skip to main content
10.1145/2046707.2046712acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

Unicorn: two-factor attestation for data security

Published: 17 October 2011 Publication History

Abstract

Malware and phishing are two major threats for users seeking to perform security-sensitive tasks using computers today. To mitigate these threats, we introduce Unicorn, which combines the phishing protection of standard security tokens and malware protection of trusted computing hardware. The Unicorn security token holds user authentication credentials, but only releases them if it can verify an attestation that the user's computer is free of malware. In this way, the user is released from having to remember passwords, as well as having to decide when it is safe to use them. The user's computer is further verified by either a TPM or a remote server to produce a two-factor attestation scheme. We have implemented a Unicorn prototype using commodity software and hardware, and two Unicorn example applications (termed as uApps, short for Unicorn Applications), to secure access to both remote data services and encrypted local data. Each uApp consists of a small, hardened and immutable OS image, and a single application. Our Unicorn prototype co-exists with a regular user OS, and significantly reduces the time to switch between the secure environment and general purpose environment using a novel mechanism that removes the BIOS from the switch time.

References

[1]
Anti-Phishing Working Group (APWG). Phishing activity trends report: 1st quarter 2010. BiBTeXhttp://www.antiphishing.org/reports/apwg_report_Q1_2010.pdf.
[2]
A. M. Azab, P. Ning, Z. Wang, X. Jiang, X. Zhang, and N. C. Skalsky. HyperSentry: enabling stealthy in-context measurement of hypervisor integrity. In ACM CCS'10, Chicago, IL, USA, Oct. 2010.
[3]
D. Balfanz and E. Felten. Hand-held computers can be better smart cards. In USENIX Security Symposium, Washington, DC, USA, Aug. 1999.
[4]
S. Bratus, N. D'Cunha, E. Sparks, and S. W. Smith. TOCTOU, traps, and trusted computing. In Trusted Computing--Challenges and Applications (TRUST'08), Villach, Austria, Mar. 2008.
[5]
K. Butler, S. McLaughlin, and P. McDaniel. Kells: A protection framework for portable data. In ACSAC'10, Austin, TX, USA, Dec. 2010.
[6]
eWeek.com. Zeus trojan mobile variant intercepts SMS passcodes from bank sites. News article (Feb. 22, 2011).
[7]
T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. Terra: A virtual machine-based platform for trusted computing. In SOSP'03, Bolton Landing, NY, USA, Oct. 2003.
[8]
S. Garriss, R. Cáceres, S. Berger, R. Sailer, L. van Doorn, and X. Zhang. Trustworthy and personalized computing on public kiosks. In Mobile Systems, Applications and Services (Mobisys'08), Breckenridge, CO, USA, June 2008.
[9]
K. Goldman, R. Perez, and R. Sailer. Linking remote attestation to secure tunnel endpoints. In Scalable Trusted Computing (STC'06), Fairfax, VA, USA, Nov. 2006.
[10]
D. Grawrock. The Intel Safer Computing Initiative: Building Blocks for Trusted Computing. Intel Press, 2006.
[11]
H-online.com. Hacker extracts crypto key from TPM chip. News article (Feb. 10, 2010).
[12]
Intel. Intel trusted execution technology (TXT) software development guide. Technical article (Dec. 2009). BiBTeXhttp://download.intel.com/technology/security/downloads/315168.pdf.
[13]
Intel. Trusted boot. Open-source project (version Oct. 5, 2010). BiBTeXhttp://sourceforge.net/projects/tboot/.
[14]
B. Kauer. OSLO: Improving the security of trusted computing. In USENIX Security Symposium, Boston, MA, USA, Aug. 2007.
[15]
G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. seL4: Formal verification of an OS kernel. In SOSP'09, Big Sky, MT, USA, Oct. 2009.
[16]
A. Libonati, J. M. McCune, and M. K. Reiter. Usability testing a malware-resistant input mechanism. In NDSS'11, San Diego, CA, USA, Feb. 2011.
[17]
P. Loscocco and S. Smalley. Integrating flexible support for security policies into the Linux operating system. In USENIX Annual Technical Conference, Boston, MA, USA, June 2001.
[18]
M. Mannan and P. van Oorschot. Leveraging personal devices for stronger password authentication from untrusted computers. Journal of Computer Security, 19(4):703--750, 2011.
[19]
J. M. McCune, Y. Li, N. Qu, Z. Zhou, A. Datta, V. Gligor, and A. Perrig. TrustVisor: Efficient TCB reduction and attestation. In IEEE Symposium on Security and Privacy, Oakland, CA, USA, May 2010.
[20]
J. M. McCune, B. Parno, A. Perrig, M. K. Reiter, and H. Isozaki. Flicker: An execution infrastructure for TCB minimization. In The European Conference on Computer Systems (EuroSys'08), Glasgow, Scotland, UK, Apr. 2008.
[21]
J. M. McCune, A. Perrig, and M. K. Reiter. Safe passage for passwords and other sensitive data. In NDSS'09, San Diego, CA, USA, Feb. 2009.
[22]
H. Nellitheertha. Reboot Linux faster using kexec. IBM technical library (May 4, 2004). BiBTeXhttp://www.ibm.com/developerworks/linux/library/l-kexec.html.
[23]
J. R. Okajima. Advanced multi layered unification filesystem. Open-source project (version 2.1). BiBTeXhttp://aufs.sourceforge.net/.
[24]
B. Parno, J. M. McCune, and A. Perrig. Bootstrapping trust in commodity computers. In IEEE Symposium on Security and Privacy, Oakland, CA, USA, May 2010.
[25]
R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and implementation of a TCG-based integrity measurement architecture. In USENIX Security Symposium, San Diego, CA, USA, Aug. 2004.
[26]
J. Samuel, N. Mathewson, J. Cappos, and R. Dingledine. Survivable key compromise in software update systems. In ACM CCS'10, Chicago, IL, USA, Oct. 2010.
[27]
A. Seshadri, M. Luk, N. Qu, and A. Perrig. SecVisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. In SOSP'07, Stevenson, WA, USA, Oct. 2007.
[28]
A. Shieh, D. Williams, E. G. Sirer, and F. B. Schneider. Nexus: A new operating system for trustworthy computing. In SOSP'05, Brighton, UK, Oct. 2005.
[29]
C. Soghoian and S. Stamm. Certified lies: Detecting and defeating government interception attacks against SSL. In Financial Cryptography and Data Security (FC'11), St. Lucia, 2011.
[30]
A squashed read-only file system for Linux. Open-source project (version 4.1, Sept. 19, 2010). BiBTeXhttp://squashfs.sourceforge.net/.
[31]
L. St. Clair, J. Schiffman, T. Jaeger, and P. McDaniel. Establishing and sustaining system integrity via root of trust installation. In ACSAC'07, Miami, FL, USA, Dec. 2007.
[32]
F. Stumpf, O. Tafreschi, P. Röder, and C. Eckert. A robust integrity reporting protocol for remote attestation. In Workshop on Advances in Trusted Computing (WATC'06), Tokyo, Japan, Nov. 2006.
[33]
Twisted Matrix Labs. Twisted: Event-driven networking engine. Open-source project. BiBTeXhttp://twistedmatrix.com/trac/wiki.
[34]
P. van Oorschot and G. Wurster. Reducing unauthorized modification of digital objects. IEEE Transactions on Software Engineering, 2011. To appear.
[35]
A. Vasudevan, B. Parno, N. Qu, V. D. Gligor, and A. Perrig. Lockdown: A safe and practical environment for security applications. Technical Report Carnegie Mellon University-CyLab-09-011, CyLab, Carnegie Mellon University, July 2009. BiBTeXhttp://repository.cmu.edu/cylab/5/.
[36]
A. Whitten and J. D. Tygar. Why Johnny can't encrypt: A usability evaluation of PGP 5.0. In USENIX Security Symposium, Washington, D.C., USA, Aug. 1999.
[37]
R. Wojtczuk, J. Rutkowska, and A. Tereshkin. Another way to circumvent Intel Trusted Execution Technology: Tricking SENTER into misconfiguring VT-d via SINIT bug exploitation. Technical article (Dec., 2009). BiBTeXhttp://theinvisiblethings.blogspot.com/2009/12/another-txt-attack.html.

Cited By

View all
  • (2019)EMMAProceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture10.1145/3352460.3358261(983-995)Online publication date: 12-Oct-2019
  • (2018)Using mobile phones to enhance computing platform trustTelecommunications Systems10.1007/s11235-018-0456-y69:2(187-205)Online publication date: 1-Oct-2018
  • (2017)Mandatory Content Access Control for Privacy Protection in Information Centric NetworksIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2015.249404914:5(494-506)Online publication date: 1-Sep-2017
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CCS '11: Proceedings of the 18th ACM conference on Computer and communications security
October 2011
742 pages
ISBN:9781450309486
DOI:10.1145/2046707
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 October 2011

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. attestation
  2. authentication
  3. malware
  4. phishing
  5. security token
  6. trusted computing

Qualifiers

  • Research-article

Conference

CCS'11
Sponsor:

Acceptance Rates

CCS '11 Paper Acceptance Rate 60 of 429 submissions, 14%;
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)18
  • Downloads (Last 6 weeks)2
Reflects downloads up to 14 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2019)EMMAProceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture10.1145/3352460.3358261(983-995)Online publication date: 12-Oct-2019
  • (2018)Using mobile phones to enhance computing platform trustTelecommunications Systems10.1007/s11235-018-0456-y69:2(187-205)Online publication date: 1-Oct-2018
  • (2017)Mandatory Content Access Control for Privacy Protection in Information Centric NetworksIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2015.249404914:5(494-506)Online publication date: 1-Sep-2017
  • (2017)Practical Governmental Voting with Unconditional Integrity and PrivacyFinancial Cryptography and Data Security10.1007/978-3-319-70278-0_27(434-449)Online publication date: 19-Nov-2017
  • (2016)HypnoguardProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security10.1145/2976749.2978372(945-957)Online publication date: 24-Oct-2016
  • (2016)Threat Modeling for Services in Cloud2016 IEEE Symposium on Service-Oriented System Engineering (SOSE)10.1109/SOSE.2016.55(66-72)Online publication date: Mar-2016
  • (2015)CaelusProceedings of the 2015 IEEE Symposium on Security and Privacy10.1109/SP.2015.59(880-896)Online publication date: 17-May-2015
  • (2014)Secure Authentication System for Hybrid Cloud Service in Mobile Communication EnvironmentsInternational Journal of Distributed Sensor Networks10.1155/2014/82809210:2(828092)Online publication date: Jan-2014
  • (2014)Approach of Secure Authentication System for Hybrid Cloud ServiceAdvances in Computer Science and its Applications10.1007/978-3-642-41674-3_77(543-550)Online publication date: 2014
  • (2014)Approach of Secure Authentication System for Hybrid Cloud ServiceAdvances in Computer Science and its Applications10.1007/978-3-642-41674-3_191(1377-1384)Online publication date: 2014
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media