User-controlled hardware security anchors: evaluation and designs

Many modern processors are equipped with hardware extensions that enable some kind of Trusted Execution Environment (TEE). This allows programs to run securely - protected from other programs or operating system software running on the processor. By establishing a secure interface between the user and the hardware-anchor, we can make user platforms and devices more resilient to malware and other types of cyber attacks.

One of the main goals of this project is to promote and facilitate the adoption of TEE as the main trust anchor for our security architectures. As such, the security of the TEEs themselves is of paramount importance. We will perform a thorough evaluation of the security features of different TEE implementations to determine their suitability as trust anchors. This includes assessing cryptographic protocols, side-channel vulnerabilities, and implementation weaknesses.

Hardware supported TEEs aim to ensure that code can execute securely. However, user interface devices (for example, a keyboard, display or touch screen) are usually not connected directly to the secure hardware, which means that the user cannot interact securely with the TEE. We will address the limitations of users interacting directly with TEEs through analysing use cases and developing secure interfaces using auxiliary devices and dedicated features.

Authentication today is largely based on user supplied information like passwords or biometrics. These approaches often use information that is easy to steal or brute force. The industry has been moving towards multi-factor authentication as a means of spreading risk, but these approaches impose usability challenges while still relying on weak factors. We will investigate opportunities to leverage strong hardware-based security mechanisms to improve both the strength and usability of authentication. We will also build an architecture for designing protocols and user experiences that leverage these hardware security primitives to enhance the security, manageability, and usability of user authentication over existing approaches.

The analysis and applications of our research findings will be demonstrated and implemented on suitable platforms including secure hardware, smart devices and integration with authentication tokens.

A key aim for the UK National Cyber Security Strategy is engaging government, industry, researchers and users in promoting 'secure by default' for future software and hardware. This is in response to the inherent insecurity of any information that passes over the internet and its ramifications for all sectors of society. For example, internet banking fraud rose by 64% in 2015 to £133.5m, and there are increasing numbers of high profile cases involving, for example, NHS services in malware incidents. This project aims to tackle issues such as phishing, malware, and user credential compromise by improving hardware security anchors in user devices through:

1. Performing thorough security evaluations on a variety of hardware security anchors or enclaves being developed and marketed for user devices such as laptops and smartphones (WP1).
2. Enhancing those security mechanisms for user-centric applications, by providing user interfaces which establish a secure channel with the hardware security anchor. (WP2).
In particular, we seek to address the challenges of user authentication in an IoT world, by designing secure protocols and procedures to provide easy-to-use secure enrolment and revocation of devices in authentication and authorisation realms (WP3).
3. Providing convincing demonstrators of our mechanisms and use cases (WP4).

The project outputs are expected to have an impact on Industry, academic researchers and Society in the following ways:

(1) Industry and government:
Our project partners HP Inc and Yubico AB will benefit by directly using the research outputs to build better products. For example, we expect that HP will build more secure laptops (Task 2.3). Our expected contributions to the FIDO standard will result in better Yubico authentication tokens (WP3).

More widely, other companies and government departments will benefit, by having these improved products and standards, and having access to the research.

(2) Academic researchers:
The outcomes of the project will provide
(a) Novel techniques for analysing hardware security primitives, which have applications in broader security contexts as well;
(b) New protocols and designs for user interfaces to TEEs, which can be used for broader user-centric applications besides the ones we develop in this proposal;
(c) New techniques and tools for verification.

These contributions are ideal for other academic researchers in cyber security, programming and verification (both within and outside the RI) to build upon.

(3) Society as a whole, through improved security and better products.

The impact of improved hardware security will improve usability and security for a wide range of devices and the means by which our many connected devices communicate with one another. This will enhance the readily available security features for individual users. By extension, the positive impact of increased security surrounding user authentication (including resilience to phishing and malware) will be felt across organisations of all sizes. Government in particular stands to benefit from increased security in all departments, as will any business that involves multiple users being authenticated to access information and systems. This will have further impact in specific sectors such as banking and health services that deal directly with private information that must have controlled access. By securing the underlying hardware systems and enabling more secure user interaction, all online activities will become more secure for all users.