a trusted trip in the cloud - cdn2-ecros.pl · 1 © 2018 nokia a trusted trip in the cloud working...
Post on 31-Jul-2020
2 Views
Preview:
TRANSCRIPT
© 2018 Nokia1
A Trusted Trip in the CloudWorking with Trusted Hardware in Practice
Gabriela Limonta
08-11-2018
© 2018 Nokia2
Disclaimer
Source: https://www.everyvowel.com/evcartoon/success-road-2018/
© 2018 Nokia3
Disclaimer
Source: https://www.everyvowel.com/evcartoon/success-road-2018/
© 2018 Nokia6
(for real this time)
The Cloud
© 2018 Nokia7
(for real this time)
The Cloud
Hardware
© 2018 Nokia8
(for real this time)
The Cloud
Hardware
Firmware: BIOS/UEFI
© 2018 Nokia9
(for real this time)
The Cloud
Hardware
Firmware: BIOS/UEFI
Operating System
© 2018 Nokia10
(for real this time)
The Cloud
Hardware
Firmware: BIOS/UEFI
Operating System
Hypervisor Applications
Hypervisor
© 2018 Nokia11
(for real this time)
The Cloud
Hardware
Firmware: BIOS/UEFI
Operating System
Hypervisor Applications
Virtual Workload
Hypervisor
© 2018 Nokia12
(for real this time)
The Cloud
Hardware
Firmware: BIOS/UEFI
Operating System
Hypervisor Applications
Virtual Workload
Hypervisor
© 2018 Nokia13
Industries moving to the cloud
© 2018 Nokia14
Industries moving to the cloud
Source: http://bluebridgetechnologies.com/cloud-web-app-connectivity/
© 2018 Nokia15
Industries moving to the cloud
Source: http://bluebridgetechnologies.com/cloud-web-app-connectivity/
Source: https://aws.amazon.com/automotive/
© 2018 Nokia17
Do we know what state our systems are in?
© 2018 Nokia18
Do we know what state our systems are in?
Source: https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/
Source: https://www.infoworld.com/article/2608141/internet-privacy/snowden--the-nsa-planted-backdoors-in-cisco-products.html
© 2018 Nokia19
Do we know what state our systems are in?
Source: https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/
Source: https://www.infoworld.com/article/2608141/internet-privacy/snowden--the-nsa-planted-backdoors-in-cisco-products.html
Source: https://www.forbes.com/sites/tonybradley/2018/08/01/supply-chain-attacks-
increase-as-cybercriminals-focus-on-exploiting-weak-links
© 2018 Nokia20
Do we know what state our systems are in?
Source: https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/
Source: https://www.infoworld.com/article/2608141/internet-privacy/snowden--the-nsa-planted-backdoors-in-cisco-products.html
Source: https://www.forbes.com/sites/tonybradley/2018/08/01/supply-chain-attacks-
increase-as-cybercriminals-focus-on-exploiting-weak-links
Source: https://www.bloomberg.com/news/features/2018-
10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate
-america-s-top-companies
© 2018 Nokia21
Do we know what state our systems are in?
Source: https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/
Source: https://www.infoworld.com/article/2608141/internet-privacy/snowden--the-nsa-planted-backdoors-in-cisco-products.html
Source: https://www.forbes.com/sites/tonybradley/2018/08/01/supply-chain-attacks-
increase-as-cybercriminals-focus-on-exploiting-weak-links
Source: https://www.bloomberg.com/news/features/2018-
10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate
-america-s-top-companies
Source: https://arstechnica.com/information-technology/2018/10/supermicro-boards-were-so-bug-ridden-why
-would-hackers-ever-need-implants/
© 2018 Nokia22
Trust = Integrity
© 2018 Nokia23
Chain of Trust
Hardware
Firmware: BIOS/UEFI
Operating System
Applications Hypervisor
Virtual Workload
Hypervisor
trusts
© 2018 Nokia24
Chain of Trust
Hardware
Firmware: BIOS/UEFI
Operating System
Applications Hypervisor
Virtual Workload
Hypervisor
trusts
© 2018 Nokia25
Chain of Trust
Hardware
Firmware: BIOS/UEFI
Operating System
Applications Hypervisor
Virtual Workload
Hypervisor
trusts
© 2018 Nokia26
Chain of Trust
Hardware
Firmware: BIOS/UEFI
Operating System
Applications Hypervisor
Virtual Workload
Hypervisor
trusts
© 2018 Nokia27
Code signing
© 2018 Nokia28
Source: https://i.ebayimg.com/images/g/RVAAAOSwyGBa8n4m/s-l1600.jpg
© 2018 Nokia29
Trusted Platform Module
• Tamper-resistant hardware
© 2018 Nokia30
Trusted Platform Module
• Tamper-resistant hardware
• Secure storage
• Platform Configuration Registers (PCRs)
• Non-Volatile RAM
© 2018 Nokia31
Trusted Platform Module
• Tamper-resistant hardware
• Secure storage
• Platform Configuration Registers (PCRs)
• Non-Volatile RAM
• Cryptographic functions
© 2018 Nokia32
Trusted Platform Module
• Tamper-resistant hardware
• Secure storage
• Platform Configuration Registers (PCRs)
• Non-Volatile RAM
• Cryptographic functions
• Notion of unique identity (EK/AK)
© 2018 Nokia33
Trusted Platform Module
• Tamper-resistant hardware
• Secure storage
• Platform Configuration Registers (PCRs)
• Non-Volatile RAM
• Cryptographic functions
• Notion of unique identity (EK/AK)
• Quoting
© 2018 Nokia35
Measured Trust Chain
PCR Extend(PCR, new_value) =
hash(PCRold || new_value)
© 2018 Nokia36
Measured Trust Chain
PCR Extend(PCR, new_value) =
hash(PCRold || new_value)
© 2018 Nokia37
Measured Trust Chain
PCR Extend(PCR, new_value) =
hash(PCRold || new_value)
CRTM
© 2018 Nokia38
Measured Trust Chain
PCR Extend(PCR, new_value) =
hash(PCRold || new_value)
CRTM
BIOS
© 2018 Nokia39
Measured Trust Chain
PCR Extend(PCR, new_value) =
hash(PCRold || new_value)
CRTM
Bootloader
BIOS
© 2018 Nokia40
Measured Trust Chain
PCR Extend(PCR, new_value) =
hash(PCRold || new_value)
CRTM
Kernel/OS
Bootloader
BIOS
© 2018 Nokia41
Measured Trust Chain
PCR Extend(PCR, new_value) =
hash(PCRold || new_value)
CRTM
Kernel/OS
Bootloader
BIOS
Runtime
© 2018 Nokia43
What is remote attestation?
A
Attestation Server
Challenger
© 2018 Nokia44
What is remote attestation?
AIs A trusted?
Attestation Server
Challenger
© 2018 Nokia45
What is remote attestation?
AIs A trusted?Requestmeasurements
Attestation Server
Challenger
© 2018 Nokia46
What is remote attestation?
AIs A trusted?Requestmeasurements
Return measurements
Attestation Server
Challenger
© 2018 Nokia47
What is remote attestation?
AIs A trusted?Requestmeasurements
Return measurements
Compare measurements against known values
Attestation Server
Challenger
© 2018 Nokia48
What is remote attestation?
AIs A trusted?Requestmeasurements
Return measurements
Compare measurements against known values
Attestation Server
A is trusted ☺
Challenger
© 2018 Nokia49
Here comes trusted computing
How do we verify our devices are in a known state?
One machine?
What happens when we have more devices?
Manageable
© 2018 Nokia50
Let’s build our own attestation server
© 2018 Nokia51
The Master Plan
Hypervisor
© 2018 Nokia52
The Master Plan
Hypervisor Attestation
Server
© 2018 Nokia53
The Master Plan
TPM Drivers
TPM Software Stack
Linux IMA
Trust AgentAttestation
Server
Attestation
Database
Attestation UI
TPM 2.0
© 2018 Nokia54
The most important decision of my project
© 2018 Nokia55
The most important decision of my project
© 2018 Nokia56
Or so I thought…
The most important decision of my project
© 2018 Nokia57
The Master Plan
TPM Drivers
TPM Software Stack
Linux IMA
Trust AgentAttestation
Server
Attestation
Database
Attestation UI
TPM 2.0
© 2018 Nokia58
Hardware and drivers
The Master Plan
TPM Drivers
TPM Software Stack
Linux IMA
Trust AgentAttestation
Server
Attestation
Database
Attestation UI
TPM 2.0
© 2018 Nokia59
TPM Software
The Master Plan
TPM Drivers
TPM Software Stack
Linux IMA
Trust AgentAttestation
Server
Attestation
Database
Attestation UI
TPM 2.0
© 2018 Nokia60
Talking to the TPM
TPM2 Software Stack
TPM2 TSS
TPM2 ABRMD
TPM2 Tools
© 2018 Nokia61
Talking to the TPM
TPM2 Software Stack
TPM2 TSS
TPM2 ABRMD
TPM2 Tools
© 2018 Nokia62
Talking to the TPM
TPM2 Software Stack
TPM2 TSS
TPM2 ABRMD
TPM2 Tools
© 2018 Nokia63
Talking to the TPM
TPM2 Software Stack
TPM2 TSS
TPM2 ABRMD
TPM2 Tools
© 2018 Nokia64
Talking to the TPM
TPM2 Software Stack
TPM2 TSS
TPM2 ABRMD
TPM2 Tools
…
Profit (?)
$ sudo apt-get install tpm2or$ sudo yum install tpm2
© 2018 Nokia65
Talking to the TPM
TPM2 Software Stack
TPM2 TSS
TPM2 ABRMD
TPM2 Tools
$ sudo apt-get install …$ git clone …$ ./bootstrap$ ./configure$ make$ sudo make install
© 2018 Nokia66
Handling dependencies manually
TPM2 Software Stack
TPM2 TSS
TPM2 ABRMD
TPM2 Tools
$ sudo apt-get install …$ git clone …$ ./bootstrap$ ./configure$ make$ sudo make install
…
Except when it fails
© 2018 Nokia68
The tiniest changes can crash your app
Master moves too fast
© 2018 Nokia69
The tiniest changes can crash your app
Master moves too fast
nuc2@localhost:~$ tpm2_pcrlistsha1 :
0 : ac083eae8ab7125c0b9619ead3658c7e7ecfe2f11 : 2172bce4f0c29710a8b4fc43be4e343dd358270d2 : b2a83b0ebf2f8374299a5b2bdfc31ea955ad72363 : b2a83b0ebf2f8374299a5b2bdfc31ea955ad72364 : 678f6bb33400c4686099379791f0d5ad150b994f5 : 80e4c674405798afdfd9b629a8351375e809dfb86 : b2a83b0ebf2f8374299a5b2bdfc31ea955ad72367 : 6653aba680bf45c7130d897ea1d8a18fd32cade68 : 00000000000000000000000000000000000000009 : 000000000000000000000000000000000000000010 : 800a2f651081575ea4100f1a848966cbdd9ec7bf11 : 000000000000000000000000000000000000000012 : 000000000000000000000000000000000000000013 : 000000000000000000000000000000000000000014 : 000000000000000000000000000000000000000015 : 000000000000000000000000000000000000000016 : 000000000000000000000000000000000000000017 : ffffffffffffffffffffffffffffffffffffffff18 : ffffffffffffffffffffffffffffffffffffffff19 : ffffffffffffffffffffffffffffffffffffffff20 : ffffffffffffffffffffffffffffffffffffffff21 : ffffffffffffffffffffffffffffffffffffffff22 : ffffffffffffffffffffffffffffffffffffffff23 : 0000000000000000000000000000000000000000
© 2018 Nokia70
The tiniest changes can crash your app
Master moves too fast
nuc2@localhost:~$ tpm2_pcrlistsha1 :
0 : ac083eae8ab7125c0b9619ead3658c7e7ecfe2f11 : 2172bce4f0c29710a8b4fc43be4e343dd358270d2 : b2a83b0ebf2f8374299a5b2bdfc31ea955ad72363 : b2a83b0ebf2f8374299a5b2bdfc31ea955ad72364 : 678f6bb33400c4686099379791f0d5ad150b994f5 : 80e4c674405798afdfd9b629a8351375e809dfb86 : b2a83b0ebf2f8374299a5b2bdfc31ea955ad72367 : 6653aba680bf45c7130d897ea1d8a18fd32cade68 : 00000000000000000000000000000000000000009 : 000000000000000000000000000000000000000010 : 800a2f651081575ea4100f1a848966cbdd9ec7bf11 : 000000000000000000000000000000000000000012 : 000000000000000000000000000000000000000013 : 000000000000000000000000000000000000000014 : 000000000000000000000000000000000000000015 : 000000000000000000000000000000000000000016 : 000000000000000000000000000000000000000017 : ffffffffffffffffffffffffffffffffffffffff18 : ffffffffffffffffffffffffffffffffffffffff19 : ffffffffffffffffffffffffffffffffffffffff20 : ffffffffffffffffffffffffffffffffffffffff21 : ffffffffffffffffffffffffffffffffffffffff22 : ffffffffffffffffffffffffffffffffffffffff23 : 0000000000000000000000000000000000000000
nuc3@localhost:~$ tpm2_pcrlistsha1:
0 : 0xAC083EAE8AB7125C0B9619EAD3658C7E7ECFE2F11 : 0x2172BCE4F0C29710A8B4FC43BE4E343DD358270D2 : 0xB2A83B0EBF2F8374299A5B2BDFC31EA955AD72363 : 0xB2A83B0EBF2F8374299A5B2BDFC31EA955AD72364 : 0x678F6BB33400C4686099379791F0D5AD150B994F5 : 0x80E4C674405798AFDFD9B629A8351375E809DFB86 : 0xB2A83B0EBF2F8374299A5B2BDFC31EA955AD72367 : 0x6653ABA680BF45C7130D897EA1D8A18FD32CADE68 : 0x00000000000000000000000000000000000000009 : 0x000000000000000000000000000000000000000010: 0x9A8C4D55EA55E57DC7AB54081D15BE18F19AED6011: 0x000000000000000000000000000000000000000012: 0x000000000000000000000000000000000000000013: 0x000000000000000000000000000000000000000014: 0x000000000000000000000000000000000000000015: 0x000000000000000000000000000000000000000016: 0x000000000000000000000000000000000000000017: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF23: 0x0000000000000000000000000000000000000000
© 2018 Nokia71
But what happens when the releases are too slow?
© 2018 Nokia72
But what happens when the releases are too slow?
$ echo -n "hello" | tpm2_nvwrite -x 0x1800005 -a 0x40000001 -VINFO on line: "135" in file: "tools/tpm2_nvwrite.c": The data(size=0) to bewritten:INFO on line: "149" in file: "tools/tpm2_nvwrite.c": Success to write NVarea at index 0x1800005 (25165829) offset 0x0.…
© 2018 Nokia73
But what happens when the releases are too slow?
$ echo -n "hello" | tpm2_nvwrite -x 0x1800005 -a 0x40000001 -VINFO on line: "135" in file: "tools/tpm2_nvwrite.c": The data(size=0) to bewritten:INFO on line: "149" in file: "tools/tpm2_nvwrite.c": Success to write NVarea at index 0x1800005 (25165829) offset 0x0.…
$ tpm2_getcap –c “properties-fixed”TPM_PT_FAMILY_INDICATOR:as UINT32: 0x08322e3000as string: "2.0"
TPM_PT_LEVEL: 0TPM_PT_REVISION: 0.99TPM_PT_DAY_OF_YEAR: 0x000000ceTPM_PT_YEAR: 0x000007ddTPM_PT_MANUFACTURER: 0x49465800TPM_PT_VENDOR_STRING_1:as UINT32: 0x534c4239as string: "SLB9"
TPM_PT_VENDOR_STRING_2:as UINT32: 0x36363500as string: "665"
TPM_PT_VENDOR_STRING_3:as UINT32: 0x00000000as string: ""
TPM_PT_VENDOR_STRING_4:as UINT32: 0x00000000as string: "“
…
TPM_PT_NV_BUFFER_SIZE missing
© 2018 Nokia74
Interaction with the TPM community
Source: https://xkcd.com/979/
© 2018 Nokia75
Runtime measurements
The Master Plan
TPM Drivers
TPM Software Stack
Linux IMA
Trust AgentAttestation
Server
Attestation
Database
Attestation UI
TPM 2.0
© 2018 Nokia76
With a bit of help of SELinux
Linux Integrity Measurement Architecture (IMA)
$ ls -Z important_config.cfgunconfined_u:object_r:measure_t:s0 important_config.cfg
© 2018 Nokia77
With a bit of help of SELinux
Linux Integrity Measurement Architecture (IMA)
important_config.cfg
© 2018 Nokia78
With a bit of help of SELinux
Linux Integrity Measurement Architecture (IMA)
important_config.cfg
read or write
© 2018 Nokia79
With a bit of help of SELinux
Linux Integrity Measurement Architecture (IMA)
$ sudo cat /sys/kernel/security/ima/ascii_runtime_measurements14 5a31cc6614900545aeea9e127236d5b38303d697 ima-ng sha256:a6c1770713779681d2133cd82e360cfdb21f32cec7cfe5ab25b4ca6ef0d2f141 /home/nuc2/demo/important_config.cfg…14 a982f5293b0ec860b9df9030cf0e753e22e9cdd5 ima-ng sha256:df3661ec92f843ecd53fb57ed0db31cbd5e19b55de2e648eb3111779717fb01f /home/nuc2/demo/important_config.cfg
important_config.cfg
read or write
add measurement to list
© 2018 Nokia80
With a bit of help of SELinux
Linux Integrity Measurement Architecture (IMA)
$ sudo cat /sys/kernel/security/ima/ascii_runtime_measurements14 5a31cc6614900545aeea9e127236d5b38303d697 ima-ng sha256:a6c1770713779681d2133cd82e360cfdb21f32cec7cfe5ab25b4ca6ef0d2f141 /home/nuc2/demo/important_config.cfg…14 a982f5293b0ec860b9df9030cf0e753e22e9cdd5 ima-ng sha256:df3661ec92f843ecd53fb57ed0db31cbd5e19b55de2e648eb3111779717fb01f /home/nuc2/demo/important_config.cfg
important_config.cfg
read or write
add measurement to list
extend PCR 14
© 2018 Nokia81
© 2018 Nokia82
© 2018 Nokia83
CONFIG_INTEGRITY=yCONFIG_IMA=y
© 2018 Nokia84
Attestation bits
The Master Plan
TPM Drivers
TPM Software Stack
Linux IMA
Trust AgentAttestation
Server
Attestation
Database
Attestation UI
TPM 2.0
© 2018 Nokia85
Our Testbed
Nokia AirFrame 1
Nokia AirFrame 2
NUC 1
NUC 2
NUC 3
Lenovo Laptop 1
Lenovo Laptop 2
Attestation
Server
Raspberry Pi
© 2018 Nokia87
Sharing the PoC with the world
© 2018 Nokia90
Testing on server class hardware
Source: https://i.kym-cdn.com/photos/images/original/000/454/143/794.jpg
© 2018 Nokia91
Documenting and packaging
Source: http://geek-and-poke.com/geekandpoke/2013/2/14/self-documenting-code.html
© 2018 Nokia93
Remember the CRTM?
From standards to the real world
Nokia AirFrame 1
Nokia AirFrame 2
Nokia AirFrame 3
Nokia AirFrame 4
Nokia AirFrame 5
© 2018 Nokia94
Remember the CRTM?
From standards to the real world
Nokia AirFrame 1
Nokia AirFrame 2
Nokia AirFrame 3
Nokia AirFrame 4
Nokia AirFrame 5
PCR 0: 33ba0f3c29f478c53fa626b13b2dbed2717c90b000aaaf3a3990b233b731c5fc
PCR 0: 33ba0f3c29f478c53fa626b13b2dbed2717c90b000aaaf3a3990b233b731c5fc
PCR 0: 33ba0f3c29f478c53fa626b13b2dbed2717c90b000aaaf3a3990b233b731c5fc
PCR 0: 33ba0f3c29f478c53fa626b13b2dbed2717c90b000aaaf3a3990b233b731c5fc
PCR 0: c10de69da5db6f03d88b441bba921218a2af185aa3ae5f36453330f61657ddf4
© 2018 Nokia95
What do our results mean?
© 2018 Nokia96
The limits of trust
Trusted ServerFirmware SupplierAdditional
Firmware
© 2018 Nokia97
The limits of trust
Trusted ServerFirmware SupplierAdditional
Firmware
What if an unknown third party tampers with the
firmware?
© 2018 Nokia98
Mandatory paranoia slide
The limits of trust
Trusted ServerFirmware SupplierAdditional
Firmware
Of course, that would never happen!
© 2018 Nokia99
Mandatory paranoia slide
The limits of trust
Trusted ServerFirmware SupplierAdditional
Firmware
Of course, that would never happen!
© 2018 Nokia100
Source: http://intradayfun.com/2015/08/the-real-road-to-success-hurts/
© 2018 Nokia101
Source: http://intradayfun.com/2015/08/the-real-road-to-success-hurts/
gabriela.limonta@nokia.com
Thanks!
© 2018 Nokia104
Backup slides
© 2018 Nokia106
References
The icons used in this presentation are made by Smashicons from www.flaticon.com
top related