is authenticated via challenge-response nonce client_hello SSL handshake shared secret shared secret encSSL(server_finished || HMACsharedsecret(trnscrpt)) Only if server can prove knowledge of shared secret, user password is sent. Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 22
RuhR-University Bochum System Security Lab Secure Migration of Wallet Data Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 23
RuhR-University Bochum System Security Lab Secure Migration of Wallet Data ● Another Wallet on destination platform ● Establish a trusted channel between platforms – Secure channel (confidentiality) – Bound to TCB configuration of destination ● Send wallet data through trusted channel ● Trusted Channel based on [Asokan+2007], – But here: less components, less steps Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 24
RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 25
RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 26
RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 27
RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 28
RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 29
RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 30
RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 31
RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 32
RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 33
RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 34
RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 35
RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 36
RuhR-University Bochum System Security Lab Implementation ● Security Kernel: Turaya/L4 – L4 microkernel – security services ● TruWallet: – Java implementation – Uses Paros HTTP/HTTPS Proxy – Running in a Linux VM ● Web Browser: – Firefox, running in separate Linux VM Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 37
RuhR-University Bochum System Security Lab Implementation Overview Linux Linux Virtual Machine Virtual Machine Firefox Paros Wallet Network Storage Trust mGUI Security Kernel Mgr Mgr Mgr (Turaya) L4 microkernel Hardware TPM Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 38
RuhR-University Bochum System Security Lab Implementation Overview Linux Linux Virtual Machine Virtual Machine Firefox Paros Wallet Network Storage Trust mGUI Security Kernel Mgr Mgr Mgr (Turaya) L4 microkernel Hardware TPM Video NIC Disk Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 39
RuhR-University Bochum System Security Lab Implementation Overview Linux Linux Virtual Machine Virtual Machine Firefox Paros Wallet Network Storage Trust mGUI Security Kernel Mgr Mgr Mgr (Turaya) L4 microkernel Hardware TPM NIC Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 40
RuhR-University Bochum System Security Lab Conclusion ● Phishing is a serious threat ● Wallets can perform login on behalf of user ● TruWallet provides: – Secure execution environment – Server authentication with less SSL PKI dependency – Secure migration to other computing devices ● Prototype based on L4 microkernel and virtualization ● Future work: – TruWallet on dynamic root of trust (Intel TXT) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 41
RuhR-University Bochum System Security Lab Questions? Marcel Winandy Ruhr-University Bochum marcel.winandy@trust.rub.de Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 42

Recommended

Uni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One DeviceUni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One DeviceMarcel Winandy
 
A Pattern for Secure Graphical User Interface Systems
A Pattern for Secure Graphical User Interface SystemsA Pattern for Secure Graphical User Interface Systems
A Pattern for Secure Graphical User Interface SystemsMarcel Winandy
 
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop EnvironmentsTrusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop EnvironmentsMarcel Winandy
 
A Note on the Security in the Card Management System of the German E-Health Card
A Note on the Security in the Card Management System of the German E-Health CardA Note on the Security in the Card Management System of the German E-Health Card
A Note on the Security in the Card Management System of the German E-Health CardMarcel Winandy
 
Applying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysApplying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysMarcel Winandy
 
Compartmented Security for Browsers
Compartmented Security for BrowsersCompartmented Security for Browsers
Compartmented Security for BrowsersMarcel Winandy
 
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...Marcel Winandy
 
Patterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer SystemsPatterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer SystemsMarcel Winandy
 

Recommended

Uni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One DeviceUni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One DeviceMarcel Winandy
 
A Pattern for Secure Graphical User Interface Systems
A Pattern for Secure Graphical User Interface SystemsA Pattern for Secure Graphical User Interface Systems
A Pattern for Secure Graphical User Interface SystemsMarcel Winandy
 
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop EnvironmentsTrusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop EnvironmentsMarcel Winandy
 
A Note on the Security in the Card Management System of the German E-Health Card
A Note on the Security in the Card Management System of the German E-Health CardA Note on the Security in the Card Management System of the German E-Health Card
A Note on the Security in the Card Management System of the German E-Health CardMarcel Winandy
 
Applying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysApplying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysMarcel Winandy
 
Compartmented Security for Browsers
Compartmented Security for BrowsersCompartmented Security for Browsers
Compartmented Security for BrowsersMarcel Winandy
 
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...Marcel Winandy
 
Patterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer SystemsPatterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer SystemsMarcel Winandy
 
Practical Advantages Of Fireware® Xtm For Hands On It Administrators Dna
Practical Advantages Of Fireware® Xtm For Hands On It Administrators DnaPractical Advantages Of Fireware® Xtm For Hands On It Administrators Dna
Practical Advantages Of Fireware® Xtm For Hands On It Administrators DnaSylCotter
 
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...Sandro Gauci
 
IT8005_EC_Unit_III_Securing_Communication_Channels
IT8005_EC_Unit_III_Securing_Communication_ChannelsIT8005_EC_Unit_III_Securing_Communication_Channels
IT8005_EC_Unit_III_Securing_Communication_ChannelsPalani Kumar
 
Operations security - SyPy Dec 2014 (Sydney Python users)
Operations security - SyPy Dec 2014 (Sydney Python users)Operations security - SyPy Dec 2014 (Sydney Python users)
Operations security - SyPy Dec 2014 (Sydney Python users)Mikko Ohtamaa
 
LogMeIn Security White Paper
LogMeIn Security White PaperLogMeIn Security White Paper
LogMeIn Security White PaperLogMeIn
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerMuhammad Moinur Rahman
 
Intro-2013.pptIntro-2013.pptIntro-2013.ppt
Intro-2013.pptIntro-2013.pptIntro-2013.pptIntro-2013.pptIntro-2013.pptIntro-2013.ppt
Intro-2013.pptIntro-2013.pptIntro-2013.ppttahirnaquash2
 
WHONIX OS
WHONIX OSWHONIX OS
WHONIX OSAkshay Vasava
 
Ssl Vpn presentation at CoolTech club
Ssl Vpn presentation at CoolTech clubSsl Vpn presentation at CoolTech club
Ssl Vpn presentation at CoolTech clubiplotnikov
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudSafeNet
 
Operations security (OPSEC)
Operations security (OPSEC)Operations security (OPSEC)
Operations security (OPSEC)Mikko Ohtamaa
 
Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012Jeremiah Grossman
 
Maximising the security of your cloud infrastructure
Maximising the security of your cloud infrastructureMaximising the security of your cloud infrastructure
Maximising the security of your cloud infrastructureOVHcloud
 
Security_Bootcamp_Intro
Security_Bootcamp_IntroSecurity_Bootcamp_Intro
Security_Bootcamp_Introsudip pudasaini
 
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"VOIP2DAY 2015: "WebRTC security concerns, a real problem?"
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"Quobis
 
WebRTC Security Concerns, a real problem?
WebRTC Security Concerns, a real problem?WebRTC Security Concerns, a real problem?
WebRTC Security Concerns, a real problem?VOIP2DAY
 
ShareTech Next-Gen UTM
ShareTech Next-Gen UTMShareTech Next-Gen UTM
ShareTech Next-Gen UTMsharetech
 
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)ClubHack
 
Virtual Machine Introspection - Future of the Cloud
Virtual Machine Introspection - Future of the CloudVirtual Machine Introspection - Future of the Cloud
Virtual Machine Introspection - Future of the CloudTjylen Veselyj
 
WebRTC Security
WebRTC SecurityWebRTC Security
WebRTC SecurityAlex Hunte
 

More Related Content

Similar to TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication

Practical Advantages Of Fireware® Xtm For Hands On It Administrators Dna
Practical Advantages Of Fireware® Xtm For Hands On It Administrators DnaPractical Advantages Of Fireware® Xtm For Hands On It Administrators Dna
Practical Advantages Of Fireware® Xtm For Hands On It Administrators DnaSylCotter
 
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...Sandro Gauci
 
IT8005_EC_Unit_III_Securing_Communication_Channels
IT8005_EC_Unit_III_Securing_Communication_ChannelsIT8005_EC_Unit_III_Securing_Communication_Channels
IT8005_EC_Unit_III_Securing_Communication_ChannelsPalani Kumar
 
Operations security - SyPy Dec 2014 (Sydney Python users)
Operations security - SyPy Dec 2014 (Sydney Python users)Operations security - SyPy Dec 2014 (Sydney Python users)
Operations security - SyPy Dec 2014 (Sydney Python users)Mikko Ohtamaa
 
LogMeIn Security White Paper
LogMeIn Security White PaperLogMeIn Security White Paper
LogMeIn Security White PaperLogMeIn
 
Intro-2013.pptIntro-2013.pptIntro-2013.ppt
Intro-2013.pptIntro-2013.pptIntro-2013.pptIntro-2013.pptIntro-2013.pptIntro-2013.ppt
Intro-2013.pptIntro-2013.pptIntro-2013.ppttahirnaquash2
 
Ssl Vpn presentation at CoolTech club
Ssl Vpn presentation at CoolTech clubSsl Vpn presentation at CoolTech club
Ssl Vpn presentation at CoolTech clubiplotnikov
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudSafeNet
 
Operations security (OPSEC)
Operations security (OPSEC)Operations security (OPSEC)
Operations security (OPSEC)Mikko Ohtamaa
 
Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012Jeremiah Grossman
 
Maximising the security of your cloud infrastructure
Maximising the security of your cloud infrastructureMaximising the security of your cloud infrastructure
Maximising the security of your cloud infrastructureOVHcloud
 
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"VOIP2DAY 2015: "WebRTC security concerns, a real problem?"
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"Quobis
 
WebRTC Security Concerns, a real problem?
WebRTC Security Concerns, a real problem?WebRTC Security Concerns, a real problem?
WebRTC Security Concerns, a real problem?VOIP2DAY
 
ShareTech Next-Gen UTM
ShareTech Next-Gen UTMShareTech Next-Gen UTM
ShareTech Next-Gen UTMsharetech
 
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)ClubHack
 
Virtual Machine Introspection - Future of the Cloud
Virtual Machine Introspection - Future of the CloudVirtual Machine Introspection - Future of the Cloud
Virtual Machine Introspection - Future of the CloudTjylen Veselyj
 
WebRTC Security
WebRTC SecurityWebRTC Security
WebRTC SecurityAlex Hunte
 

Similar to TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication (20)

Practical Advantages Of Fireware® Xtm For Hands On It Administrators Dna
Practical Advantages Of Fireware® Xtm For Hands On It Administrators DnaPractical Advantages Of Fireware® Xtm For Hands On It Administrators Dna
Practical Advantages Of Fireware® Xtm For Hands On It Administrators Dna
 
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
 
IT8005_EC_Unit_III_Securing_Communication_Channels
IT8005_EC_Unit_III_Securing_Communication_ChannelsIT8005_EC_Unit_III_Securing_Communication_Channels
IT8005_EC_Unit_III_Securing_Communication_Channels
 
Operations security - SyPy Dec 2014 (Sydney Python users)
Operations security - SyPy Dec 2014 (Sydney Python users)Operations security - SyPy Dec 2014 (Sydney Python users)
Operations security - SyPy Dec 2014 (Sydney Python users)
 
LogMeIn Security White Paper
LogMeIn Security White PaperLogMeIn Security White Paper
LogMeIn Security White Paper
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
 
Intro-2013.pptIntro-2013.pptIntro-2013.ppt
Intro-2013.pptIntro-2013.pptIntro-2013.pptIntro-2013.pptIntro-2013.pptIntro-2013.ppt
Intro-2013.pptIntro-2013.pptIntro-2013.ppt
 
WHONIX OS
WHONIX OSWHONIX OS
WHONIX OS
 
Ssl Vpn presentation at CoolTech club
Ssl Vpn presentation at CoolTech clubSsl Vpn presentation at CoolTech club
Ssl Vpn presentation at CoolTech club
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the Cloud
 
Operations security (OPSEC)
Operations security (OPSEC)Operations security (OPSEC)
Operations security (OPSEC)
 
Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012
 
Maximising the security of your cloud infrastructure
Maximising the security of your cloud infrastructureMaximising the security of your cloud infrastructure
Maximising the security of your cloud infrastructure
 
Security_Bootcamp_Intro
Security_Bootcamp_IntroSecurity_Bootcamp_Intro
Security_Bootcamp_Intro
 
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"VOIP2DAY 2015: "WebRTC security concerns, a real problem?"
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"
 
WebRTC Security Concerns, a real problem?
WebRTC Security Concerns, a real problem?WebRTC Security Concerns, a real problem?
WebRTC Security Concerns, a real problem?
 
ShareTech Next-Gen UTM
ShareTech Next-Gen UTMShareTech Next-Gen UTM
ShareTech Next-Gen UTM
 
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
 
Virtual Machine Introspection - Future of the Cloud
Virtual Machine Introspection - Future of the CloudVirtual Machine Introspection - Future of the Cloud
Virtual Machine Introspection - Future of the Cloud
 
WebRTC Security
WebRTC SecurityWebRTC Security
WebRTC Security
 

TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication

  • 1. RuhR-University Bochum System Security Lab TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication Sebastian Gajek1, Hans Löhr2, Ahmad-Reza Sadeghi2, Marcel Winandy2 Tel Aviv University, Israel 1 2 Ruhr-University Bochum, Germany ACM STC 2009 – 4th Annual Workshop on Scalable Trusted Computing Chicago, Illinois, USA – November 13, 2009
  • 2. RuhR-University Bochum System Security Lab Introduction ● Identity theft is a growing crime on the Internet (especially phishing) ● Classical phishing: faked web sites password password Adversary A Phishing Server ● Malware phishing: attacking user's device password password Adversary A Phishing Server Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 2
  • 3. RuhR-University Bochum System Security Lab Introduction ● Countermeasures against phishing – A broad range of approaches exists ● Promising: “wallet” (authentication agent) – Stores all user login credentials – Authenticates web sites for their legitimacy – Performs login on behalf of user + Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 3
  • 4. RuhR-University Bochum System Security Lab Introduction ● However: needs strong protection mechanism (malware could attack wallet directly) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 4
  • 5. RuhR-University Bochum System Security Lab Introduction ● However: needs strong protection mechanism (malware could attack wallet directly) ● We have trusted computing – so what? (secure boot, sealing, attestation, etc.) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 5
  • 6. RuhR-University Bochum System Security Lab Introduction ● However: needs strong protection mechanism (malware could attack wallet directly) ● We have trusted computing – so what? (secure boot, sealing, attestation, etc.) ● Scalability issues: – PKI dependency: server can change SSL certificate (update, new CA, new URL, etc.) – Device restriction: wallet locked-down to one platform Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 6
  • 7. RuhR-University Bochum System Security Lab TruWallet - Overview ● High-level architecture ● Automated login with SSL-PKI-independent server authentication ● Secure migration of wallet data to other devices ● Implementation Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 7
  • 8. RuhR-University Bochum System Security Lab TruWallet Architecture Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 8
  • 9. RuhR-University Bochum System Security Lab TruWallet Architecture Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 9
  • 10. RuhR-University Bochum System Security Lab TruWallet Architecture Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 10
  • 11. RuhR-University Bochum System Security Lab TruWallet Architecture Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 11
  • 12. RuhR-University Bochum System Security Lab TruWallet Architecture Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 12
  • 13. RuhR-University Bochum System Security Lab SSL-PKI-Independent Server Authentication Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 13
  • 14. RuhR-University Bochum System Security Lab SSL-PKI-Independent Server Authentication ● Registration (user creates new account) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 14
  • 15. RuhR-University Bochum System Security Lab SSL-PKI-Independent Server Authentication ● Registration (user creates new account) – TruWallet creates high-entropy password new password Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 15
  • 16. RuhR-University Bochum System Security Lab SSL-PKI-Independent Server Authentication ● Registration (user creates new account) – TruWallet creates high-entropy password – Derive shared secret from server_finished client_hello SSL handshake encSSL(server_finished) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 16
  • 17. RuhR-University Bochum System Security Lab SSL-PKI-Independent Server Authentication ● Registration (user creates new account) – TruWallet creates high-entropy password – Derive shared secret from server_finished client_hello SSL handshake shared shared secret encSSL(server_finished) secret Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 17
  • 18. RuhR-University Bochum System Security Lab SSL-PKI-Independent Server Authentication ● Registration (user creates new account) – TruWallet creates high-entropy password – Derive shared secret from server_finished new password client_hello SSL handshake shared shared secret encSSL(server_finished) secret Link password with shared secret (and server URL) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 18
  • 19. RuhR-University Bochum System Security Lab SSL-PKI-Independent Server Authentication ● Login (user connects to registered account) – Server is authenticated via challenge-response client_hello SSL handshake encSSL(server_finished) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 19
  • 20. RuhR-University Bochum System Security Lab SSL-PKI-Independent Server Authentication ● Login (user connects to registered account) – Server is authenticated via challenge-response nonce client_hello SSL handshake encSSL(server_finished) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 20
  • 21. RuhR-University Bochum System Security Lab SSL-PKI-Independent Server Authentication ● Login (user connects to registered account) – Server is authenticated via challenge-response nonce client_hello SSL handshake encSSL(server_finished || HMACsharedsecret(trnscrpt)) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 21
  • 22. RuhR-University Bochum System Security Lab SSL-PKI-Independent Server Authentication ● Login (user connects to registered account) – Server is authenticated via challenge-response nonce client_hello SSL handshake shared secret shared secret encSSL(server_finished || HMACsharedsecret(trnscrpt)) Only if server can prove knowledge of shared secret, user password is sent. Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 22
  • 23. RuhR-University Bochum System Security Lab Secure Migration of Wallet Data Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 23
  • 24. RuhR-University Bochum System Security Lab Secure Migration of Wallet Data ● Another Wallet on destination platform ● Establish a trusted channel between platforms – Secure channel (confidentiality) – Bound to TCB configuration of destination ● Send wallet data through trusted channel ● Trusted Channel based on [Asokan+2007], – But here: less components, less steps Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 24
  • 25. RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 25
  • 26. RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 26
  • 27. RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 27
  • 28. RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 28
  • 29. RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 29
  • 30. RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 30
  • 31. RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 31
  • 32. RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 32
  • 33. RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 33
  • 34. RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 34
  • 35. RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 35
  • 36. RuhR-University Bochum System Security Lab Migration Protocol Source platform Destination platform Storage Trust Storage Manager Wallet Wallet TPM Manager Manager requestTrustedChannel() request- TrustedChannel() TPM_CreateWrapKey() ESKBind:= encrypt_SRK(SKBind,TCBconf) (PKBind, ESKBind) TPM_CertifyKey(PKBind) certBind (certBind, PKBind, ESKBind) (certBind, PKBind) verify(certBind) loadData() wd ewd := Tspi_Data_Bind(PKBind,wd) ewd TPM_LoadKey(ESKBind) unbind(ewd) TPM_Unbind(ewd) verify(TCB_conf) SKBind:= decrypt_SRK(ESKBind) wd:= decrypt_SKBind(ewd) wd wd storeData(wd) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 36
  • 37. RuhR-University Bochum System Security Lab Implementation ● Security Kernel: Turaya/L4 – L4 microkernel – security services ● TruWallet: – Java implementation – Uses Paros HTTP/HTTPS Proxy – Running in a Linux VM ● Web Browser: – Firefox, running in separate Linux VM Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 37
  • 38. RuhR-University Bochum System Security Lab Implementation Overview Linux Linux Virtual Machine Virtual Machine Firefox Paros Wallet Network Storage Trust mGUI Security Kernel Mgr Mgr Mgr (Turaya) L4 microkernel Hardware TPM Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 38
  • 39. RuhR-University Bochum System Security Lab Implementation Overview Linux Linux Virtual Machine Virtual Machine Firefox Paros Wallet Network Storage Trust mGUI Security Kernel Mgr Mgr Mgr (Turaya) L4 microkernel Hardware TPM Video NIC Disk Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 39
  • 40. RuhR-University Bochum System Security Lab Implementation Overview Linux Linux Virtual Machine Virtual Machine Firefox Paros Wallet Network Storage Trust mGUI Security Kernel Mgr Mgr Mgr (Turaya) L4 microkernel Hardware TPM NIC Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 40
  • 41. RuhR-University Bochum System Security Lab Conclusion ● Phishing is a serious threat ● Wallets can perform login on behalf of user ● TruWallet provides: – Secure execution environment – Server authentication with less SSL PKI dependency – Secure migration to other computing devices ● Prototype based on L4 microkernel and virtualization ● Future work: – TruWallet on dynamic root of trust (Intel TXT) Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 41
  • 42. RuhR-University Bochum System Security Lab Questions? Marcel Winandy Ruhr-University Bochum marcel.winandy@trust.rub.de Marcel Winandy TruWallet: Wallet-Based Web Authentication (STC 2009) 2009-11-13 42