On the root of trust identification problem

On the root of trust identification problem

Trusted Execution Environments (TEEs) are becoming ubiquitous and are currently used in many security applications: from personal IoT gadgets to banking and databases. Prominent examples of such architectures are Intel SGX, ARM TrustZone, and Trusted Platform Modules (TPMs). A typical TEE relies on...

Full description

Saved in:
Bibliographic Details
Main Authors: NUNES, Ivan De Oliveira, DING, Xuhua, TSUDIK, Gene
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2021
Subjects:
Embedded systems
Redundancy
Robotics
Networks
Network reliability
Databases and Information Systems
Information Security
Online Access:https://ink.library.smu.edu.sg/sis_research/6736
https://ink.library.smu.edu.sg/context/sis_research/article/7739/viewcontent/3412382.3458274.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-7739
record_format dspace
spelling sg-smu-ink.sis_research-77392022-01-27T10:54:23Z On the root of trust identification problem NUNES, Ivan De Oliveira DING, Xuhua TSUDIK, Gene Trusted Execution Environments (TEEs) are becoming ubiquitous and are currently used in many security applications: from personal IoT gadgets to banking and databases. Prominent examples of such architectures are Intel SGX, ARM TrustZone, and Trusted Platform Modules (TPMs). A typical TEE relies on a dynamic Root of Trust (RoT) to provide security services such as code/data confidentiality and integrity, isolated secure software execution, remote attestation, and sensor auditing. Despite their usefulness, there is currently no secure means to determine whether a given security service or task is being performed by the particular RoT within a specific physical device. We refer to this as the Root of Trust Identification (RTI) problem and discuss how it inhibits security for applications such as sensing and actuation. We formalize the RTI problem and argue that security of RTI protocols is especially challenging due to local adversaries, cuckoo adversaries, and the combination thereof. To cope with this problem we propose a simple and effective protocol based on biometrics. Unlike biometric-based user authentication, our approach is not concerned with verifying user identity, and requires neither preenrollment nor persistent storage for biometric templates. Instead, it takes advantage of the difficulty of cloning a biometric in realtime to securely identify the RoT of a given physical device, by using the biometric as a challenge. Security of the proposed protocol is analyzed in the combined Local and Cuckoo adversarial model. Also, a prototype implementation is used to demonstrate the protocol’s feasibility and practicality. We further propose a Proxy RTI protocol, wherein a previously identified RoT assists a remote verifier in identifying new RoTs. 2021-05-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/6736 info:doi/10.1145/3412382.3458274 https://ink.library.smu.edu.sg/context/sis_research/article/7739/viewcontent/3412382.3458274.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Embedded systems Redundancy Robotics Networks Network reliability Databases and Information Systems Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Embedded systems
Redundancy
Robotics
Networks
Network reliability
Databases and Information Systems
Information Security
spellingShingle Embedded systems
Redundancy
Robotics
Networks
Network reliability
Databases and Information Systems
Information Security
NUNES, Ivan De Oliveira
DING, Xuhua
TSUDIK, Gene
On the root of trust identification problem
description Trusted Execution Environments (TEEs) are becoming ubiquitous and are currently used in many security applications: from personal IoT gadgets to banking and databases. Prominent examples of such architectures are Intel SGX, ARM TrustZone, and Trusted Platform Modules (TPMs). A typical TEE relies on a dynamic Root of Trust (RoT) to provide security services such as code/data confidentiality and integrity, isolated secure software execution, remote attestation, and sensor auditing. Despite their usefulness, there is currently no secure means to determine whether a given security service or task is being performed by the particular RoT within a specific physical device. We refer to this as the Root of Trust Identification (RTI) problem and discuss how it inhibits security for applications such as sensing and actuation. We formalize the RTI problem and argue that security of RTI protocols is especially challenging due to local adversaries, cuckoo adversaries, and the combination thereof. To cope with this problem we propose a simple and effective protocol based on biometrics. Unlike biometric-based user authentication, our approach is not concerned with verifying user identity, and requires neither preenrollment nor persistent storage for biometric templates. Instead, it takes advantage of the difficulty of cloning a biometric in realtime to securely identify the RoT of a given physical device, by using the biometric as a challenge. Security of the proposed protocol is analyzed in the combined Local and Cuckoo adversarial model. Also, a prototype implementation is used to demonstrate the protocol’s feasibility and practicality. We further propose a Proxy RTI protocol, wherein a previously identified RoT assists a remote verifier in identifying new RoTs.
format text
author NUNES, Ivan De Oliveira
DING, Xuhua
TSUDIK, Gene
author_facet NUNES, Ivan De Oliveira
DING, Xuhua
TSUDIK, Gene
author_sort NUNES, Ivan De Oliveira
title On the root of trust identification problem
title_short On the root of trust identification problem
title_full On the root of trust identification problem
title_fullStr On the root of trust identification problem
title_full_unstemmed On the root of trust identification problem
title_sort on the root of trust identification problem
publisher Institutional Knowledge at Singapore Management University
publishDate 2021
url https://ink.library.smu.edu.sg/sis_research/6736
https://ink.library.smu.edu.sg/context/sis_research/article/7739/viewcontent/3412382.3458274.pdf
_version_ 1770576056859754496

Similar Items