Trustworthy and Personalized Computing

1. Trustworthy and Personalized Computing Christopher Strasburg Department of Computer Science Iowa State University November 12, 2008

2. Motivating Problem • People desire increasingly frequent access to personal computing environments • Public kiosks offer a good trade-off between functionality, cost, and availability • Public kiosks are at higher risk than other environments • General public has physical access to systems • People tend to have a low degree of trust in software on public kiosk systems

3. Related Work -- Portable Computing Environment • Encrypted Virtual Machines (VMs) provide portable, encapsulated computing environments • OS, software, configurations, personal data in one package • Practical distribution of VM images has been explored: • Remote deployment of VM image components (Internet Suspend/Resume) • Loading a VM from a portable device (SolePad) • However, even using encrypted VMs, compromised kiosk software can access data and render the system untrustworthy (BIOS, virtual machine monitor)

4. Related Work -- Building System Trust • Verify the entire software stack, from BIOS to Applications • Software solutions -- The software itself is an easy target on public kiosk systems • Trusted boot sequences -- Introduces possible serious boot-time delays • Minimize function of system for easier verification • Kiosks as thin clients which perform minimal processing -- Wastes much of the computational power of the system • Limit the information a user submits to the system -- User must ultimately determine sensitivity for each piece of data; difficult to predict data interaction

5. Method Overview • A multi-stage process using a trusted mobile device to verify the integrity of the system prior to use

6. Method Details - Identify Workstation • User visually verifies kiosk identity • Mobile device downloads certificate and verifies authenticity  • Mobile device retrieves supported configurations and allows user to select one

7. Method Details - Verify Software Mobile Device: • Requests database signed by TTP (Trusted Third Party)  • Requests signed (by TPM) quote and re-computes boot sequence to verify that it matches quote • On success, signals user that system is trustworthy System: • Reboots • Loads the DRTM with the hash of the secure boot loader • Generates Encryption Key pair (K, K') • Creates self-signed certificate C containing K. • Measures C into TPM

8. Method Details - Load Personal Environment Uses key pair (K,K') to download and load user's personal environment / encrypted VM image / information

9. Method Details -- Data Cleanup Once the user is finished with the system, the system shuts down, removes the VM image, and overwrites the memory containing the cryptographic data

10. Assumptions and Limitations • Kiosk owner is trusted: • Periodically check for and fix misbehaving Kiosks (ie. to address hardware issues, detect incorrect barcodes) • System only verifies software at boot time.  Post-boot modification is not detected • Mobile device is trustworthy • Requires kiosk owner to participate in system, ie: • Provide database of software • Tag systems with barcodes • Users must wait around 2.5 minutes before system is ready to use

11. Conclusions • Provides personalized computing environment • Unrestricted access to computing capabilities • Enables users to perform sensitive personalized computing on public hardware with a high degree of confidence Reference S. Garriss, R. Caceres, S. Berger, R. Sailer, L. Doorn, X. Zhang. Trustworthy and Personalized Computing on Public Kiosks. In Proc. MobiSys 2008.