Integrating secure hardware into modern security systems: Authentication, secure storage, and secure bootstrap.

Abstract

Modern computer systems have critical security problems because of two wrong assumptions security system developers make: that computers are trustworthy, and that users choose good passwords. First, personal computers and workstations are physically insecure: their hard disks can be taken out, and memories can be probed. Second, the software is not trustworthy because bugs introduce vulnerabilities, some of which lead to system administrative account (root) compromise. As software is growing so rapidly, it is very difficult to debug it completely. Third, network services require user authentication, and almost all systems rely on user chosen passwords for authentication. As the number of the applications and web sites that require passwords explodes, it is impossible for users to maintain a good, different password on every site. As a result, the authentication systems are vulnerable to password guessing attack. Secure hardware, e.g., smartcards and secure coprocessors, can solve these problems. First, it provides a physically secure storage and computational device. Second, it is a more security oriented, smaller and simpler device than workstations, making it more likely to be bug-free. Third, it can store a randomly generated key to replace a password. However, this has not happened yet; secure hardware is not used widely today because secure hardware based security systems tend to introduce new user interfaces and expensive migration cost. I solve these problems by taking an experimental approach, namely, integrating secure hardware into existing security infrastructures: authentication, secure storage, and secure bootstrap process. The integration improves the security of the current systems, while maintaining the same user interfaces. To prove this method possible and cost effective, I implement the following systems: (1) Kerberos client/smartcard integration; (2) Kerberos server/secure coprocessor integration; (3) Remote extension of Kerberos smartcard; (4) Smartcard Filesystem; (5) Smartcard Secured Cryptographic File System; (6) Smartcard Based Personal Secure Booting. These projects successfully improve the security of the existing systems. Performance overhead introduced by secure hardware integration is not significant in some project, but it is in the others. The performance issue is discussed in detail.