Securing Intel PC for FIDO Support: Industry Standard to Remove Passwords

SESSION ID: IDY-R02 Securing Intel PC for FIDO support: Industry standard to remove passwords

Nitin Sarangdhar Senior Principal Engineer Platform Security Division, Intel @SarangdharNitin

#RSAC #RSAC Session Topics

• Why password-based user authentication creates security challenges • How FIDO* helps solve user authentication without passwords • The security role of Intel hardware & firmware in a PC that supports FIDO

Hardware plays a strong role in security

2 Why password-based user LOGIN authentication creates security challenges #RSAC Day in the life of a password user What’s App Email Messages

Calendar Events Facebook Bank Transactions

Web-purchases VPN Login

4 #RSAC Why passwords create a security nightmare?

• Password re-use, no update, poor strength • Social engineering & key-logger hacks • Sophisticated password guessing tools • Unsecure transmission over networks • Direct server attacks on central user-store • Lack of ability to recognize fraudulent activity from stolen credential

5 How FIDO helps solve user LOGIN authentication without passwords International Standards efforts to address #RSAC authentication.

NIST800-63-3 Digital Identity Guidelines – NIST 800-63-B Authentication and Lifecycle Management PKI – Public key infrastructure – ASIA PKI Consortium: Korea, Taiwan, Thailand, Macao, India ITU-T (SG17) – International Telecommunications Union, Security Study Group ISO/IEC JTC1 (SC27) – International Standards Organization IT Security Techniques

7 #RSAC FIDO Introduction

FIDO stands for Fast Identity Online Available to over FIDO protocol is adopted by 3 BILLION W3C WebAuthn WG 3B+ USER ACCOUNTS (*) WIP Collaboration with FIDO CERTIFIED 300+ SOLUTIONS (*) – ITU-T (SG17) X.1277 & X.1278 – ISO/IEC JTC1 SC37/SC27 World’s Largest Ecosystem for Standards-Based, Interoperable Authentication

(*) Source: FIDO Alliance

8 #RSAC FIDO as a Solution

FIDO Targeted Solutions FIDO can be a component to • Social engineering email messages combat “in the news” attacks • Bank transactions • Spreading fake news articles • Web-purchases • Creating cyber-attacks on infrastructure • VPN login for enterprise • Voter fraud

Better user authentication will help address password related security challenges

9 #RSAC FIDO Authenticator

Platform authenticators Roaming authenticators

Multi factor authentication (possession + knowledge/inherence) PC with TPM & Smart phone with TPM Smart card with PIN Security key with PIN biometric or pin capture & biometric or pin or fingerprint sensor or fingerprint sensor capture

2nd factor (Login & Password + possession factor) PC with TPM only Smart card Security key

10 #RSAC FIDO System Architecture

FIDO*: UAF, U2F or FIDO2 FIDO Client Device

FIDO* FIDO RP App Relying Party Server

Browser (FIDO Client) ABCDEFABCDEFABCDEF Security Level Metadata on FIDO device & model Metadata11 Server Roaming Platform Authenticator Authenticator #RSAC * FIDO Authenticator Security Considerations Hardware/ Software Firmware Block Diagram Extensions – Distinguishing Knowledge Factors: pin, biometric (face, fingerprint) OS based TEE based Authenticator Authenticator – Multiple Factors (Security Level (Security Level Software 1) 2/3) FIDO Authenticator Metadata service – Security Level 1: OS

TPM TEE Hardware, – Security Level 2: TEE + TPM + Trusted IO Hardware/ (Possession Trusted Device – Security Level 3: hardware attack protected TEE Firmware Factor) Paths Revocation/Lifecycle Management – Security flaws discovered post field deployment by performing software/firmware updates Hardware plays a strong role in security

12 #RSAC FIDO* Benefits

Better security for online services – Service provider can perform proper risk assessment of FIDO user authentication security

Reduced cost for the enterprise – Enterprise can deploy devices with properly maintained certified FIDO authenticator machines.

Simpler and safer for consumers – Consumers do not have to worry about complex passwords as long as they use a properly maintained certified FIDO device.

13 The role of Intel hardware & firmware in FIDO* security #RSAC FIDO* Authenticator Trusted Computing Block Analysis Potential Threats Browser /UI – Disabling security features: Secure Authenticator Boot, TPM Software Possession Knowledge / – Unsigned software or firmware launch Crypto Factor Inheritance Services Services Factor Services – Unsigned / Delayed firmware or

User Mode Drivers software update containing vulnerability fixes Kernel Mode Drivers – Interface Intrusion across various OS Kernel interfaces such as addition of filter drivers BIOS, Microcontroller Firmware – Untrusted IO (Camera, Finger Print) drivers Crypto TPM – Replay of previously captured data 15 #RSAC Security Level 1 Authenticator Software Firmware Hardware OS-based authenticator Block Diagram Relying Party Server Trusted Computing Block (TCB) relies upon OS security features FIDO2 Intel hardware & firmware security features: Industry Standard Browser(s) – Root of Trust for measurement: Trusted OS-based FIDO Authenticator Execution Technology (TXT), Authenticated Code Module (Boot Guard) Authenticated Code Reference – Private key storage, Measured OS Boot, Module BIOS Integrated TPM (PTT) – Secure OS Boot: Intel reference BIOS Integrated TPM TXT CPU/Caches Productized use cases Intel based PC – Apple MacBook*, Chromebook*, Windows* PCs

Mass deployment adoption model

16 #RSAC Firmware / Software Hardware Security Level 2, 3 Authenticator TEE App

Block Diagram Relying Party Server TEE-based Authenticator

FIDO Security Level 1 OS-based FIDO* authenticators can be compromised by sophisticated attackers on various FIDO FIDO FIDO interfaces between different OS modules due to large FIDO Authenticator Authenticator Authenticator Authenticator attack surface Enclave Applet Applet – E.g. Key-logger, TPM Key disable Security Level 2, 3 can be achieved by enabling Trusted Main OS Intel® Secure VM Security Execution Environment (TEE) based Authenticators SGX Enclave Engine FW with smaller TCB + achieving additional requirements (e.g. software). Intel provides three hardware options for potential TEE Intel SGX VT/VTd Security CPU Engine – Security Engine – Intel* Software Guard Extensions (Intel® SGX) Intel based PC – VT/VTd

17 #RSAC Security Engine Micro-architecture

Code Cache Internal Security Engine SRAM Data Cache ROM Cryptography Engine

Interrupt I/O Controller DMA engine Bus Internal Memory High Precision and Controller Host Endpoint Watchdog Timer Controller

18 #RSAC Firmware Software Hardware Security Engine Architecture Apps

Block Diagram Relying Security Engine based Authenticator Party Server

FIDO U2F Key Benefits Main OS-based FIDO User – Embedded Secure Element inside Intel Interface App SOC

FIDO U2F Productized use cases Integrated TPM Authenticator – Integrated TPM: Possession Factor for Security Engine Kernel Host OS and VT/VTd based solution – FIDO U2F : Intel IOC Security Protected Audio Video Path Based o Displays OK button in a random Engine Display Controller location using Protected Audio Video Intel based PC Path, mitigates remote SW attacks

19 Intel Software Guard Extensions #RSAC (Intel SGX) Micro-Architecture

CPU Hardware assisted Trusted Execution Environment Cores System Intel SGX supports 17 new instructions Memory Cache on CPU Memory Bus Jco3lk93 SSN: 7weu0cw Applications (Enclaves) can set aside 111-00-1010 ejpoi private regions of code and data. Better protection against direct CPU Package attacks on executing code or data Snoop stored in memory. Snoop

20 #RSAC Intel® Software Guard Extension FIDO Architecture Software Trustlet Hardware

Block Diagram Relying Intel SGX based Authenticator Party Server

FIDO UAF Key Benefits

Main OS-based FIDO App – Small TCB that includes architectural enclaves and Intel HW/FW FIDO Authenticator Enclave (IOC) – Completely isolated from main OS, Fingerprint Match Enclave VMM and BIOS Intel Architecture Enclaves Productized use cases Intel SGX Finger Print – FIDO UAF : Intel IOC Hardware Controller – Performs fingerprint match inside IOC Intel based PC Authenticator enclave.

21 #RSAC Virtualization Technology Architecture Overview

Secure VM

VM0 VM1

Trusted Apps VT HW provides memory space Ring-3 Ring-3 Ring-0 Ring-0 Read/Write/Execute access control as

Host OS Secure defined by Extended Memory Page VM Tables

VM0 VM1 VTd HW support consists of ensuring VMCS VMCS DMA memory space access control as

EPT0 EPT1 defined by the VTd Page Tables Hypervisor Enabled with Hypervisor and Trusted

VT-x2, VT-d Applications running in a more secure VM Memory #RSAC Virtualization Technology FIDO Architecture

Relying Block Diagram Party Server VT/VTd Based Authenticator FIDO2 Key Benefits – Synergistic with OS & Browser initiatives Industry Standard Browser(s) (e.g. Windows VSM) – Enables more secure IO paths: Better Secure VM-based Secure VM-based protected from Host OS based replay FIDO Authenticator IO Driver(s) attacks Secure VM Kernel WIP use cases – Virtualization based protection WIP with VT/VTd USB / MIPI customers / partners Hardware Controller

Intel based PC

23 #RSAC To Summarize

Today we covered essentials of FIDO Security – Single factor: TPM only – Multiple factors: TPM + pin or TPM + biometrics – Level 1 (OS based), Level 2 and above (TEE based) – Revocation/Life-cycle management Intel hardware and firmware role in FIDO security. – CPU, TXT, TPM, VT/VTd, Intel SGX, Security Engine – Microcode, ACM, Security Engine Firmware, BIOS

Hardware has a strong role in FIDO security

24 #RSAC Call to Action

Stop by at Intel and FIDO booths to look for product demos Short Term – Encourage use of certified FIDO products on your client and server solutions – Ensure FIDO solutions are deployed with proper security configurations – As a relying party learn to discriminate between security levels Long Term – Deploy platforms with higher security levels of FIDO security – Help solve major security challenges facing the industry together

25 #RSAC

Q & A Contact: [email protected]

26 #RSAC Legal Notices & Disclosures Intel provides these materials as-is, with no express or implied warranties. No component or product can be absolutely secure. Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. Check with your system manufacturer or retailer or learn more at http://intel.com. Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries. *Other names and brands may be claimed as the property of others.