TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication

RuhR-University Bochum System Security Lab

TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication

Sebastian Gajek1, Hans Löhr2, Ahmad-Reza Sadeghi2, Marcel Winandy2

1 Tel Aviv University, Israel2 Ruhr-University Bochum, Germany

ACM STC 2009 – 4th Annual Workshop on Scalable Trusted ComputingChicago, Illinois, USA – November 13, 2009

2009-11-13TruWallet: Wallet-Based Web Authentication (STC 2009) 2

RuhR-University Bochum

Marcel Winandy

System Security Lab

Introduction

● Identity theft is a growing crime on the Internet(especially phishing)

● Classical phishing: faked web sites

● Malware phishing: attacking user's device

password

Adversary A Phishing Server

password

password

Adversary A Phishing Server

password



Marcel Winandy

System Security Lab

Introduction

● Countermeasures against phishing– A broad range of approaches exists

● Promising: “wallet” (authentication agent)– Stores all user login credentials

– Authenticates web sites for their legitimacy

– Performs login on behalf of user

+



Marcel Winandy

System Security Lab

Introduction

● However: needs strong protection mechanism (malware could attack wallet directly)



Marcel Winandy

System Security Lab

Introduction


● We have trusted computing – so what?(secure boot, sealing, attestation, etc.)



Marcel Winandy

System Security Lab

Introduction


● We have trusted computing – so what?(secure boot, sealing, attestation, etc.)

● Scalability issues:– PKI dependency: server can change SSL certificate

(update, new CA, new URL, etc.)

– Device restriction: wallet locked-down to one platform



Marcel Winandy

System Security Lab

TruWallet - Overview

● High-level architecture● Automated login with SSL-PKI-independent

server authentication● Secure migration of wallet data to other devices● Implementation



Marcel Winandy

System Security Lab

TruWallet Architecture



Marcel Winandy

System Security Lab




Marcel Winandy

System Security Lab




Marcel Winandy

System Security Lab




Marcel Winandy

System Security Lab




Marcel Winandy

System Security Lab

SSL-PKI-Independent Server Authentication



Marcel Winandy

System Security Lab


● Registration (user creates new account)



Marcel Winandy

System Security Lab


● Registration (user creates new account)– TruWallet creates high-entropy password

new password



Marcel Winandy

System Security Lab



– Derive shared secret from server_finished

client_hello

SSL handshake

encSSL(server_finished)



Marcel Winandy

System Security Lab




client_hello

SSL handshake

encSSL(server_finished)sharedsecret

sharedsecret



Marcel Winandy

System Security Lab




client_hello

SSL handshake

encSSL(server_finished)sharedsecret

sharedsecret

Link password with shared secret (and server URL)

new password



Marcel Winandy

System Security Lab


● Login (user connects to registered account)– Server is authenticated via challenge-response

client_hello

SSL handshake




Marcel Winandy

System Security Lab



client_hello

SSL handshake


nonce



Marcel Winandy

System Security Lab



client_hello

SSL handshake

encSSL(server_finished || HMACsharedsecret

(trnscrpt))

nonce



Marcel Winandy

System Security Lab



client_hello

SSL handshake

encSSL(server_finished || HMACsharedsecret

(trnscrpt))

nonce

sharedsecret

sharedsecret

Only if server can prove knowledge of shared secret, user password is sent.



Marcel Winandy

System Security Lab

Secure Migration of Wallet Data



Marcel Winandy

System Security Lab

Secure Migration of Wallet Data

● Another Wallet on destination platform● Establish a trusted channel between platforms

– Secure channel (confidentiality)

– Bound to TCB configuration of destination

● Send wallet data through trusted channel● Trusted Channel based on [Asokan+2007],

– But here: less components, less steps



Marcel Winandy

System Security Lab

Migration ProtocolStorageManager Wallet Wallet Trust

ManagerStorageManager TPM

loadData()

requestTrustedChannel()TPM_CreateWrapKey()

(PKBind

, ESKBind

)

TPM_CertifyKey(PKBind

)

certBind(cert

Bind, PK

Bind, ESK

Bind)

(certBind

, PKBind

)

verify(certBind

)

wd

ewd :=Tspi_Data_Bind(PK

Bind,wd)

ewd unbind(ewd) TPM_LoadKey(ESKBind

)

TPM_Unbind(ewd)

verify(TCB_conf)

SKBind

:= decrypt_SRK(ESKBind

)

wd:= decrypt_SKBind

(ewd)wd

storeData(wd)

Source platform Destination platform

request-TrustedChannel()

ESKBind

:= encrypt_SRK(SK

Bind,TCBconf)

wd



Marcel Winandy

System Security Lab



loadData()


(PKBind

, ESKBind

)


)

certBind(cert

Bind, PK

Bind, ESK

Bind)

(certBind

, PKBind

)

verify(certBind

)

wd


Bind,wd)


)

TPM_Unbind(ewd)

verify(TCB_conf)

SKBind


)

wd:= decrypt_SKBind

(ewd)wd

storeData(wd)



ESKBind

:= encrypt_SRK(SK

Bind,TCBconf)

wd



Marcel Winandy

System Security Lab



loadData()


(PKBind

, ESKBind

)


)

certBind(cert

Bind, PK

Bind, ESK

Bind)

(certBind

, PKBind

)

verify(certBind

)

wd


Bind,wd)


)

TPM_Unbind(ewd)

verify(TCB_conf)

SKBind


)

wd:= decrypt_SKBind

(ewd)wd

storeData(wd)



ESKBind

:= encrypt_SRK(SK

Bind,TCBconf)

wd



Marcel Winandy

System Security Lab



loadData()


(PKBind

, ESKBind

)


)

certBind(cert

Bind, PK

Bind, ESK

Bind)

(certBind

, PKBind

)

verify(certBind

)

wd


Bind,wd)


)

TPM_Unbind(ewd)

verify(TCB_conf)

SKBind


)

wd:= decrypt_SKBind

(ewd)wd

storeData(wd)



ESKBind

:= encrypt_SRK(SK

Bind,TCBconf)

wd



Marcel Winandy

System Security Lab



loadData()


(PKBind

, ESKBind

)


)

certBind(cert

Bind, PK

Bind, ESK

Bind)

(certBind

, PKBind

)

verify(certBind

)

wd


Bind,wd)


)

TPM_Unbind(ewd)

verify(TCB_conf)

SKBind


)

wd:= decrypt_SKBind

(ewd)wd

storeData(wd)



ESKBind

:= encrypt_SRK(SK

Bind,TCBconf)

wd



Marcel Winandy

System Security Lab



loadData()


(PKBind

, ESKBind

)


)

certBind(cert

Bind, PK

Bind, ESK

Bind)

(certBind

, PKBind

)

verify(certBind

)

wd


Bind,wd)


)

TPM_Unbind(ewd)

verify(TCB_conf)

SKBind


)

wd:= decrypt_SKBind

(ewd)wd

storeData(wd)



ESKBind

:= encrypt_SRK(SK

Bind,TCBconf)

wd



Marcel Winandy

System Security Lab



loadData()


(PKBind

, ESKBind

)


)

certBind(cert

Bind, PK

Bind, ESK

Bind)

(certBind

, PKBind

)

verify(certBind

)

wd


Bind,wd)


)

TPM_Unbind(ewd)

verify(TCB_conf)

SKBind


)

wd:= decrypt_SKBind

(ewd)wd

storeData(wd)



ESKBind

:= encrypt_SRK(SK

Bind,TCBconf)

wd



Marcel Winandy

System Security Lab



loadData()


(PKBind

, ESKBind

)


)

certBind(cert

Bind, PK

Bind, ESK

Bind)

(certBind

, PKBind

)

verify(certBind

)

wd


Bind,wd)


)

TPM_Unbind(ewd)

verify(TCB_conf)

SKBind


)

wd:= decrypt_SKBind

(ewd)wd

storeData(wd)



ESKBind

:= encrypt_SRK(SK

Bind,TCBconf)

wd



Marcel Winandy

System Security Lab



loadData()


(PKBind

, ESKBind

)


)

certBind(cert

Bind, PK

Bind, ESK

Bind)

(certBind

, PKBind

)

verify(certBind

)

wd


Bind,wd)


)

TPM_Unbind(ewd)

verify(TCB_conf)

SKBind


)

wd:= decrypt_SKBind

(ewd)wd

storeData(wd)



ESKBind

:= encrypt_SRK(SK

Bind,TCBconf)

wd



Marcel Winandy

System Security Lab



loadData()


(PKBind

, ESKBind

)


)

certBind(cert

Bind, PK

Bind, ESK

Bind)

(certBind

, PKBind

)

verify(certBind

)

wd


Bind,wd)


)

TPM_Unbind(ewd)

verify(TCB_conf)

SKBind


)

wd:= decrypt_SKBind

(ewd)wd

storeData(wd)



ESKBind

:= encrypt_SRK(SK

Bind,TCBconf)

wd



Marcel Winandy

System Security Lab



loadData()


(PKBind

, ESKBind

)


)

certBind(cert

Bind, PK

Bind, ESK

Bind)

(certBind

, PKBind

)

verify(certBind

)

wd


Bind,wd)


)

TPM_Unbind(ewd)

verify(TCB_conf)

SKBind


)

wd:= decrypt_SKBind

(ewd)wd

storeData(wd)



ESKBind

:= encrypt_SRK(SK

Bind,TCBconf)

wd



Marcel Winandy

System Security Lab



loadData()


(PKBind

, ESKBind

)


)

certBind(cert

Bind, PK

Bind, ESK

Bind)

(certBind

, PKBind

)

verify(certBind

)

wd


Bind,wd)


)

TPM_Unbind(ewd)

verify(TCB_conf)

SKBind


)

wd:= decrypt_SKBind

(ewd)wd

storeData(wd)



ESKBind

:= encrypt_SRK(SK

Bind,TCBconf)

wd



Marcel Winandy

System Security Lab

Implementation

● Security Kernel: Turaya/L4

– L4 microkernel

– security services● TruWallet:

– Java implementation

– Uses Paros HTTP/HTTPS Proxy

– Running in a Linux VM● Web Browser:

– Firefox, running in separate Linux VM



Marcel Winandy

System Security Lab

Implementation Overview

mGUIStorage

MgrTrustMgr

NetworkMgr

L4 microkernel

LinuxVirtual Machine

Firefox

Hardware

Security Kernel(Turaya)


Paros Wallet

TPM



Marcel Winandy

System Security Lab


mGUIStorage

MgrTrustMgr

NetworkMgr

L4 microkernel


Firefox

Hardware



Paros Wallet

TPMVideo NIC Disk



Marcel Winandy

System Security Lab


mGUIStorage

MgrTrustMgr

NetworkMgr

L4 microkernel


Firefox

Hardware



Paros Wallet

TPMNIC



Marcel Winandy

System Security Lab

Conclusion

● Phishing is a serious threat

● Wallets can perform login on behalf of user

● TruWallet provides:

– Secure execution environment

– Server authentication with less SSL PKI dependency

– Secure migration to other computing devices

● Prototype based on L4 microkernel and virtualization

● Future work:

– TruWallet on dynamic root of trust (Intel TXT)



Marcel Winandy

System Security Lab

Questions?

Marcel WinandyRuhr-University Bochum

[email protected]

mailto:[email protected]

Documents

TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication