@ -4,9 +4,9 @@ They appear as PCs, notebooks, cellular phones or embedded devices.
Especially the footprint of embedded computers became so small that they can be used in almost all electrical devices.
Especially the footprint of embedded computers became so small that they can be used in almost all electrical devices.
These embedded systems form the so called \emph{smart} devices.
These embedded systems form the so called \emph{smart} devices.
With all these new devices, a lot of societal problems could be solved in the past few decades.
All these new devices made life a lot easier in the past decades.
Many of them automate services to the public like managing the bank account, public transportation or health services.
Many of them automate services to the public like managing the bank account, public transportation or health services.
The list of digital service is endless and will still grow in the next decades.
The list of digital service is endless and will still grow in the future.
The downside of all these digital services is that using these services generate a lot of data.
The downside of all these digital services is that using these services generate a lot of data.
Besides of the intended exchange of information, many of the services try to extract metadata as well.
Besides of the intended exchange of information, many of the services try to extract metadata as well.
@ -19,18 +19,18 @@ What else did the owner on the device?
This set of questions is not complete.
This set of questions is not complete.
Aggregating metadata is not required to fulfill the function of the requested service.
Aggregating metadata is not required to fulfill the function of the requested service.
However, reselling the metadata brings the provider more margin on the product and hence more profit.
However, aggregating and reselling the metadata brings the provider more margin on the product and hence more profit.
Consequently, the market for metadata is growing and yet only partly regulated.
Consequently, the market for metadata is growing and yet only partly regulated.
This is a downside of the service which may prevent users from actually using it.
Since metadata aggregation is one downside of using smart services, providers try to downplay or to hide these aggregation features where possible.
So the providers are hiding the aggregation functions in a proprietary layer.
Often a proprietary layer is used either on the client or the server side to hide those functions.
Either the software on a client device or the counterpart on the server side is using such a layer.
The result is a piece of software which is provided as binary and the user cannot prove what this software is exactly doing besides the visible front end features.
The result is a piece of software which is provided as binary and the user cannot prove what this software is exactly doing besides the visible front end features.
There are of course other purposes for delivering software in a closed source manner.
There are of course other purposes for delivering software in a closed source manner.
Firmware of hardware vendors is usually not disclosed and provide an API where an \emph{Operating System} (OS) can connect to.
Firmware of hardware vendors is usually not disclosed and provide an API where an \emph{Operating System} (OS) can connect to.
Some companies deliver complete devices with internet connection.
Some companies deliver complete closed source devices with internet connection.
In this case a user has no chance to detect what the device is doing in this very moment.
In this case a user has no chance to detect what the device is doing in this very moment.
There is, however, a special need for users to keep sensitive data secret.
Especially when providing confidential data like passwords or biometric data, a certain level of trust is required.
Especially when providing confidential data like passwords or biometric data, a certain level of trust is required.
This means that the user assumes that the provided sensible data is handled properly for only the designated usage.
This means that the user assumes that the provided sensible data is handled properly for only the designated usage.
One may argue that a password can easily be changed when revealed to the public.
One may argue that a password can easily be changed when revealed to the public.
@ -40,13 +40,15 @@ Unfortunately, this does not apply to a fingerprint since a human usually has on
When using a system with an authentication method, trust plays a key role.
When using a system with an authentication method, trust plays a key role.
For black box systems this trust is cast to the vendor of the system or device.
For black box systems this trust is cast to the vendor of the system or device.
There is however no mathematical proof that the device is indeed executing the software as intended from the vendor.
There is however no mathematical proof that the device is indeed executing the software as intended from the vendor.
This thesis will therefore use the term \emph{trust} as a cryptographic chain of proofs, that a system is behaving in an intended way, a so called \emph{Chain of Trust}.
This thesis will therefore use the term \emph{trust} as a cryptographic chain of proofs, that a system is behaving in an intended way, a so called \emph{Chain of Trust}.
By providing a Chain of Trust, a user can ask the vendor for a certification of its devices and consequently comprehend the state of the system at hand.
By providing a Chain of Trust, a user can ask the vendor for a certification of its devices and consequently comprehend the state of the system at hand.
The Chain of Trust will be separated into two parts, namely the creation of trust on a certain system, and the transfer of trust over the network for verification purposes.
\section{Project DigiDow}
\section{Project DigiDow}
The Institute for Networks and Security is heavily using the cryptographic form of trust in the project \emph{Digital Shadow} (DigiDow).
The Institute for Networks and Security is heavily using the cryptographic form of trust in the project \emph{Digital Shadow} (DigiDow).
DigiDow introduces an electronic authentication system, which aims minimize generation of metadata on the system level and hence preserves privacy for their users.
DigiDow introduces an electronic authentication system, which aims to minimize any generation of metadata on system and network level and hence maximizes the level of privacy for their users.
It furthermore should be scalable for nationwide or even worldwide applications and provide provable trust and integrity to the user.
The project furthermore aims to specify a scalable solution for nationwide or even worldwide applications including provable trust and integrity to the user.
\begin{figure}
\begin{figure}
\centering
\centering
@ -58,13 +60,13 @@ It furthermore should be scalable for nationwide or even worldwide applications
The picture in \autoref{fig:globalview} provide an overview of the authentication process within DigiDow.
The picture in \autoref{fig:globalview} provide an overview of the authentication process within DigiDow.
At the time of this writing, the exact order and definition of every step is not yet finished and may change during the progress of the whole project.
At the time of this writing, the exact order and definition of every step is not yet finished and may change during the progress of the whole project.
DigiDow introduces three main parties which are involved in a common authentication process.
DigiDow introduces three main parties which are involved in a common authentication process.
\begin{description}
\begin{itemize}
\item[\emph{Personal Identity Agent} (PIA):] The PIA is the digital shadow of an individual who wants to be authenticated.
\item\emph{Personal Identity Agent} (PIA): The PIA is the digital shadow of an individual who wants to be authenticated.
This individual is also the owner of the PIA and should be able to manage sensible data and software on it.
This individual is also the owner of the PIA and should be able to manage sensible data and software on it.
\item[\emph{Verifier} (V):] This is the party that verifies the whole authentication process and may finally trigger the desired action if all went well.
\item\emph{Verifier} (V): This is the party that verifies the whole authentication process and may finally trigger the desired action if all went well.
\item[\emph{Biometric Sensor} (BS):] For Authentication, an individual has to be uniquely identified.
\item\emph{Biometric Sensor} (BS): For Authentication, an individual has to be uniquely identified.
The BS records therefore biometric data from the individual and passes it into the DidiDow network.
The BS records therefore biometric data from the individual and passes it into the DidiDow network.
\end{description}
\end{itemize}
For scalability, we assume that there are large numbers of all parties.
For scalability, we assume that there are large numbers of all parties.
The illustration also shows a draft of how which steps need to be performed between above mentioned parties during an authentivation process.
The illustration also shows a draft of how which steps need to be performed between above mentioned parties during an authentivation process.
\begin{enumerate}
\begin{enumerate}
@ -87,31 +89,14 @@ A key feature is to show the user that all involved parts of the system are work
So we design a prototype based on the common x86 architecture and use the cryptographic features of the \emph{Trusted Platform Module} (TPM).
So we design a prototype based on the common x86 architecture and use the cryptographic features of the \emph{Trusted Platform Module} (TPM).
A TPM is a passive crypto coprocessor available on many modern PC platforms which has an independent storage for crypto variables and provides functions to support above mentioned features.
A TPM is a passive crypto coprocessor available on many modern PC platforms which has an independent storage for crypto variables and provides functions to support above mentioned features.
We define a solution for installing and booting a Linux Kernel with integrity measurements in place.
We define a solution for installing and booting a Linux Kernel with TPM-backed integrity measurements in place.
Finally we use an attached camera as sensor to create the data set to continue with the authentication process.
We use an attached camera as example for a biometric sensor hardware to create the data set to continue with the authentication process.
This data set will be forwarded to the PIA with the integrity measurements of the system and a signature from the TPM.
This data set will be combined with the integrity measurements of the system and a signature from the TPM and finally sent to the PIA for verification and further computation.
The thesis focuses on a working setup as basis for future research.
Since the DigiDow protocols are not yet finalized some assumptions are defined for this work and the prototype implementation:
\begin{itemize}
\item Any betwork discovery (Step 1 in \autoref{fig:globalview}) is omitted. BS and PIA are assumed to be reachable directly via TCP/IP
\item We look into a protocol which proofs trustworthiness from BS to PIA.
Any further proofs necessary for the Verifier are also not focused in this thesis.
\item The sensible data sets will be transmitted in cleartext between BS and PIA.
It is considered easy to provide an additional layer of encryption for transportation.
However this should be considered in the DigiDow network protocol design.
This thesis focuses only on the trust part between BS and PIA.
\item Any built system is considered secure on a hardware level.
Any threats which are attacking the system without changing any running software on the system may be not detected. This includes USB wire tapping or debug interfaces within the system revealing sensible information.
\end{itemize}
%TODO edit pointer
\section{Goals and Definitions}
By building a system with an integrated TPM, the system should be able to provide the following properties:
You should be able to attach a variety of sensors to the system.
The system should then fulfill the following requirements
\begin{itemize}
\begin{itemize}
\item\emph{Sensor Monitoring.} The system should be able to monitor the hardware sensor (fingerprint sensor, camera, etc.) itself.
\item\emph{Sensor Monitoring.} The system should be able to monitor the hardware sensor (fingerprint sensor, camera, etc.) itself.
\item\emph{System Monitoring.} It should be possible to track the state of the system. Especially every modification of the system should be detected.
\item\emph{System Monitoring.} It should be possible to track the state of the system. Especially every modification of the system at hardware level should be detected.
\item\emph{Freshness of Sensor Data.} To prevent replay attacks, the system should proof that the provided biometric data is captured live.
\item\emph{Freshness of Sensor Data.} To prevent replay attacks, the system should proof that the provided biometric data is captured live.
\item\emph{Integrity of Sensor Data.} As it is possible for an adversary to modify the provided data during the capturing process, integrity should guarantee that the data originates from the BS.
\item\emph{Integrity of Sensor Data.} As it is possible for an adversary to modify the provided data during the capturing process, integrity should guarantee that the data originates from the BS.
\item\emph{Confidentiality of Sensor Data.} It should not be possible to eavesdrop any sensitive data out of the system.
\item\emph{Confidentiality of Sensor Data.} It should not be possible to eavesdrop any sensitive data out of the system.
@ -120,38 +105,30 @@ The system should then fulfill the following requirements
\item\emph{Unforgeability.} Only honest BS should be able to be part of the DigiDow network. Corrupt systems should not be able to send valid messages.
\item\emph{Unforgeability.} Only honest BS should be able to be part of the DigiDow network. Corrupt systems should not be able to send valid messages.
\end{itemize}
\end{itemize}
Usage Model of Biometric Sensor
The thesis focuses on a working setup as basis for future research.
Since the DigiDow protocols are not yet finalized some assumptions are defined for this work and the prototype implementation:
This thesis will describe a system, which is part of the Digital Shadow network.
Therefore it has to meet the common principles in information security, namely:
\begin{itemize}
\begin{itemize}
\item\emph{Availability}:
\item Any network discovery (Step 1 in \autoref{fig:globalview}) is omitted. BS and PIA are assumed to be reachable directly via TCP/IP
\item\emph{Integrity}: ISO 27000 (Data Integrity)
\item We look into a protocol which proofs trustworthiness from BS to PIA.
\item\emph{Confidentiality}: ISO 27000
Any further proofs necessary for DigiDow's Verifier are also not focused in this thesis.
\item The sensible data sets will be transmitted in cleartext between BS and PIA.
It is considered easy to provide an additional layer of encryption for transportation.
However this should be considered in the DigiDow network protocol design.
This thesis focuses only on the trust part between BS and PIA.
\item Any built system is considered secure on a hardware level.
Any threats which are attacking the system without changing any running software on the system may be not detected. This includes USB wire tapping or debug interfaces within the system revealing sensible information.
\end{itemize}
\end{itemize}
Upon AIC it should be possible for users to prove honesty of the system.
%TODO edit pointer
This is what \emph{trust} defines in information security
\subsection{Requirements}
\begin{itemize}
\item given a set of software, this system should provide information that exactly this version of software is running on the system. (Integrity)
\item The system must furthermore show that it is a member of valid biometric sensors (Attestation)
\item All the given information should be anonymized. It should not be possible to gain any other information about the system (Anonymity)
\item It should be ensured that no sensitive data is stored at the biometric sensor
\end{itemize}
Scope of this thesis is on implementing the system from from hardware to application layer.
Is is not supposed to think about the network communication.
\section{Description of structure}
\section{Description of structure}
In Chapter~\autoref{cha:relatedwork} we will outline a variety of projects which do not contribute to this thesis.
In Chapter~\autoref{cha:relatedwork} we will outline a variety of projects which do not contribute to this thesis.
There is, however, scientific work that contribute to our project as described in \autoref{cha:concept}.
There is, however, scientific work that is used as scientific background to this thesis as described in \autoref{cha:background}.
Together with that, we will introduce our theoretical solution for the previously stated problems.
This includes especially the theoretical foundations of the network protocol.
This includes an overview of the cryptographic system and the used standards.
Together with that, we will introduce our theoretical solution for the previously stated problems in \autoref{cha:concept}.
Chapter~\ref{cha:implementation} introduces then a working implementation with all necessary parts for correct function.
Chapter~\ref{cha:implementation} introduces then a working implementation with all necessary parts for a working prototype.
Finally we will present the results and limitations in \autoref{cha:conclusion} and give an overview of future work.
Finally we will present the results and limitations in \autoref{cha:conclusion} and give an overview of future work.
\chapter{Related Work}\label{cha:relatedwork}
\chapter{Related Work}\label{cha:relatedwork}
There exist already many interesting projects and implementations which touch the field of trusted computing.
There exist already many interesting projects and implementations which touch the field of trusted computing.
We will introduce some of these projects and discuss why these do not meet the purpose of this thesis.
We will introduce some of these projects and discuss why these do not meet the purpose of this thesis.
