Transcript BIND: A Fine- - University of Guelph

BIND: A FINE-GRAINED ATTESTATION
SERVICE FOR SECURE DISTRIBUTED
SYSTEMS
Presented by:
Maryam Alipour-Aghdam
University of Guelph
OVERVIEW

Motivation

BIND Overview

BIND Interface

BIND Properties

Application of BIND
2
OVERVIEW

Motivation

BIND Overview

BIND Interface

BIND Properties

Application of BIND
3
MOTIVATION

To securing distributed systems

To address issues such as:

difficulty in verification of hash


due to variability in software verification and configuration
to address the time of use and the time of discrepancy

the code may be correct at the attestation time and compromised
at the use time.
4
OVERVIEW

Motivation

BIND Overview

BIND Interface

BIND Properties

Application of BIND
5
BIND OVERVIEW

Security issue

Byzantine attack: A remote software platform may be
compromised and run malicious code.

The purpose of using code attestation

identify what software is running on a remote platform

detect a corrupted participant
6
BIND OVERVIEW

BIND Proposed Properties

perform fine-grained attestation



BIND attests only the piece of code instead of entire memory content
narrows the gap between time-of-attestation and time-of-use

measures a piece of code immediately before it executed

use a sand boxing mechanism to protect the execution of attested code
ties the code attestation with the data that the code produces
7
BIND OVERVIEW

Distributed system model:

Process
 Data
 Intermediary
8
BIND OVERVIEW

Distributed system model:

Process


a producer or consumer of data

represent program logic

a piece of software code which needs to be attested *
Data

information exchange between the processes

Primitive data : external input to distributed systems

Derived data :

output of some process

generated by applying protocol logic over some input data
9
BIND OVERVIEW

Distributed system model:

Intermediary

medium over which data is communicated from/to a process

network that forward the data between hosts

operating system that dispatches the data to the process

hard drive or any part of RAM outside the process
10
BIND OVERVIEW
2.2.2.2
1.1.1.1
3.3.3.3
Dest= 3.3.3.3,
TTL=9
Dest= 3.3.3.3,
TTL=10
Ping 3.3.3.3 -t 10
PB
PA
Pong
Local
Configuration
Local
Configuration
Local
Configuration
Pong
PC
Pong
Figure 1. Simple Ping: The conceptual model for distributed protocols
11
BIND OVERVIEW
Figure 1. Simple Ping: The conceptual model for distributed protocols
12
BIND OVERVIEW
Figure 1. Simple Ping: The conceptual model for distributed protocols
13
BIND OVERVIEW
Figure 1. Simple Ping: The conceptual model for distributed protocols
14
BIND OVERVIEW
Figure 1. Simple Ping: The conceptual model for distributed protocols
15
BIND OVERVIEW
Figure 1. Simple Ping: The conceptual model for distributed protocols
16
BIND OVERVIEW
Figure 1. Simple Ping: The conceptual model for distributed protocols
17
BIND OVERVIEW

Ping-Pong Protocol:

Process



PA, PB, and PC which runs on host A, B, and C
Data

User command (primitive data)

Ping pong messages (derived data)

Local IP address of each host (primitive data)
Intermediaries

network and operating system
18
BIND OVERVIEW

Security problems in distributed systems

Byzantine attacker model:


Malicious intermediary and the data misuse attack
Malicious process and the data falsification attack
19
BIND OVERVIEW
Security problems in distributed systems
 Byzantine attacker model:


Malicious intermediary and the data misuse attack

Threats:


alter and inject protocol data
data misuse attack which use authenticated protocol data in a
malicious way

Solution:

employ cryptography constructions

Example: message authentication code, digital signature
20
BIND OVERVIEW
Security problems in distributed systems
 Byzantine attacker model:


Malicious process and the data falsification attack

Threats:

Injecting bogus data into the distributed systems (data falsification
attack)

Traditional cryptography can not be used

As malicious process has the correct cryptography keys to disguise
itself as a legitimate participant

Example: a malicious process can modify the TTL field in a ping
message.
21
BIND OVERVIEW

Attestation Design Consideration

Coarse-grained attestation


Attestation over entire software platforms
Fine-grained attestation

attestation over a critical piece of code

create distinction between process and intermediary


to enable the notion of granularity in attestation

to create boundary between what code is being attested to and what is not
both process and intermediary exist in the form of software code in reality
22
BIND OVERVIEW

Attestation Design Consideration

Fine-grained attestation properties


simplifies hash verification
perform software upgrade more easily as expected hash for each
process can be updated independently

allow distributed system architect to focus on the security of
critical module by singling it out form a complicated system

does not address intermediary attacks
23
BIND OVERVIEW

Desired Properties of BIND Attestation Service
 should
be free of all software attacks

process is correct at load-time

needs to be efficient
24
BIND OVERVIEW

Process and Data Integrity
 Defining
Process and Data Integrity

process is a piece of code (process)

when the data is primitive and is genuine (data integrity)

the data is derived by running a genuine process over
genuine data inputs (data integrity)
25
BIND OVERVIEW

Techniques to ensure the integrity of primitive data

Semantic Check

Example: A distributed scientific computing application checks if an input matrix
is well-formed.

Certificates


use a central trusted authority to sign certificate for primitive data
Trusted Path

use trusted path mechanisms for input data to make sure the data came from an
authenticated user
26
BIND OVERVIEW

Techniques to ensure the integrity of process and derived data

Authenticator

is produced by BIND

Generates a process for every piece of data

Is attached to data through its life-time

Example: when the data is sent over the network, or stored and
fetched from local untrusted storage
27
OVERVIEW

Motivation

BIND Overview

BIND Interface

BIND Properties

Application of BIND
28
BIND INTERFACE
1. Initiate an attestation phase
2. Memory addresses of the process input data
3. Size of process code
4. receiving the ATTESTATION-INIT request
5.Verifies authenticator on input data
6. Hashes the process code along with input data
29
7. If above step successful, yields control to the processor with a success indicator
BIND INTERFACE
1. In response to ATTESTATION-COMPLETE command
2. BIND computes an authentication tag over
3. an output data
4. a hash of the process code
5. Authentication tag binds the output data with the code that has generated it.
6. BINDs undoes the protection it has set up for the protection.
7. BINDs returns the authenticator to the process.
30
OVERVIEW

Motivation

BIND Overview

BIND Interface

BIND Properties

Application of BIND
31
BIND PROPERTIES
 Fine-grained Attestation:

ATTESTATION-INIT indicate the beginning of process

ATTESTATION-COMPLETE indicates the end of process
 Binding
Process and Data Integrity

derived data builds on the integrity of its generating process

integrity of a processes and data are inseparable from each other
in DC
32
BIND PROPERTIES
 Transitive

Integrity Verification
BINDs achieves this property with O(1) overhead.
 Efficient

TPM’s hardware-based cryptography engine is utilized to enable
fast cryptography computations needed for attestation.
33
BIND PROPERTIES
Trusted Platform Module (TPM)
34
BIND PROPERTIES
 TPM

in Attestation Overview
The signature on the input data is validated through public signing
key of TPM that signed the input data

Secure Kernel (SK) sends the output data to be signed by TPM.

SK utilizes the TPM’ s hashing and digital signature functionalities.
35
BIND PROPERTIES
A
Symmetric Key Alternative

Asymmetric key cryptography has high computational overhead

A secret MAC key should be established between two TPMs.

TPM’ s SHA-1 function instantiate a MAC between TPMs.

The key should be sealed in TPM’s memory and should be
remained invisible to untrusted party

Example: application code, peripheral devices
36
BIND PROPERTIES
A

Symmetric Key Alternative
The key are unsealed to the SK upon time of use which used by SK

to verify the MAC on input data

compute the MAC over output data and the hash of process code

secret key remain in SK’s memory for a controlled period of time

after usage the secret key should be destroyed

SK should be executed in a globally uninterrupted manner to prevent
untrusted OS Kernel form reading off the secret key information
37
BIND PROPERTIES
A

Symmetric Key Alternative
Diffie-Hellman for key exchange in BIND
K−1 (A) is private signing key for TPMA
The signing pair (K-1 (A), KA) is created
inside TPM
SHA-1 functionality presents MAC
function using the TPM
38
OVERVIEW

Motivation

BIND Overview

BIND Interface

BIND Properties

Application of BIND
39
APPLICATION OF BIND
 Securing
distributed computation applications with BIND

master / slave structure

master splits the job to tasks and send them to slaves (participants).

master process asks BIND to sign a task description before sending

slaves ask local BIND to verify the integrity of task description

computation results be will signed by BIND along with an integrity
proof of the participant process

master check whether the result is trustworthy after the results
reported to the master.
40
APPLICATION OF BIND
o

BIND properties in distributed computing application
Deterministic Guarantee



BIND guarantees what code has been run in generating the result.
General

BIND is applicable to all types of distributed computation application.

regardless of what function we want to compute
Efficient

For BIND, the entire code is measured only once regardless of how
many times each instruction executed.
41
APPLICATION OF BIND
 BGP
Overview

Border Gateway Protocol (BGP)

a path vector routing protocol

establishing a path to each existing prefix

Autonomous System (AS) is a collection of routers under one
administrative domain.

In BGP, neighbouring Ases exchange prefix information through
BGP Update messages.

42
A BGP update message consists of a prefix along with a ASPATH.
APPLICATION OF BIND
 Attacks Against
BGP

Prefix theft: unauthorized prefix announcement

ASPATH falsification in BGP update messages

Both attacks attract traffic to a point in the network that would
otherwise not receive the traffic.

blackhole attack: allows an attacker to control packets that it would
otherwise have no control over.
43
APPLICATION OF BIND
 Securing
BGP using BIND

two main mechanisms we need to secure BGP

verify the correctness of the origin of the prefix

prevent a malicious AS from altering the ASPATH

prefix is categorized as primitive data

prefix integrity: we adopt the known certificate approach, where a
prefix owner obtains a prefix certificate from a trusted authority.
44
APPLICATION OF BIND
 Securing
BGP using BIND

use attestation for ASPATH

use BIND interface for attestation

create a trusted attestation service in each router

ASPATH is cryptographically protected by a message authentication
code
45
CONCLUSION

fine-grained attestation technique

narrow the time of use and time of attestation

establishes a trusted environment for distributed systems

simplify the design of distributed system

a hardware design base of BIND is considered for future
work
46
Thank you
47