You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
167 lines
11 KiB
167 lines
11 KiB
\chapter{Concept}
|
|
\label{cha:concept}
|
|
The theoretical tool that should be formed to one whole system implementation in this thesis.
|
|
\section{Definition of the Biometric Sensor}
|
|
\label{definitions}
|
|
What part fulfills the BS and what needs to be done.
|
|
Record Sensor data, Network Discovery, send sensor data via trusted channel to PIA
|
|
|
|
\subsection{What has the BS to do?}
|
|
\label{sec:bs-usecase}
|
|
\begin{enumerate}
|
|
\item Listen for a Trigger to start the Authentication Process
|
|
\item Collect Sensor Data (Picture, Fingerprint) and calculate a biometric representation
|
|
\item Start Network Discovery and find the PIA of this person
|
|
\item Create a trusted and secure channel and transmit the attributes for verification
|
|
\item Restore the state of the system as it was before this transaction
|
|
\end{enumerate}
|
|
|
|
\section{Attack Vectors and Threat Model}
|
|
The Biometric Sensor will work in an exposed environment.
|
|
Neither the user providing biometric data nor the network environment should be trusted for proper function.
|
|
There should only be a connection to the Digidow network for transmitting the recorded data.
|
|
This assumption of autonomy provides independence to the probably diverse target environments and use cases.
|
|
|
|
In addition to autonomy, the Biometric Sensor should also ensure proper handling of received and generated data.
|
|
The recorded dataset from a sensor is \emph{sensitive data} due to its ability to identify an individual (Who?).
|
|
Due to its narrow definition, it is affordable to protect sensitive data.
|
|
Besides that, \emph{metadata} is information generated during the whole transaction phase.
|
|
Timestamps and host information are metadata as well as connection lists, hash sums and log entries and much more (What? Where? When?)
|
|
There exists no exact definition or list of metadata which makes it hard to prevent any exposure of it.
|
|
Metadata does not directly identify an individual.
|
|
However huge notwork providers are able to combine lots of metadata to traces of individuals.
|
|
Eventually an action of those traced individuals might unveil their identity.
|
|
Consequently, a central goal of Digidow is to minimize the amount to minimize the risk of traces.
|
|
|
|
Privacy defines the ability of individuals to keep information about themselves private from others.
|
|
In context to the Biometric Sensor, this is related to the recorded biometric data.
|
|
Furthermore, to prevent tracking. any interaction with a Sensor should not be matched to personal information.
|
|
Only the intended and trusted way of identification within the Digidow network should be possible.
|
|
|
|
\subsection{Threat Model}
|
|
\label{ssec:threatmodel}
|
|
|
|
To fulfill the Sensor's use case in an exposed environment, we need to consider the following attack vectors.
|
|
\begin{itemize}
|
|
\item \emph{Rogue Hardware Components}: Modified components of the Biometric Sensor could, depending on their contribution to the system, collect data or create a gateway to the internal processes of the system.
|
|
Although the produced hardware piece itself is fine, the firmware on it is acting in a malicious way.
|
|
This threat addresses the manufacturing and installation of the system.
|
|
\item \emph{Hardware Modification}: Similar to rogue hardware components, the system could be modified in the target environment by attaching additional hardware.
|
|
With this attack, adversaries may get direct access to memory or to data transferred from or to attached devices,
|
|
\item \emph{Metadata Extraction}: The actual sensor like camera or fingerprint sensor is usually attached via USB or similar cable connection.
|
|
It is possible to log the protocol of those attached devices via Man in the Middle attack on the USB cable.
|
|
\item \emph{Attribute Extraction}: The actual sensor like camera or fingerprint sensor is usually attached via USB or similar cable connection.
|
|
It is possible to log the protocol of those attached devices via wiretapping the USB cable.
|
|
With that attack, an adversary is able to directly access the attributes to identify individuals.
|
|
\item \emph{Modification or aggregation of sensitive data within Biometric Sensor}: The program which prepares the sernsor data for transmission could modify the data before sealing it.
|
|
The program can also just save the sensible data for other purposes.
|
|
\item \emph{Metadata extraction on Network}: During transmission of data from the sensor into the Digidow network, there will be some metadata generated.
|
|
An adversary could use this datasets to generate tracking logs and eventually match these logs to individuals.
|
|
\item \emph{Retransmission of sensor data of a rogue Biometric Sensor}: When retransmitting sensor data, the authentication of an individual could again be proven.
|
|
Any grants provided to this individual could then given to another person.
|
|
\item \emph{Rogue Biometric Sensor blocks transmission}: By blocking any transmission of sensor data, any transaction within the Digidow network could be blocked and therefore the whole authentication process is stopped.
|
|
\item \emph{Rogue Personal Identity Agent}: A rogue PIA might receive the sensor data instead of the honest one.
|
|
Due to this error, a wrong identity and therefore false claims would be made out of that.
|
|
\end{itemize}
|
|
|
|
Given this threat model and the use cases described in \autoref{sec:bs-usecase}, we will introduce an approach to minimize most of the attack vectors.
|
|
|
|
\begin{itemize}
|
|
\item DONE Definition of sensitive data / privacy / metadata
|
|
\item This version of BS is not owned by the user, there is no personal data in the System
|
|
\item Rogue Personal Identity Agent (PIA)
|
|
\item Metadata Extraction
|
|
\item Attribute extraction
|
|
\item Sensor Data Modification/manipulation
|
|
\item Wiretap between Sensor and System (USB or network)
|
|
\item Physical Manipulation of the BS-System
|
|
\item Network - Retransmission of sensor data of a rogue BS
|
|
\item Network - Blocking Data transmission of a rogue BS
|
|
\item Rogue BS Sensor Data aggregation
|
|
\item Rogue BS Sensor data modification before transmission
|
|
\end{itemize}
|
|
\section{Trust and Security}
|
|
\label{sec:trust}
|
|
Trust is an essential term in this thesis.
|
|
In the world of IT security, the term \emph{trusted computing} defines a secured environment where special or confidential computing jobs are dispatched.
|
|
This environment or product usually meets the following requirements
|
|
\begin{itemize}
|
|
\item \emph{Minimalization.} The number of features and hence the complexity must be as low as possible.
|
|
\item \emph{Sound definitions.} Every function should be well defined. There should be no margin for interpretation left. Security Engineers should be involved in the development.
|
|
\item \emph{Complete testing.} Testing for trusted computing includes a threat analysis and exhaustive testing if possible.
|
|
\end{itemize}
|
|
Since software and hardware testing is never complete, it is hard to find a good balance between feature set and testing completeness.
|
|
|
|
However trust in IT is not equal to security.
|
|
It defines a subset of IT security where this small well defined environment is embedded in a larger system which is usually untrusted.
|
|
Claiming a system \emph{secure} spans the constraints of trust over the complete system, which is not affordable for commodity computers these days.
|
|
However it is possible to use the trusted environment to get some guarantees on the untrusted parts of a system as well
|
|
In Chapter 3 we will show how trust will be extended in a commodity PC.
|
|
%TODO reference to TPM section how to extend trust into untrusted parts of PC
|
|
|
|
%TODO describe verifiable trust in addition to the previous definition (with example of the ATM?)
|
|
|
|
|
|
Differentiation between trust and security --- and the problem that not everyone is using that right.
|
|
\section{Systems of Trust}
|
|
\label{sec:trustsystems}
|
|
All trust systems are built on the standards of Trusted Computing Group.
|
|
\subsection{Secure Boot, TXT, \ldots}
|
|
\label{ssec:secureboot-txt}
|
|
Trusted Boot is not the same as Secure Boot. Explain the difference
|
|
\subsection{TPM1.2}
|
|
\label{ssec:tpm12}
|
|
Initial Version of the crypto-coprocessor, successfully spread into many systems, but hardly any integration in Trust/security Software
|
|
|
|
|
|
|
|
\begin{figure}
|
|
\centering
|
|
\includegraphics[width=0.7\textwidth]{../resources/tpmattest}
|
|
\caption[DAA Attestation procedure]{The DAA attestation process requires 5 steps. The PIA may trust the Biometric Sensor afterwards.}
|
|
\label{fig:daa-attestation}
|
|
\end{figure}
|
|
|
|
\section{Trusted Boot}
|
|
|
|
\section{Integrity Measurements}
|
|
As described in the previous section, when the boot process is eventually finished, the OS is then responsible for extending the chain of trust.
|
|
Given a valid trusted boot procedure, the binary representation of the kernel is already measured.
|
|
Therefore the Kernel itself has the responsibility to keep track of everything happening on the platform from the OS point of view.
|
|
|
|
Soon after the first TPM standard was published, the \emph{Integrity Measurement Architecture} (IMA) for the Linux Kernel was introduced.
|
|
Since Kernel 3.7 it is possible to use all IMA features, when the compiler options of the Kernel are set correspondingly.
|
|
|
|
IMA
|
|
|
|
|
|
Extend the Chain of Trust beyond the boot process.
|
|
The Kernel can measure many different types of Resources.
|
|
What is a useful set of measurements
|
|
|
|
\section{Verify Trust with DAA}
|
|
|
|
\subsection{DAA History}
|
|
Direct Anonymous Attestation (DAA) is a cryptographic protocol, which aims to provide evidence that a device is a honest member of a group without providing any identification information.
|
|
Brickell, Camenisch and Chen\cite{BriCamChe04} introduce DAA and implement the protocol for the TPM 1.2 standard.
|
|
However it supports only RSA and has limitations in verifying attestation signatures.
|
|
Hence, DAA is not used with the TPM 1.2 standard.
|
|
|
|
Since the DAA protocol is quite complex, it is difficult to provide a sound security model for DAA and formally prove the security properties of it.
|
|
Chen, Morissey and Smart\cite{chen09} add linkability to the protocol.
|
|
Their approach for a formal proof is not correct, since a trivial key can be used for pass verification\cite{camenisch16}
|
|
|
|
|
|
%TODO Chronic of DAA until Camenisch16, Discussion about broken Proofs in previous papers.
|
|
|
|
Camenisch, Drijvers and Lehmann\cite{camenisch16} developed a DAA scheme for the new TPM 2.0 standard.
|
|
It supports linkability and the proves for security and correctness still hold.
|
|
Furthermore, RSA and ECC cryptography is supported which makes it practicable for a wider variety of use cases.
|
|
However, Camenisch et al.\@ proposed a fix in the TPM 2.0 API to guarantee all requirements necessary for DAA.
|
|
Xaptum implemented this DAA-variant including the fixes in the TPM API.
|
|
The implementation will be discussed in Chapter 4.%TODO Reference to Xaptum discussion
|
|
|
|
Analyzing the security and integrity of this scheme would exceed the scope of this thesis.
|
|
Hence this thesis describes the DAA protocol and assumes the correctness and integrity.
|
|
|
|
%TODO: Discussion: sid removed, RL only works with private keys, etc.
|
|
|