diff --git a/thesis/04_implementation.tex b/thesis/04_implementation.tex index 1b30cd0..4aed893 100644 --- a/thesis/04_implementation.tex +++ b/thesis/04_implementation.tex @@ -295,13 +295,45 @@ IMA-Settings erklären. Available on Ubuntu, RedHat and optionally Gentoo. The kernel has the correct compile options set. -\subsection{Handling external hardware}4 +\subsection{Handling external hardware} How can camera and fingerprint sensor be trusted? What is the limitation of this solution? -\section{Direct Anonymous Attestation} +\section{Using the DAA Protocol} +Direct anonymous attestation is a group signature scheme which uses the TPM as cryptoprocessor and key store. +The feature of identifiable instances of sensors is not required when interacting with the Digidow network. +Only the \emph{trusted} state of the sensor system and the membership in the corresponding group is relevant. +Hence, the group membership is an essential part to provide trust to the users, requiring a deep knowledge on what hardware and software is installed and which vulnerabilities it might have. + +The DAA group membership states that the system is provisioned from a trusted party, namely the DAA issuer. +The level of trust is ultimative since the used version of DAA is only partly dynamic by lacking support of membership removal. +During a Digidow transaction, the sensor attests its state by signing a message containing the IMA log and the PCR registers. +Any party interacting with the sensor is then able to check trustworthiness via integrity and valid membership of the sensor. + +We describe in the following which programs need to be installed and what configuration is required to demonstrate a working implementation of DAA. + +\subsection{Provision Hosts of Test Setup} +The demonstration setup, shown in \autoref{fig:prototype} consists of three independent hosts which are connected together via TCP/IP. +Every host represent one party in the DAA scheme, each requiring additional software to support the DAA protocol over TCP/IP. +Xaptums ECDAA library need to be installed on all three hosts. +However, the hosts representing issuer and verifier do not require TPM support. +Similar to that, the ECDAA network wrapper has to be installed on every host. + +The member needs, besides DAA protocol support, software to capture and process the image of the USB webcam. +We use a small program called \texttt{sensor-capture} for capturing a face image from a webcam. +For biometric processing, we transform the image into an embedding. +This is done with the face recognition prototype of Digidow\footnote{\url{https://git.ins.jku.at/proj/digidow/prototype-facerecognition}}. + +\subsubsection{Installing Xaptum ECDAA Library} + + +\begin{itemize} + \item \emph{DAA issuer}: The issuer needs the Xaptum ecdaa library and the ecdaa network wrapper which is provided with +\end{itemize} + + DAA Project from Xaptum: Working DAA handshake and possible TPM integration. Requires an Attestation Key which is secured with a password policy. diff --git a/thesis/05_outlook.tex b/thesis/05_outlook.tex index 39e1390..aa256bf 100644 --- a/thesis/05_outlook.tex +++ b/thesis/05_outlook.tex @@ -4,8 +4,23 @@ These are the test results \section{Limitations} -Still hard to set up a system like that. -Documentation is available, but hardly any implementations for DAA and IMA. +Documentation available for TPM APIs, but no changelog for \texttt{tpm2-tools}. + +Trusted boot and IMA can just handle static resources like files, kernel modules and firmware of hardware components. +Code transmitted over network or otherwse dynamically generated can not be recognized. +This is an open door for non-persistent attacks. + +Documentation on IMA is mostly outdated and so are some tools. +Further customization of rules may be useful to reduce log size. +However major Linux distributions support IMA by default on recent releases. + +Complexity of verifying system state is too high and is connected to system complexity. +Reducing number of dependencies and relevant file count is key for this problem. + +Implemented DAA does not support a full dynamic group scheme. +This might be useful in the future, maybe with a custom implementation of a recent DAA version. + + \section{Future Work} \subsection{Closing the chain of trust between TPM manufacturer and DAA issuer} @@ -15,6 +30,8 @@ Activate a credential with to certify that the Membership key is in the Endorsem \item Practical approach: with EK, AK and AIK to show validity of EK:\\ \url{https://ericchiang.github.io/post/tpm-keys/?utm_campaign=Go%20Full-Stack&utm_medium=email&utm_source=Revue%20newsletter#credential-activation} \end{itemize} +Further integration in the Digidow environment if DAA is useful for that. + \section{Outlook} Hardening of the system beyond IMA useful. Minimization also useful, because the logging gets shorter. diff --git a/thesis/MAIN.pdf b/thesis/MAIN.pdf index acd9d59..d7ef7b0 100644 Binary files a/thesis/MAIN.pdf and b/thesis/MAIN.pdf differ diff --git a/thesis/MAIN.tex b/thesis/MAIN.tex index 5aa985c..127218f 100644 --- a/thesis/MAIN.tex +++ b/thesis/MAIN.tex @@ -81,14 +81,16 @@ \pagestyle{scrheadings} \clearpairofpagestyles -\ifeng - \ohead*{\includegraphics[width=3cm]{cover/jkuen.png}} -\else - \ohead*{\includegraphics[width=3cm]{cover/jkude.png}} -\fi - -\ifoot*{\date} -\cfoot*{\author} +%\ifeng +% \ohead*{\includegraphics[width=3cm]{cover/jkuen.png}} +%\else +% \ohead*{\includegraphics[width=3cm]{cover/jkude.png}} +%\fi + +%\ifoot*{\date} +%\cfoot*{\author} +\ohead*{\rightmark} +%\ofoot*{\pagemark} \ofoot*{\pagemark/\pageref{LastPage}} \setkomafont{pageheadfoot}{\sffamily\scriptsize} diff --git a/thesis/config.tex b/thesis/config.tex index 3652d9f..044409a 100644 --- a/thesis/config.tex +++ b/thesis/config.tex @@ -27,14 +27,14 @@ \def\elementB{Submission} \def\elementBB{\textbf{Institute for Networks and Security}} -\def\elementC{First Supervisor} +\def\elementC{Supervisor} \def\elementCC{Univ.-Prof.\@ DI Dr.\@ \textbf{René Mayrhofer}} -\def\elementD{Second Supervisor} -\def\elementDD{DI \textbf{Tobias Höller}} +\def\elementD{} +\def\elementDD{} -\def\elementE{Assistant Thesis Supervisor / Mitbetreuung} -\def\elementEE{Dr.\@ \textbf{Michael Roland}} +\def\elementE{} +\def\elementEE{} %% Hier Datum eingeben (Monat der Abgabe im Prüfungs- und Anerkennungsservice): %% Enter the date (Month and year of submission to Examination and Recognition Services):