hardware, and trust security: explain it like i’m 5!

Hardware, and Trust Security: Explain it like I’m 5!

Teddy Reed [email protected]

…or maybe 15, 27, 55??

Nicholas Anderson [email protected]

DEFCON 0x17=23 Hardware and Trust Security

Objectives

2

To simplify some otherwise complex explanations of hardware security

Provide an overview of obscure protocols, technologies, features

Satisfy our burning desire for lego & Pokémon references

Highlight previously controversial uses of hardware security

1.

2.

4.

Inspire hardware security and trust enthusiasm3.


Outline

3

Designer and administrator goals

Failures, uses, and use cases

Hardware security building blocks

1.

2.

4.

Components; technologies, protocols, features 3.


Outline

4




1.

2.

4.



Outline

5

Designer and administrator goals1.

We want to protect processes and code the same way we protect machines on a network

Authentication, confidentiality, trust relationships

Isolate, reduce attack surface, audit

Use:

to protect:

DEFCON 0x17=23 Hardware and Trust Security6

unprivileged

privileged


unprivileged

privileged0

3


privileged0

3unprivileged

user

root


privileged0

3unprivileged

user

root

most privileged

-1


Crossing a protection domaindefined by the architecture, not the operating system

this is NOT checking capabilities, comparing integers or consulting a bitmask mode of permissions

API defined by instruction set architecture

operating system implements both domains

some instructions [rdmsr] limited to privileged1.2.

4.concept should apply to all forms of memory*3.

*virtual address translation logic within MMU


Crossing a protection domaindefined by the architecture, not the operating system

kernel userthere are LOTs of ways to cross‘most’ cause a context switch

rippling effects on performance of the process and the system in general!

0 3


staticinlinelonglongunsignedtime_ns(structtimespec*constts){if(clock_gettime(CLOCK_REALTIME,ts)){exit(1);}return((longlongunsigned)ts->tv_sec)*1000000000LLU+(longlongunsigned)ts->tv_nsec;}

intmain(void){constintiterations=10000000;structtimespects;constlonglongunsignedstart_ns=time_ns(&ts);for(inti=0;i<iterations;i++){if(syscall(SYS_gettid)<=1){exit(2);}}constlonglongunsigneddelta=time_ns(&ts)-start_ns;return0;} by Benoit Sigoure

@github.com/tsuna/contextswitch

Measure context switch impact

http://github.com/tsuna/contextswitch


staticinlinelonglongunsignedtime_ns(structtimespec*constts){if(clock_gettime(CLOCK_REALTIME,ts)){exit(1);}return((longlongunsigned)ts->tv_sec)*1000000000LLU+(longlongunsigned)ts->tv_nsec;}

intmain(void){constintiterations=10000000;structtimespects;constlonglongunsignedstart_ns=time_ns(&ts);for(inti=0;i<iterations;i++){if(syscall(SYS_gettid)<=1){exit(2);}}constlonglongunsigneddelta=time_ns(&ts)-start_ns;return0;} by Benoit Sigoure

@github.com/tsuna/contextswitch

Measure context switch impact

Various cache invalidations, and look-aside buffer trampling, scheduling on

different hardware threads (affinity)

http://github.com/tsuna/contextswitch


Crossing a protection domain

kernel user


Crossing a protection domain

process net


Crossing a ‘protection’ domain

process netTCP/443

your PC LAN

You defined a protocol to handle/serve requests that separates two trust domains

API defined by protocol and RFC*

operating system implements both domains

lots of capability limited to service*1.2.

4.concept should apply to all forms of memory3.


Hardware and trust security

The operating system (software) provides primitives that help us build and secure network services

…hardware provides primitives to build and secure operating systems and software

Begins at primitives, then forms features and technology often encapsulated into a security-focused capability


Hardware and trust stack

primitives

features and specifications

technologies

capability



primitives


technologies

capability


primitives


technologies

capability or implementation


Outline

24




1.

2.

4.



Outline

25

Hardware security building blocks2.

Consider building the perfect Pokémon team

…pretty much always on our minds


Psychic:Poison, Fighting

Water/Ice Hybrid:Fire, Grass, Dragon, Rock, Ground, Flying

Grass, Electric

Electric: Water, Flying vs. Ground, Grass

Dragon:Dragon vs. Ice

Fire: Grass, Bug, Ice

Rock, Ground, Water

Normal, or Fighting:Creativity

The line up is well understood based on a series of attributes

each lineup attribute is a primitive


Psychic:Poison, Fighting

Water/Ice Hybrid:Fire, Grass, Dragon, Rock, Ground, Flying

Grass, Electric

Electric: Water, Flying vs. Ground, Grass

Dragon:Dragon vs. Ice

Fire: Grass, Bug, Ice

Rock, Ground, Water

Normal, or Fighting:Creativity


Pro tip: Information security

Like balancing your Pokémon team

eventually you’ll get beat by a 12 y/o

suck it up and always hold grudges


Reminder

29




1.

2.

4.



Building blocks

30

dedicated storage

algorithm implementations

tamper resilience

extendable trust

isolated execution

monitoring & auditingstate maintenance

dedicated I/O


Building blocks

31

dedicated storage


tamper resilience

extendable trust

isolated execution


dedicated I/O


Example: Build a TPM

32

dedicated storage


tamper resilience

extendable trust

isolated execution


dedicated I/O

✔

✔

✔

✔

✔

✔

Trusted Platform Module


Example: Build a HSM

33

dedicated storage


tamper resilience

extendable trust

isolated execution


dedicated I/O

✔

✔

✔

✔

✔

✔

✔

Hardware Security Module


Building blocks

34

dedicated storage


tamper resilience

extendable trust

isolated execution


dedicated I/O


Building blocks

35

dedicated storage

DRAM

0x0

0x7FFF

FFFFFFFF…

NVRAM

0x0

0x800000

*Memory sizes not to scale


Building blocks

36

dedicated storage

DRAM

0x0

0x7FFF

FFFFFFFF…

NVRAM

0x0

0x800000

*Memory sizes not to scale

open, inw, outwbyte transfer over bus

(1)(2)(3)


Building blocks

37

dedicated storage

means plus

providing a policy enforcement point or limiting transformation


Building blocks

38

dedicated storage


plus equals


Building blocks

39

dedicated storage


plus equals


Building blocks

40

dedicated storage


plusMISTY CANT USE ASH’S POKEMON

equals


Building blocks

41

dedicated storage


magic


Building blocks

42


read/write


Building blocks

43


sign, encrypt/decrypt


Building blocks

44


sign, encrypt/decrypt

provide algorithm in as hardware fast path

caller provides all data including keying materials


Building blocks

45



Building blocks

46

🔑🔐

dedicated storagealgorithm implementations

dedicated I/O


Building blocks

47

🔑🔐

💩💩

💩💩


dedicated I/Otamper resilience


Building blocks

48

🔑🔐

💩💩

💩💩

📜📜📜

state maintenance




Building blocks

49

🔑🔐

💩💩

💩💩

📜📜📜

state maintenance



📜📜📜 📜📜📜 📜📜📜 📜📜📜 📜📜📜extendable trust

monitoring & auditing


Building blocks

50

🔑🔐

💩💩

💩💩

📜📜📜

state maintenance



📜📜📜 📜📜📜 📜📜📜 📜📜📜 📜📜📜extendable trust


A Pokéball is a Hardware Security Module


Outline

51




1.

2.

4.



Outline

52




1.

2.

4.



Secure Boot

53

???


Secure Bootdedicated storage


extendable trust


state maintenanceUEFI 2+ firmware platform

54

(1)




extendable trust


state maintenanceUEFI 2+ firmware platformTrusted certificate stores

55

(1)(2)




extendable trust


state maintenanceUEFI 2+ firmware platform

Signed boot loaderTrusted certificate stores

56

(1)(2)

(3)


Secure Boot

Trusted certificate storesPlatform Key (PK)

Signature Database (db)

57

(2)Key enrollment key database (Kek)


Secure Boot

58

“I choose you Gyarados!!!”


Secure Boot

59

SecureBoot:Disabled


Secure Boot

60

SecureBoot:Disabled


Secure Boot

61

SecureBoot:Enabled

Misty runsLinux & used

MOKutil!


Boot “trust”

62

Secure Boot: Verify that the firmware has been digitally signed…or the user has manually approved the boot loaders digital signature

Trusted Boot: Verify the digital signature of the Windows 8.1 Kernel…including boot drivers, startup files and ELAM

Measured Boot: Check measurements against TPM


fetch code and size

compute hash and extend: H(V1) || H(V0)

apply signature check using certificate store and blacklist

allow signing of extended hashes

make decision

Boot “trust”


…the leg firmware is connected to the… ______ firmware

…the ______ firmware is connected to the… boot-loader

Boot “trust”


Reminder

65




1.

2.

4.



TrustZone

66

Highly configurable hardware and software specifications for SoC on ARM

ARM Cortex-A57 ARM Cortex-A53 ARM Cortex-A17 ARM Cortex-A15 ARM Cortex-A9 ARM Cortex-A8 ARM Cortex-A7 ARM Cortex-A5 ARM1176

Hardware layer Software layer


TrustZone

67

A privilege domain providing an execution environment (TEE)

Applications (TA) run in a secure world protected bymemory controllers and interrupts


tamper resilience

extendable trustisolated execution

monitoring & auditingstate maintenancededicated I/O


TrustZone

68

Implement remaining building blocks using SecureCore


tamper resilience

extendable trustisolated execution

monitoring & auditingstate maintenancededicated I/O


Isolated Execution

TrustZone

Guarantee Confidentiality and Integrity; while also providing standard execution functionality


TrustZone

70

Image/block diagram from arm.com

http://arm.com


Reminder

71




1.

2.

4.



Hardware Security Tour

72


TPMs

73

Atmel AC97C204T I2C, SMBus, LPC


HSMs

74

🔑🔐

💩💩💩

💩

📜📜📜 📜📜📜

💩

CACs, Smartcards, YubiHSM


TrustZone & SecureCore

75

privileged0

Qualcomm’s SecureMSMImplements custom Secure Boot and TrustZone application API


TXT, IOMMU

76

privileged0

Isolate devices on MMU

Measure specific executions then isolate by CPU & memory

Oracle for attestation


SGX

77

privileged0Unprivileged mode

bootstrapped protection


Hardware & Trust enabled auditing

privileged

exec

OS X kauth sysent[exec]()

Good idea? (y/n)

Audit event

Log sent



privileged

exec

OS X kauth sysent[exec]()

Good idea? (y/n)Audit event to OOB

Log sent



Audit event to OOB

Log sent

API defined by hardware features

no software trapping required (fast)

privileged mode not needed, but helpful1.2.

4.signing, buffering, compression supported3.


IPMI, iLO, DRAC

81

privileged0

AMT, SecurityEngine (ME)Embedded Controllers


Circuit Heuristics

82

Hardware IDS for Supply-chain threats

- Nathan Edwards


Failures & Uses

83


Failures & Uses

84

TrustZoneEnabled2015AndroidPhones:HTCOneM9,LGG4,OnePlus2,GalaxyS6

Verified boot on Chrome OS

UEFI Secure Boottboot & ‘dynamic’ roots of trust

Android security report: Frost & Sullivan

Attesting mobile app containers


~fin

85

DC23: Remote Exploitation of an Unaltered Passenger Vehicle

DC23: ThunderStrike 2: Sith Strike

DC23: Attacking Hypervisors Using Firmware and Hardware

DC23: NSA Playset: JTAG Implants

hardware, and trust security: explain it like i’m 5!

Technology