ppt2

advertisement
CS259: Security Analysis of Network Protocols
Winter 2008
Project Presentations 2
Day 2 – Feb. 21, 2008
HIPAA
Anthony Ho, Sharada Sundaram
with
Adam Barth, John Mitchell, Steve Nguyen, Nicole
Taheri
More HIPAA Background
• Covered entity
• Protected Health Information
• Administrative Simplification provisions
• 164.502 Uses and disclosure of Protected
Health Information. (This talks about rules
of PHI disclosure depending on the type of
data, its uses, the end user, the covered
entity, the person whose data it is, etc.)
164.502
• Standard Disclosure
• Minimum Necessary
• De-Identified Information Disclosure
• Disclosure to Business Associates
• Personal representatives
• Whistle blowers
Prolog
• Facts
• Rules
• Queries
• Prolog is declarative.
• Given a set of facts and rules, deduce if
queries hold.
Plan
• Translate 164.502 portion of HIPAA that
regulates the distribution of protected
health information into a set of Prolog
rules
• Model the Hospital's environment and
different Agents. (Ex Scrubs)
• Write queries to test properties of model
Business
Associates
Relatives
Parents
Minors
Patient
Public Release
Covered Entity
Covered Entity
Example
HIPAA LAW:
164.502.a.1 (ii) For treatment, payment, or health care
operations, as permitted by and in compliance with §164.506;
PROLOG TRANSLATION:
permitted_by_164_502_a_1_ii(A):satisfy_164_502_a_1_ii(A),
permitted_by_164_506(A).
satisfy_164_502_a_1_ii(A):has_purpose(A, healthcare);
has_purpose(A, payment);
has_purpose(A, treatment).
Properties
• Develop a set of queries that will individually
test each clause of the law implemented.
• Verify that no unauthorized person gains
access to the Medical records of any
patient.
• Test the answers produced for existing
HIPAA lawsuits.
• Rational Reconstruction
Challenges
•
•
•
•
•
Difficult for engineers to interpret law
What do we model?
How much detail should we model?
Is it complete?
Is there a strategy for a patient to get his
questions answered?
• Is one translation better than other?
Analysis of Remote Attestation
Lavina Jain
Jayesh Vyas
Remote Attestation (Recap)
Client/Attestator
OS
BIOS
Extend PCR
with BIOS image
CRTM
Reset PCR
Measurement
list (ML)
Server/
Challenger
Remote
Attestation
Validate
Auth
Hardware
Extend PCR
with OS image
Hardware
Pre - boot
Integrity of kernel,
applications,
libraries, files
Kernel
Post - boot
Dynamic/Run-time
measurements Application
TPM
(AIK)EK
PCR
Keys
Trusted
Third Party
AIK
Credential
Integrity Management Architecture (IMA)
Insmod
Measurement
list
Loader
/bin/sh, /bin/perl
Kernel Hooks
(Measurement
Agents)
Kernel
Boot Up
BIOS
TPM
PCR
CRTM
Hardware
Remote Attestation Protocol
Client/Attestator
1. 160-bit Nonce, N
TPM
PCR
Keys
Challenger
SigAIK (PCR, N)
3. Quote Response
N
2. Quote Request
Attestation
service
4. Integrity Response
{ SigAIK (PCR, N), ML,
AIKpub, AIKcert }
5. Integrity
Validation
Ver (SigAIK (PCR, N),
AIKpub) = true/false
- Validate AIKpub and AIKcert
- Verify Signature
- Verify freshness of Nonce
- Match HASH(ML) against PCR
- Validate measurement list, ML
Assumption: A secure session is set up between the client and the server.
Threat Model and Security Properties
1. Replay Attack:
A malicious attesting system can replay old values of measurements and PCR
Quote that correspond to a valid platform (before the system was corrupted).
Protection – Fresh Nonce.
2. Masquerading:
An attacker can send measurement list and PCR Quote of another valid system.
Protection – Nonce and signature.
Can an attacker learn any nonce and corresponding signature pair?
3. Tampering:
An attacker may tamper with measurement list: modify, truncate.
Protection: SIG (PCR)
4. Malicious measurement agent: may report and extend incorrect integrity values.
Protection: Measure and validate integrity of measurement agent.
5. A malicious application may be loaded on the client after the remote attestation
protocol completes.
6. The order in which the following 3 operations are performed of may have an
effect on integrity.
- reporting hash value to PCR.
- storing it in kernel measurement list.
- executing the process which is being measured.
7. Hardware attacks: Reset PCR, and store new value corresponding to modified
measurement list.
8. Analysis of protocol:
Significance of Nonce, keys (EK, AIK), and certificates.
9. Tool to analyze the protocol: Murphi
Analysis of Direct Anonymous
Attestation (DAA)
Sudip Regmi
Ilya Pirkin
Trusted computing
• Developed by TCG
– Applications
• Secure Input and Output
• Sealed Storage
• Remote Attestation
– Main Component
• Trusted Platform Module
Trusted Platform Module (TPM)
• A microcontroller that stores keys,
passwords and digital certificates.
• Typically is affixed to the motherboard of a
PC
• These secrets inside the TPM are secure
from external software attacks/physical
theft.
Remote Attestation
• Remote Attestation allows the system
containing the TPM to prove a particular
set of software and configurations to an
interested verifier.
• Problem: If the TPM is widely used then
there are concerns for Privacy and
Availability.
• DAA tries to solve those issues
Direct Anonymous Attestation
• Direct – Doesn’t require highly available
Privacy CA
• Anonymous - Based on the CamenischLysyanskaya Group Signature Schema
without anonymity revocation
• Attestation - Interactive protocol between
the verifier and the host containing the
TPM
Players
• Issuer – authenticates TPM and generates DAA
Credential (zero-knowledge proof of TPM secret)
• TPM – stores the secret and DAA Credential signed by
Issuer, together with Host generated DAA signatures
• Host – generate DAA signatures for Verifier
• Verifier – authenticates Host as containing some
authentic TPM authenticated and authorized by Issuer;
requests DAA signature
• PKI – not part of DAA protocol but assumed
Primitives
•
•
•
•
•
•
Conventional RSA encryption
PseudonymBase
Pseudonym(f, bsn)
Blind(f, nonce)
DAA-Credential (f)
DAA-Signature (m, DAA-Credential, bsn)
Join protocol
• Init: TPM generates secret f
• Outcome: If Issuer authorizes TPM, the latter obtains
a non-interactive proof of the Issuer’s authorization
(“DAA Credential”).
• Notes:
– Channel is one-way authenticated channel but not
encrypted!
– TPM is not anonymous and uses its Endorsement Key to
authenticate itself
Join protocol
Issuer
bsnI
Host
DAA Public Key PKI
TPM
f
DAA Public Key PKI
PseudonymBase(bsnI)
Choose:
nonce v1
PseudonymBase(bsnI)
U=Blind(f, v1), SPK(U)
Choose:
RSA e ,
nonce v2
e,A={blind(v2)}e, SPK(A)
v2
Secret part of
DAA Credent
v = v1+v2
Sign and Verify
• Init: TPM has a DAA-Credential
• Outcome: Verifier has Anonymous Signature
on m generated by TPM
• Notes
– TPM is anonymous and may use pseudonyms
– Verifier decides whether or not to reuse
pseudonyms
Sign and Verify Diagram
Verifier
bsnV
TPM
(f, v)
Host
(A, e)
Request, bsnV,[m]
m, NV=Pseudonym(f, bsnV)
DAA Signature (m, NV)
PseudonymBase(bsnV)
Tool
• Murphi
– Known attacks appear to be good candidates for
Murphi
– Looking for similar attacks
• Approach
– Model security primitives in messages by sending
components they are generated from
– Trust security primitives but look for unexpected use
or parameter combinations
Adversary’s Capabilities
• Can intercept messages between any two
players
• Can replay encrypted messages (or parts)
even if it cannot decrypt them
• Can create security primitives from known
data and insert them into messages
Security properties
1.
2.
3.
4.
Correctness
Anonymity
Unlinkability
Secrecy
Correctness
• Informally - An honest TPM is able to
authenticate and attest.
• Formally - If a verifier completes the protocol for
message m:
– m was signed by an honest TPM using a DAACredential(f) and verifier’s basename;
– DAA-Credential(f) was issued by an honest Issuer for
the TPM and its f before signing message m.
– TPM is not on the rogue list (blacklist)
Informally
– Anonymity - A user transaction of an
honest platform is anonymous, i.e., it
cannot be linked with its Endorsement
Key(EK).
– Unlinkability - User transactions of an
honest platform with different Verifiers are
not linkable.
Unlinkability - formalized
• No data should appear in sign/verify protocol transcript
so that it is a value of a deterministic 1-1 function M (f,
AKV), which adversary can calculate, and which only
depend on:
– f – TPM secret
– AKV – already known [by adversary] values (nonces, public keys
etc)
• We will have to come up with good candidates for M and
program them manually
Anonymity - formalized
• No data D1 should appear in sign/verify protocol transcript
which depends only on TPM secret f and values known to
adversary (such as nonces)
• No data D2 should appear in Join protocol transcript which
depends only on TPM ID and values known to adversary
• So that there are two deterministic 1-1 functions M1 and M2:
M1(D1)=M2(D2) that Adversary can calculate
• We will have to come up with good candidates for M1 and M2
and code each of them manually
Secrecy
• Given attacker’s capabilities, TPM secret f
cannot be computed.
• Implied unforgeability (TPM has to be
physically broken to extract f)
• A corrupt TPM’s secrets are in the rogue’s
list
Attacks
• Carsten Rudolph DAA Attack on Anonymity
– Use PK’ to tag a particular TPM
• Corrupt Administrators (Smyth, Ryan, Chen) attack on
Anonymity
– Same entity behaves as Issuer and Verifier, ie. Bsni = bsnv.
• Issues with Verifier’s Basenames
– Adversary matches bsnv with a Verifier to find all TPMs it
has attested.
• Issues with Rogue Tagging Feature in Join
– Protocol checks for secret f against a Rogue List
• List is not verified (in the sign/verify protocol, it is)
• Corrupt TPM can generate new secret, f.
Pynchon Network Analysis
Fred Wulff
PynGP 1.0
Nym Server
Collator
1
2
3
Client
4
5
PynGP 2.0
Nym Server
Collator
1
2
3
Client
4
Validator
Attacks (Part 1)
• Suppose we can figure out a way to
remove the crypto on the messages in the
database. Can we remove information
theoretic security? (i.e. can we get P(client
= id_1) != P(client = id_2)?)
• Thoughts and extensions
Attacks (Part 2)
• Original Denial of Service Attack
“Byzantine Postman”
• Provides detection but not solution
• Start with different sets of colluders
• Find out P(colluder being caught)
• Find out estimated time for
communicartion
Attacks (Part 3)
• Short/Long Messages
• Does this mean compromising crypto
compromises information theoretic
security? How quickly?
Other Interesting Properties
• Given various starting parameters in
PynGP 2.0, what’s the expected value
for bandwidth used by the validator?
• What’s the maximum amount that a
server can delay under the various
protocols? What if we just pick a
random subset of servers?
If I Have Way Too Much Time
On My Hands
• Horribly complex PynGP 1.5
• Depends on Shamir Secret Sharing,
Paillier Crypto, multiple recovery methods.
• Check the same properties as 2.0. See if it
does any better (vs. O(k) blow up).
• Check properties for what can break.
Tools
• PRISM
• APMC? (Approximate Probabilistic Model
Checker) - continuous time, clusters, other
interesting thing
802.16g-2007 (WiMAX)
(Management Plane Procedures and Services)
Does one compromised base station
compromise security for the whole
network?
• Matt Bravo
• mbravo@stanford.edu
WiMAX
•
•
•
•
Wireless broadband
IEEE 802.16 aka WirelessMAN
aka WirelessHUMAN
Both fixed (like wifi) and mobile
(like a cell phone) network
specification
I focus on the Network Control
and Management System
(NCMS)
Handoff
•
•
•
Occurs when a mobile station (MS) is
moving out of a base stations (BS)
coverage
For QoS, this should be seemless
Target BS must receive the crypto
information and authorization
information from the serving BS
Handoffs come from
everywhere!
•
•
•
•
MS initiated Handoff
NCMS initiated Handoff
BS initiated Handoff
“Fast Base Station Switching”
Now lets suppose...
•
•
•
•
We compromise a single base station
Can we gain the crypto info of any MS
on the network?
Can we eavesdrop on the connection?
Can we disconnect the MS
Hypothesis
•
•
•
Can grab crypto for any MS on the
network (provided have the MAC)
How to get a MAC address, is there a
procedure for that?
Should be some simply rules that an
implementation can add to guard
against this attack
Tools
•
•
•
Implement in Murphi the procedures
and the network
Read the spec, implement procedures
as needed
Add additional fixes or rules to Murphi
to fix holes that are found
Questions
•
•
•
•
Please say questions and comments,
I’ll hear them when I watch the lecture
email me mbravo@stanford.edu
call me 650-862-8756
no letters please :)
Download