You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
164 lines
5.4 KiB
164 lines
5.4 KiB
\documentclass[naustrian,notes,aspectratio=169]{beamer}
|
|
|
|
\input{header}
|
|
%Titelinformationen
|
|
\title[Digidow Biometric Sensor]{Digital Shadow: Biometric Sensor}
|
|
\subtitle{Master's Thesis Seminar}
|
|
\author[Michael Preisach]{Michael Preisach}
|
|
\date{April 21, 2020}
|
|
\institute[INS]{\includegraphics[width=0.1\textwidth]{../../resources/ins}}
|
|
|
|
\begin{document}
|
|
\begin{frame}
|
|
\titlepage
|
|
\end{frame}
|
|
|
|
\begin{frame}
|
|
\frametitle{Biometric Sensor as Part of Digidow}
|
|
\begin{figure}
|
|
\centering
|
|
\includegraphics[width=0.7\textwidth]{../../resources/globalview}
|
|
\end{figure}
|
|
\end{frame}
|
|
|
|
\begin{frame}
|
|
\frametitle{Threat Model}
|
|
\begin{itemize}
|
|
\item Biometric Sensor (BS) point of view
|
|
\begin{itemize}
|
|
\item Rogue Personal Identity Agent (PIA)
|
|
\item Metadata/Attribute Extraction on Network
|
|
\item Defects on Network - Discovery not working
|
|
\item Sensor data modification at sensor hardware (e.\,g. camera)
|
|
\item Physical manipulation of hardware
|
|
\end{itemize}
|
|
\item Network/PIA point of view
|
|
\begin{itemize}
|
|
\item Retransmission of sensor data
|
|
\item Blocking data transmission
|
|
\item Sensor data aggregation
|
|
\item Sensor data modification before transmission
|
|
\end{itemize}
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}
|
|
\frametitle{Trusted Platform Module (TPM)}
|
|
\begin{columns}
|
|
\begin{column}{0.55\textwidth}
|
|
\begin{itemize}
|
|
\item Dedicated Cryptocoprocessor in the PC
|
|
\item Toolset available for measurement, attestation, key management, \ldots
|
|
\item Available Hierarchies: Storage, Endorsement, Platform, Null
|
|
\item Platform Configuration Registers (PCR) for the state of the system\footnotemark
|
|
\end{itemize}
|
|
\end{column}
|
|
\begin{column}{0.45\textwidth} %%<--- here
|
|
\begin{footnotesize}
|
|
\begin{tabular}{c|l}
|
|
PCR &Usage\\\hline
|
|
0 &UEFI boot and runtime services \\
|
|
1 &SMBIOS, ACPI, \ldots \\
|
|
4 &UEFI OS Loader \\
|
|
5 &ESP, GPT \\
|
|
7 &Unified Kernel\\
|
|
10 &Integrity Measurements (by Kernel)\\
|
|
\end{tabular}
|
|
\end{footnotesize}
|
|
\end{column}
|
|
\end{columns}
|
|
\footnotetext{\url{https://www.trustedcomputinggroup.org/wp-content/uploads/PC-ClientSpecific_Platform_Profile_for_TPM_2p0_Systems_v21.pdf}}
|
|
\end{frame}
|
|
|
|
\begin{frame}
|
|
\frametitle{Integrity Measurement Architecture\footnote{\url{https://wiki.gentoo.org/wiki/Integrity_Measurement_Architecture}}}
|
|
\begin{itemize}
|
|
\item Compile options within the Linux Kernel
|
|
\item When the Kernel starts, a large set of resources can be measured
|
|
\begin{itemize}
|
|
\item files accessed by root
|
|
\item all executables run
|
|
\item shared libs and all other files held in memory
|
|
\item \ldots
|
|
\end{itemize}
|
|
\item Based on policies, cooperates with selinux
|
|
\item Creates Hash chain in PCR 10 (default)
|
|
\begin{itemize}
|
|
\item new\_hash = hash(old\_hash | resource)
|
|
\end{itemize}
|
|
\item integrity log lists measured resources, different file formats possible
|
|
\item Attestation
|
|
\begin{enumerate}
|
|
\item Create Attestation Identity Key (AIK) from the Endorsement Key
|
|
\item Sign the current PCR value and the log with the AIK
|
|
\end{enumerate}
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}
|
|
\frametitle{TPM environment for DAA}
|
|
\begin{figure}
|
|
\centering
|
|
\includegraphics[width=0.8\textwidth]{../../resources/tpmkeys}
|
|
\end{figure}
|
|
|
|
\begin{itemize}
|
|
\item TPM can sign messages with the AIK
|
|
\item The signature is proofable with the Issuer Public Key (zero knowledge proof)
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}
|
|
\frametitle{DAA Verification}
|
|
\begin{columns}
|
|
\begin{column}{0.55\textwidth}
|
|
\begin{figure}
|
|
\centering
|
|
\includegraphics[width=\textwidth]{../../resources/tpmattest}
|
|
\end{figure}
|
|
\end{column}
|
|
\begin{column}{0.45\textwidth} %%<--- here
|
|
\begin{itemize}
|
|
\item Issuer Public Key is assumed known to any PIA
|
|
\item Verifier (PIA) can only check validity of BS
|
|
\item Only communication between PIA and BS
|
|
\item Revocation lists manage termination of subscription
|
|
\end{itemize}
|
|
\end{column}
|
|
\end{columns}
|
|
\end{frame}
|
|
|
|
\begin{frame}
|
|
\frametitle{Mitigated Threats}
|
|
\begin{itemize}
|
|
\item Biometric Sensor point of view
|
|
\begin{itemize}
|
|
\item Rogue PIA \textcolor{orange}{Two way DAA? TBD}
|
|
\item Metadata/Attribute Extraction on Network \textcolor{orange}{Cert based channel encryption? TBD}
|
|
\item Defects on Network - Discovery not working \textcolor{red}{Denial of Service}
|
|
\item Sensor data modification at sensor hardware \textcolor{green}{Firmware/Driver trust/attestation}
|
|
\item Physical manipulation of hardware \textcolor{orange}{Trusted Bootchain}
|
|
\end{itemize}
|
|
\item Network/PIA point of view
|
|
\begin{itemize}
|
|
\item Retransmission of sensor data \textcolor{green}{Integrity Measurement/Trusted Software}
|
|
\item Blocking data transmission \textcolor{green}{Integrity Measurement/Trusted Software}
|
|
\item Sensor data aggregation \textcolor{green}{Integrity Measurement/Trusted Software}
|
|
\item Sensor data modification before transmission \textcolor{green}{Integrity Measurement/Trusted Software}
|
|
\end{itemize}
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}
|
|
\frametitle{State of the project}
|
|
\begin{itemize}
|
|
\item Trusted Boot: ready, different flavors tested
|
|
\item DAA: Basically working, Attestation Key not yet in TPM
|
|
\item Integrity Measurement: ongoing, not running, policy design necessary
|
|
\item Put above parts together
|
|
\item Thesis: Theoretical concepts need to be written down
|
|
\item Future work: minimize system, hardening on OS level
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\end{document}
|
|
|