SSUKey: A CPU-Based Solution Protecting Private Keys on Untrusted OS
Abstract
With more and more websites adopt private keys to authenticate users or sign digital payments in e-commerce, various solutions have been proposed to secure private keys – some of them employ extra specific hardware devices while most of them adopt security features provided by general OS. However, users are reluctant to extra devices and general OS is too complicated to protect itself, let alone the private keys on it. This paper proposes a software solution, SSUKey, adopting CPU security features to protect private keys against the vulnerabilities of OS. Firstly, threshold cryptography (TC) is employed to partition the private key into two shares and two Intel SGX enclaves on local client and remote server are used to secure the key shares respectively. Secondly, the two enclaves are carefully designed and configured to mitigate the vulnerabilities of Intel SGX, including side channel and rollback. Thirdly, an overall central private key management is designed to help users globally monitor the usage of private keys and detect abnormal behaviors. Finally, we implement SSUKey as a cryptography provider, apply it to file encryption and Transport Layer Security (TLS) download, and evaluate their performance. The experiment results show that the performance decline due to SSUKey is acceptable.
Keywords
Trusted Execution Environment (TEE) Intel SGX Trusted computing Threshold cryptography Key protectionNotes
Acknowledgments
We thank the anonymous reviewers for their helpful feedback. The work was partially supported by the National Basic Research 973 Program of China (No. 2014CB340603) and the National Natural Science Foundation of China (No. 61772518).
References
- 1.Stratistics MRC: Digital Signature - Global Market Outlook (2016–2022). http://www.strategymrc.com/report/digital-signature-market. Accessed Sept 2017
- 2.Services that Integrate with the YubiKey. https://www.yubico.com/solutions/#FIDO-U2F. Accessed Sept 2017
- 3.SafeNet Inc.: 2014 Authentication Survey Executive Summary. https://safenet.gemalto.com/news/2014/authentication-survey-2014-reveals-more-enterprises-adopting-multi-factor-authentication/. Accessed Sept 2017
- 4.Hofmann, O., et al.: InkTag: secure applications on an untrusted operating system, vol. 41, pp. 265–278. ACM (2013)Google Scholar
- 5.McCune, J., et al.: TrustVisor: efficient TCB reduction and attestation. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 143–158. IEEE (2010)Google Scholar
- 6.Anati, I., Gueron, S., Johnson, S., Scarlata, V.: Innovative technology for CPU based attestation and sealing. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, vol. 13 (2013)Google Scholar
- 7.Hoekstra, M., et al.: Using innovative instructions to create trustworthy software solutions, p. 11 (2013)Google Scholar
- 8.McKeen, F., et al.: Innovative instructions and software model for isolated execution. In: HASP@ ISCA, p. 10 (2013)Google Scholar
- 9.Costan, V., Devadas, S.: Intel SGX explained. IACR Cryptology ePrint Archive, 2016:86 (2016)Google Scholar
- 10.Schwarz, M., et al.: Malware guard extension: using SGX to conceal cache attacks. arXiv preprint arXiv:1702.08719 (2017)
- 11.Brasser, F., et al.: Software grand exposure: SGX cache attacks are practical. arXiv preprint arXiv:1702.07521 (2017)
- 12.Xu, Y., Cui, W., Peinado, M.: Controlled-channel attacks: deterministic side channels for untrusted operating systems. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 640–656. IEEE (2015)Google Scholar
- 13.Intel: SGX documentation: SGX create monotonic counter. https://software.intel.com/en-us/node/709160. Accessed Sept 2017
- 14.Skorobogatov, S.: The bumpy road towards iPhone 5c NAND mirroring. arXiv preprint arXiv:1609.04327 (2016)
- 15.Shen, S. (ed.): SM2 Digital Signature Algorithm (draft 02) (2014). https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
- 16.Shen, S. (ed.): SM3 Hash function (draft 01) (2014). https://tools.ietf.org/html/draft-shen-sm3-hash-01
- 17.Tse, R.: The SM4 Block Cipher Algorithm and Its Modes of Operations (draft 01) (2014). https://tools.ietf.org/html/draft-ribose-cfrg-sm4-01
- 18.Dierks, T.: RFC 5246: the transport layer security (TLS) protocol. The Internet Engineering Task Force (2008)Google Scholar
- 19.Barker, E., Kelsey, J.: Recommendation of random number generation using deterministic random bit generators. NIST SP800-90A, June 2015Google Scholar
- 20.Weiser, S., Werner, M.: SGXIO: Generic Trusted I/O Path for Intel SGX. arXiv preprint arXiv:1701.01061 (2017)
- 21.Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3 (draft 21) (2017). https://tools.ietf.org/pdf/draft-ietf-tls-tls13-21.pdf
- 22.Lin, J., et al.: Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm (2014). http://www.soopat.com/Patent/201410437599. CN Patent CN104243456A
- 23.Li, D., Morton, P., Li, T., Cole, B.: Cisco hot standby router protocol (HSRP) (1998)Google Scholar
- 24.Matetic, S., et al.: ROTE: rollback protection for trusted execution. IACR Cryptology ePrint Archive 2017:48 (2017)Google Scholar
- 25.Li, W., et al.: Building trusted path on untrusted device drivers for mobile devices. In: APSys 2014. ACM (2014)Google Scholar