Researchers propose new means of protecting compromised devices and stopping trojans in their tracks
Security researchers have come up with a new hardware-based approach to protecting information entered into computers – even if a user’s PC is infected with malware.
The open source Fidelius system aims at protecting compromised devices through the use of hardware enclaves, akin to the isolated execution environments long found in server processors that have made their way into consumer PCs in more recent years.
Speaking at the IEEE Symposium in San Francisco last week, Saba Eskandarian, a PhD student at Stanford University’s Applied Cryptography Group, explained: “If your computer happens to be compromised… you’re in the unfortunate situation where the malware is able to steal all your secrets.”
“So the question that we want to answer is, can we stop malware from revealing the secrets that we type into the browser window?”
In their search to develop new ways to protect user data even in the event of malware infiltration, Eskandarian and his research group from Stanford and CISPA Helmholtz Center for Information Security are developing ‘Fidelius’ – an open source architecture that ringfences users’ secrets through the use of protected enclaves on computer chips.
“The goal of Fidelius is to protect user keyword inputs from a browser that has been fully compromised,” Eskandarian said.
“A hardware enclave gives you a small area of memory, so that even if the entire operating system is compromised, this memory is isolated.”
“If you have some code in that area, then the execution of that code can’t be tampered with by the [compromised] operating system.”
Previous research on using hardware enclaves as part of an attack mitigation strategy includes Software Guard Extensions (SGX) from Intel – an approach that has been compromised on occasion by attacks such as Spectre.
Fidelius builds on these defensive efforts by directing the information entered into the trusted enclave through verified HTML tags.
“All you need to do is to take an existing tag that you have and add this secure attribute to it,” Eskandarian said.
“The secure attribute indicates that whatever this tag is – whether it’s a script or an input – it’s going to be handled inside the enclave, but not by the rest of the browsers.”
The web server then adds a signature to the HTML tag, which is verified by the enclave.
“The purpose for this is to make sure that the browser… isn’t able to tamper with the content that [it’s] supposed to be processing,” said Eskandarian.
Those interested in learning more about this project should check out the Fidelius white paper (PDF).