DOCSLIB.ORG

Love All, Trust Few: on Trusting Intermediaries in HTTP

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Love All, Trust Few: on Trusting Intermediaries in HTTP Love all, trust few: On trusting intermediaries in HTTP Thomas Fossati Vijay K. Gurbani Vladimir Kolesnikov Alcatel-Lucent Alcatel-Lucent, Bell Labs Alcatel-Lucent, Bell Labs Cambridge (UK) Naperville, IL 60566 (USA) Murray Hill, NJ 07974 (USA) thomas.fossati@alcatel- [email protected] [email protected] lucent.com labs.com ABSTRACT middleboxes provide a variety of services such as parental fil- Recent pervasive monitoring of Internet traffic has resulted tering, caching, accelerating content across slow access links, in an effort to protect all communications by using Trans- anti-malware scanning and traffic shaping to avoid conges- port Layer Security (TLS) to thwart malicious third par- tion; the effect of using TLS is to prohibit such legitimate ties. We argue that such large-scale use of TLS may poten- uses of middleboxes. tially disrupt many useful network-based services provided The absence of a well-understood and standard manner by middleboxes such as content caching, web acceleration, by which to introduce a middlebox in the two-party TLS anti-malware scanning and traffic shaping when faced with model leads to dangerous point solutions like TLS intercep- congestion. As the use of Internet grows to include devices tion proxies that have the effect of destroying end-to-end se- with varying resources and capabilities, and access networks curity completely. Furthermore, thin clients (tablets, smart with differing link characteristics, the prevalent two-party phones) and the prevalence of computing resources in the TLS model may prove restrictive. We present EFGH, a cloud are engendering a new architecture, the split browser pluggable TLS extension that allows a trusted third-party to [4]. Split browsers offload network-intensive computation to be introduced in the two-party model without affecting the servers in the cloud, leaving the thin client to render content underlying end-to-end security of the channel. The exten- more efficiently. By their definition, split browsers introduce sion stresses the end-to-end trust relationship integrity by HTTP proxy middleboxes between the client and the origin allowing selective exposure of the exchanged data to trusted server. middleboxes. Contributions: It is important that the end-to-end na- ture of TLS is preserved while accounting for the complexi- ties of the currently deployed Internet. To do so we propose 1. INTRODUCTION End-to-end Fine Grained HTTP (EFGH) security, a plug- The Internet community has viewed the recent pervasive gable extension to the TLS protocol that allows middleboxes monitoring efforts as an attack on the Internet [1], [2]. Such to be explicitly introduced in the client-server path without large scale pervasive monitoring is indeed an attack, there affecting the security guarantees of the end-to-end channel. is simply no arguing that it is not. However, encrypting The trusted middlebox is granted access to a subset of the all traffic as a defence mechanism leads to the preclusion of traffic that the principals have agreed upon. The capability middleboxes that provide services that benefit networks and is negotiated between the principals through the TLS hand- users. shake extension mechanism. Upon completion of the hand- Encryption on the Internet is performed by the Transport shake, and if both parties support EFGH, a one round-trip Layer Security (TLS, [3]) protocol. TLS, and its predeces- message exchange is required for key establishment between sor, Secure Socket Layer (SSL) were developed at a time the client, the server and the proxy. EFGH strongly stresses in the trajectory of the Internet where electronic commerce the end-to-end trust relationship integrity and allows the was the primary application that required end-to-end se- client and server to selectively expose exchanged traffic to curity between a browser and a web server. Middleboxes, trusted intermediaries via a modified TLS record format. when they existed at this time, were mostly network/port The rest of this paper is structured as follows: Section 2 translators. Today's Internet is much different. It is char- puts our work in context with existing literature. Section 3 acterised by plurality of end-user devices, access networks, describes the protocol building blocks; Section 4 discusses and middleboxes that apply value-added services (VAS) to its security properties. We conclude in Section 5. the traffic transiting through them. In managed networks, 2. RELATED WORK Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed In the absence of techniques like EFGH that allow mod- for profit or commercial advantage and that copies bear this notice and the full cita- erated access of the traffic to intermediaries, enterprises and tion on the first page. Copyrights for components of this work owned by others than service providers often resort to questionable solutions that ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or re- publish, to post on servers or to redistribute to lists, requires prior specific permission have the adverse and detrimental effect of degrading the and/or a fee. Request permissions from [email protected]. overall security. TLS interception proxies [5] are a good ex- HotMiddlebox’15, August 17-21, 2015, London, United Kingdom ample; such proxies straddle two separate sessions and act c 2015 ACM. ISBN 978-1-4503-3540-9/15/08. $15.00 as a man-in-the-middle (MitM) to decrypt and re-encrypt DOI: http://dx.doi.org/10.1145/2785989.2785990 the content as it traverses through them. The user is not 1 notified and cannot give consent to the presence of such in- ClientC ProxyP ServerS terception proxies; thus they erode any expectation the user has of the connection being end-to-end secure. In addition, certP they carry other risks: an organisation may be open to le- connect(2) gal exposure as a result of inspecting communications that 1 are intended to be private and such solutions act as an at- CONNECT server:443 HTTP/1.1 tack target themselves since they are a single point where 2 encrypted sessions are decrypted and available as plaintext. Loreto et al. [6] improve on transparent interception prox- connect(2) 3 ies by allowing a client (browser) to discover and authenti- cate a trusted proxy and for the user to explicitly provide HTTP/1.1 200 OK consent for traffic to flow through that proxy. Unlike our 4 approach, once the trusted proxy has been identified and ClientHello + efgh(proxy) consented to, it (the proxy) has cleartext access to the in- 5 formation flowing between the client and the server. Loreto et al. further constrain the trusted proxy such that URIs ServerHello [+ efgh(proxy)], 6 that are available over the https scheme do not traverse the Certificate, ServerKeyExchange, ServerHelloDone proxy. This has the effect of precluding the proxy from per- ClientKeyExchange, ChangeCipherSpec, Finished forming services that may be of benefit to the user. Peon [7] 7 allows clients to use explicit proxies as well but encourages ChangeCipherSpec, Finished the use of secure hashes to detect if the proxy applied any 8 transforms to the message. However, unlike our work, it de- scribes a binary proposition for security: either the proxy is cert , cert , ms cert cert , ms trusted and has access to decryption keying material or it P S S P is not and traffic through it is encrypted end-to-end. Mc- Grew et al. [8] introduce a TLS extension to allow a chain Figure 1: DHE TLS handshake with EFGH option of TLS proxies to inform a client about the capabilities of the (proxied) server, so that the client could make knowl- edgeable access control decisions about the server as if the • the policy language (Section 3.4) determines which proxies were absent. The main problem with this proposal subset of the application protocol traffic needs to be is that it breaks the TLS end-to-end security assumption by disclosed to the third party. allowing the proxies to actually be MitM entities. Moving down from application to the transport layer, tcp- 3.1 EFGH TLS extension crypt is a transport layer encryption protocol [9, 10] that EFGH does not modify the normal TLS handshake; in- cryptographically protects TCP segments. While tcpcrypt is stead it moves the necessary three party key negotiation a good solution for opportunistic encryption, it does not re- protocol into a separate construct with a well defined inter- place TLS. Some drawbacks of tcpcrypt are its use of short- face to the TLS handshake (see Section 3.2). There are two lived keys to provide some forward secrecy and the lack of a main reasons for this: first, we want to simplify as much as key confirmation step in its 4-way handshake. Further down possible the formal analysis required to prove (or disprove) at the IP layer, Kasera et al. [11] and Zhang et al. [12] de- the security of EFGH by building on top of the extensive scribe allowing trusted middleboxes in an IPsec association literature that has been produced regarding the security of between two endpoints. In Kasera et al. [11] the part of the TLS handshake [13], [14]. Secondly, we want to allow the message that is destined for the proxy is sent in clear- independent evolution of the two mechanisms, especially in text. Zhang et al. [12] propose dividing the payload into these early stages of development. multiple zones, each encrypted with a different key. The Therefore, the only modification required by EFGH con- primary drawbacks for an IPsec-based solution remain the sists of a new TLS extension [15] sent by the client along need for an separate key management scheme, the cost of with the ClientHello, which is intended to introduce the incurring double encryption when TLS is used on top of an identity of the proxy to the server, together with the associ- IPsec channel, and its primary use in managed networks to ated fine-grained disclosure policy.
Load more

Recommended publications
  • A Focus on S/MIME
    The University of Saskatchewan Department of Computer Science Technical Report #2011-03 Cryptographic Security for Emails: A Focus on S/MIME Minhaz Fahim Zibran Department of Computer Science University of Saskatchewan Email: [email protected] Abstract In this paper I present a study on \S/MIME", which has become the industry standard for secure email exchange. Based on existing literature review, the study examines S/MIME in depth with specific emphasis on its architecture, strengths, and deficiencies. The study also identifies usability issues related to S/MIME enabled email clients, which indicate scopes for further improvements in those implementations. Obstacles in the adoption of S/MIME are also identified indicating what is required for its successful adoption in the community. In presenting the study, the paper contributes in two ways: (a) for any newcomer in the field of cryptography this paper will be a useful resource to quickly learn about S/MIME in a fair level of detail, (b) the indication about limitations of S/MIME and its implementations reveals an avenue for further research in the area of email security, which may result in improvement of S/MIME itself, or its implementations in the email clients. Keywords: Email Security, S/MIME, MIME, PGP, PKI, Certificate, Email Authentication, Email Encryption, Key Management 1 Introduction Email has been a very common medium of communication these days. It somewhat re- places the traditional surface mail and many of the traditional ways of communication [32]. Today people send and read emails from their personal computers, business workstation, PDAs and even cell phones.
    [Show full text]
  • Towards a Hybrid Public Key Infrastructure (PKI): a Review
    Towards a Hybrid Public Key Infrastructure (PKI): A Review Priyadarshi Singh, Abdul Basit, N Chaitanya Kumar, and V. Ch. Venkaiah School of Computer and Information Sciences, University of Hyderabad, Hyderabad-500046, India Abstract. Traditional Certificate- based public key infrastructure (PKI) suffers from the problem of certificate overhead like its storage, verification, revocation etc. To overcome these problems, idea of certificate less identity-based public key cryptography (ID-PKC) was proposed by Shamir. This is suitable for closed trusted group only. Also, this concept has some inherent problems like key escrow problem, secure key channel problem, identity management overhead etc. Later on, there had been several works which tried to combine both the cryptographic techniques such that the resulting hybrid PKI framework is built upon the best features of both the cryptographic techniques. It had been shown that this approach solves many problems associated with an individual cryptosystem. In this paper, we have reviewed and compared such hybrid schemes which tried to combine both the certificate based PKC and ID-based PKC. Also, the summary of the comparison, based on various features, is presented in a table. Keywords: Certificate-based PKI; Identity-based public key cryptography (ID-PKC); Hybrid PKI 1 INTRODUCTION Public key infrastructure (PKI) and public key cryptography (PKC) [12] plays a vital role with four major components of digital security: authentication, integrity, confidentiality and non-repudiation. Infact, PKI enables the use of PKC through key management. The ”efficient and secure management of the key pairs during their whole life cycle" is the purpose of PKI, which involves key generation, key distribution, key renewal, key revocation etc [11].
    [Show full text]
  • Security Target Document
    Security Target Document Passport Certificate Server Ver. 4.1.1 Prepared for: Common Criteria EAL2 (augmented) 30 April 2002 2225 Sheppard Ave, Suite 1700 Toronto, Ontario, Canada M2J 5C2 TEL: 416-756-2324 FAX: 416-756-7346 [email protected] www.dvnet.com Passport Certificate Server V.4.1.1 Security Target 30 April 2002 Common Criteria EAL 2 (augmented) Version 1.00 TABLE OF CONTENTS 1 Introduction ............................................................................................................................................ 1 1.1 Security Target Identification......................................................................................................... 1 1.2 Security Target Overview............................................................................................................... 1 1.3 Common Criteria Conformance .....................................................................................................1 2 TOE Description..................................................................................................................................... 2 2.1 Product Deployment....................................................................................................................... 2 2.2 Product Functions........................................................................................................................... 2 2.3 Product Description ........................................................................................................................ 3 2.3.1 Platform
    [Show full text]
  • A Practical Evaluation of a High-Security Energy-Efficient
    sensors Article A Practical Evaluation of a High-Security Energy-Efficient Gateway for IoT Fog Computing Applications Manuel Suárez-Albela * , Tiago M. Fernández-Caramés , Paula Fraga-Lamas and Luis Castedo Department Computer Engineering, Faculty of Computer Science, Universidade da Coruña, 15071 A Coruña, Spain; [email protected] (T.M.F.-C.); [email protected] (P.F.-L.); [email protected] (L.C.) * Correspondence: [email protected]; Tel.: +34-981-167-000 (ext. 6051) Received: 28 July 2017; Accepted: 19 August 2017; Published: 29 August 2017 Abstract: Fog computing extends cloud computing to the edge of a network enabling new Internet of Things (IoT) applications and services, which may involve critical data that require privacy and security. In an IoT fog computing system, three elements can be distinguished: IoT nodes that collect data, the cloud, and interconnected IoT gateways that exchange messages with the IoT nodes and with the cloud. This article focuses on securing IoT gateways, which are assumed to be constrained in terms of computational resources, but that are able to offload some processing from the cloud and to reduce the latency in the responses to the IoT nodes. However, it is usually taken for granted that IoT gateways have direct access to the electrical grid, which is not always the case: in mission-critical applications like natural disaster relief or environmental monitoring, it is common to deploy IoT nodes and gateways in large areas where electricity comes from solar or wind energy that charge the batteries that power every device. In this article, how to secure IoT gateway communications while minimizing power consumption is analyzed.
    [Show full text]
  • Security Policies for the Federal Public Key Infrastructure
    Security Policies for the Federal Public Key Infrastructure Noel A. Nazario Security Technology Group National Institute of Standards and Technology Abstract This document discusses provisions for the handling of security policies in the proposed Federal Public Key Infrastructure (PKI). Federal PKI policies deal with the generation, deactivation, and dissemination of public key certificates, the integrity of the infrastructure, maintenance of records, identification of certificate holders, and the establishment of trust relationships between Certification Authorities (CAs). The verification of a digital signature is not sufficient indication of the trustworthiness of an electronic message or data file. The verifier needs to factor the trustworthiness of the CAs involved in the certification of the sender. To accomplish this, the verifier needs to examine the certificate policy for those CAs. The Federal PKI Technical Security Policy establishes guidelines for the operation of Federal CAs and the identification of the parties requesting certification. It also defines Policy Approving Authorities (PAA) responsible for assessing the policies and operational practices of all Federal CAs within a domain and assigning them corresponding Federal Assurance Levels. These assurance levels may be used in lieu of a certificate policy when making an on-line determination of the trustworthiness of a certificate. Key words Certificate policy, Federal Assurance Levels, PAA, PKI, Policy Approving Authority, public key infrastructure, security policy. SECURITY POLICIES FOR THE FEDERAL PUBLIC KEY INFRASTRUCTURE Noel A. Nazario NIST North, Room 426 820 West Diamond Avenue Gaithersburg, MD 20899 [email protected] Introduction and Background This paper discusses provisions for the handling of security policies in the proposed Federal Public Key Infrastructure (PKI).
    [Show full text]
  • Secure Channels Secure Channels • Example Applications – PGP: Pretty Good Privacy CS 161/194-1 – TLS: Transport Layer Security Anthony D
    Main Points • Applying last week’s lectures in practice • Creating Secure Channels Secure Channels • Example Applications – PGP: Pretty Good Privacy CS 161/194-1 – TLS: Transport Layer Security Anthony D. Joseph – VPN: Virtual Private Network September 26, 2005 September 26, 2005 CS161 Fall 2005 2 Joseph/Tygar/Vazirani/Wagner What is a Secure Channel? Plaintext Plaintext Creating Secure Channels Encryption / Internet Encryption / • Authentication and Data Integrity Decryption Decryption Ciphertext and MAC – Use Public Key Infrastructure or third-party server to authenticate each end to the other • A stream with these security requirements: – Add Message Authentication Code for – Authentication integrity • Ensures sender and receiver are who they claim to be – Confidentiality • Confidentiality • Ensures that data is read only by authorized users – Data integrity – Exchange session key for encrypt/decrypt ops • Ensures that data is not changed from source to destination • Bulk data transfer – Non-repudiation (not discussed today) • Ensures that sender can’t deny message and rcvr can’t deny msg • Key Distribution and Segmentation September 26, 2005 CS161 Fall 2005 3 September 26, 2005 CS161 Fall 2005 4 Joseph/Tygar/Vazirani/Wagner Joseph/Tygar/Vazirani/Wagner Symmetric Key-based Symmetric Key-based Secure Channel Secure Channel Alice Bob • Sender (A) and receiver (B) share secret keys KABencrypt KABencrypt – One key for A è B confidentiality KABauth KABauth – One for A è B authentication/integrity Message MAC Compare? Message – Each message
    [Show full text]
  • The Most Dangerous Code in the World: Validating SSL Certificates In
    The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software Martin Georgiev Subodh Iyengar Suman Jana The University of Texas Stanford University The University of Texas at Austin at Austin Rishita Anubhai Dan Boneh Vitaly Shmatikov Stanford University Stanford University The University of Texas at Austin ABSTRACT cations. The main purpose of SSL is to provide end-to-end security SSL (Secure Sockets Layer) is the de facto standard for secure In- against an active, man-in-the-middle attacker. Even if the network ternet communications. Security of SSL connections against an is completely compromised—DNS is poisoned, access points and active network attacker depends on correctly validating public-key routers are controlled by the adversary, etc.—SSL is intended to certificates presented when the connection is established. guarantee confidentiality, authenticity, and integrity for communi- We demonstrate that SSL certificate validation is completely bro- cations between the client and the server. Authenticating the server is a critical part of SSL connection es- ken in many security-critical applications and libraries. Vulnerable 1 software includes Amazon’s EC2 Java library and all cloud clients tablishment. This authentication takes place during the SSL hand- based on it; Amazon’s and PayPal’s merchant SDKs responsible shake, when the server presents its public-key certificate. In order for transmitting payment details from e-commerce sites to payment for the SSL connection to be secure, the client must carefully verify gateways; integrated shopping carts such as osCommerce, ZenCart, that the certificate has been issued by a valid certificate authority, Ubercart, and PrestaShop; AdMob code used by mobile websites; has not expired (or been revoked), the name(s) listed in the certifi- Chase mobile banking and several other Android apps and libraries; cate match(es) the name of the domain that the client is connecting Java Web-services middleware—including Apache Axis, Axis 2, to, and perform several other checks [14, 15].
    [Show full text]
  • Practical Issues with TLS Client Certificate Authentication
    Practical Issues with TLS Client Certificate Authentication Arnis Parsovs Software Technology and Applications Competence Center, Estonia University of Tartu, Estonia [email protected] Abstract—The most widely used secure Internet communication Active security research is being conducted to improve standard TLS (Transport Layer Security) has an optional client password security, educate users on how to resist phishing certificate authentication feature that in theory has significant attacks, and to fix CA trust issues [1], [2]. However, the attacks security advantages over HTML form-based password authenti- mentioned above can be prevented or their impact can be cation. In this paper we discuss practical security and usability greatly reduced by using TLS client certificate authentication issues related to TLS client certificate authentication stemming (CCA), since the TLS CCA on the TLS protocol level protects from the server-side and browser implementations. In particular, we analyze Apache’s mod_ssl implementation on the server the client’s account on a legitimate server from a MITM side and the most popular browsers – Mozilla Firefox, Google attacker even in the case of a very powerful attacker who has Chrome and Microsoft Internet Explorer on the client side. We obtained a valid certificate signed by a trusted CA and who complement our paper with a measurement study performed in thus is able to impersonate the legitimate server. We believe Estonia where TLS client certificate authentication is widely used. that TLS CCA has great potential for improving Internet We present our recommendations to improve the security and security, and therefore in this paper we discuss current issues usability of TLS client certificate authentication.
    [Show full text]
  • Introduction to Public Key Technology and Federal PKI Infrastructure
    Withdrawn NIST Technical Series Publication Warning Notice The attached publication has been withdrawn (archived), and is provided solely for historical purposes. It may have been superseded by another publication (indicated below). Withdrawn Publication Series/Number NIST Special Publication 800-32 Title Introduction to Public Key Technology and the Federal PKI Infrastructure Publication Date(s) February 26, 2001 Withdrawal Date September 13, 2021 Withdrawal Note SP 800-32 is withdrawn in its entirety. Superseding Publication(s) (if applicable) The attached publication has been superseded by the following publication(s): Series/Number Title Author(s) Publication Date(s) URL/DOI Additional Information (if applicable) Contact Computer Security Division (Information Technology Laboratory) Latest revision of the N/A attached publication Related Information https://csrc.nist.gov/projects/crypto-publication-review-project https://csrc.nist.gov/publications/detail/sp/800-32/archive/2001-02-26 Withdrawal https://csrc.nist.gov/news/2021/withdrawal-of-nist-special-pubs-800-15-25- Announcement Link and-32 Date updated: September 13, 2021 SP 800-32 IIInnntttrrroooddduuuccctttiiiooonnn tttooo PPPuuubbbllliiiccc KKKeeeyyy TTTeeeccchhhnnnooolllooogggyyy aaannnddd ttthhheee FFFeeedddeeerrraaalll PPPKKKIII IIInnnfffrrraaassstttrrruuuccctttuuurrreee D. Richard Kuhn Vincent C. Hu 26 February 2001 W. Timothy Polk Shu-Jen Chang 1 National Institute of Standards and Technology, 2001. U.S. Government publication. Not subject to copyright. Portions of this document have been abstracted from other U.S. Government publications, including: “Minimum Interoperability Specification for PKI Components (MISPC), Version 1” NIST SP 800-15, January 1998; “Certification Authority Systems”, OCC 99-20, Office of the Comptroller of the Currency, May 4, 1999; “Guideline for Implementing Cryptography in the Federal Government”, NIST SP800-21, November 1999; Advances and Remaining Challenges to Adoption of Public Key Infrastructure Technology, U.S.
    [Show full text]
  • A Security Framework for the Internet of Things in the Future Internet Architecture
    Article A Security Framework for the Internet of Things in the Future Internet Architecture Xiruo Liu 1, Meiyuan Zhao 2, Sugang Li 3, Feixiong Zhang 3 and Wade Trappe 3,* 1 Intel Labs, Hillsboro, OR 97124, USA; [email protected] 2 Google, Mountain View, CA 94043, USA; [email protected] 3 Department of Electrical and Computer Engineering, Rutgers University, Piscataway, NJ 08854, USA; [email protected] (S.L.); [email protected] (F.Z.) * Correspondence: [email protected]; Tel.: +1-848-932-0909 Academic Editors: Georgios Kambourakis and Constantinos Kolias Received: 5 June 2017; Accepted: 25 June 2017; Published: 28 June 2017 Abstract: The Internet of Things (IoT) is a recent trend that extends the boundary of the Internet to include a wide variety of computing devices. Connecting many stand-alone IoT systems through the Internet introduces many challenges, with security being front-and-center since much of the collected information will be exposed to a wide and often unknown audience. Unfortunately, due to the intrinsic capability limits of low-end IoT devices, which account for a majority of the IoT end hosts, many traditional security methods cannot be applied to secure IoT systems, which open a door for attacks and exploits directed both against IoT services and the broader Internet. This paper addresses this issue by introducing a unified IoT framework based on the MobilityFirst future Internet architecture that explicitly focuses on supporting security for the IoT. Our design integrates local IoT systems into the global Internet without losing usability, interoperability and security protection. Specifically, we introduced an IoT middleware layer that connects heterogeneous hardware in local IoT systems to the global MobilityFirst network.
    [Show full text]
  • Bivio 6310-NC Common Criteria Administrative Guidance
    Bivio 6310-NC Common Criteria Administrative Guidance Version 1.10 Nov 23, 2020 Bivio 6310-NC Common Criteria Administrative Guidance CONTENTS 1. Introduction .......................................................................................................................................... 5 2. Operational Environment – IT Requirements ....................................................................................... 6 3. Operational Environment – Procedural/Policy Requirements ............................................................. 7 4. Installation and Initial Configuration .................................................................................................... 7 Initial configuration ............................................................................................................................................... 8 Logging in and out of the system ........................................................................................................................ 10 Setting time ......................................................................................................................................................... 10 Enabling the NTP Client for Time Synchronization ............................................................................................. 11 Rebooting the system ......................................................................................................................................... 12 Power cycling the system ...................................................................................................................................
    [Show full text]
  • Designing a Secure, High-Performance Remote Attestation Protocol Alexander David Titus Worcester Polytechnic Institute
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by DigitalCommons@WPI Worcester Polytechnic Institute Digital WPI Major Qualifying Projects (All Years) Major Qualifying Projects October 2016 Trusted Execution Development: Designing a Secure, High-Performance Remote Attestation Protocol Alexander David Titus Worcester Polytechnic Institute Seth Daniel Norton Worcester Polytechnic Institute Follow this and additional works at: https://digitalcommons.wpi.edu/mqp-all Repository Citation Titus, A. D., & Norton, S. D. (2016). Trusted Execution Development: Designing a Secure, High-Performance Remote Attestation Protocol. Retrieved from https://digitalcommons.wpi.edu/mqp-all/1145 This Unrestricted is brought to you for free and open access by the Major Qualifying Projects at Digital WPI. It has been accepted for inclusion in Major Qualifying Projects (All Years) by an authorized administrator of Digital WPI. For more information, please contact [email protected]. Trusted Execution Development Designing a Secure, High-Performance Remote Attestation Protocol October 13, 2016 Written by Seth Norton Alex Titus Project Sponsored by the MITRE Corporation Project Faculty Advisor - Craig Shue Project Sponsor Advisor - Joshua Guttman Project Sponsor Advisor - John Ramsdell Abstract Intel Software Guard Extensions (SGX) are a Trusted Execution Environment (TEE) technology that allow programs to protect execution process and data from other processes on the platform. We propose a method to combine SGX attestation with Transport Layer Security (TLS). Doing so will combine guarantees about the program, runtime environment, and machine identity into a normal TLS handshake. We implemented a basic server using SGX/TLS and provide performance details and lessons learned during development.
    [Show full text]