Hardware Solutions to Highly-Adversarial Environments
Fleeting- External reference: https://www.cryptologie.net/article/499/hardware-solutions-to-highly-adversarial-environments-part-1-whitebox-crypto-vs-smart-cards-vs-secure-elements-vs-host-card-emulation-hce/
- External reference: https://www.cryptologie.net/article/500/hardware-solutions-to-highly-adversarial-environments-part-2-hsm-vs-tpm-vs-secure-enclave/
- External reference: https://www.cryptologie.net/article/501/hardware-solutions-to-highly-adversarial-environments-part-3-trusted-execution-environment-tee-sgx-trustzone-and-hardware-security-tokens/
Keep in mind that none of these solutions are pure cryptographic solutions: they are all defense-in-depth (and sometimes dubious) solutions that serve to hide secrets and their associated sensitive cryptographic operations. They also all have a given cost, meaning that if a sophisticated attacker decides to break the bank, there’s not much we can do (besides raising the cost of an attack).
act of scrambling something so that it still work but is hard to understand.
whitebox cryptography which attempts to “cryptographically” obfuscate the key inside of an algorithm.
no published whitebox crypto algorithm has been found to be secure
branch of cryptography called Indistinguishability obfuscation (iO) that attempts to do this cryptographically
very theoretical, impractical, and so far not-really-proven field of research
secure element was born: a tamper-resistant microcontroller that can be found in a pluggable form
SEs are an evolution of the traditional chip that resides in smart cards, which have been adapted to suit the needs of an increasingly digitalized world
The main definition and standards around a secure element come from GlobalPlatform, but there exist more standards like Common Criteria (CC), NIST’s FIPS, EMV (for Europay, Mastercard, and Visa), and so on
This concept of replacing sensitive long-term information with short-lived tokens is called tokenization
Tokenization is a common concept in security: replace the sensitive data with some random stuff, and have a table secured somewhere safe that maps the random stuff to the real data.
hardware that supports cryptographic operations! These are all secure elements in concep
hardware secure module (HSM) is pretty much a bigger secure element
HSM is a solution for a more portable, more efficient, more multi-purpose secure element. Like some secure elements, some HSMs can run arbitrary code as well.
HSMs don’t really have a standard, but most of them will at least implement the Public-Key Cryptography Standard 11 (PKCS#11)
while you might prevent most attackers from reaching your secret keys, you can’t prevent attackers from compromising the system and making their own calls to the secure hardware module (be it a secure element or an HSM)
Trusted Platform Module (TPM) is first and foremost a standard (unlike HSMs) developed in the open by the non-profit Trusted Computing Group (TCG).
TPM complying with the TPM 2.0 standard is a secure microcontroller that carries a hardware random number generator also called true random number generator (TRNG), secure memory for storing secrets, cryptographic operations, and the whole thing is tamper resistant
common to see TPMs implemented as repackaging of secure elements.)
usually find a TPM directly soldered to the motherboard of many enterprise servers, laptops, and desktop computers
not everyone use TPMs. Apple has the secure enclave, Microsoft has Pluton, Google has Titan.
HSMs. They are external, bigger and faster secure elements
They do not follow any standard interface, but usually implement the PKCS#11 standard for cryptographic operations.
TPM is usually a secure chip directly linked to the motherboard and perhaps implemented using a secure element
Trusted Execution Environment (TEE) is a concept that extends the instruction set of a processor to allow for programs to run in a separate secure environment.
TEE being implemented directly on the main processor, not only does it mean a TEE is a faster and cheaper product than a TPM or secure element, it also comes for free in a lot of modern CPUs.
most known TEEs are Intel’s Software Guard Extensions (SGX) and ARM’s TrustZone. But there are many more like AMD PSP, RISC-V MultiZone and IBM Secure Service Container.
hard to segregate execution while on the same chip as can attest the many software attacks against SGX:
- 2017 - Software Grand Exposure
- 2018 - Foreshadow
- 2018 - SGXSpectre
- 2019 - RIDL
- 2019 - Plundervolt and V0LTpwn
- 2020 - LVI
TEE as a concept provides no resistance against hardware attacks besides the fact that things at this microscopic level are way too tiny and tightly packaged together to analyze without expensive equipment.
by default a TEE does not mean you’ll have a secure internal storage (you need to have a fused key that can’t be read to encrypt what you want to store), or a hardware random number generator, and other wished hardware features
The word “token” in hardware security token comes from the fact that using it produces a “token” per-authentication request instead of sending the same credentials over and over again
techniques that exist to deal with physical attacks:
- Smart cards are microcomputers that needs to be turned on by an external device like a payment terminal. They can run arbitrary java applications. Bank cards are smart cards for example.
- Secure elements are a generalization of smart cards, which rely on a set of Global Platform standards. SIM Cards are secure elements for example.
- TPMs are re-packaged secure elements plugged on personal and enterprise computers’ motherboards. They follow a standardized API (by the Trusted Computing Group) that are used in a multitude of ways from measured/secure boot with FDE to remote attestation.
- HSMs can be seen as external and big secure elements for servers. They’re faster and more flexible. Seen mostly in data centers to store keys.
- TEEs like TrustZone and SGX can be thought of secure elements implemented within the CPU. They are faster and cheaper but mostly provide resistance against software attacks unless augmented to be tamper-resistant. Most modern CPUs ship with TEEs and various level of defense against hardware attacks.
- Hardware Security Tokens are dongles like yubikeys that often repackage secure elements to provide a 2nd factor by implementing some authentication protocol (usually TOTP or FIDO2)
Keep in mind that no hardware solution is the panacea, you’re only increasing the attack’s cost
Against a sophisticated attacker all of that is pretty much useless.
design your system so that one device compromised doesn’t imply all devices are compromised