A Symbolic Model for Systematically Analyzing TEE-Based Protocols

Xu, Shiwei; Zhao, Yizhi; Wu, Lingjuan; Tong, Yan; Zhang, Huanguo

doi:10.1007/978-3-030-61078-4_8

Cited by 3 publications

(2 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The model is also used to verify Intel's description of the TDX design. Examples of platform-independent frameworks to reason about implementations of RA are TAP [21] and the framework of Xu et al [35]. Both frameworks are meant specifically for enclave platforms and both their abstractions are more low-level than those in our model.…”

Section: Related Workmentioning

confidence: 99%

$\pi_{\mathbf{RA}}$: A $\pi\text{-calculus}$ for Verifying Protocols that Use Remote Attestation

Lanckriet,

Busi,

Devriese

2023

2023 IEEE 36th Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

Remote attestation (RA) is a primitive that allows the authentication of software components on untrusted systems by relying on a root of trust. Network protocols can use the primitive to establish trust in remote software components they communicate with. As such, RA can be regarded as a firstclass security primitive like (a)symmetric encryption, message authentication, etc. However, current formal models of RA do not allow analysing protocols that use the primitive without tying them to specific platforms, low-level languages, memory protection models, or implementation details.In this paper, we propose and demonstrate a new model, called π RA , that supports RA at a high level of abstraction by treating it as a cryptographic primitive in a variant of the applied πcalculus. To demonstrate the use of π RA , we use it to formalise and analyse the security of MAGE, an SGX-based framework that allows mutual attestation of multiple enclaves. The protocol is formalised in the form of a compiler that implements actorbased communication primitives in a source language (π Actor ) in terms of remote attestation primitives in π RA . Our security analysis uncovers a caveat in the security of MAGE that was left unmentioned in the original paper.

show abstract

Section: Related Workmentioning

confidence: 99%

$\pi_{\mathbf{RA}}$: A $\pi\text{-calculus}$ for Verifying Protocols that Use Remote Attestation

Lanckriet,

Busi,

Devriese

2023

2023 IEEE 36th Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

show abstract

“…Guirant and Halpin [30] discussed the privacy issue involved with identifying a user in a different server when one authenticator is used in two web servers simultaneously. Xu [31] focused on the environment in which the UAF protocol is based, the Trusted Execution Environment (TEE), which is used, for example, in the TPM chip. Alaca and Oorschot [32] warned of possible threats in which authentication data is extracted from a disk or memory by malware on user devices.…”

Section: Related Workmentioning

confidence: 99%

Security Analysis and Bypass User Authentication Bound to Device of Windows Hello in the Wild

Kim

Choi

2021

Security and Communication Networks

View full text Add to dashboard Cite

Windows Hello is a Fast IDentity Online- (FIDO-) based new login system for Windows 10, which provides a single sign-on (SSO) service to diverse online applications. Hardware protection is essential for Window Hello’s security. This paper aims to examine the security of Windows Hello on a device where hardware protection is unavailable. We present the first detailed analysis of Windows Hello’s security. The results show that, on a hardware-unsupported device, the authentication data for Windows Hello is not properly protected. We propose a migration attack to compromise Windows Hello’s security. In the proposed attack, an attacker extracts authentication data from a device to impersonate a victim in his or her Microsoft online account. We consider the possibility of such an attack to be serious and harmful to our society and demand immediate attention for remediation.

show abstract