Secure cryptographic operations environment
“I definitely think cryptography is becoming less important. In reality, even the most secure computer systems in the most isolated places have been hacked in recent years with a series of APT attacks or other advanced techniques, ”said Adi Shamir, participating in a cryptographic session at the RSA conference.
What does the "founding father" of public-key cryptography mean? Today it is impossible to imagine information security without cryptography. The strength of modern cryptographic algorithms has not yet been called into question. However, compromising systems using cryptographic security mechanisms is not uncommon. There are many reasons for this. I would like to note that hereinafter, the human factor, government influence, corruption, etc. are not considered, but only technical aspects are discussed. A typical example of attacks on systems using cryptography is an attack on a client-bank system. The lack of a trusted environment for performing cryptographic operations on a client’s computer leads to the possibility of attacks aimed at stealing key information, substituting payment information, for unauthorized use of keys. A huge number of incidents in RBS systems shows that protecting the runtime environment is no less important than the strength of the cryptographic algorithms used.
What should the cryptographic operations execution environment provide:
A separate item is the usability of the solution. The requirement is not technical, but rather commercial. And of course, there is no strict formalization in this matter.
Many different mechanisms are currently used to create a trusted environment. Below is a small review.
Antiviruses and sandboxes
The "first line of defense" can be attributed to various software security features installed in the system. It should be noted that these tools are not the environment itself, but are used to create a secure environment in the computer OS. Such tools include antiviruses and various software sandboxes. The use of these tools significantly reduces the risk of unauthorized access to data when performing critical operations. However, as practice shows, their use does not guarantee protection. Errors in system-wide software and constantly improving spyware allow you to bypass almost any software protection mechanism.
Using Trusted Boot Module
The trusted boot module (MDZ) and the trusted environment sound similar, however, not at all the same thing. Indeed, the use of MDZ solves some of the tasks of creating a trusted environment. MDZ can provide differentiation of access rights to the system, increase the reliability of key storage in the system, and ensure the integrity of some part of the system. This solution increases the overall level of security before loading the system, however, after loading the OS with the installed MDZ, it is also susceptible to attacks, like a regular system.
Booting from an image
Using booting from an operating system image to perform important operations. This approach can be implemented by various methods. However, all of them have one drawback.
There are two main approaches to using boot from an image.
Virtual machine. There may be attacks from the host machine, both at run time, and on the image of the virtual machine. Like other software protection mechanisms, it reduces the risk, but does not give security guarantees.
Download from LiveCD / LiveUSB. When constructing such a solution, it is necessary to form an image of the system with the necessary functionality. At the same time, it makes sense to limit the list of applications in the image to only those that are necessary to complete the tasks. When planning to launch the system on different computers, support for various hardware platforms is required. For safe use, you must solve all of the above problems. Some of the problems can be solved using secure media.
Booting from protected media
A more advanced version of booting from an OS image is the use of protected media. As in the previous case, it is recommended to use an OS specially prepared for a specific operation. For example, an OS with which you can only connect to a specific server and perform strictly defined actions. From a security point of view, the risks when using such a solution tend to zero. However, if there are errors on the system server, the possibility of an attack remains. Protection of the system image from unauthorized changes is implemented using a special medium. A special medium also implements the secure storage of cryptographic keys.
Regarding usability. The main disadvantage of all such solutions is the "isolation" from the main system, as well as the need to reboot the system to run a trusted environment. That is, this solution does not have the usual work tools, and it also complicates the transfer of data between trusted and conventional OS applications. One of the acceptable options for data exchange may be a specialized network resource, however, a constant reboot of the OS to perform any operation is extremely inconvenient for the user. The logical continuation could be the use of two computers. The main one, where the business process takes place and a stand-alone computer with a special OS for performing information-critical operations. These computers can have a network connection directly between themselves or through a server.
Loading code into a single core
This decision makes sense in a separate class because of the originality of the mechanism used. According to the description, when loading from a special medium (flash drive), one code is loaded into one of the processor cores, then (after removing the flash drive) the main system starts on other cores. It is possible to switch between the running OS and the executable code in the first core. It is declared that the OS does not have access to the first kernel with the loaded program. However, from the OS, you can transfer data to a dedicated kernel for “trusted” processing. The scheme is very original, however, the correctness of isolation of processes performed in different cores remains open to question. Logic suggests that if it is possible to transfer data for signature from the main OS to other kernels, then most likely other options for the interaction of processes are possible. The mechanism for protecting flash media from changing the bootloader code and the safety of keys stored on it is also not very clear. Apparently, the use of special media is indispensable.
External trusted devices
The idea of moving critical operations to a separate dedicated device is not new. In this case, work with keys and control of the processed information should be referred to critical operations. That is, in these devices, it is necessary to provide key generation, cryptographic operations and control of data received for processing. It is also necessary to provide a mechanism for delimiting access rights to the device and ensure the invariability of the executable code.
The task of safe working with keys has long been and very effectively solved by smart cards and tokens with cryptography on board. Keys are generated hardware in devices, cryptographic operations are performed in devices, keys never leave devices. Access rights are most often distinguished using a PIN code. Protection of the executable program from modification is provided by the chip manufacturer at the hardware level. To combat attacks aimed at the unauthorized use of cryptographic capabilities, the development of these devices is on the way to adding functionality to control the authenticity of data.
The implementation of the control of the authenticity of the data received for processing in trusted devices can be different. There are three main control mechanisms:
At their core, all external trusted devices are minicomputers with limited functional and computational capabilities. Data authenticity is ensured by the presence of its own input-output interfaces.
Prospects
With an abundance of various solutions for creating a trusted environment, some patterns are observed.
Based on the foregoing, in the coming years we can expect the emergence of specialized computers designed exclusively for critical operations in a trusted environment. It is likely that tablet computers can become the basis for them, which are constantly falling in price and at the same time have sufficient computing power and the necessary interfaces.
What does the "founding father" of public-key cryptography mean? Today it is impossible to imagine information security without cryptography. The strength of modern cryptographic algorithms has not yet been called into question. However, compromising systems using cryptographic security mechanisms is not uncommon. There are many reasons for this. I would like to note that hereinafter, the human factor, government influence, corruption, etc. are not considered, but only technical aspects are discussed. A typical example of attacks on systems using cryptography is an attack on a client-bank system. The lack of a trusted environment for performing cryptographic operations on a client’s computer leads to the possibility of attacks aimed at stealing key information, substituting payment information, for unauthorized use of keys. A huge number of incidents in RBS systems shows that protecting the runtime environment is no less important than the strength of the cryptographic algorithms used.
What should the cryptographic operations execution environment provide:
- Protect cryptographic keys from copying;
- To guarantee the delimitation of access rights to cryptographic operations;
- Provide control over the authenticity of data received for processing;
- Ensure the integrity of your own code;
- Have an interface to interact with an insecure environment.
A separate item is the usability of the solution. The requirement is not technical, but rather commercial. And of course, there is no strict formalization in this matter.
Many different mechanisms are currently used to create a trusted environment. Below is a small review.
Antiviruses and sandboxes
The "first line of defense" can be attributed to various software security features installed in the system. It should be noted that these tools are not the environment itself, but are used to create a secure environment in the computer OS. Such tools include antiviruses and various software sandboxes. The use of these tools significantly reduces the risk of unauthorized access to data when performing critical operations. However, as practice shows, their use does not guarantee protection. Errors in system-wide software and constantly improving spyware allow you to bypass almost any software protection mechanism.
Using Trusted Boot Module
The trusted boot module (MDZ) and the trusted environment sound similar, however, not at all the same thing. Indeed, the use of MDZ solves some of the tasks of creating a trusted environment. MDZ can provide differentiation of access rights to the system, increase the reliability of key storage in the system, and ensure the integrity of some part of the system. This solution increases the overall level of security before loading the system, however, after loading the OS with the installed MDZ, it is also susceptible to attacks, like a regular system.
Booting from an image
Using booting from an operating system image to perform important operations. This approach can be implemented by various methods. However, all of them have one drawback.
- The image of the system is a critical component of the solution. Without the use of additional security features, it is impossible to ensure the integrity of the image and the confidentiality of key information stored in the image.
- An already running trusted OS can be attacked, just like a regular system. Using boot from a trusted OS without additional security features does not create a trusted environment.
- Usability:
- In most cases, a reboot is required;
- The user is forced to use the environment without the usual tools;
- Communication between trusted and untrusted environments is difficult.
There are two main approaches to using boot from an image.
Virtual machine. There may be attacks from the host machine, both at run time, and on the image of the virtual machine. Like other software protection mechanisms, it reduces the risk, but does not give security guarantees.
Download from LiveCD / LiveUSB. When constructing such a solution, it is necessary to form an image of the system with the necessary functionality. At the same time, it makes sense to limit the list of applications in the image to only those that are necessary to complete the tasks. When planning to launch the system on different computers, support for various hardware platforms is required. For safe use, you must solve all of the above problems. Some of the problems can be solved using secure media.
Booting from protected media
A more advanced version of booting from an OS image is the use of protected media. As in the previous case, it is recommended to use an OS specially prepared for a specific operation. For example, an OS with which you can only connect to a specific server and perform strictly defined actions. From a security point of view, the risks when using such a solution tend to zero. However, if there are errors on the system server, the possibility of an attack remains. Protection of the system image from unauthorized changes is implemented using a special medium. A special medium also implements the secure storage of cryptographic keys.
Regarding usability. The main disadvantage of all such solutions is the "isolation" from the main system, as well as the need to reboot the system to run a trusted environment. That is, this solution does not have the usual work tools, and it also complicates the transfer of data between trusted and conventional OS applications. One of the acceptable options for data exchange may be a specialized network resource, however, a constant reboot of the OS to perform any operation is extremely inconvenient for the user. The logical continuation could be the use of two computers. The main one, where the business process takes place and a stand-alone computer with a special OS for performing information-critical operations. These computers can have a network connection directly between themselves or through a server.
Loading code into a single core
This decision makes sense in a separate class because of the originality of the mechanism used. According to the description, when loading from a special medium (flash drive), one code is loaded into one of the processor cores, then (after removing the flash drive) the main system starts on other cores. It is possible to switch between the running OS and the executable code in the first core. It is declared that the OS does not have access to the first kernel with the loaded program. However, from the OS, you can transfer data to a dedicated kernel for “trusted” processing. The scheme is very original, however, the correctness of isolation of processes performed in different cores remains open to question. Logic suggests that if it is possible to transfer data for signature from the main OS to other kernels, then most likely other options for the interaction of processes are possible. The mechanism for protecting flash media from changing the bootloader code and the safety of keys stored on it is also not very clear. Apparently, the use of special media is indispensable.
External trusted devices
The idea of moving critical operations to a separate dedicated device is not new. In this case, work with keys and control of the processed information should be referred to critical operations. That is, in these devices, it is necessary to provide key generation, cryptographic operations and control of data received for processing. It is also necessary to provide a mechanism for delimiting access rights to the device and ensure the invariability of the executable code.
The task of safe working with keys has long been and very effectively solved by smart cards and tokens with cryptography on board. Keys are generated hardware in devices, cryptographic operations are performed in devices, keys never leave devices. Access rights are most often distinguished using a PIN code. Protection of the executable program from modification is provided by the chip manufacturer at the hardware level. To combat attacks aimed at the unauthorized use of cryptographic capabilities, the development of these devices is on the way to adding functionality to control the authenticity of data.
The implementation of the control of the authenticity of the data received for processing in trusted devices can be different. There are three main control mechanisms:
- Trusted data entry mechanism. It is implemented using keyboards for entering data physically located on the device. A typical example is the so-called “cryptocurrency calculators”, on the keyboard of which a set of payment details is made and then, based on the device’s secret (or payment card secret), a payment confirmation code is generated. The main disadvantage of the solution is the need to enter data manually. In the banking sector, to eliminate this inconvenience, the functionality of storing a list of counterparties can be added to the device.
- Visual control of data by using the display of a trusted device. Unlike the first method, data is generated in an untrusted environment, and then displayed on the screen of a trusted device. The correctness of the data is checked by the user of the device. If the user confirms the correctness of the data, a confirmation code is generated. Devices can have a different form factor and have different data exchange interfaces. These are currently the most user-friendly solutions for creating a trusted environment.
- Retrieving data from a trusted source with cryptographic verification of authorship. Receive data from a trusted application server and decrypt (verify signature) in a trusted device. It can be combined with visual data control.
At their core, all external trusted devices are minicomputers with limited functional and computational capabilities. Data authenticity is ensured by the presence of its own input-output interfaces.
Prospects
With an abundance of various solutions for creating a trusted environment, some patterns are observed.
- It is not possible to effectively solve the task without a device separate from the main computer.
- When using boot from a trusted medium, the functionality of the bootable OS is limited for security.
- External plug-in devices are increasing their functionality.
Based on the foregoing, in the coming years we can expect the emergence of specialized computers designed exclusively for critical operations in a trusted environment. It is likely that tablet computers can become the basis for them, which are constantly falling in price and at the same time have sufficient computing power and the necessary interfaces.