Kun Li, Michael Maass, and Mike Ralph
Contact: {kunli, mmaass, mralph}@andrew.cmu.eduhttp://www.cs.cmu.edu/~mmaass/tpm_tls/proposal.html
1. Summary
We intend to modify an open source Java implementation of TLS to make use of a Trusted Platform Module (TPM). Our modification will isolate sensitive cryptographic operations on Transport Layer Security (TLS) servers. The TPM will be used to manage asymmetric key pairs and to perform operations using the private key. We will make use of late launch technologies to execute symmetric key operations.2. Project Description
While 15-740 has primarily focused on what hardware can do to improve the performance of parallel systems, computer architectures have also made notable contributions to the field of security. TPMs are now commonly shipped as a part of commodity computing devices such as laptops, desktops, and servers. A TPM is a secure cryptoprocessor useful for many tasks such as storing cryptographic keys, protecting passwords, and assuring platform integrity.We intend to modify a type-safe implementation of TLS to make use of TPMs. TLS is a cryptographic protocol used to establish a secure communication channel over the Internet [7]. In the typical case, the server side uses an asymmetric key pair, where the public portion has been signed by a trusted third party, to authenticate itself to the client. This key pair is also used to securely exchange key material. The key material is later used to calculate a shared session key. The shared session key is a symmetric key used to encrypt/decrypt all of traffic between the client and the server after the session has been established.
Our primary goal is to cause our chosen TLS implementation to make use of the TPM for storing the private key from the asymmetric key pair and for performing operations using that key. Additionally, we will make use of late launch technologies to isolate the calculation of the session key and operations that use the key. This isolation will prevent other software that is running on the machine from observing the cryptographic operations or stealing any of the secret keys. (NOTE: We can isolate asymmetric operations using the TPM directly because the hardware supports an asymmetric cipher in CipherSuites we can support. However, the hardware does not directly support the symmetric ciphers, thus to gain similar isolation properties for them we must use late launch.) We intend to make these modifications while only making modest compromises in terms of type safety, which will reduce the amount of code where vulnerabilities such as buffer overflows are of concern.
We intend to perform these modifications solely for the case of one combination of algorithms in the TLS implementation's CipherSuite on the server side. If our scope is too large even with this limitation, we will drop late launch requirements for all but the most simple cases where we can apply it. However, assuming we end up with extra time, we will attempt to apply late launch more broadly.
Finally, we intend to address the issue of benchmarking such an infrastructure to determine where and why any slowdowns occur.
3. Plan of Attack and Schedule
Our schedule roughly breaks the work into three components. Each group member should be able to claim primary responsibility for one of the following: integration of jTSS into Sun's provider in the OpenJDK (see section 6), production of Pieces of Application Logic (PALs) to late launch, and test harnesses.Week Beginning | Plan |
---|---|
October 22 | Organize team member responsibilities. Ensure all members are familiar with all project ideas. Read hardware/software documentation. |
October 29 | Perform a detailed inspection of Sun's SSL provider to determine what needs to change to meet the goal. Install Flicker and use a simple PAL. Plan experiments and design test harnesses. |
November 5 | Begin integrating jTSS into Sun's SSL provider. Plan ingress and egress routes for session key management and encryption/decryption. Have a simple test harness done that allows a client to connect to a server that is using the modified TLS library and PALs. |
November 12 | Finish integrating jTSS with Sun's SSL provider for asymmetric key management and begin using jTSS for private key operations. Continue implementing symmetric operations as PALs. Continue implementating test harnesses and instrumentation schemes. |
November 19 | Finish integrating jTSS with Sun's SSL provider for key management and private key operations. Begin integrating modified SSL provider with PALs. Start integrating test harnesses with the modified SSL implementation + PALs. |
November 26 | Finish integrating all components and gather data. |
December 3 | Complete project writeup and poster |