Upload
audrey-campbell
View
71
Download
10
Tags:
Embed Size (px)
DESCRIPTION
Trusted Computing. Don Rau Cs489 May 10, 2011. TC History. 1999 Trusted Computing Platform Alliance (TCPA) Five Members: Compaq, HP, IBM, Intel and Microsoft 2003 TCG (Trusted Computing Group) 2003 Successor Group to TCPA Today Enjoys Broad Support of Technology Industry Leaders - PowerPoint PPT Presentation
Citation preview
Trusted Computing
Don RauCs489
May 10, 2011
TC History
• 1999 Trusted Computing Platform Alliance (TCPA) – Five Members: Compaq, HP, IBM, Intel and Microsoft
• 2003 TCG (Trusted Computing Group)– 2003 Successor Group to TCPA– Today Enjoys Broad Support of
Technology Industry Leaders– over 200 members, adopters, and
contributors such as…
Over 100 Industry Contributors and Promoters
AMD, NVIDIA, Phoenix, Western Digital, Oracle, Fujitsu, Toshiba
TC History
TCA Mission Statement
The Trusted Computing Group is a not-for-profit organization formed to develop, define and promote open, vendor-neutral, industry standards for trusted computing building blocks and software interfaces across multiple platforms.
What is TC?
What is TC?
Trust Definitions
– Assured reliance on the character, strength or truth of something
– Expectation of an outcome with some degree of assurance– System who’s behavior is predictable and reliable
What is TC?
TCG Definition
“The computer or system will consistently behave in specific ways, and those behaviors will be enforced by hardware and software when the owner of those systems enables these technologies”
What is TC?
TCG Stated Goals of TC
“TC technology will make computers safer, less prone to viruses and malware, and thus more reliable. In addition, Trusted Computing will allow computer systems to offer improved security and efficiency”
What is TC?
How Does TC Serve these Goals?
•Establish Strong Machine Identity and Integrity•Secure Authentication and Strong Protection of User IDs•Protect Business Critical Data and Systems•Regulatory Compliance with Hardware-Based Security
How does TC work?
How Does it Work?1983 Ken Thompson Turing Award Acceptance Speech– Login application back-door modification– Compiler hacked so that rebuild of O/S yields same Trojan
horse defectThe system Thompson described was severely compromised
and could not be trusted.– Trust is Only as Strong as Weakest Link– Suggests a need for a basis or “Common Root” for Trust
How Does it Work?• TPM (Trusted Platform Module)– Provides this “Root of Trust”– Processor securely mounted to
motherboard in a tamper resistant fashion– Provides Cryptographic and Hash services– Verifies Boot Sequence– Extends Services to Applications providing a mechanism to
verify configurations and identities of components– AKA Fritz Chip
A cynical reference to S. Carolina Senator and DRM Advocate, Fritz Hollings
How Does it Work?• Crypto ‘Endorsement’ Key
embedded at time of manufacture• Key Generation • Hash Generation to uniquely
id components• Encryption/Decryption
Services• Exposes services via TSS
(Trusted Software Stack)
Establishing Trust
TPM Validates the Boot Process by Providing Evidence and attesting that the system boot was carried out by trusted firmware.•TPM Verifies Itself and the BIOS•BIOS Extends Trust by using the TSS to Verify Boot Loader•Boot loader verifies Operating System•Operating System verifies devices and drivers•Etc.
And so a chain of trust is established.
Extending the ChainTPM Provided Services• TSS (Trusted Software Stack) provides API for applications
and devices to use trusted services• Uniquely Identifying Signatures
typically based on hash codes generated from binary code of underlying component.
• Identities are secured by Cryptographic Keys• External Certificates of Authority • TPM/TSS serve as a basis to implement other core TC
concepts, including…
Key TC Concepts
• Attestation • Memory Curtaining
• Secure I/O• Sealed Storage
TC ConceptsAttestation
Attest to the Identity of a system and it’s configuration. – Local
• Secured boot• Request and verify identity of a specified configuration of
applications• Trusted Applications request cryptographic services through TSS
– Remote• Confirmation of expected remote client configuration• Remote Authentication and Access to Secured Networks
TC Concepts
Memory CurtainingPrevent applications from accessing other app’s memory– In a TC platform even the Operating System should not have
access to a programs curtained memory– Prevent Virus or Malicious code from reading or altering
data in a PCs memory
TC ConceptsSecure I/O
Secure Input and Output attempt to address two concerns:– Thwart screen-grabbing and key-logger exploits– Applications can assure that a user is physically
present user, as distinct from another program impersonating a user
TC Concepts• Sealed StorageOptional secured access to sensitive data–Addresses inability of a PC to securely store passwords–Ability to seal data access to only known apps and users on approved hosts–Use Cases• Data Encryption• DRM
Applications for Trusted Computing Include…
Example Use Cases
Corporate –Authentication and Remote Access/Distributed Firewalls–Data Encryption
•Trusted Distributed Collaboration–Verify distributed Clients integrity (SETI etc)–Distributed Gaming Anti-CheatXbox and PS currently use proprietary means for secure boot
•Digital Rights Management (DRM)
TC OpponentsMany opponents express concerns with trusted
computing, going as far as calling it
Treacherous Computing.
Paranoid or Justified?and
What are the concerns…
TC Opponents
Concerns?
TC Opponents• Too Much Control to Commercial Interests• Treats Owner as Adversary• DRM– Video, Audio, and Game Content Restrictions
• Constrain play back to certain applications?
• Loss of Flexibility– Attestation restrictions to certain browsers for certain
content – Sealed Storage complicates backup options– Open Source Future?– Complicates HW/SW upgrades or replacement
Concerns
• Ease of use?IMPORTANT: When using BitLocker with a TPM, it is recommended that BitLocker be
turned on immediately after the computer has been restarted. If the computer has resumed from sleep prior to turning on BitLocker, the
TPM may incorrectly measure the pre-boot components on the computer.
In this situation, when the user subsequently attempts to unlock the computer, the TPM verification check will fail and the computer will enter BitLocker recovery mode and prompt the user to provide recovery information before unlocking the drive!!!!
Conclusion
• Near Future– Corporate Use•Remote Authentication and Access•Drive Encryption Technology
– Government “As of 2007 requires all new computer assets, including PDAs to include a version 1.2 or higher TPM” – DOD Memorandum
– Regulatory EnforcementSecured Finances and Identity protection
Questions?
TC References• TCG. 2007, TCG specification architecture overview, 2 August 2008
http://www.trustedcomputinggroup.org/files/resource_files/AC652DE1-1D09-3519-ADA026A0C05CFAC2/TCG_1_4_Architecture_Overview.pdf• TCG. 2007, Trusted Computing, http://
www.trustedcomputinggroup.org/trusted_computing• BERGER, B. D. 2009. Securing data and systems with trusted computing now
and in the future. 2010. http://www.trustedcomputinggroup.org/files/static_page_files/C71DF61F-1A4B-B294-D01538F6E3B1C39D/DSCI_InfosecSummit_2010%2010%2002_v2.pdf• BERGER, B. 2005, Trusted computing group history. 2005. Information Security
Technical Report, Vol 10, Issue 2, 2005, Pp 59-62• PROUDLER, G., 2002, What’s in a trusted computing platform?, http://
www.informit.com/articles/article.aspx?p=28804&seqNum=4• COKER, G., GUTTMAN, J, LOSCOCCO, P., HERZOG, A., MILLEN, J., O’HANLON,
B., RAMSDELL, J., SEGALL, A., SHEEHY, J., SNIFFEN, B., Principals of remote attestation, National Security Agency, The MITRE Corporation. http://web.cs.wpi.edu/~guttman/pubs/good_attest.pdf• LEMOS, R., (2002) Trust or treachery, Cnet News.com,
http://news.cnet.com/2009-1001-964628.html
Real World Examples
• Xbox Secure Boot & DRM• Printer Cartridges• MS Palladium NGSCB• Smart Cards Technology
• Hitachi ’09 1st TC Compliant Hard Drive• Drive Encryption
• Remote Authentication