Docstoc

Trusted Platform Modules_ Building a Trusted Software Stack and

Document Sample
Trusted Platform Modules_ Building a Trusted Software Stack and Powered By Docstoc
					Trusted Platform Modules:
Building a Trusted Software
Stack and Remote Attestation
Dane Brandon, Hardeep Uppal
CSE551
University of Washington
Overview
 Motivation
 Trusted Computing and Trusted Platform
  Modules (TPM)
 Trusted Software Stacks
 Attestation
 Measurements
 Future Work and Conclusion
Motivation
   An End to the Middle
    ◦   Our ongoing research.
    ◦   Networked computers and trust.
    ◦   How can we validate a computer?
    ◦   Even with a password, can we trust they are
        who they say they are?



               Hardware offers a potential solution…
Trusted Computing and TPMs
   Trusted Computing Group
    ◦ Spec for TPM and trusted software stack.
   TPM - Hardware chip on most new
    business laptops and some other PCs.
    ◦ Dell Latitude, Lenovo ThinkPad, etc…
 Offers some help that software can’t.
 NOT protection against physical attacks.
TPM Functionality
TPM Functionality
   Persistent memory
    ◦ Endorsement key (EK)
      Permanent private unique key
    ◦ Storage Root Key (SRK)
      Encrypts other keys, data with pub key out to disk.
   Volatile memory
    ◦ Platform Configuration Registers (PCR)
    ◦ Attestation identity keys
    ◦ Storage keys
TPM Functionality
   Crypto-processor
    ◦   RSA key generator
    ◦   Random number generator
    ◦   Encryption / decryption
    ◦   SHA-1 hash and append
         PCRs are append only.
         PCR[i] = SHA-1(PCR[i] | new value)
Trusted Software Stacks
   Core root of trust for measurement
    (CRTM).
    ◦ Boot block in BIOS. Never changes.
   Chain of trust.
    ◦ Each software component measures the next.
    ◦ Append measurements to PCRs.
      TrustedGRUB
   TrouSerS (TSS API)
Trusted Software Stacks
Attestation
 We have a snapshot of state which can be
  signed.
 How do we deliver it?
 We can’t just send it over…
    ◦ Replay attacks
Attestation
 We have a snapshot of state which can be
  signed.
 How do we deliver it?
 We can’t just send it over…
    ◦ Replay attacks
Attestation
   Use a nonce
    ◦ When request to join comes, challenge with a
      random number.
    ◦ Append to PCRs and sign. Funky fresh.
   Note: Measurements only represent state
    immediately after boot.
    ◦ No guarantees of events after boot!
   Still need to prove that the TPM is a TPM
   Certificate Authority
    ◦ Validate TPM
             Attestation
                                    Manf.   PCA
                                    Cert.   Cert
                                            .



                       Privacy CA




     EK    AIK




 New Node


EK    EK   AIK   AIK                Trusted Nodes
            Attestation
                                              Manf.   PCA
                                              Cert.   Cert
                                                      .
                      EK   AIK


                                 Privacy CA




 New Node


EK   EK   AIK   AIK                           Trusted Nodes
            Attestation
                                              Manf.   PCA
                                              Cert.   Cert
                                                      .
                      EK   AIK


                                 Privacy CA




 New Node


EK   EK   AIK   AIK                           Trusted Nodes
            Attestation
                                         Manf.   PCA
                                         Cert.   Cert
                                                 .
                      AIK


                            Privacy CA




 New Node


EK   EK   AIK   AIK                      Trusted Nodes
             Attestation
                                    Manf.   PCA
                                    Cert.   Cert
                                            .



                       Privacy CA




     AIK




 New Node


EK    EK   AIK   AIK                Trusted Nodes
             Attestation
                                             Manf.     PCA
                                             Cert.     Cert
                                                       .



                       Privacy CA




     AIK                            Challenge!




 New Node
                   ?
EK    EK   AIK   AIK                             Trusted Nodes
             Attestation
                                             Manf.   PCA
                                             Cert.   Cert
                                                     .



                       Privacy CA




     AIK




                                    02895…

 New Node


EK    EK   AIK   AIK                         Trusted Nodes
             Attestation
                                                    Manf.   PCA
                                                    Cert.   Cert
                                                            .



                                       Privacy CA




                       Append nonce
                       and sign PCRs
     AIK               with priv_AIK



                 10110…


 New Node


EK    EK   AIK   AIK                                Trusted Nodes
             Attestation
                                       Manf.   PCA
                                       Cert.   Cert
                                               .



                          Privacy CA




     AIK




                 10110…


 New Node


EK    EK   AIK   AIK                   Trusted Nodes
             Attestation
                                             Manf.    PCA
                                             Cert.    Cert
                                                      .



                       Privacy CA




                                                AIK
     AIK




                                    10110…


 New Node


EK    EK   AIK   AIK                         Trusted Nodes
             Attestation
                                             Manf.    PCA
                                             Cert.    Cert
                                                      .



                       Privacy CA




                                                AIK
     AIK




                                    10110…


 New Node


EK    EK   AIK   AIK                         Trusted Nodes
             Attestation
                                                               Manf.    PCA
                                                               Cert.    Cert
                                                                        .



                                 Privacy CA




     AIK
                 SUCCESS!    Verify bits match:
                       SHA-1(expected PCRs | nonce)
                                                                  AIK




                                                      10110…


 New Node


EK    EK   AIK   AIK                                           Trusted Nodes
Measurements
Verify PCR
  values
  change
Measurements




              Time in seconds




 Extends are fast
 Creating keys is very slow
 Load and sign, not too bad…
Future Work
 Create a privacy CA.
 Implement complete attestation process
  and benchmark major components.
 Put Xen in the middle of the chain of
  trust.
 Add trusted software stack to ETTM
  project.
Conclusion
 TPMs show promise.
 Building a trusted software stack is
  possible with open-source software.
 Time cost not negligible, but reasonable.
 Hardware should get better.
 Need more software support.
Other Thoughts
 Lots of laptops have TPMs, no one uses
  them.
 TrustedGRUB has 5400+ extra lines of
  code. We didn’t write them.
 The Dell Latitude e5400 is garbage.
    ◦ Two thumbs down!

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:0
posted:5/8/2013
language:
pages:29