research-article

Mutual Authentication and Trust Bootstrapping towards Secure Disk Encryption

Authors:

Johannes Götzfried,

Tilo MüllerAuthors Info & Claims

ACM Transactions on Information and System Security (TISSEC), Volume 17, Issue 2

Article No.: 6, Pages 1 - 23

https://doi.org/10.1145/2663348

Published: 17 November 2014 Publication History

Get Access

Abstract

The weakest link in software-based full disk encryption is the authentication procedure. Since the master boot record must be present unencrypted in order to launch the decryption of remaining system parts, it can easily be manipulated and infiltrated by bootkits that perform keystroke logging; consequently, password-based authentication schemes become attackable. The current technological response, as enforced by BitLocker, verifies the integrity of the boot process by use of the trusted platform module. But, as we show, this countermeasure is insufficient in practice. We present STARK, the first tamperproof authentication scheme that mutually authenticates the computer and the user in order to resist keylogging during boot. To achieve this, STARK implements trust bootstrapping from a secure token to the whole PC. The secure token is an active USB drive that verifies the integrity of the PC and indicates the verification status by an LED to the user. This way, users can ensure the authenticity of the PC before entering their passwords.

References

[1]

Dmitri Asonov and Rakesh Agrawal. 2004. Keyboard acoustic emanations. Technical Report. IBM Almaden Research Center, San Jose, CA. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society.

Google Scholar

[2]

Benjamin Böck. 2009. Firewire-Based Physical Security Attacks on Windows 7, EFS and BitLocker. Secure Business Austria Research Lab.

Google Scholar

[3]

Break & Enter. 2012. Adventures with Daisy in Thunderbolt-DMA-Land: Hacking Macs through the Thunderbolt interface. http://www.breaknenter.org.

Google Scholar

[4]

Brian D. Carrier and Eugene H. Spafford. 2003. Getting physical with the digital investigation process. Int. J. Digital Evid. 2, 2. (2003).

Google Scholar

[5]

R. Carbone, C. Bean, and M. Salois. 2011. An in-depth analysis of the cold boot attack. Technical Report. DRDC Valcartier, Defence Research and Development, Canada.

Google Scholar

[6]

Christophe Devine and Guillaume Vissian. 2009. Compromission physique par le bus PCI. In Proceedings of SSTIC’09. Thales Security Systems.

Google Scholar

[7]

Morris Dworkin. 2010. Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices. Special Publication 800-38E. NIST.

Digital Library

Google Scholar

[8]

Ebfe. 2010. Ebfe’s Anti-Bootkit Project. http://ebfes.wordpress.com/tag/bootloader/.

Google Scholar

[9]

FIPS. 2001. Advanced Encryption Standard (AES). FIPS PUB 197. NIST.

Google Scholar

[10]

Free Software Foundation. 2014. GRand Unified Bootloader. http://www.gnu.org/software/grub.

Google Scholar

[11]

Andreas Galauner. 2012. EFI Rootkits: Owning your OS before it’s even running. Technical Report.SIGINT.

Google Scholar

[12]

Peter Gutmann. 2001. Data remanence in semiconductor Devices. In Proceedings of the 10th USENIX Security Symposium. USENIX Association.

Digital Library

Google Scholar

[13]

Robert David Graham. 2011. Thunderbolt: Introducing a new way to hack Macs. (Feb. 2011). Errata Security.

Google Scholar

[14]

J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten. 2008. Lest we remember: Cold boot attacks on encryptions keys. In Proceedings of the 17th USENIX Security Symposium. USENIX Association, 45--60.

Digital Library

Google Scholar

[15]

John Heasman. 2006. Implementing and detecting an ACPI BIOS Rootkit. Technical Report. NGS Consulting. BlackHat Briefings, Europe.

Google Scholar

[16]

Daniel M. Hein, Ronald Toegl, and Stefan Kraxberger. 2010. An autonomous attestation token to secure mobile agents in disaster response. Secur. Commun. Netw. 3, 5, 421--438.

Crossref

Google Scholar

[17]

Daniel M. Hein, Ronald Toegl, Martin Pirker, Emil Gatial, Zoltán Balogh, Hans Brandl, and Ladislav Hluchý. 2012. Securing mobile agents for crisis management support. In Proceedings of the 7th ACM Workshop on Scalable Trusted Computing (STC’12). ACM, New York, NY, 85--90.

Digital Library

Google Scholar

[18]

Blake Ives, Kenneth R. Walsh, and Helmut Schneider. 2004. The domino effect of password reuse. Commun. ACM 47, 4.

Digital Library

Google Scholar

[19]

Clay Johnson. 2006. Protection of Sensitive Agency Information. U.S. Executive Office of the President, Washington, D.C. 20503.

Google Scholar

[20]

B. Kaliski. 2000. PKCS #5: Password-based cryptography specification. RFC. 2898, Internet Engineering Task Force (Ed.). Vol. 2.0. RSA Laboratories.

Digital Library

Google Scholar

[21]

KeeLog. 2012. Video Ghost. http://www.keelog.com/hardware_video_logger.html.

Google Scholar

[22]

KeyGhost. 2006. PCI / Mini-PCI Hardware Keylogger. http://www.keyghost.com/PCI-MPCI-Keylogger.htm. KeyGhost Ltd.

Google Scholar

[23]

Peter Kleissner. 2009. Stoned Bootkit. Black Hat.

Google Scholar

[24]

Markus G. Kuhn. 2002. Optical time-domain eavesdropping risks of CRT displays. Technical Report. University of Cambridge, Computer Laboratory, Berkeley, California. In Proceedings of the 2002 IEEE Symposium on Security and Privacy (SSP’02).

Digital Library

Google Scholar

[25]

Nitin Kumar and Vipin Kumar. 2009. VBootKit 2.0 - Attacking Windows 7 via Boot Sectors. In Proceedings of the Hack In The Box Conference (HITBSecConf).

Google Scholar

[26]

Xiang Li, Yan Wen, Minhuan Huang, and Qiang Liu. 2011. An overview of bootkit attacking approaches. In Proceedings of the 7th International Conference on Mobile Ad-hoc and Sensor Networks (MSN’11). IEEE Computer Society, 428--431.

Digital Library

Google Scholar

[27]

K. Loukas. 2012. DE MYSTERIIS DOM JOBSIVS -- Mac EFI Rootkits. Technical Report. In Proceedings of the Black Hat Conference.

Google Scholar

[28]

Fabian Mihailowitsch. 2010. Detecting hardware keyloggers. In Proceeding of the HITB SecConf.

Google Scholar

[29]

Tilo Müller, Felix Freiling, and Adreas Dewald. 2011. TRESOR runs encryption securely outside RAM. In Proceedings of the 20th USENIX Security Symposium. USENIX Association.

Digital Library

Google Scholar

[30]

Tilo Müller, Tobias Latzo, and Felix Freiling. 2012a. Hardware-Based full disk encryption (in)security survey. Technical Report. Friedrich-Alexander University of Erlangen-Nuremberg.

Google Scholar

[31]

Tilo Müller, Hans Spath, Richard Mäckl, and Felix Freiling. 2013. STARK tamperproof authentication to resist keylogging. In (FC13) Financial Cryptography and Data Security. International Financial Cryptography Association.

Google Scholar

[32]

Tilo Müller, Benjamin Taubmann, and Felix Freiling. 2012b. TreVisor: OS-independent software-based full disk encryption secure against main memory attacks. In Proceedings of the 10th International Conference on Applied Cryptography and Network Security (ACNS’12).

Digital Library

Google Scholar

[33]

Peter Panholzer. 2008. Physical Security Attacks on Windows Vista. Technical Report. SEC Consult Vulnerability Lab, Vienna.

Google Scholar

[34]

Ponemon. 2011. 2010 Annual Study: U.S. Cost of a Data Breach. Symantec. Ponemon Institute, LLC.

Google Scholar

[35]

Joanna Rutkowska. 2009. Evil Maid goes after TrueCrypt. The Invisible Things Lab.

Google Scholar

[36]

Joanna Rutkowska. 2011. Anti Evil Maid. The Invisible Things Lab.

Google Scholar

[37]

Joanna Rutkowska, Alexander Tereshkin, and Rafal Wojtczuk. 2009. Thoughts about trusted computing. In Proceedings of the EUSecWest’09. The Invisible Things Lab.

Google Scholar

[38]

Anibal L. Sacco and Alfredo A. Ortega. 2009. Persistent BIOS infection: The early bird catches the worm. In Proceedings of the Annual CanSecWest Applied Security Conference.

Google Scholar

[39]

SECUDE. 2012. U.S. Full Disk Encryption 2011 Survey.Research SECUDE AG.

Google Scholar

[40]

Takahiro Shinagawa, Hideki Eiraku, Kazumasa Omote, Shoichi Hasegawa, Manabu Hirano, Kenichi Kourai, Yoshihiro Oyama, Eiji Kawai, Kenji Kono, Shigeru Chiba, Yasushi Shinjo, and Kazuhiko Kato. 2009. In Proceedings of the International Conference on Virtual Execution Environments.

Google Scholar

[41]

Software Freedom Law Center. 2012. Microsoft Confirms UEFI Fears, Locks Down ARM Devices. Technical Report.

Google Scholar

[42]

Tim Thornburgh. 2004. Social Engineering: The Dark Art. In Proceedings of the 1st Annual Conference on Information Security Curriculum Development (InfoSecCD’04).

Digital Library

Google Scholar

[43]

TrueCrypt. 2012. TrueCrypt: Free open-source on-the-fly disk encryption software for Windows 7/Vista/XP, Mac OS X and Linux. TrueCrypt Foundation. http://www.truecrypt.org/.

Google Scholar

[44]

Meltem Turan, Elaine Barker, William Burr, and Lily Chen. 2010. Special Publication 800-132: Recommendation for password-based key derivation. Technical Report. Computer Security Division, Information Technology Laboratory. NIST.

Digital Library

Google Scholar

[45]

Sven Türpe, Andreas Poller, Jan Steffan, Jan-Peter Stotz, and Jan Trukenmüller. 2009. Attacking the BitLocker Boot Process. In Proceedings of the Trusted Computing Second International Conference (TRUST), Liqun Chen, Chris J. Mitchell, and Andrew Martin (Eds.), 5471, Fraunhofer Institute for Secure Information Technology (SIT), Springer, Oxford, 183--196.

Digital Library

Google Scholar

[46]

Johannes Winter and Kurt Dietrich. 2013. A hijacker’s guide to communication interfaces of the trusted platform module. Comput. Math. Appl. 65, 5, 748--761.

Digital Library

Google Scholar

Cited By

View all

Maene PGotzfried JMuller Tde Clercq RFreiling FVerbauwhede I(2019)Atlas: Application Confidentiality in Compromised Embedded SystemsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2018.285825716:3(415-423)Online publication date: 1-May-2019
https://doi.org/10.1109/TDSC.2018.2858257
Richter LGötzfried JMüller T(2016)Isolating Operating System Components with Intel SGXProceedings of the 1st Workshop on System Software for Trusted Execution10.1145/3007788.3007796(1-6)Online publication date: 12-Dec-2016
https://dl.acm.org/doi/10.1145/3007788.3007796
Zhao LMannan MWeippl EKatzenbeisser SKruegel CMyers AHalevi S(2016)HypnoguardProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security10.1145/2976749.2978372(945-957)Online publication date: 24-Oct-2016
https://dl.acm.org/doi/10.1145/2976749.2978372
Show More Cited By

Index Terms

Mutual Authentication and Trust Bootstrapping towards Secure Disk Encryption

Recommendations

A Secure YS-Like User Authentication Scheme

Recently, there are several articles proposed based on Yang and Shieh's password authentication schemes (YS for short) with the following features: (1) A user can choose password freely. (2) The server does not need to maintain a password table. (3) ...
Cryptanalysis of nonce-based mutual authentication scheme using smart cards
ICHIT'11: Proceedings of the 5th international conference on Convergence and hybrid information technology

Recently, many user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication process. In 2008, Liu et al. proposed a new mutual authentication scheme using smart cards which is based on nonce ...
An efficient provably-secure identity-based authentication scheme using bilinear pairings for Ad hoc network

Designing an efficient and secure authentication scheme to ensure secure communication between parties in an ad hoc network remains challenging. Recently in 2017, Shaghayegh and Mehdi proposed an identity-based authentication scheme using bilinear ...

Reviews

Reviewer: Amos O Olagunju

The data on storage devices for laptops and mobile devices need protection from theft and misplacement, and require reliable security schemes. How can users securely access encrypted data on storage devices__?__ The authors offer a tamper-proof bootstrapping security protocol for authentication before signing in with passwords. The secure mutual authentication protocol requires a user to have a universal serial bus (USB) drive and a password to gain access to an encrypted hard disk. The security protocol uses the trusted platform module to seal and store numbers that are applied once on an external USB drive and to safely indicate the veracity state of the computer to the user. The USB drive also houses a sealed token that binds it to the decryption process for the disk. The hypervisor-based implementation of the security protocol can interrupt the rights of entry to a hard disk, and its encryption operations are transparent to the operating system. The system provides tools for recovering from exposure to dangers. The authors skillfully evaluate the safety of the security protocol as an attacker tries to break the authentication scheme between the user, the computer, and the device. The protocol is indeed secure from an attack as long as the user can be securely authenticated to the computer without any interruption; the computer can unfailingly allow the user to enter a password, seal and unseal information, and use unpredictable nonces; and the device maintains privacy and accurately processes nonces. Although the security scheme is vulnerable to hardware attacks such as keylogging and bus sniffing, the authors present a reliable bootstrapping protocol that averts replay attacks, denies code injection on the disk, repels cold boots, and deals with plausible deniability. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Information & Contributors

Information

Published In

ACM Transactions on Information and System Security Volume 17, Issue 2

November 2014

112 pages

ISSN:1094-9224

EISSN:1557-7406

DOI:10.1145/2689660

Editor:
Gene Tsudik
University of California at Irvine, USA

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 November 2014

Accepted: 01 August 2014

Revised: 01 July 2014

Received: 01 November 2013

Published in TISSEC Volume 17, Issue 2

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Deutsche Forschungsgemeinschaft

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
636
Total Downloads

Downloads (Last 12 months)12
Downloads (Last 6 weeks)1

Reflects downloads up to 12 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Maene PGotzfried JMuller Tde Clercq RFreiling FVerbauwhede I(2019)Atlas: Application Confidentiality in Compromised Embedded SystemsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2018.285825716:3(415-423)Online publication date: 1-May-2019
https://doi.org/10.1109/TDSC.2018.2858257
Richter LGötzfried JMüller T(2016)Isolating Operating System Components with Intel SGXProceedings of the 1st Workshop on System Software for Trusted Execution10.1145/3007788.3007796(1-6)Online publication date: 12-Dec-2016
https://dl.acm.org/doi/10.1145/3007788.3007796
Zhao LMannan MWeippl EKatzenbeisser SKruegel CMyers AHalevi S(2016)HypnoguardProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security10.1145/2976749.2978372(945-957)Online publication date: 24-Oct-2016
https://dl.acm.org/doi/10.1145/2976749.2978372
Götzfried JMüller TDrescher GNürnberger SBackes MChen XWang XHuang X(2016)RamCryptProceedings of the 11th ACM on Asia Conference on Computer and Communications Security10.1145/2897845.2897924(919-924)Online publication date: 30-May-2016
https://dl.acm.org/doi/10.1145/2897845.2897924
Zhao LMannan M(2016)Deceptive Deletion Triggers Under CoercionIEEE Transactions on Information Forensics and Security10.1109/TIFS.2016.259852311:12(2763-2776)Online publication date: 1-Dec-2016
https://dl.acm.org/doi/10.1109/TIFS.2016.2598523

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

A Secure YS-Like User Authentication Scheme

Cryptanalysis of nonce-based mutual authentication scheme using smart cards

An efficient provably-secure identity-based authentication scheme using bilinear pairings for Ad hoc network

Reviews

Access critical reviews of Computing literature here