This is the title of a paper I have written together with Atanas Filyanov, Jonathan M. McCune, and Ahmad-Reza Sadeghi. It was published and presented at DSN 2011. In this paper we address the question whether a trusted path from a system to a user has to be bidirectional for all use cases, i.e., authenticating the system to the user and authenticating the user to the system. The answer is no, there are use cases that allow a uni-directional trusted path (UTP), just from the user to the system. We identified use cases such as transaction confirmation in online purchases or CAPTCHAs as possible applications.
Essentially, our approach allows users to confirm a transaction without the need to having them know that the application they are interacting with is actually trustworthy or not. Recent hardware offers compelling features for remote attestation and isolated code execution, however, these mechanisms are not widely used in deployed systems to date. We show how to leverage these mechanisms to establish a "one-way" trusted path allowing service providers to gain assurance that users' transactions were indeed submitted by a human operating the computer, instead of by malware such as transaction generators.
Based on the concept of a uni-directional trusted path, we architect a trusted confirmation and optionally authentication agent that executes in CPU-provided isolation. The trusted computing base (TCB) of the trusted agent is relatively small compared to prior works (a few thousand lines of code), and remains compatible with users' existing operating system and application environments. The following picture shows the high-level design of UTP.
When the client requests an action from the server that requires a confirmation of the user's intent, the server establishes the uni-directional trusted path by sending a message to the client (and a random nonce for the purpose of preventing replay attacks). The (untrusted) client program invokes the execution of the UTP Agent in the CPU's secure execution mode. This mode ensures that the UTP Agent executes isolated from other software and successfully takes control of the user-centric I/O devices. The UTP Agent displays the message provided by the server (e.g., a transaction summary) to the user. Once the user has viewed the message and acted as required (e.g., confirmed their intention to submit the transaction), the UTP Agent assembles the necessary data to generate an attestation
that these events transpired while in the secure execution mode. This information is cryptographically signed by a keypair that is accessible only while the isolated execution environment is active, in order to demonstrate its authenticity and integrity. The data and its signature are then sent to the server. The server can verify the signature with the provided
and certified public key of the client platform, and subsequently verifies the attestation information in order to get
assurance about the execution of the UTP Agent. Note that this is more than just TCG-style attestation. If the verification succeeds, the server knows that a uni-directional trusted path to the human user has been established and that the transaction can be processed.
More information [Paper] [Slides]