Notes on Distributed Trustworthy Systems · • Solution share the key/secret among multiple parties §A threshold secret sharing scheme is a method of sharing a secret S among a

Department of Electrical & Computer Engineering

EC 500Hardware Security

Prof. Michel A. Kinsy

Notes on Distributed Trustworthy Systems


Distributed Systems§ The term distributed computing in this context

means that the computing is performed on a spatially distributed system • Spread out across space

§ A distributed computing system consists of multiple computer/processing nodes that communicate through a network or an interconnect network• Each node computes on a portion of an overall task

§ Computer clusters § Datacenters § Internet of Things (IoTs)§ Systems on a chip (SoCs)§ Even multicore or many-core systems

• There is a difference between parallel and distributed computing systems


Distributed Systems§ Distributed systems have certain inherent

performance and scalability design criteria• They have distributed hardware and/or distributed

control and/or distributed data • Batching of data

§ To avoid network access or data transfer on every operation • Cache data

§ To minimize repeating the same data transfer• Decentralized entities and algorithms

§ To avoid network saturation• Client-server workload balancing

§ To minimize the network traffic between clients and servers§ But all of these design decisions have profound

security implications


Distributed Systems§ In these systems, there is a number of security

challenges • Hardware and software heterogeneity

§ Data sharing and device sharing§ Access control, task migration or relocation, data replication,

concurrency, etc.

§ Building trustworthy distributed systems is not easy• What should be the trust anchor(s)?• How to securely distribute, boot, and collect partial

compute tasks?§ Denial of service attacks § Man in the middle attacks § …


Distributed Systems§ Building trustworthy distributed systems is not

easy• What should be the trust anchor(s)?• How to securely distribute, boot, and collect partial

compute tasks?§ Denial of service attacks § Man in the middle attacks § …

• How to make sure that device participants have immutable identities?§ Device hijacking § Impersonation


Distributed Systems§ Building trustworthy distributed systems is not easy

• How to make sure that device participants have immutable identities?§ Device hijacking § Impersonation

• What is the appropriate image or instance signing scheme for a given scenario? § Replay attacks § Runtime integrity and access checking § Data or compute poisoning

• Secure data storage§ Secret or data theft


Distributed Trustworthy Systems§ Security Mechanisms

• Encryption § To implement confidentiality and integrity

• Authentication§ To verify participant identities

• Authorization§ To validate allowable system operations

• Auditing § To check, associate and time-stamp actions with subjects

• Trusted Computing Base (TCB) is the set of services/mechanisms within a distributed system required to support a security policy


Authentication Availability Integrity Confidentiality

Trustworthy Systems

Distributed Trustworthy Systems Standalone Trustworthy Systems

Communication related concerns are minimal

Resilience

Reliability Security Privacy

Isolation Dissociation Obfuscation


Distributed Trustworthy Systems§ Trusted Computing Base (TCB)• Every distributed trustworthy system must have

some TCB• Hardware and software necessary for enforcing all

security rules§ Ideally • Rooted in hardware and small• Should be isolated from the rest of the computing

components • Its correctness and runtime state should be easily

and independently verifiable


Distributed Trustworthy Systems§ Trusted Computing Base (TCB)

• On the server side • Or distributed among clients

State

Interfaces

ProtectionBoundaryClient

Server

Security Policies and Mechanisms


Key-Based Security§ Symmetric schemes require both parties to share a

common secret key• The challenge is how to securely distribute the key• Frequent key changes can also be a challenge

§ Let us say we have two participants Alice and Bob who need to digitally share a key/secret

Alice BobMessage/Secret/KeyChannel


Key-Based Security§ If Alice and Bob have secure communications

with a trusted third party, they could use that to established a common key• But this just kicking the can down the road

Alice Bob

Trusted Third Party

Mes

sage

Message


Key-Based Security§ Merkle key distribution scheme

Alice BobM{KpuA, IDA}Channel

{KprA, KpuA, IDA}

Alice BobM{E(KpuA, Ks)}

{Ks}

D(M{E(KpuA, Ks)}, KprA}

Alice BobM{E(Ks, “Hello”)}

{Ks}{Ks}


Key-Based Security§ Recall Diffie-Hellman protocol § Diffie and Hellman formalized Merkle’s proposal

• Public informationp is a prime numberg is a generating element of Zp

• Alice’s § Private Key : a§ Public Key : ga mod p

• Bob’s § Private Key : b§ Public Key : gb mod p

§ Key Exchange• Alice obtains gb and computes

§ (gb)a = gab mod p = Ks

• Bob obtains ga and computes§ (ga)b = gab mod p = Ks

• Alice and Bob have agreed upon key Ks


Key-Based Security§ Merkle key distribution scheme • Vulnerable to an active man-in-the-middle attack

Alice BobM{KpuA, IDA}Channel

{KprA, KpuA, IDA}

Alice BobM{E(KpuA, Ks)}

{Ks}

D(M{E(KpuA, Ks)}, KprA}

Alice BobM{E(Ks, “Hello”)}

{Ks}{Ks}


Key-Based Security§ Public key based security • Recall the general public-private key encryption

scheme • How should the public key distribution work?

§ Decentralized key distribution • Public announcement

§ Centralized key distribution • Publicly available directory• How to secure the directory itself

§ Public-key authority§ Public-key certificates

• Each approach has some pros and cons




§ Public announcement• Owners can distribute public keys to recipients in one-to-one,

one-to-many or one to all fashions• There is a considerable communication overhead• Forgery and impersonation are problems

§ Publicly available directory§ Public-key authority§ Public-key certificates



Key-Based Security§ Public key based security

• Recall the general public-private key encryption scheme • How should the public key distribution work?

§ Public announcement§ Publicly available directory

• Create a directory for the public keys and have owners register them

§ The directory needs to be trusted § The scheme needs to allow for key replacements or

invalidations§ Owner should register key securely with the directory

• Forgery and impersonation are still problems § Public-key authority§ Public-key certificates





§ Public announcement§ Publicly available directory

• Public-key authority§ To implement security control over distribution of keys

from directory§ Central authority maintains a dynamic directory of public

keys of all parties§ The parties know the authority’s public key

• Public-key certificates



Public Key Authority


Trusted Third Party

{KprAu, KpuAu, KpuA , KpuB}

Alice

{KprA, KpuA , KpuAu}

Bob

{KprB, KpuB , KpuAu}

§ What is initially known by the parties




Trusted Third Party


Alice


Bob



M{E

(Kpu

Au, I

D A, R

eq(ID

B),

T 1)}

M{E

(Kpr Au

, Kpu

B, R

eq(ID

B),

T 1)}




Trusted Third Party


Alice


Bob



M{E

(Kpu

Au, I

D A, R

eq(ID

B),

T 1)}

M{E

(Kpr Au

, Kpu

B, R

eq(ID

B),

T 1)}

M{E(KpuB, IDA , N1)}




Trusted Third Party


Alice


Bob



M{E

(Kpu

Au, I

D A, R

eq(ID

B),

T 1)}

M{E

(Kpr Au

, Kpu

B, R

eq(ID

B),

T 1)}


M{E(Kpu

Au , IDB , Req(ID

A ), T2 )}

M{E(Kpr

Au , KpuA , Req(ID

A ), T2 )}




Trusted Third Party


Alice


Bob



M{E

(Kpu

Au, I

D A, R

eq(ID

B),

T 1)}

M{E

(Kpr Au

, Kpu

B, R

eq(ID

B),

T 1)}


M{E(Kpu

Au , IDB , Req(ID

A ), T2 )}

M{E(Kpr

Au , KpuA , Req(ID

A ), T2 )}

M{E(KpuA, N1, N2)}

M{E(KpB, N2)}


Public Key Certificates§ Certificates allow key exchange without real-time

access to public-key authority• A certificate binds the identity (ID) of the owner and its

public key § Period of validity§ Rights of use

• Signed by a trusted third party or public key certificate authority (CA)

§ AliceCertificate = fbinding_function(IDA, Expiration, KpuA, useA1, signature)

• Key: Can be verified by anyone who knows CA’s public key


Public Key Certificates§ Certificates allow key exchange without real-time

access to public-key authority• Alice needs Bob’s public key

§ Alice takes Bob’s certificate§ She apply certification authority (CA)’s public key to Bob’s

certificate to get Bob’s public key

§ Lower number of message exchanges • Compared to the public key authority protocol • But there are a number of issues with both

§ How certificate requests from users are processed § How users' identity is validated§ Algorithm used to generate and sign the user’s certificate

Efficient revocation of certificates


Key Hierarchy§ Public key encryption algorithms are slow

• Inefficient

§ Symmetric key encryption algorithms are many orders of magnitude faster than public key encryption algorithms

§ Typically there is a hierarchy of keys• Session key or temporary key used for encryption of data

between users for one logical session then discarded§ Symmetric key

• Master key used to negotiate session keys § Public key


Physical Unclonable Functions (PUF)

§ Hardware rooted certificate • Challenge-Response Pairs (CRPs)

§ Before PUF deployment

§ At authentication

Challenges

Responses

CRPsStorage

Challenge i

Response i

Response i

Matches Record?


Distributed Trustworthy Systems§ Trusted Computing Base (TCB) • As we see with all these protocols, the security is

anchored with a trusted party § But what if the trusted party becomes unavailable or

compromised


Trusted Third Party


Alice


Bob



Distributed Trustworthy Systems§ Make the trusted party distributed

• Solution share the key/secret among multiple parties § A threshold secret sharing scheme is a method of sharing a

secret S among a set of n participants such that any subset consisting of k participants can reconstruct the secret S

§ But no subsets smaller than k size reconstruct S

§ Shamir threshold secret sharing (SSS) scheme in 1979• It is based on Lagrange interpolation polynomial• Polynomial of degree k can be specified

§ By k+1 coefficients§ By k+1 distinct points


Threshold Secret Sharing Scheme§ Select

• p a large prime number and • S as the secret value• s1,…,sk-1 a set of randomly numbers from [0, p-1]

§ A (k, n) threshold polynomial can be written bys(x) ≡ S+s1x+s2x2+…+sk-1xk-1 (mod p)

§ Send (xi,s(xi)) to the i-th participant§ Secret sharing in distributed systems provides

• Fault-tolerant • Multi-factor authentication• Multi-party authorization


Threshold Secret Sharing Scheme§ Secret Reconstruction • To reconstruct the secret S, one needs to collect at

least k partial secrets• The secret can then be reconstructed using

Lagrange interpolation

§ The scheme can be extended to support share renewal and share recovery

pxxxx

xsxsk

j

k

jii ij

ij mod)()(

1 ,1å Õ= ¹= ú

úû

ù

êêë

é

--

º

Documents

Notes on Distributed Trustworthy Systems · • Solution share the key/secret among multiple parties §A threshold secret sharing scheme is a method of sharing a secret S among a