User-controlled hardware security anchors: evaluation and designs
Lead Research Organisation:
University of Birmingham
Department Name: School of Computer Science
Abstract
Many modern processors are equipped with hardware extensions that enable some kind of Trusted Execution Environment (TEE). This allows programs to run securely - protected from other programs or operating system software running on the processor. By establishing a secure interface between the user and the hardware-anchor, we can make user platforms and devices more resilient to malware and other types of cyber attacks.
One of the main goals of this project is to promote and facilitate the adoption of TEE as the main trust anchor for our security architectures. As such, the security of the TEEs themselves is of paramount importance. We will perform a thorough evaluation of the security features of different TEE implementations to determine their suitability as trust anchors. This includes assessing cryptographic protocols, side-channel vulnerabilities, and implementation weaknesses.
Hardware supported TEEs aim to ensure that code can execute securely. However, user interface devices (for example, a keyboard, display or touch screen) are usually not connected directly to the secure hardware, which means that the user cannot interact securely with the TEE. We will address the limitations of users interacting directly with TEEs through analysing use cases and developing secure interfaces using auxiliary devices and dedicated features.
Authentication today is largely based on user supplied information like passwords or biometrics. These approaches often use information that is easy to steal or brute force. The industry has been moving towards multi-factor authentication as a means of spreading risk, but these approaches impose usability challenges while still relying on weak factors. We will investigate opportunities to leverage strong hardware-based security mechanisms to improve both the strength and usability of authentication. We will also build an architecture for designing protocols and user experiences that leverage these hardware security primitives to enhance the security, manageability, and usability of user authentication over existing approaches.
The analysis and applications of our research findings will be demonstrated and implemented on suitable platforms including secure hardware, smart devices and integration with authentication tokens.
One of the main goals of this project is to promote and facilitate the adoption of TEE as the main trust anchor for our security architectures. As such, the security of the TEEs themselves is of paramount importance. We will perform a thorough evaluation of the security features of different TEE implementations to determine their suitability as trust anchors. This includes assessing cryptographic protocols, side-channel vulnerabilities, and implementation weaknesses.
Hardware supported TEEs aim to ensure that code can execute securely. However, user interface devices (for example, a keyboard, display or touch screen) are usually not connected directly to the secure hardware, which means that the user cannot interact securely with the TEE. We will address the limitations of users interacting directly with TEEs through analysing use cases and developing secure interfaces using auxiliary devices and dedicated features.
Authentication today is largely based on user supplied information like passwords or biometrics. These approaches often use information that is easy to steal or brute force. The industry has been moving towards multi-factor authentication as a means of spreading risk, but these approaches impose usability challenges while still relying on weak factors. We will investigate opportunities to leverage strong hardware-based security mechanisms to improve both the strength and usability of authentication. We will also build an architecture for designing protocols and user experiences that leverage these hardware security primitives to enhance the security, manageability, and usability of user authentication over existing approaches.
The analysis and applications of our research findings will be demonstrated and implemented on suitable platforms including secure hardware, smart devices and integration with authentication tokens.
Planned Impact
A key aim for the UK National Cyber Security Strategy is engaging government, industry, researchers and users in promoting 'secure by default' for future software and hardware. This is in response to the inherent insecurity of any information that passes over the internet and its ramifications for all sectors of society. For example, internet banking fraud rose by 64% in 2015 to £133.5m, and there are increasing numbers of high profile cases involving, for example, NHS services in malware incidents. This project aims to tackle issues such as phishing, malware, and user credential compromise by improving hardware security anchors in user devices through:
1. Performing thorough security evaluations on a variety of hardware security anchors or enclaves being developed and marketed for user devices such as laptops and smartphones (WP1).
2. Enhancing those security mechanisms for user-centric applications, by providing user interfaces which establish a secure channel with the hardware security anchor. (WP2).
In particular, we seek to address the challenges of user authentication in an IoT world, by designing secure protocols and procedures to provide easy-to-use secure enrolment and revocation of devices in authentication and authorisation realms (WP3).
3. Providing convincing demonstrators of our mechanisms and use cases (WP4).
The project outputs are expected to have an impact on Industry, academic researchers and Society in the following ways:
(1) Industry and government:
Our project partners HP Inc and Yubico AB will benefit by directly using the research outputs to build better products. For example, we expect that HP will build more secure laptops (Task 2.3). Our expected contributions to the FIDO standard will result in better Yubico authentication tokens (WP3).
More widely, other companies and government departments will benefit, by having these improved products and standards, and having access to the research.
(2) Academic researchers:
The outcomes of the project will provide
(a) Novel techniques for analysing hardware security primitives, which have applications in broader security contexts as well;
(b) New protocols and designs for user interfaces to TEEs, which can be used for broader user-centric applications besides the ones we develop in this proposal;
(c) New techniques and tools for verification.
These contributions are ideal for other academic researchers in cyber security, programming and verification (both within and outside the RI) to build upon.
(3) Society as a whole, through improved security and better products.
The impact of improved hardware security will improve usability and security for a wide range of devices and the means by which our many connected devices communicate with one another. This will enhance the readily available security features for individual users. By extension, the positive impact of increased security surrounding user authentication (including resilience to phishing and malware) will be felt across organisations of all sizes. Government in particular stands to benefit from increased security in all departments, as will any business that involves multiple users being authenticated to access information and systems. This will have further impact in specific sectors such as banking and health services that deal directly with private information that must have controlled access. By securing the underlying hardware systems and enabling more secure user interaction, all online activities will become more secure for all users.
1. Performing thorough security evaluations on a variety of hardware security anchors or enclaves being developed and marketed for user devices such as laptops and smartphones (WP1).
2. Enhancing those security mechanisms for user-centric applications, by providing user interfaces which establish a secure channel with the hardware security anchor. (WP2).
In particular, we seek to address the challenges of user authentication in an IoT world, by designing secure protocols and procedures to provide easy-to-use secure enrolment and revocation of devices in authentication and authorisation realms (WP3).
3. Providing convincing demonstrators of our mechanisms and use cases (WP4).
The project outputs are expected to have an impact on Industry, academic researchers and Society in the following ways:
(1) Industry and government:
Our project partners HP Inc and Yubico AB will benefit by directly using the research outputs to build better products. For example, we expect that HP will build more secure laptops (Task 2.3). Our expected contributions to the FIDO standard will result in better Yubico authentication tokens (WP3).
More widely, other companies and government departments will benefit, by having these improved products and standards, and having access to the research.
(2) Academic researchers:
The outcomes of the project will provide
(a) Novel techniques for analysing hardware security primitives, which have applications in broader security contexts as well;
(b) New protocols and designs for user interfaces to TEEs, which can be used for broader user-centric applications besides the ones we develop in this proposal;
(c) New techniques and tools for verification.
These contributions are ideal for other academic researchers in cyber security, programming and verification (both within and outside the RI) to build upon.
(3) Society as a whole, through improved security and better products.
The impact of improved hardware security will improve usability and security for a wide range of devices and the means by which our many connected devices communicate with one another. This will enhance the readily available security features for individual users. By extension, the positive impact of increased security surrounding user authentication (including resilience to phishing and malware) will be felt across organisations of all sizes. Government in particular stands to benefit from increased security in all departments, as will any business that involves multiple users being authenticated to access information and systems. This will have further impact in specific sectors such as banking and health services that deal directly with private information that must have controlled access. By securing the underlying hardware systems and enabling more secure user interaction, all online activities will become more secure for all users.
Publications
Alder F
(2022)
Faulty Point Unit: ABI Poisoning Attacks on Trusted Execution Environments
in Digital Threats: Research and Practice
Wouters L.
(2019)
Dismantling DST80-based Immobiliser Systems
in IACR Transactions on Cryptographic Hardware and Embedded Systems
Van Den Herrewegen J
(2020)
Fill your Boots: Enhanced Embedded Bootloader Exploits via Fault Injection and Binary Analysis
in IACR Transactions on Cryptographic Hardware and Embedded Systems
Hicks C.
(2018)
Dismantling the AUT64 Automotive Cipher
in IACR Transactions on Cryptographic Hardware and Embedded Systems
Chen Z
(2023)
PMFault: Faulting and Bricking Server CPUs through Management Interfaces: Or: A Modern Example of Halt and Catch Fire
in IACR Transactions on Cryptographic Hardware and Embedded Systems
Chen Z
(2023)
PMFault: Faulting and Bricking Server CPUs through Management Interfaces Or: A Modern Example of Halt and Catch Fire
in IACR Transactions on Cryptographic Hardware and Embedded Systems
Murdock K
(2020)
Plundervolt: How a Little Bit of Undervolting Can Create a Lot of Trouble
in IEEE Security & Privacy
Xu Z
(2022)
Magnifying Side-Channel Leakage of Lattice-Based Cryptosystems with Chosen Ciphertexts: The Case Study of Kyber
in IEEE Transactions on Computers
Chen Z.
(2021)
VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface
in Proceedings of the 30th USENIX Security Symposium
Li R
(2022)
SoK: TEE-Assisted Confidential Smart Contract
in Proceedings on Privacy Enhancing Technologies
Cheng Z
(2023)
Watching your call: Breaking VoLTE Privacy in LTE/5G Networks
in Proceedings on Privacy Enhancing Technologies
Li R
(2022)
SoK: TEE-assisted Confidential Smart Contract
Van Bulck J
(2019)
A Tale of Two Worlds
Chen Z
(2022)
MetaEmu
Murdock K.
(2019)
Plundervolt: software-based fault injection attacks against Intel SGX
Oxford, M.
(2020)
Quantitative Verification of Certificate Transparency Gossip Protocols
Title | Cyber security awareness month campaign |
Description | Social Media campaign for Cyber security awareness month |
Type Of Art | Film/Video/Animation |
Year Produced | 2019 |
Impact | Increased engagement and awareness online. |
URL | https://www.youtube.com/watch?v=defYa77Dw8w |
Title | Cyber security awareness month campaign |
Description | Video produced for a social media campaign for cyber security awareness month. |
Type Of Art | Film/Video/Animation |
Year Produced | 2019 |
Impact | Increased engagement and awareness. |
URL | https://www.youtube.com/watch?v=lWRT_TnEQdM |
Title | Quest video campaign |
Description | A video produced for the University's quest campaign |
Type Of Art | Film/Video/Animation |
Year Produced | 2019 |
Impact | Video features researchers from the Centre for Cyber Security and Privacy talking about: How can we stay safe from hackers in the era of 'smart products'? |
URL | https://www.youtube.com/watch?v=PDCCNuAjW5s&t= |
Description | We have analysed the security of several Trusted Execution Environments (TEEs) as these can be used as a root of trust and identified several (dozens) critical vulnerabilities. Furthermore, we have developed a new type of attack, which we called Plundervolt, which is able to inject computation faults into a TEE by leveraging dynamic voltage scaling features of the processor. We have worked together with the affected manufacturers developing solutions which has led to several cooperations. We have worked on using hardware security anchors for several applications, especially the application of assisting user authentication. This is work in progress. |
Exploitation Route | We have disseminated our vulnerability discoveries to the relevant manufacturers and designers, who will use it to improve their products. We are working with companies on developing applications of hardware security anchors for user authentication. We hope they will develop products. |
Sectors | Digital/Communication/Information Technologies (including Software),Electronics,Security and Diplomacy |
Description | We have disseminated our vulnerability discoveries to the relevant manufacturers and designers, who will use it to improve their products. The methodology introduced in our paper "A Tale of Two Worlds" revealed 35 vulnerabilities in 8 security-critical shielding-frameworks for Intel processors. By responsibly disclosing these vulnerabilities and working together with the affected manufacturers all of these vulnerabilities are now fixed. This resulted in numerous security patches for commercial products including the Intel SGX-SDK, Microsoft Open Enclave, Google Asylo, and the Rust compiler. In June 2019, we informed Intel about a new type of vulnerability in their processors, which we called Plundervolt. Since then, we have had an open dialog with Intel to which we facilitated proof of concept code and demonstrators. As a consequence of this disclosure process, last December, Intel has rolled out a new microcode update to all of their processors worldwide. This covers approximately 90% the of all computer processors (CPUs). This has also attracted substantial media attention. We are working with companies on developing applications of hardware security anchors for user authentication. We hope they will develop products. |
First Year Of Impact | 2019 |
Sector | Digital/Communication/Information Technologies (including Software),Electronics,Security and Diplomacy |
Impact Types | Economic |
Description | CAP-TEE: Capability Architectures for Trusted Execution |
Amount | £1,000,206 (GBP) |
Funding ID | EP/V000454/1 |
Organisation | Engineering and Physical Sciences Research Council (EPSRC) |
Sector | Public |
Country | United Kingdom |
Start | 08/2020 |
End | 06/2024 |
Description | SCAvenger - Attacking Machine Learning with Side Channel Attacks |
Amount | £54,000 (GBP) |
Organisation | Intel Corporation |
Sector | Private |
Country | United States |
Start | 02/2021 |
End | 02/2023 |
Description | SIPP - Secure IoT Processor Platform with Remote Attestation |
Amount | £1,294,888 (GBP) |
Funding ID | EP/S030867/1 |
Organisation | Engineering and Physical Sciences Research Council (EPSRC) |
Sector | Public |
Country | United Kingdom |
Start | 12/2019 |
End | 08/2023 |
Description | Google Asylo |
Organisation | |
Department | Research at Google |
Country | United States |
Sector | Private |
PI Contribution | Disclosed vulnerabilities. Found instances of the problematic [user_check] attribute that lacked proper pointer validation, leaving critical vulnerabilities in the compiled enclave |
Collaborator Contribution | - |
Impact | Improved security of products. |
Start Year | 2019 |
Description | INTEL-SA-00289 |
Organisation | Intel Corporation |
Department | Intel Corporation (UK) Ltd |
Country | United Kingdom |
Sector | Private |
PI Contribution | Vulnerabilities disclosed. CVE-2019-11157 |
Collaborator Contribution | They fixed the flaw in all Intel processors via a microcode update. |
Impact | Improved security of products. |
Start Year | 2019 |
Description | Intel SGX-SDK |
Organisation | Intel Corporation |
Department | Intel Corporation (UK) Ltd |
Country | United Kingdom |
Sector | Private |
PI Contribution | Disclosed vulnerabilities, CVE-2018-3626 and CVE-2019-14565. |
Collaborator Contribution | - |
Impact | Improved security of product. |
Start Year | 2019 |
Description | Microsoft Open Enclave |
Organisation | Microsoft Research |
Department | Microsoft Research Cambridge |
Country | United Kingdom |
Sector | Private |
PI Contribution | Disclosed Vulnerabilities. CVE-2019-0876, CVE-2019-1369,and CVE-2019-1370. |
Collaborator Contribution | - |
Impact | Improved security of products. |
Start Year | 2019 |
Title | PoC for PMFault |
Description | This software checks and demonstrates the vulnerabilities reported in the paper "PMFault: Faulting and Bricking Server CPUs through Management Interfaces", to appear at TCHES 2023. |
Type Of Technology | Software |
Year Produced | 2023 |
Open Source License? | Yes |
Impact | Media coverage in the New Scientist |
URL | https://github.com/zt-chen/PMFault |
Title | Proof of concept code demonstrating security vulnerabilities in commercial products |
Description | A tale of two worlds: Assessing the vulnerability of enclave shielding runtimes This github repository contains the source code accompanying our CCS'19 paper which methodologically analyzes interface sanitization vulnerabilities for 8 different enclave shielding runtimes across the ABI and API tiers. |
Type Of Technology | Software |
Year Produced | 2019 |
Open Source License? | Yes |
Impact | Affected product manufacturers have used this code to reproduce our findings and confirm the vulnerabilities in their products. These helped them to assess their severity and also to draw a mitigation plan. |
URL | https://github.com/jovanbulck/0xbadc0de |
Description | Article published in The Register |
Form Of Engagement Activity | A magazine, newsletter or online publication |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Media (as a channel to the public) |
Results and Impact | Article published in The Register titled: Intel's SGX cloud-server security defeated by $30 chip, electrical shenanigans |
Year(s) Of Engagement Activity | 2020 |
URL | https://www.theregister.com/2020/11/14/intel_sgx_physical_security/ |
Description | CARDIS conference including CHERI/capability architecture tutorial |
Form Of Engagement Activity | Participation in an activity, workshop or similar |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | A CHERI/capability architecture half-day tutorial was successfully held at the CARDIS conference in Nov 2022 (approx. 60 participants) hosted by Oswald in Birmingham. This allowed the project team to introduce capabilities and CHERI/Morello to a broad academic and industrial audience, serving as the project's mid-term evaluation event. Industry attendees included large employees from large semiconductor vendors and security companies |
Year(s) Of Engagement Activity | 2022 |
URL | https://events.cs.bham.ac.uk/cardis2022/ |
Description | Cutting Through the Complexity of Reverse Engineering Embedded Devices |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | Presentation of our paper "Cutting Through the Complexity of Reverse Engineering Embedded Devices" and the flagship annual Conference on Cryptographic Hardware and Embedded Systems (CHES). |
Year(s) Of Engagement Activity | 2021 |
URL | https://ches.iacr.org/2021/program.php |
Description | Delivered a Talk at HP Labs |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Professional Practitioners |
Results and Impact | Co-I Ryan delivered a tutorial talk at HP Labs 22 October 2020, "Intro to Keystone (an enclave system for RISC-V)" |
Year(s) Of Engagement Activity | 2020 |
Description | Delivered a Talk at Huawei Security Advisory Board |
Form Of Engagement Activity | A formal working group, expert panel or dialogue |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | Co-I Ryan delivered a Talk at Huawei Security Advisory Board 27 November 2020, "An overview of hardware security anchors for IoT and embedded applications" |
Year(s) Of Engagement Activity | 2020 |
Description | Help Net Security Article |
Form Of Engagement Activity | A magazine, newsletter or online publication |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Media (as a channel to the public) |
Results and Impact | Article published on Help Net Security titled: 'Researchers break Intel SGX by creating $30 device to control CPU voltage' |
Year(s) Of Engagement Activity | 2020 |
URL | https://www.helpnetsecurity.com/2020/11/16/break-intel-sgx/ |
Description | Interviewed for article featured in the Chronicles of Higher Education |
Form Of Engagement Activity | A press release, press conference or response to a media enquiry/interview |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Media (as a channel to the public) |
Results and Impact | changing perception of offensive cyber research and demonstrating its benefits to industry. |
Year(s) Of Engagement Activity | 2019 |
URL | https://www.chronicle.com/paid-article/Hack-ademics-prepare-us/291 |
Description | Media coverage in New Scientist |
Form Of Engagement Activity | A magazine, newsletter or online publication |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Public/other audiences |
Results and Impact | The New Scientist covered our recent work on CPU under/overvolting through the PMBus. |
Year(s) Of Engagement Activity | 2023 |
URL | https://www.newscientist.com/article/2354844-hackers-can-make-computers-destroy-their-own-chips-with... |
Description | Phoronix Article |
Form Of Engagement Activity | A magazine, newsletter or online publication |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Media (as a channel to the public) |
Results and Impact | Article published online in Phoronix titled ' VoltPillager: Researchers Compromise Intel SGX With Hardware-Based Undervolting Attack' |
Year(s) Of Engagement Activity | 2021 |
URL | https://www.phoronix.com/scan.php?page=news_item&px=VoltPillager-HW-Undervolt |
Description | invited talk at STW'2021 |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Industry/Business |
Results and Impact | Ryan had an invited talk at STW'2021 (Huawei Security and Technology Workshop, October 2021). |
Year(s) Of Engagement Activity | 2021 |
Description | invited talk at the Shonan seminar |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | Ryan gave an invited talk called "Hardware technologies for making privacy violations transparent and accountable" at the Shonan seminar (Japan) on the theme of "Biggest failures in privacy" on 28 Sept. |
Year(s) Of Engagement Activity | 2021 |
Description | invited talk at workshop on the Security of Software / Hardware Interfaces (SILM 2021) |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | Garcia gave an invited talk on the hardware attack aspects of our work: "Plundering and Pillaging with Voltage: Software and Hardware-based Fault-injection Attacks against SGX", 3rd edition of workshop on the Security of Software / Hardware Interfaces (SILM 2021). Co-located with EuroS&P. |
Year(s) Of Engagement Activity | 2021 |
Description | keynote talk at 14th International Conference on Security for Information Technology and Communications |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | Ryan gave a keynote talk at 14th International Conference on Security for Information Technology and Communications |
Year(s) Of Engagement Activity | 2021 |
Description | panel member to "Cyber Security, Fraud & Human Error" (part of a civil servants' conference on public sector cyber security) |
Form Of Engagement Activity | A formal working group, expert panel or dialogue |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Policymakers/politicians |
Results and Impact | Ryan was invited as panel member to "Cyber Security, Fraud & Human Error" (part of a civil servants' conference on public sector cyber security, 300 delegates), December 2021. |
Year(s) Of Engagement Activity | 2021 |
Description | showcase for National Cyber Strategy 2022 |
Form Of Engagement Activity | Participation in an activity, workshop or similar |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Industry/Business |
Results and Impact | Oswald and other project members (virtually) attended the National Cyber Strategy 2022 on Wednesday 15 December. We had prepared a CAP-TEE showcase for the in-person event, but due to the Covid situation the event was made virtually at short notice. |
Year(s) Of Engagement Activity | 2021 |
Description | talk at hardwear.io |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | Future CAP-TEE / DsbDtech contributions to TEE security and work around hardware undervolting highlighted in Oswald's talks at hardwear.io |
Year(s) Of Engagement Activity | 2021 |
Description | virtual seminar talk at Infineon |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Industry/Business |
Results and Impact | Oswald gave a virtual seminar talk at Infineon, relating to fault injection and the hardware attack aspects of the project. |
Year(s) Of Engagement Activity | 2021 |