Technical Description

Objective

The main goal of this project is to secure access to data for PC users in using Java Card on USB token. This technology is different from TPM platform because security is based on external secure device and not on an internal chip.

Secured access to PC is based on 2 processes:

• System Integrity: secured bootloader checks principal components of PC Platform: CPU-ID, NIC-ID, HDD-ID, PCI-ID, BIOS, /boot partition, MBR, kernel and important system files (ex: /etc/security/*, /etc/sysctl.conf, ...)
• User Authentification: secured bootloader allow mounting crypted user partition after successfully checking system integrity and extracting key contained on USB Token via login.

The implementation aimed to be compatible with different encryption methods and applications (eCryptFS, dmcrypt, TrueCrypt?, TPM Chip ...)

System Cases Description

The following is a description of 4 system cases going into the project.

Install

• 2 partitions: /boot + /home
• Compute hashes for system:
  • firmware
  • /boot
  • PCI-IDs
  • ...
• Generation of a Random Key on USB Token
• Customize 2 USB tokens:
  • Recovery Key
  • Startup Key
• Encrypt User partition

Boot

• Boot on primary harddisk
• Check System Integrity:
  • SysID*
  • PCI-IDs
  • ...
• Secured Login
• Mount encrypted user partition

Uninstall

• Identification with Recovery Key
• Decrypted user partition
• Remove secured bootloader

Update

(dual boot, Bios flash, hardware modification, system files upgrade, kernel update, ...)

• Boot & Identification with Recovery Key
• Customize Startup Key

Implementation Details

Security Architecture

Security in the Secure Boot relies on the use of an secure external device. In an first approach, we present secure boot working with a normal USB key. At the boot sequence, after authenticating USB key, we retrieve user's checking commands stored on the external device. These checks validate system platform integrity. If these checks are successful, the bootloader delivers the system authenticity agreement which will be used by secured login on Linux environment.

The login manager supports 2 modes: normal mode where secure login authenticate user password and system integrity and, the Update mode. In graphical usage, special button makes it possible to switch into Upgrade mode. In this mode, the manager recomputes system integrity to take into account possible hardware or software modifications. It is the user who assumes the responsibility for encryption of his partition user on an upgraded system.

The following flow chart describe steps which have to be performed to validate an secure boot.

We describe the main steps of secured boot sequence:

• BIOS Features Compatibility:

BIOSes based on Phoenix Technology are supported. Indeed, during testing, we noticed that some bioses other than those Phoenix Technology-based (the most widespread firmwares on the laptops on sale) are reconfigured in a different way to each restarting what prevents us from computing a stable BIOS integrity key.

• USB Key Authentication (this features is not available):

We compute an one-time password (OTP) with different data stored into MBR of primary disk and USB storage. The algorithm is based on key derivation function PBKDF1 described in PKCS #5 [R9]: 1. Find serial number of USB device: USB_ID. 2. Retrieve Salt, #Seq from 1rst sector of USB key. 3. Compute #Seq times:

	Res(1) = Hash( USB_ID || Salt)
	Res(n+1) = Hash( USB_ID || Res(n))

4. Compare Res(#Seq) and stored hash into primary disk MBR. 5. Generate next hash and update #Seq on the USB.

• System Integrity Checking:

The bootloader assure system integrity in using user configuration directives: checkbios, checkpci, checkfile. We describe the process of the last command: 1. Parse files list from checklist.conf file stored on /boot partition. 2. Compute integrity for each files. 3. Generate a system integrity number needed to mount user partition.

• PAM Login:

Secure login compute partition key (or volume) password to mount encrypted user partition. 1. Ask for user password. 2. Retrieve system integrity number from memory. 3. Generate volume key passphrase. 4. Pass it to pam_mount module.

System Architecture

We will develop 3 secure softwares: bootloader, secure login, and an user configuration tool.

The secured bootloader is based on TrustedGrub? [R4], a patch-version of Grub intended initially to work only with TPM chip. System integrity checking's implementation is based on Bios & Intel Specifications:

• EDD v3.0 for dialoging with external USB storage [R5]
• ISO/IEC 9293 for Bios Parameter Bloc
• AMD® and Intel® Processor Identification for CPUID [R6] [R7]
• Conventional PCI 3.0 and the PCI Firmware 3.0 Specifications [R8]

Mandriva provide a secure login based on KDE Display Manager (Kdm) working with a new Pluggable Authentification Module (PAM). The volume has a different password than user's system account, then we encrypt the password to the volume you wish mounted (user partition) using an new password based on system authenticity agreement and user password which is stored on USB device. pam_mount supports transparently decrypting this filesystem key, as long as the cipher used is supported by openssl.

The module pam_tgrub.so deals with Update mode switch: depending on the activation of the mode, it recomputes the user key encryption stored on the USB key while being based on the new system integrity.

We provide a set of user configuration tools to administer protected user account. There are 3 scripts shells:

• install.sh : set the secure bootloader and an new user account. It recommends an new PAM configuration to use the new account.

Concerning the configuration of the files to check, we propopse to refer to the system file list provided on the Web site of IBM [ R10].

• uninstall.sh : remove the specified user account. Warning: it doesn't uninstall secure Grub and destroy all user data.

• update.sh : regenerate key locker on USB key.