RV-TEE-based trustworthy secure shell deployment : an empirical evaluation

Abstract

Incorrect cryptographic protocol implementation and malware attacks targeting its runtime may lead to insecure execution even if the protocol design has been proven safe. This research focuses on adapting a runtime-verification-centric trusted execution environment (RV-TEE) solution to a cryptographic protocol deployment — particularly that of the Secure Shell Protocol (SSH). We aim to show that through a concrete realization of RV-TEE, which is neither tied to specific CPU mode nor requires the consequential operating system support, SSH execution can be rendered trustworthy. We provide: (i) An RV-TEE setup for a popular SSH implementation based on a widely-adopted RV tool, and a USB-connected hardware security module (ii) An overview of the property extraction process through a methodical analysis of the SSH protocol specifications (iii) Security vulnerabilities identified as a result of RV-TEE adoption (iv) An overhead analysis delineating what SSH applications can benefit from our proposed setup in a practical manner.