Jan-Erik Ekberg

Secure device pairing based on a visual channel

Recently several researchers and practitioners have begun to address the problem of how to set up secure communication between two devices without the assistance of a trusted third party. McCune et al., (2005) proposed that one device displays the hash of its public key in the form of a barcode, and the other device reads it using a camera. Mutual authentication requires switching the roles of the devices and repeating the above process in the reverse direction. In this paper, we show how strong mutual authentication can be achieved even with a unidirectional visual channel, without having to switch device roles. By adopting recently proposed improved pairing protocols, we propose how visual channel authentication can be used even on devices that have very limited displaying capabilities

On-board credentials with open provisioning

Securely storing and using credentials is critical for ensuring the security of many modern distributed applications. Existing approaches to address this problem fall short. User memorizable passwords are flexible and cheap, but they suffer from bad usability and low security. On the other hand, dedicated hardware tokens provide high levels of security, but the logistics of manufacturing and provisioning such tokens are expensive, which makes them unattractive for most service providers. A new approach to address the problem has become possible due to the fact that several types of general-purpose secure hardware, like TPM and M-shield, are becoming widely deployed. These platforms enable, to different degrees, a strongly isolated secure environment. In this paper, we describe how we use general-purpose secure hardware to develop an architecture for credentials which we call On-board Credentials (ObCs). ObCs combine the flexibility of virtual credentials with the higher levels of protection due to the use of secure hardware. A distinguishing feature of the ObC architecture is that it is open: it allows anyone to design and deploy new credential algorithms to ObC-capable devices without approval from the device manufacturer or any other third party. The primary contribution of this paper is showing and solving the technical challenges in achieving openness while avoiding additional costs (by making use of already deployed secure hardware) and without compromising security (e.g., ensuring strong isolation). Our proposed architecture is designed with the constraints of existing secure hardware in mind and has been prototyped on several different platforms including mobile devices based on M-Shield secure hardware.

Enabling fairer digital rights management with trusted computing

Today, digital content is routinely distributed over the Internet, and consumed in devices based on open platforms. However, on open platforms users can run exploits, reconfigure the underlying operating system or simply mount replay attacks since the state of any (persistent) storage can easily be reset to some prior state. Faced with this difficulty, existing approaches to Digital Rights Management (DRM) are mainly based on preventing the copying of protected content thus protecting the needs of content providers. These inflexible mechanisms are not tenable in the long term since their restrictiveness prevents reasonable usage scenarios, and even honest users may be tempted to circumvent DRM systems. In this paper we present a security architecture and the corresponding reference implementation that enables the secure usage and transfer of stateful licenses (and content) on a virtualized open platform. Our architecture allows for openness while protecting security objectives of both users (flexibility, fairer usage, and privacy) and content providers (license enforcement). In particular, it prevents replay attacks that is fundamental for secure management and distribution of stateful licenses. Our main objective is to show the feasibility of secure and fairer distribution and sharing of content and rights among different devices. Our implementation combines virtualization technology, a small security kernel, trusted computing functionality, and a legacy operating system (currently Linux).

C-FLAT: Control-Flow Attestation for Embedded Systems Software

Remote attestation is a crucial security service particularly relevant to increasingly popular IoT (and other embedded) devices. It allows a trusted party (verifier) to learn the state of a remote, and potentially malware-infected, device (prover). Most existing approaches are static in nature and only check whether benign software is initially loaded on the prover. However, they are vulnerable to runtime attacks that hijack the applications control or data flow, e.g., via return-oriented programming or data-oriented exploits. As a concrete step towards more comprehensive runtime remote attestation, we present the design and implementation of Control-FLow ATtestation (C-FLAT) that enables remote attestation of an applications control-flow path, without requiring the source code. We describe a full prototype implementation of C-FLAT on Raspberry Pi using its ARM TrustZone hardware security extensions. We evaluate C-FLATs performance using a real-world embedded (cyber-physical) application, and demonstrate its efficacy against control-flow hijacking attacks.

Secure Device Pairing Based on a Visual Channel: Design and Usability Study

“Pairing” is the establishment of authenticated key agreement between two devices over a wireless channel. Such devices are ad hoc in nature as they lack any common preshared secrets or trusted authority. Fortunately, these devices can be connected via auxiliary physical (audio, visual, tactile) channels which can be authenticated by human users. They can, therefore, be used to form the basis of a pairing operation. Recently proposed pairing protocols and methods are based upon bidirectional physical channels. However, various pairing scenarios are asymmetric in nature, i.e., only a unidirectional physical channel exists between two devices (such as between a cell phone and an access point). In this paper, we show how strong mutual authentication can be achieved even with a unidirectional visual channel, where prior methods could provide only a weaker property termed as presence. This could help reduce the execution time and improve usability of prior pairing methods. In addition, by adopting recently proposed improved pairing protocols, we propose how visual channel authentication can be used even on devices that have very limited displaying capabilities, all the way down to a device whose display consists of a cheap single light-source, such as a light-emitting diode. We present the results of a preliminary usability study evaluating our proposed method.

Trust in a small package: minimized MRTM software implementation for mobile secure environments

In this paper we present a software-based implementation of a Mobile Remote Owner Trusted Module, using security extensions of contemporary System-On-Chip architectures. An explicit challenge are the constrained resources of such on-chip mechanisms. We expose a software architecture that minimizes the code and data size of the MRTM, applying some novel approaches proposed in recent research. Additionally, we explore alternatives within the specification to further optimize the size of MTMs. We present an analysis of specific new security issues induced by the architecture. Performance figures for an on-the-market mobile handset are provided. The results clearly indicate that a software-based MRTM is feasible on modern embedded hardware with legacy security environments.

Trusted execution environments on mobile devices

A trusted execution environment (TEE) is a secure processing environment that is isolated from the normal processing environment where the device operating system and applications run. The first mobile phones with hardware-based TEEs appeared almost a decade ago, and today almost every smartphone and tablet contains a TEE like ARM TrustZone. Despite such a large-scale deployment, the use of TEE functionality has been limited for developers. With emerging standardization this situation is about to change. In this tutorial, we explain the security features provided by mobile TEEs and describe On-board Credentials (ObC) system that enables third-party TEE development. We discuss ongoing TEE standardization activities, including the recent Global Platform standards and the Trusted Platform Module (TPM) 2.0 specification, and identify open problems for the near future of mobile hardware security.

Scheduling execution of credentials in constrained secure environments

A new inexpensive approach for using credentials in a secure manner has become available due to the fact that several types of general-purpose secure hardware, like TPMs, Mshield and ARM TrustZone are becoming widely deployed. These technologies still have limitations, one being the limited on-chip secure memory which leads to severe size constraints for credentials that need to execute in secure memories. In this paper, we describe, in the context of a credential provisioning and execution architecture we call On-board Credentials (ObC), a secure scheduling mechanism for overcoming some of the size constraints imposed for the virtual credentials implemented on ObC.

Mobile Trusted Computing

Trusted computing technologies for mobile devices have been researched, developed, and deployed over the past decade. Although their use has been limited so far, ongoing standardization may change this by opening up these technologies for easy access by developers and users. In this survey, we describe the current state of trusted computing solutions for mobile devices from research, standardization, and deployment perspectives.

Identity verification schemes for public transport ticketing with NFC phones

Public transport ticketing with mobile phones has in recent years become a possible reality as the standards for Near-Field Communications (NFC) are being taken up in mass transport ticketing, and the use of contactless smartcards for small value payments like ticketing is as well being deployed. We examine the feasibility of using mobile phone with a hardware Trusted Execution Environment for identity verification of transport ticketing with a perspective focusing on security and performance. We provide measurements based on an implementation in contemporary mobile phone hardware, and discuss our results by comparing with other proposed identity-verification ticketing solutions in light of the constraints set by usability and practical considerations as indicated by transport authorities.