Secure Cryptographic Execution Environment
“I definitely think that cryptography is becoming less important. In reality, even the most secure computer systems in the most isolated places were hacked in recent years using a number of APT attacks or other advanced techniques, ”said Adi Shamir, participating in a cryptographic session at the RSA conference.
What does the “father of founder” of public-key cryptography say? Today it is impossible to imagine the protection of information without cryptography. The persistence of modern cryptographic algorithms has not yet been questioned. However, the compromise of systems using cryptographic protection mechanisms is not uncommon. There are many reasons for this. It should be noted that hereinafter the human factor, state influence, corruption, etc. are not considered, but only technical aspects are discussed. A typical example of attacks on systems using cryptography is an attack on the client-bank system. The absence of a trusted execution environment for cryptographic operations on the client’s computer leads to the possibility of carrying out attacks aimed at stealing key information, replacing payment information, and unauthorized use of keys. The huge number of incidents in the RBS systems shows that the protection of the runtime environment is no less important than the robustness of the cryptographic algorithms used.
What should provide the environment for performing cryptographic operations:
A stand alone point is the usability of the solution. This requirement is not technical, but rather commercial. And of course, there is no strict formalization in this matter.
Many different mechanisms are currently used to create a trusted environment. Below is a small overview.
Antiviruses and sandboxes
The “first line of defense” includes various software protection tools installed in the system. It should be noted that these tools are not the medium itself, but are used to form a protected environment in the computer's operating system. These tools include antiviruses and various software sandboxes. The use of these tools greatly reduces the risk of unauthorized access to data during critical operations. However, as practice shows, their use does not give guarantees of protection. Errors in system-wide software and constantly improving spyware allow you to bypass almost any software protection mechanisms.
')
Using the trusted boot module
The Trusted Boot Module (MDZ) and the trusted environment sound similar, however, not the same at all. Indeed, the use of MDZ solves part of the task of creating a trusted environment. The MDZ can ensure the separation of access rights to the system, increase the reliability of key storage in the system, and ensure the integrity of some part of the system. This solution increases the overall security level before the system boots, but after booting the OS with the installed MDZ it is also subject to attacks, just like a regular system.
Download from image
Using booting from an operating system image to perform important operations. This approach can be implemented by various methods. However, they all have some disadvantages.
There are two main approaches to using boot from an image.
Virtual machine. There may be attacks from the host machine, both at runtime and at the image of a virtual machine. Like other software protection mechanisms, it reduces risk, but does not provide security guarantees.
Download from LiveCD / LiveUSB. When constructing such a solution, it is necessary to form an image of the system with the necessary functionality. In this case, it makes sense to limit the list of applications in the image only to those that are necessary to complete the tasks. When planning to run the system on different computers, support for various hardware platforms is required. For safe use it is necessary to solve all the above problems. Some problems can be solved using protected media.
Download from secure media
A more advanced version of booting from an OS image is the use of protected media. As in the previous case, it is recommended to use the OS specially prepared for the specific operation. For example, an OS from which you can connect only to a specific server and perform strictly defined actions. From a security point of view, the risks of using such a solution tend to zero. However, if there are errors on the system server, the possibility of an attack remains. Protection of the system image from unauthorized changes is implemented using a special carrier. Special media also implements secure storage of cryptographic keys.
Regarding usability. The main disadvantage of all such solutions is the “isolation” from the main system, as well as the need to reboot the system to run the trusted environment. That is, such a solution lacks the usual tools of work, and also complicates the transfer of data between applications trusted and normal OS. One of the acceptable options for data exchange can be a specialized network resource, but the constant restart of the OS to perform any operation is extremely inconvenient for the user. A logical continuation could be the use of two computers. Basically, where the business process takes place and a stand-alone computer with a special OS to perform critical in terms of information security operations. These computers can have a network connection directly between themselves or through a server.
Loading code into one core
It makes sense to make this decision a separate class because of the originality of the mechanism used. According to the description, when booting from a special carrier (flash drive), some code is loaded into one of the processor cores, then (after removing the flash drive) the main system starts on other cores. It is possible to switch between the running OS and the executable code in the first kernel. It is declared that the OS does not have access to the first kernel with the loaded program. However, from the OS, you can transfer data to a dedicated kernel for "trusted" processing. The scheme is quite original, but the correctness of the isolation of processes performed in different cores remains in question. The logic dictates that if it is possible to transfer the signature data from the main OS to other kernels, then other variants of the interaction of processes are likely possible. It is also not very clear how to protect the flash media from changing the bootloader code and keeping the keys stored on it. Apparently, without the use of special media can not do.
External trusted devices
The idea of making critical operations on a separate specialized device is not new. Critical operations in this case include work with keys and control of the information being processed. That is, in these devices it is necessary to ensure the generation of keys, the performance of cryptographic operations and the control of data received for processing. It is also necessary to provide a mechanism for differentiating access rights to the device and to ensure the immutability of the executable code.
The task of securely working with keys for a long time and very effectively solve smartcards and tokens with cryptography on board. Keys are hardware-generated in devices, cryptographic operations are performed in devices, keys never leave devices. The separation of access rights is most often carried out using a PIN code. Protection of the executable program from modification is provided by the chip manufacturer at the hardware level. To combat attacks aimed at the unauthorized use of cryptographic capabilities, the development of these devices follows the path of adding data authenticity control functionality.
The implementation of control over the authenticity of data received for processing in trusted devices may be different. There are three main control mechanisms:
At their core, all external trusted devices are minicomputers with limited functionality and computational capabilities. Authenticity of the data is ensured by the availability of its own input-output interfaces.
Perspectives
With an abundance of different solutions for creating a trusted environment, there are some patterns.
Based on the foregoing, in the coming years we can expect the appearance of specialized computers designed exclusively for carrying out critical operations in a trusted environment. It is likely that the basis for them can be tablet computers, which are constantly falling in price and at the same time have sufficient computing power and the necessary interfaces.
What does the “father of founder” of public-key cryptography say? Today it is impossible to imagine the protection of information without cryptography. The persistence of modern cryptographic algorithms has not yet been questioned. However, the compromise of systems using cryptographic protection mechanisms is not uncommon. There are many reasons for this. It should be noted that hereinafter the human factor, state influence, corruption, etc. are not considered, but only technical aspects are discussed. A typical example of attacks on systems using cryptography is an attack on the client-bank system. The absence of a trusted execution environment for cryptographic operations on the client’s computer leads to the possibility of carrying out attacks aimed at stealing key information, replacing payment information, and unauthorized use of keys. The huge number of incidents in the RBS systems shows that the protection of the runtime environment is no less important than the robustness of the cryptographic algorithms used.
What should provide the environment for performing cryptographic operations:
- Protect cryptographic keys from copying;
- To guarantee the separation of access rights to perform cryptographic operations;
- Provide control over the authenticity of data received for processing;
- Ensure the integrity of your own code;
- Have an interface interacting with an insecure environment.
A stand alone point is the usability of the solution. This requirement is not technical, but rather commercial. And of course, there is no strict formalization in this matter.
Many different mechanisms are currently used to create a trusted environment. Below is a small overview.
Antiviruses and sandboxes
The “first line of defense” includes various software protection tools installed in the system. It should be noted that these tools are not the medium itself, but are used to form a protected environment in the computer's operating system. These tools include antiviruses and various software sandboxes. The use of these tools greatly reduces the risk of unauthorized access to data during critical operations. However, as practice shows, their use does not give guarantees of protection. Errors in system-wide software and constantly improving spyware allow you to bypass almost any software protection mechanisms.
')
Using the trusted boot module
The Trusted Boot Module (MDZ) and the trusted environment sound similar, however, not the same at all. Indeed, the use of MDZ solves part of the task of creating a trusted environment. The MDZ can ensure the separation of access rights to the system, increase the reliability of key storage in the system, and ensure the integrity of some part of the system. This solution increases the overall security level before the system boots, but after booting the OS with the installed MDZ it is also subject to attacks, just like a regular system.
Download from image
Using booting from an operating system image to perform important operations. This approach can be implemented by various methods. However, they all have some disadvantages.
- The image of the system is a critical component of the solution. Without the use of additional security tools, it is impossible to ensure the integrity of the image and the confidentiality of key information stored in the image.
- An already running trusted OS can be attacked, just like a regular system. Using booting from a trusted OS without additional security means does not provide a trusted environment.
- Usability:
- In most cases, a system reboot is required;
- The user is forced to use the environment without the usual tools;
- Difficult to exchange data between trusted and untrusted environments.
There are two main approaches to using boot from an image.
Virtual machine. There may be attacks from the host machine, both at runtime and at the image of a virtual machine. Like other software protection mechanisms, it reduces risk, but does not provide security guarantees.
Download from LiveCD / LiveUSB. When constructing such a solution, it is necessary to form an image of the system with the necessary functionality. In this case, it makes sense to limit the list of applications in the image only to those that are necessary to complete the tasks. When planning to run the system on different computers, support for various hardware platforms is required. For safe use it is necessary to solve all the above problems. Some problems can be solved using protected media.
Download from secure media
A more advanced version of booting from an OS image is the use of protected media. As in the previous case, it is recommended to use the OS specially prepared for the specific operation. For example, an OS from which you can connect only to a specific server and perform strictly defined actions. From a security point of view, the risks of using such a solution tend to zero. However, if there are errors on the system server, the possibility of an attack remains. Protection of the system image from unauthorized changes is implemented using a special carrier. Special media also implements secure storage of cryptographic keys.
Regarding usability. The main disadvantage of all such solutions is the “isolation” from the main system, as well as the need to reboot the system to run the trusted environment. That is, such a solution lacks the usual tools of work, and also complicates the transfer of data between applications trusted and normal OS. One of the acceptable options for data exchange can be a specialized network resource, but the constant restart of the OS to perform any operation is extremely inconvenient for the user. A logical continuation could be the use of two computers. Basically, where the business process takes place and a stand-alone computer with a special OS to perform critical in terms of information security operations. These computers can have a network connection directly between themselves or through a server.
Loading code into one core
It makes sense to make this decision a separate class because of the originality of the mechanism used. According to the description, when booting from a special carrier (flash drive), some code is loaded into one of the processor cores, then (after removing the flash drive) the main system starts on other cores. It is possible to switch between the running OS and the executable code in the first kernel. It is declared that the OS does not have access to the first kernel with the loaded program. However, from the OS, you can transfer data to a dedicated kernel for "trusted" processing. The scheme is quite original, but the correctness of the isolation of processes performed in different cores remains in question. The logic dictates that if it is possible to transfer the signature data from the main OS to other kernels, then other variants of the interaction of processes are likely possible. It is also not very clear how to protect the flash media from changing the bootloader code and keeping the keys stored on it. Apparently, without the use of special media can not do.
External trusted devices
The idea of making critical operations on a separate specialized device is not new. Critical operations in this case include work with keys and control of the information being processed. That is, in these devices it is necessary to ensure the generation of keys, the performance of cryptographic operations and the control of data received for processing. It is also necessary to provide a mechanism for differentiating access rights to the device and to ensure the immutability of the executable code.
The task of securely working with keys for a long time and very effectively solve smartcards and tokens with cryptography on board. Keys are hardware-generated in devices, cryptographic operations are performed in devices, keys never leave devices. The separation of access rights is most often carried out using a PIN code. Protection of the executable program from modification is provided by the chip manufacturer at the hardware level. To combat attacks aimed at the unauthorized use of cryptographic capabilities, the development of these devices follows the path of adding data authenticity control functionality.
The implementation of control over the authenticity of data received for processing in trusted devices may be different. There are three main control mechanisms:
- Trusted data entry mechanism. It is implemented using input keyboards physically located on the device. A typical example is the so-called “cryptocalculators”, on the keyboard of which payment information is recruited and then a payment confirmation code is generated based on the device secret (or payment card secret). The main disadvantage of the solution is the need for manual data entry. In the banking sector, to eliminate this inconvenience, the counterparty list storage functionality can be added to the device.
- Visual control of data through the display of a trusted device. Unlike the first method, data is generated in an untrusted environment, and then displayed on the screen of a trusted device. The correctness of the data is checked by the device user. If the user confirms the correctness of the data, a confirmation code is generated. Devices can have a different form factor and have different data exchange interfaces. Currently, they are the most user-friendly solutions for creating a trusted environment.
- Retrieving data from a trusted source with cryptographic verification of authorship. Receive data from a trusted application server and decrypt (signature verification) in a trusted device. It can be combined with visual data control.
At their core, all external trusted devices are minicomputers with limited functionality and computational capabilities. Authenticity of the data is ensured by the availability of its own input-output interfaces.
Perspectives
With an abundance of different solutions for creating a trusted environment, there are some patterns.
- Effectively to solve the task without a device that is separate from the main computer fails.
- When using boot from trusted media, the functionality of the bootable OS is limited to ensure security.
- External plug-in devices enhance their functionality.
Based on the foregoing, in the coming years we can expect the appearance of specialized computers designed exclusively for carrying out critical operations in a trusted environment. It is likely that the basis for them can be tablet computers, which are constantly falling in price and at the same time have sufficient computing power and the necessary interfaces.
Source: https://habr.com/ru/post/171629/
All Articles