Docstoc

Interoperability Open Trust Infrastructures

Document Sample
Interoperability Open Trust Infrastructures Powered By Docstoc
					      Industry Leader in Trusted Systems and Services




 Trusted Computing
Security for the Digital World



                                             Lark M. Allen
                                             Wave Systems Corp.
                                             lallen@wavesys.com
The Evolution of the Digital Infrastructure


                           Web Services
                          Trust/Security
                         Access (WWW)
              Connectivity (Internet)
   Processing (PC)
                  Time
Trusted Computing

   Trusted Computing:


         Hardware and Software
           behave as designed
Trusted Computing – Who Is Trusting?

 Trust is in the eye of the beholder

                 USER

                  Trusted
    PARTNERS       PC ?
                            ENTERPRISE


              SERVICE
             PROVIDERS
Trusted Computing: Why Required?




   VITAL SIGNS FOR OCTOBER 2, 2002




                Bugbear worm
                tries to steal credit
                cards, passwords


                                        etc, etc.
Trusted Computing Initiatives


                     Smart
       Microsoft     Cards
                               Intel
       Palladium
                             LaGrande
                     Cell
      Gaming        Phones
     Platforms                TCPA
          Set Top     FinRead
          Boxes
Trust: A Political Lightning Rod

      Conspiracy
       Theories             Control

                                       Tracking
 Opt-In/
 Opt-out



  Closed
                                      Privacy
             Surveillance
Trusted Computing – Adoption Drivers

 Market Adoption Requires the ‘Gorillas’
  “Trustworthy Computing is the highest priority
              THE BIG SECRET
                       are doing.
   for all the work we By Steven Levy, Newsweek, July 1, 2002
      We must Microsoft’s Palladium
  A First Look At lead the industry…”
  An exclusive first look at Microsoft’s
  ambitious and risky-plan to remake
                     Bill Gates
  the personal computer to ensure
                   Microsoft
  security, privacy and intellectual
                      Jan 15, 2002
  property rights. Will you buy it?
Trusted Systems – Hardware Based
 Hardware is a requirement for Trusted Systems

 “You can layer all the security and digital rights
         FEDS EYE COPY LOCKS FOR PC GEAR
  management software you want on top of the
                   S.2048 Hollings trusted hardware
  PC platform, but without Bill
                    “Consumer Broadband
  the PC is still not secure”.
                     and Digital Television
        Scott Dinsdale Promotion Act”
        Executive VP, Digital Strategy      VALENTI
        Motion Picture Association
        Digital Hollywood Conf, 2/4/2002
                      “If you can’t protect
                      anything you own, you
                      don’t own anything”
        Pyramid of Protection
Trusted, Trusted,
Unshared Shared




                                   Hdwr/Sftwr
     Hardware




                                                                Security Strength
                                 PKI Trust System
                     Smart
                     Cards
                                 Hardware – Prog.
                                                         TCPA

                                 Hardware - Static

                             Tamper-Resistant Firmware   BIOS
Software
 Secure




                    DRMs
                             Tamper-Resistant Software

                                   Software Only
Trusted Computing – Bottom to Top


   User Services      Security at any layer can
                       be defeated by accessing
    Applications       the next lower layer
  System Services     Trusted Computing
                       requires security hardware
  Operating System
                       as the foundation for
   BIOS Firmware       platform security

    PC Hardware       Plus security enablement
                       features in each layer
  Trusted Hardware
Trusted Computing Technologies

                                Public Key
                Digital       Infrastructure
              Certificates                      Global
    Secure                                      Unique
     Time                      Digital
                             Signatures        Identities

                     Random
                      Number
                     Generator




       Trusted Computing
 Example: Single Security Chip System
                                                            SECURE TIME
                                   INTRUSION                              Crystal
                    RS-232C
                    Interface
                                     DETECTION       Real Time
                                                       Clock              Battery
SECURE              LPC Slave                         Non-vol
 INPUT /             Interface                         SRAM
                                                                    NON-VOLATILE
OUTPUT             LPC Master                          MME            MEMORY
           Code     Interface                         MMULT
                                     TRUSTED
                      USB                               SHA
                    Interface          OS                              CRYPTO
                    ISO 7816                            DES
                                                                     ALGORITHMS
                    Controller
                                      Internal RAM
                      GPIO               (IRAM)         RNG
                                                                           Optional
                                        Timers                               I/O
           SECURE                                    External I/F
           KEYPAD/                      Device
                                                                            Flash

           DISPLAY                      Control        Flash
                                                      Memory

                                                     Encrypted
                                                                            SRAM
                  Microprocessor      MMU    Cache   Memory I/F


   PROCESSOR                         MEMORY                          ENCRYPTED
                                   MANAGEMENT                         MEMORY
    Trusted Systems – Overview
    E-Commerce Is Complex Trust Relationships
    “Hardware-level security is required for complex trust
     relationships. Internet transactions by their nature are
     done at a distance, not face to face, therefore the
     security requirements to protect the interests of every
     party in a digital transaction are even more important
     than in the physical world.”

                                Dr. Robert Thibadeau
                                Computer Science
                                Carnegie Mellon University
 Multiparty Trust for E-Commerce

  USER                  FINANCIAL              MERCHANT
                          Distributed      Content & Services
Consumer              Transaction System        Protection /
Relationship System                        Digital Rights Mgmt.
            Credit
            Cards
       Digital
      Identity
   Wallet

      Multi-Party                          Trusted
        Trust                              Devices
Trusted Computing – Open, Shared
 Open, Programmable and Interoperable Trust
  Required for Internet Devices

                          USER computer systems
 “Incredibly secure and trustworthy
  exist today, but they are largely independent, single-
  purpose systems that are meticulously engineered and
  then isolated.”           Platforms / Applications /
 Cards / Tokens/         User Devices         Peripherals /                                  Data / DRM /
 Authentication                                                        Services /           Media Streams
                                          Consumer Electronics         Software
   Smart Cards           Cell Phones         PC                    OS / Boot             DRMs
   Biometrics            Trusted Readers     Set Top Box           Applications          5C / DTCP
                                               Cable Modems
   SecureID
   Passwords
                          FINREAD/GTI
                          PDAs
                                                     Craig Mundie
                                               Keyboards/Input
                                                                      Certified Applets
                                                                      Digital Signatures
                                                                                             MHCP/DVI
                                                                                             Conditional Access
                                               Storage Devices
   PINs                  Wireless Devices                           Firmware              SDMI
   Passport/Liberty      Merchant                  SVP, CTO
                                               Output-TV/Prntrs
                                               Graphics Cards        Web Agents            Watermarking
   X509 Cert Auth.         Terminals          Receivers, Players    Authenticode          DeCSS
   Registration Auth.    Access Devices      DTLA Microsoft        CDSA
Trusted Computing – Models

                                                                        Closed, isolated




                                                   Satellite Networks
                   Cable Networks
                                                                         systems




                                    Credit Cards
     Cell Phones

                                                                        Single party
                                                                         control
                                                                        Proprietary
                                                                         security and trust
                                                                         technology
                                                                        Shared trust
                                                                        Multiple web
          PC / Internet Devices
                                                                         services
                                                                        Open standards
                Trusted Computing – Trust Models
                        Multiple


                                    Cell Phone
Applications/Services




                                   Smart Cards

                                     TCPA

                                     STB               Driver’s License /
                        1




                                                          Passports /
                                                         Credit Cards

                                      1                    Multiple
                                           Number of Trustors
ROOTS: The Genealogy of Trust
             TRUSTED                TRUST
           THIRD PARTY             ROOT KEY



      Application     Application Authorization Initialization     Device        Trust
      Development     Certification Agent         Service          Server        Assurance
      Service CA         CA          CA              CA             CA
                                                                                 Network CA(s)

                                                                                Trust
  ADS #m            ACA #m         AA #m            IS #m          DS #m
                                                                                Assurance
                          X509V3 Identification Certificates                    Network
                                Key Based        Trusted       Trusted      Trusted     Trusted
                                Identification   Device #1     Device #x    Device #y   Device #n




                                   Wave Systems Corp.
   Open Trust Infrastructures
 Goal: ‘Hosts’ Trust ‘Controllers’                T

  • Open, Interoperability Standards
  • Critical Infrastructures Protection
  • Basis for Digital            T


        Commerce                                       T




                 T
                                               T




                          Wave Systems Corp.
Trusted Computing – Overview
 Trusted Computing is a system solution

 “Security is a chain; it’s only as secure as the weakest
  link. Security is a process, not a product”

 “Complexity is the enemy of security. Things are getting
  more complex. Security must be designed in from the
  beginning”
                             Bruce Schneier
                             Co-Founder, CTO
                             Counterpane Internet Security
                             Author, Secrets and Lies
Systems Design – End to End Solutions



                T
                             T
                             U
                                          T
                                          U

        T
                     T


                                       Untrusted
                                       Trusted
 Untrusted devices cause the result to become
Trusted devices or components can communicate
  untrusted
 securely over untrusted networks
Trusted Systems – Overview
 Every Device and Component Must Be Trusted
  • Trusted Input, Processing, Output, Storage, Network
 Distributed Trust Boundaries
 A Better Defensive Structure:
 Self-Securing Devices
     Security Hardware
      Input / Keyboard
      Dr. Greg Ganger
      Network Adapter
  Carnegie Mellon University
      Graphics Adapter
       Output Devices
            Storage
           Memory
           Processor
                                                   Ganger
Trusted Computing – System Design

                 Programs
                  Kernel           Main
                                  Memory

                 Motherboard
Keyboard                                           CD-R
                                                   DVD-R

      Graphics
       Card
                         Video
                        Capture        SIC   NIC

                                                   Network

   Trusted Peripherals
   Secure Channels
Market Investment
 Trusted Computing market is very large and one
  of the fastest growing IT segments


   Security Hardware, Software and Services
“The Bush Administration has proposed
 a 56% increase in IT-Security spending
 in fiscal 2003 to $4.3 B from $2.7 B in 2002.
 The numbers do no include another $20 B
        Hardware        Software
 for IT spending in IntelligenceB       Integration
                          $16.6 Agencies.”
         $16.1 B                         Services
                                   Dow Jones Newswire
                                          $10.8 B
                                   6/13/2002
Trusted Computing – Services
 Trusted Systems and Then Web Services:
          Deployment Will Drive Services
                                   Finance
   Keyboards
                                 Government
     PCs
                                   Networks
  Peripherals
                                  Consumers
     STBs
                                  Enterprise
Trusted Systems – Overview
 Customers will pay for Trusted Systems

       Definitely interested in adding security technology to new computer
      Embedded Security Subsystem
  IBMProbably interested in adding security technology
                        $25.00
          $25                                                          84%

          $50                                                  71%

          $75                                         57%

        $100                                     49%

        $200                           34%
                                        Privacy and the Internet/Hart Research
Trusted Computing Applications

                           Content
                          Protection
       Strong                                   Services
    Authentication                              Delivery
                         Applications


                   Trusted Operating System
                                                     E-Commerce
  Privacy
 Protection       Trusted Hardware Components
                                                      Distributed
                      Trust Infrastructure           Transactions
    Platform           Key Management
 Security(TCPA)
                                              Conditional
                      Secure                   Access
                      VPNs &
                     Peer-Peer
 Trusted Computing – Smart Credentials

  1. USID Number
                             3. Digital Photo


2. Optical Strip – 4MB



 4. Smart Card Chip


 5. Internal Memory
      Strip – 20 MB       6. 2D Bar Code – 2KB
Trusted Input Devices - FinRead

Embedded              Strong            Financial
 Trusted           Cryptography
                                       Transactions
  Client
Processor                Secure
                      • Processing    Multi-factor
                      • Storage      Authentication
                      • Java

                         Secure        EU Finance
                         Display      Industry Spec

                            Secure
                                      Java Support-
                             Input
                                         Finlets

                          Keyboards, smart card
                           readers, cell phones
Trusted Systems – Authentication
■ The Internet Perimeter Must Be Both Trusted and
   Intelligent
PHYSICAL                  AUTHENTICATION         DIGITAL
 WORLD                                           WORLD
                           Untrusted   Trusted
                Trusted




                           PC Client
     Trusted
  IDENTITY                                          Server
CREDENTIALS /                                    Trusted
 PASSWORDS
 Internet Devices Need Flexibility
 Must support more multiple security specifications
  simultaneously
 Must fill the role for hardware security from many
  different locations-every component is trusted
      Keyboards
      Motherboards
      Network Adapters
      Peripherals – Graphics, Disk, Output Drives
 Must support interim and long term security
  requirements
 Must provide the security strength of hardware with
  the flexibility of software
 Must support multi-party trust, not just first party
  control
 Trusted Computing Challenges
 Standardization and convergence of trusted
  computing components
  • Platform security and peripherals
  • Open trust infrastructures
  • Web services and identity management
  • Content protection
 Privacy and security laws, policies, and practices
 Development time for complex eco-systems
 Successful business and technical models for
  trusted services, including Internet content
 Legacy population of untrusted devices
Trusted Computing Overview




           Thank You!

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:22
posted:11/23/2010
language:English
pages:34