Trusted Computing (PowerPoint download)

Document Sample
Trusted Computing (PowerPoint download) Powered By Docstoc
					Trusted Computing

     Don Rau
     May 10, 2011
                     TC History
• 1999 Trusted Computing Platform Alliance (TCPA)
  – Five Members: Compaq, HP, IBM, Intel and Microsoft
• 2003 TCG (Trusted Computing Group)
  – 2003 Successor Group to TCPA
  – Today Enjoys Broad Support of
    Technology Industry Leaders
  – over 200 members, adopters, and
    contributors such as…
AMD, NVIDIA, Phoenix, Western Digital, Oracle, Fujitsu, Toshiba

  Over 100 Industry Contributors and Promoters
                   TC History
             TCA Mission Statement

The Trusted Computing Group is a not-for-profit organization
formed to develop, define and promote open, vendor-neutral,
industry standards for trusted computing building blocks and
software interfaces across multiple platforms.

                     What is TC?
                What is TC?
               Trust Definitions

– Assured reliance on the character, strength or truth of
– Expectation of an outcome with some degree of assurance
– System who’s behavior is predictable and reliable
               What is TC?
               TCG Definition

“The computer or system will consistently behave in
specific ways, and those behaviors will be enforced by
hardware and software when the owner of those systems
enables these technologies”
                What is TC?
         TCG Stated Goals of TC

“TC technology will make computers safer, less prone to
viruses and malware, and thus more reliable. In addition,
Trusted Computing will allow computer systems to offer
improved security and efficiency”
                  What is TC?
         How Does TC Serve these Goals?

•Establish Strong Machine Identity and Integrity
•Secure Authentication and Strong Protection of User IDs
•Protect Business Critical Data and Systems
•Regulatory Compliance with Hardware-Based Security

                How does TC work?
             How Does it Work?
1983 Ken Thompson Turing Award Acceptance Speech
  – Login application back-door modification
  – Compiler hacked so that rebuild of O/S yields same Trojan
    horse defect
  The system Thompson described was severely compromised
    and could not be trusted.
  – Trust is Only as Strong as Weakest Link
  – Suggests a need for a basis or “Common Root” for Trust
                How Does it Work?
• TPM (Trusted Platform Module)
  – Provides this “Root of Trust”
  – Processor securely mounted to
    motherboard in a tamper resistant fashion
  – Provides Cryptographic and Hash services
  – Verifies Boot Sequence
  – Extends Services to Applications providing a mechanism to
    verify configurations and identities of components
  – AKA Fritz Chip
     A cynical reference to S. Carolina Senator and DRM
     Advocate, Fritz Hollings
How Does it Work?
           • Crypto ‘Endorsement’ Key
             embedded at time of
           • Key Generation
           • Hash Generation to uniquely
             id components
           • Encryption/Decryption
           • Exposes services via TSS
             (Trusted Software Stack)
               Establishing Trust
TPM Validates the Boot Process by Providing Evidence
and attesting that the system boot was carried out by
trusted firmware.
• TPM Verifies Itself and the BIOS
• BIOS Extends Trust by using the TSS to Verify Boot Loader
• Boot loader verifies Operating System
• Operating System verifies devices and drivers
• Etc.
             And so a chain of trust is established.
             Extending the Chain
TPM Provided Services
• TSS (Trusted Software Stack) provides API for applications and
  devices to use trusted services
• Uniquely Identifying Signatures
  typically based on hash codes generated from binary code of
  underlying component.
• Identities are secured by Cryptographic Keys
• External Certificates of Authority
• TPM/TSS serve as a basis to implement other core TC
  concepts, including…
Key TC Concepts

    • Attestation
• Memory Curtaining
    • Secure I/O
  • Sealed Storage
                     TC Concepts
 Attest to the Identity of a system and it’s configuration.
  – Local
     • Secured boot
     • Request and verify identity of a specified configuration of
     • Trusted Applications request cryptographic services through TSS
  – Remote
     • Confirmation of expected remote client configuration
     • Remote Authentication and Access to Secured Networks
                   TC Concepts

Memory Curtaining
 Prevent applications from accessing other app’s memory
 – In a TC platform even the Operating System should not have
   access to a programs curtained memory
 – Prevent Virus or Malicious code from reading or altering
   data in a PCs memory
                  TC Concepts
Secure I/O

Secure Input and Output attempt
to address two concerns:
   – Thwart screen-grabbing and key-logger exploits
   – Applications can assure that a user is physically
     present user, as distinct from another program
     impersonating a user
                     TC Concepts
• Sealed Storage
Optional secured access to sensitive data
   –Addresses inability of a PC to securely store passwords
   –Ability to seal data access to only known apps and users
   on approved hosts
   –Use Cases
      • Data Encryption
      • DRM

   Applications for Trusted Computing Include…
              Example Use Cases
  – Authentication and Remote Access/Distributed Firewalls
  – Data Encryption
• Trusted Distributed Collaboration
  – Verify distributed Clients integrity (SETI etc)
  – Distributed Gaming Anti-Cheat
     Xbox and PS currently use proprietary means for secure
• Digital Rights Management (DRM)
          TC Opponents
Many opponents express concerns with trusted
     computing, going as far as calling it
     Treacherous Computing.

          Paranoid or Justified?
         What are the concerns…
TC Opponents

                  TC Opponents
• Too Much Control to Commercial Interests
• Treats Owner as Adversary
– Video, Audio, and Game Content Restrictions
    • Constrain play back to certain applications?
• Loss of Flexibility
– Attestation restrictions to certain browsers for certain
– Sealed Storage complicates backup options
– Open Source Future?
– Complicates HW/SW upgrades or replacement
• Ease of use?
   When using BitLocker with a TPM, it is recommended that BitLocker be
turned on immediately after the computer has been restarted.
   If the computer has resumed from sleep prior to turning on BitLocker,
 the TPM may incorrectly measure the pre-boot components on the
   In this situation, when the user subsequently attempts to unlock the
 computer, the TPM verification check will fail and the computer will
 enter BitLocker recovery mode and prompt the user to provide recovery
 information before unlocking the drive!!!!
• Near Future
  – Corporate Use
     •Remote Authentication and Access
     •Drive Encryption Technology
  – Government
    “As of 2007 requires all new computer assets, including PDAs to
    include a version 1.2 or higher TPM” – DOD Memorandum
  – Regulatory Enforcement
     Secured Finances and Identity protection
                             TC References
• TCG. 2007, TCG specification architecture overview, 2 August 2008
• TCG. 2007, Trusted Computing,
• BERGER, B. D. 2009. Securing data and systems with trusted computing now
  and in the future. 2010.
• BERGER, B. 2005, Trusted computing group history. 2005. Information Security
  Technical Report, Vol 10, Issue 2, 2005, Pp 59-62
• PROUDLER, G., 2002, What’s in a trusted computing platform?,
  RAMSDELL, J., SEGALL, A., SHEEHY, J., SNIFFEN, B., Principals of remote
  attestation, National Security Agency, The MITRE Corporation.
• LEMOS, R., (2002) Trust or treachery, Cnet,
      Real World Examples
       • Xbox Secure Boot & DRM
           • Printer Cartridges
         • MS Palladium NGSCB
        • Smart Cards Technology
• Hitachi ’09 1st TC Compliant Hard Drive
            • Drive Encryption
        • Remote Authentication

Shared By: