Notary: a device for secure transaction approval
Name
notary sosp19.pdf
Description
Accepted version
Size
2.31 MB
Format
Adobe PDF
Checksum (MD5)
e914ae60fd4e6c0794807320bfea9dc8
Author(s)
Athalye, Anish
Belay, Adam M
Kaashoek, M. Frans
Morris, Robert
Zeldovich, Nickolai
Date Issued
October 2019
Journal
Proceedings of the 27th ACM Symposium on Operating Systems Principles
Publisher
Association for Computing Machinery (ACM)
Citation
Athalye, Anish et al. "Notary: a device for secure transaction approval." Proceedings of the 27th ACM Symposium on Operating Systems Principles (October 2019): 97–113 © 2019 The Author(s)
Version
Author's final manuscript
Abstract
Notary is a new hardware and software architecture for running isolated approval agents in the form factor of a USB stick with a small display and buttons. Approval agents allow factoring out critical security decisions, such as getting the user’s approval to sign a Bitcoin transaction or to delete a backup, to a secure environment. The key challenge addressed by Notary is to securely switch between agents on the same device. Prior systems either avoid the problem by building single-function devices like a USB U2F key, or they provide weak isolation that is susceptible to kernel bugs, side channels, or Rowhammer-like attacks. Notary achieves strong isolation using reset-based switching, along with the use of physically separate systems-on-a-chip for agent code and for the kernel, and a machine-checked proof of both the hardware’s register-transfer-level design and software, showing that reset-based switching leaks no state. Notary also provides a trustworthy I/O path between the agent code and the user, which prevents an adversary from tampering with the user’s screen or buttons. We built a hardware/software prototype of Notary, using a combination of ARM and RISC-V processors. The prototype demonstrates that it is feasible to verify Notary’s reset-based switching, and that Notary can support diverse agents, including cryptocurrencies and a transaction approval agent for traditional client-server applications such as websites. Measurements of reset-based switching show that it is fast enough for interactive use. We analyze security bugs in existing cryptocurrency hardware wallets, which aim to provide a similar form factor and feature set as Notary, and show that Notary’s design avoids many bugs that affect them.
MIT Department
Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory
Terms of Use
Creative Commons Attribution-Noncommercial-Share Alike
Persistent DSpace Link
DOI of Published Version
http://dx.doi.org/10.1145/3341301.3359661
