User-controlled hardware security anchors: evaluation and designs

Lead Research Organisation: University of Birmingham
Department Name: School of Computer Science

Abstract

Many modern processors are equipped with hardware extensions that enable some kind of Trusted Execution Environment (TEE). This allows programs to run securely - protected from other programs or operating system software running on the processor. By establishing a secure interface between the user and the hardware-anchor, we can make user platforms and devices more resilient to malware and other types of cyber attacks.

One of the main goals of this project is to promote and facilitate the adoption of TEE as the main trust anchor for our security architectures. As such, the security of the TEEs themselves is of paramount importance. We will perform a thorough evaluation of the security features of different TEE implementations to determine their suitability as trust anchors. This includes assessing cryptographic protocols, side-channel vulnerabilities, and implementation weaknesses.

Hardware supported TEEs aim to ensure that code can execute securely. However, user interface devices (for example, a keyboard, display or touch screen) are usually not connected directly to the secure hardware, which means that the user cannot interact securely with the TEE. We will address the limitations of users interacting directly with TEEs through analysing use cases and developing secure interfaces using auxiliary devices and dedicated features.

Authentication today is largely based on user supplied information like passwords or biometrics. These approaches often use information that is easy to steal or brute force. The industry has been moving towards multi-factor authentication as a means of spreading risk, but these approaches impose usability challenges while still relying on weak factors. We will investigate opportunities to leverage strong hardware-based security mechanisms to improve both the strength and usability of authentication. We will also build an architecture for designing protocols and user experiences that leverage these hardware security primitives to enhance the security, manageability, and usability of user authentication over existing approaches.

The analysis and applications of our research findings will be demonstrated and implemented on suitable platforms including secure hardware, smart devices and integration with authentication tokens.

Planned Impact

A key aim for the UK National Cyber Security Strategy is engaging government, industry, researchers and users in promoting 'secure by default' for future software and hardware. This is in response to the inherent insecurity of any information that passes over the internet and its ramifications for all sectors of society. For example, internet banking fraud rose by 64% in 2015 to £133.5m, and there are increasing numbers of high profile cases involving, for example, NHS services in malware incidents. This project aims to tackle issues such as phishing, malware, and user credential compromise by improving hardware security anchors in user devices through:

1. Performing thorough security evaluations on a variety of hardware security anchors or enclaves being developed and marketed for user devices such as laptops and smartphones (WP1).
2. Enhancing those security mechanisms for user-centric applications, by providing user interfaces which establish a secure channel with the hardware security anchor. (WP2).
In particular, we seek to address the challenges of user authentication in an IoT world, by designing secure protocols and procedures to provide easy-to-use secure enrolment and revocation of devices in authentication and authorisation realms (WP3).
3. Providing convincing demonstrators of our mechanisms and use cases (WP4).

The project outputs are expected to have an impact on Industry, academic researchers and Society in the following ways:

(1) Industry and government:
Our project partners HP Inc and Yubico AB will benefit by directly using the research outputs to build better products. For example, we expect that HP will build more secure laptops (Task 2.3). Our expected contributions to the FIDO standard will result in better Yubico authentication tokens (WP3).

More widely, other companies and government departments will benefit, by having these improved products and standards, and having access to the research.

(2) Academic researchers:
The outcomes of te project will provide
(a) Novel techniques for analysing hardware security primitives, which have applications in broader security contexts as well;
(b) New protocols and designs for user interfaces to TEEs, which can be used for broader user-centric applications besides the ones we develop in this proposal;
(c) New techniques and tools for verification.

These contributions are ideal for other academic researchers in cyber security, programming and verification (both within and outside the RI) to build upon.

(3) Society as a whole, through improved security and better products.

The impact of improved hardware security will improve usability and security for a wide range of devices and the means by which our many connected devices communicate with one another. This will enhance the readily available security features for individual users. By extension, the positive impact of increased security surrounding user authentication (including resilience to phishing and malware) will be felt across organisations of all sizes. Government in particular stands to benefit from increased security in all departments, as will any business that involves multiple users being authenticated to access information and systems. This will have further impact in specific sectors such as banking and health services that deal directly with private information that must have controlled access. By securing the underlying hardware systems and enabling more secure user interaction, all online activities will become more secure for all users.

Publications

10 25 50

publication icon
Hicks C. (2018) Dismantling the AUT64 Automotive Cipher in IACR Transactions on Cryptographic Hardware and Embedded Systems

publication icon
Van Bulck J (2019) A Tale of Two Worlds

publication icon
Wouters L. (2019) Dismantling DST80-based Immobiliser Systems in IACR Transactions on Cryptographic Hardware and Embedded Systems

 
Title Cyber security awareness month campaign 
Description Social Media campaign for Cyber security awareness month 
Type Of Art Film/Video/Animation 
Year Produced 2019 
Impact Increased engagement and awareness online. 
URL https://www.youtube.com/watch?v=defYa77Dw8w
 
Title Cyber security awareness month campaign 
Description Video produced for a social media campaign for cyber security awareness month. 
Type Of Art Film/Video/Animation 
Year Produced 2019 
Impact Increased engagement and awareness. 
URL https://www.youtube.com/watch?v=lWRT_TnEQdM
 
Title Quest video campaign 
Description A video produced for the University's quest campaign 
Type Of Art Film/Video/Animation 
Year Produced 2019 
Impact Video features researchers from the Centre for Cyber Security and Privacy talking about: How can we stay safe from hackers in the era of 'smart products'? 
URL https://www.youtube.com/watch?v=PDCCNuAjW5s&t=
 
Description We have analysed the security of several Trusted Execution Environments (TEEs) as these can be used as a root of trust and identified several (dozens) critical vulnerabilities. Furthermore, we have developed a new type of attack, which we called Plundervolt, which is able to inject computation faults into a TEE by leveraging dynamic voltage scaling features of the processor. We have worked together with the affected manufacturers developing solutions which has led to several cooperations.

We have worked on using hardware security anchors for several applications, especially the application of assisting user authentication.
This is work in progress.
Exploitation Route We have disseminated our vulnerability discoveries to the relevant manufacturers and designers, who will use it to improve their products.

We are working with companies on developing applications of hardware security anchors for user authentication. We hope they will develop products.
Sectors Digital/Communication/Information Technologies (including Software),Electronics,Security and Diplomacy

 
Description We have disseminated our vulnerability discoveries to the relevant manufacturers and designers, who will use it to improve their products. The methodology introduced in our paper "A Tale of Two Worlds" revealed 35 vulnerabilities in 8 security-critical shielding-frameworks for Intel processors. By responsibly disclosing these vulnerabilities and working together with the affected manufacturers all of these vulnerabilities are now fixed. This resulted in numerous security patches for commercial products including the Intel SGX-SDK, Microsoft Open Enclave, Google Asylo, and the Rust compiler. In June 2019, we informed Intel about a new type of vulnerability in their processors, which we called Plundervolt. Since then, we have had an open dialog with Intel to which we facilitated proof of concept code and demonstrators. As a consequence of this disclosure process, last December, Intel has rolled out a new microcode update to all of their processors worldwide. This covers approximately 90% the of all computer processors (CPUs). This has also attracted substantial media attention. We are working with companies on developing applications of hardware security anchors for user authentication. We hope they will develop products.
First Year Of Impact 2019
Sector Digital/Communication/Information Technologies (including Software),Electronics,Security and Diplomacy
Impact Types Economic

 
Description SIPP - Secure IoT Processor Platform with Remote Attestation
Amount £1,294,888 (GBP)
Funding ID EP/S030867/1 
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 08/2019 
End 08/2022
 
Description Google Asylo 
Organisation Google
Department Research at Google
Country United States 
Sector Private 
PI Contribution Disclosed vulnerabilities. Found instances of the problematic [user_check] attribute that lacked proper pointer validation, leaving critical vulnerabilities in the compiled enclave
Collaborator Contribution -
Impact Improved security of products.
Start Year 2019
 
Description INTEL-SA-00289 
Organisation Intel Corporation
Department Intel Corporation (UK) Ltd
Country United Kingdom 
Sector Private 
PI Contribution Vulnerabilities disclosed. CVE-2019-11157
Collaborator Contribution -
Impact Improved security of products.
Start Year 2019
 
Description Intel SGX-SDK 
Organisation Intel Corporation
Department Intel Corporation (UK) Ltd
Country United Kingdom 
Sector Private 
PI Contribution Disclosed vulnerabilities, CVE-2018-3626 and CVE-2019-14565.
Collaborator Contribution -
Impact Improved security of product.
Start Year 2019
 
Description Microsoft Open Enclave 
Organisation Microsoft Research
Department Microsoft Research Cambridge
Country United Kingdom 
Sector Private 
PI Contribution Disclosed Vulnerabilities. CVE-2019-0876, CVE-2019-1369,and CVE-2019-1370.
Collaborator Contribution -
Impact Improved security of products.
Start Year 2019
 
Description Interviewed for article featured in the Chronicles of Higher Education 
Form Of Engagement Activity A press release, press conference or response to a media enquiry/interview
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Media (as a channel to the public)
Results and Impact changing perception of offensive cyber research and demonstrating its benefits to industry.
Year(s) Of Engagement Activity 2019
URL https://www.chronicle.com/paid-article/Hack-ademics-prepare-us/291