Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC

Filters

7 7
Reset filters

Settings
Now showing 1 - 10 of 14
  • Publication
    Universal Remote Attestation for Cloud and Edge Platforms
    ( 2023)
    Ott, Simon
    ;
    Kamhuber, Monika
    ;
    Pecholt, Joana
    ;
    Wessel, Sascha
    With more computing workloads being shifted to the cloud, verifying the integrity of remote software stacks through remote attestation becomes an increasingly important topic. During remote attestation, a prover provides attestation evidence to a verifier, backed by a hardware trust anchor. While generating this information, which is essentially a list of hashes, is easy, examining the trustworthiness of the overall platform based on the provided list of hashes without context is difficult. Furthermore, as different trust anchors use different formats, interaction between devices using different attestation technologies is a complex problem. To address this problem, we propose a universal, hardware-agnostic device-identity and attestation framework. Our framework focuses on easing attestation by having provers present meaningful metadata to verify the integrity of the attestation evidence. We implemented and evaluated the framework for Trusted Platform Modules (TPM), AMD SEV-SNP attestation, and ARM PSA Entity Attestation Tokens (EATs).
  • Publication
    Confidential Quantum Computing
    ( 2023)
    Hrdá, Barbora
    ;
    Wessel, Sascha
    Quantum computing is becoming more accessible with increasing numbers of quantum platforms. The confidentiality and integrity of data and algorithms running on these systems are important assets that need to be protected from untrusted parties. Previous approaches focus on the encryption of individual sub-areas, often using at least hybrid clients, and do not take the entire path from the classical client via a platform to the quantum computing hardware into consideration. Based on the classification of quantum algorithms we show the assets worth protecting, evolve the data flow on third-party quantum hardware and quantum computing platforms, and propose a concept architecture addressing confidentiality and integrity of processed data and code. Our approach shows that confidentiality can already be achieved for data with classical clients, while code confidentiality remains an open question. Our approach covers integrity for most complexity classes.
  • Publication
    CoCoTPM: Trusted Platform Modules for Virtual Machines in Confidential Computing Environments
    ( 2022)
    Pecholt, Joana
    ;
    Wessel, Sascha
    Cloud computing has gained popularity and is increasingly used to process sensitive and valuable data. This development necessitates the protection of data from the cloud provider and results in a trend towards confidential computing. Hardware-based technologies by AMD, Intel and Arm address this and allow the protection of virtual machines and the data processed in them. Unfortunately, these hardware-based technologies do not offer a unified interface for necessary tasks like secure key generation and usage or secure storage of integrity measurements. Moreover, these technologies are oftentimes limited in functionality especially regarding remote attestation. On the other hand, a unified interface is widely used in the area of bare-metal systems to provide these functionalities: the Trusted Platform Module (TPM). In this paper, we present a concept for an architecture providing TPM functionalities for virtual machines in confidential computing environments. We name it Confidential Computing Trusted Platform Module, short CoCoTPM. Different from common approaches for virtual machines, host and hypervisor are not trusted and excluded from the trusted computing base. Our solution is compatible with existing mechanisms and tools utilizing TPMs and thus allows the protection of virtual machines in confidential computing environments without further adaptations of these mechanisms and tools. This includes storage of integrity measurements during a measured boot and for the integrity measurement architecture, full disk encryption bound to these measurements, usage of an openssl provider for TLS connections and remote attestation. We show how our concept can be applied to different hardware-specific technologies and implemented our concept for AMD SEV and SEV-SNP.
  • Publication
    SEVered: Subverting AMD's virtual machine encryption
    ( 2018)
    Morbitzer, Mathias
    ;
    Huber, Manuel
    ;
    Horsch, Julian
    ;
    Wessel, Sascha
    AMD SEV is a hardware feature designed for the secure encryption of virtual machines. SEV aims to protect virtual machine memory not only from other malicious guests and physical attackers, but also from a possibly malicious hypervisor. This relieves cloud and virtual server customers from fully trusting their server providers and the hypervisors they are using. We present the design and implementation of SEVered, an attack from a malicious hypervisor capable of extracting the full contents of main memory in plaintext from SEV-encrypted virtual machines. SEVered neither requires physical access nor colluding virtual machines, but only relies on a remote communication service, such as a web server, running in the targeted virtual machine. We verify the effectiveness of SEVered on a recent A MD SEV-enabled server platform running different services, such as web or SSH servers, in encrypted virtual machines. With these examples, we demonstrate that SEVered reliably and efficiently extracts all memory contents even in scenarios where the targeted virtual machine is under high load.
  • Publication
    Safety & security testing of cooperative automotive systems
    ( 2018)
    Seydel, Dominique
    ;
    Weiß, Gereon
    ;
    Pöhn, Daniela
    ;
    Wessel, Sascha
    ;
    Wenninger, Franz
    Cooperative behavior of automated traffic participants is one next step towards the goals of reducing the number of traffic fatalities and optimizing traffic flow. The notification of a traffic participant's intentions and coordination of driving strategies increase the reaction time for safety functions and allow a foresighted maneuver planning. When developing cooperative applications, a higher design complexity has to be handled, as components are distributed over heterogeneous systems that interact with a varying timing behavior and less data confidence. In this paper, we present a solution for the development, simulation and validation of cooperative automotive systems together with an exemplary development flow for safety and security testing.
  • Publication
    TransCrypt: Transparent main memory encryption using a minimal ARM hypervisor
    ( 2017)
    Horsch, Julian
    ;
    Huber, Manuel
    ;
    Wessel, Sascha
    Attacks on memory, revealing secrets, for example, via DMA or cold boot, are a long known problem. In this paper, we present TransCrypt, a concept for transparent and guest-agnostic, dynamic kernel and user main memory encryption using a custom minimal hypervisor. The concept utilizes the address translation features provided by hardware-based virtualization support of modern CPUs to restrict the guest to a small working set of recently accessed physical pages. The rest of the pages, which constitute the majority of memory, remain securely encrypted. Furthermore, we present a transparent and guest-agnostic mechanism for recognizing pages to be excluded from encryption to still ensure correct system functionality, for example, for pages shared with peripheral devices. The detailed evaluation using our fully functional prototype on an ARM Cortex-A15 development board running Android shows that TransCrypt is able to effectively protect secrets in memory while keeping the p erformance impact small. For example, the system is able to keep the E-mail account password of a typical user in the Android mail app's memory encrypted 98.99% of the time, while still reaching 81.7% and 99.8% of native performance in different benchmarks.
  • Publication
    CoKey: Fast token-based cooperative cryptography
    ( 2016)
    Horsch, Julian
    ;
    Wessel, Sascha
    ;
    Eckert, Claudia
    Keys for symmetric cryptography are usually stored in RAM and therefore susceptible to various attacks, ranging from simple buffer overflows to leaks via cold boot, DMA or side channels. A common approach to mitigate such attacks is to move the keys to an external cryptographic token. For low-throughput applications like asymmetric signature generation, the performance of these tokens is sufficient. For symmetric, data-intensive use cases, like disk encryption on behalf of the host, the connecting interface to the token often is a serious bottleneck. In order to overcome this problem, we present CoKey, a novel concept for partially moving symmetric cryptography out of the host into a trusted detachable token. CoKey combines keys from both entities and securely encrypts initialization vectors on the token which are then used in the cryptographic operations on the host. This forces host and token to cooperate during the whole encryption and decryption process. Our concept strongly and efficiently binds encrypted data on the host to the specific token used for their encryption, while still allowing for fast operation. We implemented the concept using Linux hosts and the USB armory, a USB thumb drive sized ARM computer, as detachable crypto token. Our detailed performance evaluation shows that our prototype is easily fast enough even for data-intensive and performance-critical use cases like full disk encryption, thus effectively improving security for symmetric cryptography in a usable way.
  • Publication
    Transparent page-based kernel and user space execution tracing from a custom minimal ARM hypervisor
    ( 2015)
    Horsch, Julian
    ;
    Wessel, Sascha
    In this paper, we present a framework for transparent kernel and user execution tracing from a minimal ARM hypervisor. The framework utilizes hardware-supported virtualization on modern ARM CPUs to restrict the number of executable pages in the system without interfering with the traced guest. The resulting page faults give the framework access to page-granular control flow information. The framework is transparent and agnostic to kernel and user space software not requiring any changes or additional components in the traced guest. The application scenarios for the framework include malware analysis, malware detection and runtime integrity protection. We furthermore present a detailed example application for the framework which uses the provided trace data to enforce a particular page-granular control flow to defend the guest against control flow hijacking attacks like return-oriented programming. The detailed performance analysis of our prototype implementation running on a Cortex-A15 development board with Android shows that the framework and the example application perform well even in adverse benchmarking scenarios. Therefore, the framework not only can be useful for realizing virtualization-based security mechanisms known and researched on x86 platforms for ARM, but also shows that the very lightweight ARM hardware virtualization support allows for new mechanisms relying on very frequent interaction with the hypervisor.
  • Publication
    User identity verification based on touchscreen interaction analysis in web contexts
    ( 2015)
    Velten, Michael
    ;
    Schneider, Peter
    ;
    Wessel, Sascha
    ;
    Eckert, Claudia
    The ever-increasing popularity of smartphones amplifies the risk of loss or theft, thus increasing the threat of attackers hijacking critical user accounts. In this paper, we present a framework to secure accounts by continuously verifying user identities based on user interaction behavior with smartphone touchscreens. This enables us to protect user accounts by disabling critical functionality and enforcing a reauthentication in case of suspicious behavior. We take advantage of standard mobile web browser capabilities to remotely capture and analyze touchscreen interactions. This approach is completely transparent for the user and works on everyday smartphones without requiring any special software or privileges on the user's device. We show how to successfully classify users even on the basis of limited and imprecise touch interaction data as is prevalent in web contexts. We evaluate the performance of our framework and show that the user identification accuracy is higher than 99% after collecting about a dozen touch interactions.
  • Publication
    Integrity verification and secure loading of remote binaries for microkernel-based runtime environments
    ( 2014)
    Weiß, Michael
    ;
    Wagner, Steffen
    ;
    Hellmann, Roland
    ;
    Wessel, Sascha
    While most microkernel-based systems implement non-essential software components as user space tasks and strictly separate those tasks during runtime, they often rely on a static configuration and composition of their software components to ensure safety and security. In this paper, we extend a microkernel-based system architecture with a Trusted Platform Module (TPM) and propose a verification mechanism for a microkernel runtime environment, which calculates integrity measurements before allowing to load (remote) binaries. As a result, our approach is the first to adopt the main ideas of the Integrity Measurement Architecture (IMA), which has been proposed for Linux-based systems, to a microkernel. In comparison, however, it significantly reduces the Trusted Computing Base (TCB) and allows for a strict separation of the integrity verification component from any rich operating system, such as GNU/Linux or Android, running in parallel. In our implementation, which is based on L4/Fiasco. OC with L4Re as runtime environment, we present our extension of the existing L4Re loader service that calculates integrity measurements for each binary. We also evaluate our implementation on two ARM-based developer boards and discuss code size, security, and performance of our proposed integrity verification mechanism.