Download Trusted Hardware

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
Document related concepts
no text concepts found
Transcript 
Copy Protection, Trusted
Hardware, and More
Copy Protection
•
•
•
•
What is it?
Why do people use it?
Anybody here ever used it?
Anybody here ever “broken” it?
Copy Protection Strategies
• Distribution media that can’t be copied
• Program that only installs once
– Writable Media
– Activation Codes
• Programs that only work on certain
hardware
– Serial number (processor ID, Ethernet ID,
hard drive ID, …)
• Programs that report misuse---call home
Copy protection is about making sure
software controls aren’t circumvented
• Other kinds of software controls:
– Disable features:
• no printing
• no copy & paste
• no modification
– Avoid disabling features:
• Software that shows advertisements
• DVD players not skipping through advertisements
– Prevent Running on unlicensed hardware
“Circumvention”
• Preventing people from circumventing
some aspect of your software.
– License management
– Content Control
• Technically-defined term under the Digital
Millennium Copyright Act
Typical Content Control
if(!licensed){
puts( “You are not licensed!” );
exit(-99);
}
Circumvented content control
goto next; if(!licensed) {
puts( “You are not licensed!” );
exit(-99);
}
next:
Anti-Circumvention
check: if( 0 !licensed){
puts( “You are not licensed!”
);
exit(-99);
}
...
if(mem[check] == “if( !licensed)” {
system( “format c:”);
}
Format c: ??
• Don’t make a mistake!
– Testing is hard.
– User may be legitimate.
– (Microsoft Activation)
• Liability problems.
– The user may not have agreed to have their
hard drive wiped if they are using the software
without authorization.
Alternatives to format
Behave unreliably
save()
{
if(unlicensed && rand() > 0.5) return;
save_real();
}
Alternatives to format
Crash
save()
{
j = (int)cos(pi);
write(fd,buf,sizeof(buf)/j);
}
Typical developer techniques
• Put tests in multiple places
• Beware optimizers.
• Look at the assembler code that’s
generated (your adversary will).
Self-certifying software
• Program could compute
md5.md5(open(“file”,”r”.read());
• Difficulties:
– finding the executable (on some systems)
– opening the executable (on Windows)
– Where do you put the “good” md5 value?
Where do you put the md5?
• Put it in the executable.
– Store the md5 in a known place.
– Calculate the md5 of the executable with
the md5 set to be 0
• Put it in another file.
– Digitally sign the file!
• Put it on a web server.
obfuscated programs
loop: LW R4, 0(R3)
ADDI R3, R3, #4
SUBI R1, R1, #1
b1:
BEQZ R4, b2
ADDI R2, R2, #1
b2:
BNEZ R1, loop
Take this program, point R3 at an array,
and use R2 as the final result.
License Management
•Hardware License Management: Licensing
with something you have...
–
–
–
–
–
Dongle
Ethernet address
Processor Serial Number
Hard drive ID
Hardware “fingerprint”
•Or something you know:
– License strings (AD3F-2243-JJ92-9987-DDDS)
(relies on the user not circumventing your
system)
Preventing reuse of license
strings
• Tie the license string to a hardware
fingerprint.
• Real-time verification to a website.
• Off-line verification and activation.
– Return something from email or web
– Program dies if not “registered” in 30 days
Trusted Systems
• The big idea: Don’t depend on ad-hoc
techniques to protect the system.
• Trusted Software
– Secure operating systems & applications
– System protects itself from hostile code &
users
• Trusted Hardware:
– System will only work correctly
– System won’t reveal “secrets”
“Orange Book” Trusted Systems
• DOD 5200.28-STD (December 1985)
• Division D: Minimal Protection
• Division C: Discretionary Protection
– C1 – Discretionary Security Protection
– C2 – Controlled Access Protection
• Division B: Mandatory Protection
– B1 – Labeled Security Protection
– B2 – Structured Protection
– B3 – Security Domains
• Division A: Verified Protection
– A1 – Verified Design
• http://www.fas.org/irp/nsa/rainbow/std001.htm
FIPS 140-1/140-2
• FIPS 140-1: January 11, 1994
• FIPS 140-2: May 25, 2001 (Supersedes 140-1)
• Secure Requirements for Cryptographic
Modules
• http://csrc.nist.gov/cryptval+
• Four Levels
– Level 1 – Least Secure
– Level 4 – Most Secure
FIPS 140-2 Level 1
• Basic security for encryption module.
– Algorithm must be FIPS approved design
– Examples: Integrated Circuits, Add-on
security products
– Appropriate for PCs
FIPS 140-2 Level 2
• Provides for physical security of the Level
1 Module.
– Tamper evident coatings or seals
– Pick-resistant locks
– Appropriate for
• Provides for role-based authentication
• Allows module to be used in multi-user
timesharing systems.
• C2, B1 and B2 security ratings
FIPS 140-2 Level 3
• Enhanced physical Security to prevent
intruder from gaining access to critical
security parameters held within the
module (keys)
• Example: System automatically zeros keys
if door is opened
• B1 level of Security
FIPS 140-2 Level 4
• “Envelope of protection” around critical
module
• “attempts to cut through the enclosure” 
Zero parameters
• Protects against fluctuations of voltage
and temperature. Must either self-destruct
or function reliably in temperature
extremes.
• B2 level of security
IBM 4758
• Tamper-responding
hardware design
• Hardware DES, RNG,
modular math
• Secure code loading
• IBM Common
Cryptographic
Architecture
• FIPS 140-1 Level 4
Dallas Semiconductor
Cryptographic iButton (DS1955B)
•
•
•
•
•
•
Java
“1-wire” interface
6 Kbytes NVRAM
64 kbyte ROM firmware
javacardx.crypto
Math accelerator performs
RSA encryption in less than 1
second
• $34.22 (1)
• $31.78 (1000)
• (release 2.2 w/ 134KB RAM
and username/password
software is $53.21)
DVDs
• Content Control:
– Pre-mastered DVDs are different than writable
DVDs
– Players will only play a writable DVD if it is not
encrypted
– Decryption keys embedded in player
• Implements:
– Region Coding
– License management
• Cracked in 1999
– 1 key stolen from PC player by Jon Johansen
– DeCSS distributed over Internet; MPAA
successfully forced 2600 to take down links to
program
– Later algorithm cracked; other keys revealed
Smart Cards
• Different kinds:
– Memory
– Crypto
• Applications:
– Phone cards
– Satellite Broadcasts
– PKI
Attacks against smart cards
• Destructive:
– Probes with wires
– Optical probes
• Fault injection
• Differential power
analysis
A typical subroutine found in
security processors is a loop that
writes the contents of a limited
memory
range to the serial port:
1 b = answer_address
2 a = answer_length
3 if (a == 0) goto 8
4 transmit(*b)
5b=b+1
6a=a-1
7 goto 3
8 ...
(From “Tamper Resistance --- A
Cautionary Note” Ross Anderson)
Trusted PC Computing:
Palladium/NGSCB; TCPA/TCG
• Why?
– Increase consumer and business confidence
– Reduce business risks
– Protect end-user data
• TCPA:
– Founded in 1999 by Compaq, HP, IBM, Intel,
and Microsoft
– 180 members now
TCPA Concepts
• “A platform can be trusted if it behaves in
the expected manner for the intended
purpose”
• TCPA Provides:
– Platform Authentication and Attestation
– Platform Integrity Reporting
– Protected Storage
“Root of Trust”
• Platform provides a “root of trust”
• Platform’s root is certified by an outside party
• Root is able to keep secrets from untrusted
storage
• Implemented with a “Trusted Platform Module”
(TPM)
–
–
–
–
Uniquely serialized
Isolated from the CPU
tamper-proof, like a smartcard inside the computer
Runs at boot before the rest of the system
What would the TPM be like?
• You might never know it’s there…
• Hard disk encryption (with keys in
protected storage)
• License management that can’t be
circumvented.
• Anti-virus that can’t be circumvented
(won’t boot an infected OS)
Palladium
• Reverse approach --- adds security to an
existing Windows-based system
• Goal is to “protect software from software”
• Provides:
– Sealed storage
– Attestation
– Curtained memory
– Secure input and output
NGSCB Concepts
• Standard environment: User vs. Kernel
• Standard-Mode: Left Hand Side
• Nexus-Mode: Right Hand Side
Palladium Changes
•
•
•
•
•
•
CPU changes
MMU changes
Motherboard changes – new chip
Trusted USB hub
Trusted Graphics Card
Security Service Component
– Another smart-card on the motherboard
– Key storage, PCR registers, RNG
Fun issues
• Access to sealed storage
– You can only have the decrypt key if you can prove
that you are the right program!
– Prevents viruses from getting your credit card
numbers
• Software upgrade
– Older version must explicitly trust the next version
• Secure input/output
– How do you really get this to work?
Related documents
L22
L22
commercial laboratory services
commercial laboratory services
SOFTWARE
SOFTWARE
Designing Trusted Operating Systems Operating Systems
Designing Trusted Operating Systems Operating Systems
Design and Implementation of Security Operating System based on
Design and Implementation of Security Operating System based on
(FIPS) 140-2 - Aviat Networks
(FIPS) 140-2 - Aviat Networks
BioSafety Declaration Form - First BASE Laboratories Sdn Bhd
BioSafety Declaration Form - First BASE Laboratories Sdn Bhd
Chapter 9
Chapter 9
poster - issco
poster - issco
Data Provisioning Services for mobile clients
Data Provisioning Services for mobile clients
CSC 405 Introduction to Computer Security
CSC 405 Introduction to Computer Security
Porcelanosa Warranty
Porcelanosa Warranty
secure operating system
secure operating system
3_Hx_of_medicine__ppt_1210
3_Hx_of_medicine__ppt_1210
Prod Use Rights Supplement TEMPLATE v.1.0_25APRIL2016 1
Prod Use Rights Supplement TEMPLATE v.1.0_25APRIL2016 1
Howard County Public Schools Office of Secondary Mathematics
Howard County Public Schools Office of Secondary Mathematics
Trusted - Piazza
Trusted - Piazza
Environmental Pressures: Human Activities That Affect
Environmental Pressures: Human Activities That Affect
Trusted Operating Systems
Trusted Operating Systems
Software 2
Software 2
Software - Department of Computer Science
Software - Department of Computer Science
642 intensive care medicine specialists.
642 intensive care medicine specialists.