Design and Implementation of Trusted Channels in the Keystone Framework

Nowadays, the spread of remote services and network connections has led to the need for a higher level of protection for the transmitted data. Even if the secure channels can guarantee confidentiality, integrity, and authenticity of the information exchanged over the connection, there are no assurances that the endpoint is devoid of malware or that it is not under the control of an adversary. In that case, if the other party sends sensitive information, this may be compromised with the risk of causing severe damage to both endpoints. For these reasons, the research is moving forward with trusted channels development, secure channels in which evidence of platform trustworthiness is exchanged during the connection establishment. This proof is produced according to the attestation process provided by technologies such as Trusted Platform Modules (TPMs) or Trusted Execution Environments (TEEs). In particular, the latter can execute applications securely and isolated from the rest of the system, reducing the attack surface available for the adversaries, and those executables are therefore called Trusted Applications (TAs). The purpose of this Master's thesis is to develop a protocol that can be adopted to issue certificates used during the setup of a trusted channel in which at least one peer is a TA. The work starts with an analysis of TEE technologies and their main elements, and a description of how these have been implemented in the products developed by companies and research groups. Then, different publications about trusted channels have been analyzed in order to highlight which are their main requirements, as well as their advantages and disadvantages. Based on this study, I designed the protocol described above, in which the involved entities are the TA, the Certificate Authority (CA), and the verifier. The implementation of TAs was carried out on the Keystone framework, an open-source project that allows the creation of customizable TEEs. Moreover, to identify the device and TEE components and to generate the key pair to be certified, the Device Identifier Composition Engine (DICE) architecture has been included in the protocol by using a custom version of the Keystone framework compliant with DICE. It consists of specifications published by the Trusted Computing Group (TCG) that describe how each layer in the system can be identified, how those values are generated, and how key pairs can be derived from the identifiers and certified. Finally, the developed protocol has been tested to verify its functionality and performance.