Industry Leader in Trusted Systems and Services Trusted Computing Security for the Digital World Lark M. Allen Wave Systems Corp. email@example.com The Evolution of the Digital Infrastructure Web Services Trust/Security Access (WWW) Connectivity (Internet) Processing (PC) Time Trusted Computing Trusted Computing: Hardware and Software behave as designed Trusted Computing – Who Is Trusting? Trust is in the eye of the beholder USER Trusted PARTNERS PC ? ENTERPRISE SERVICE PROVIDERS Trusted Computing: Why Required? VITAL SIGNS FOR OCTOBER 2, 2002 Bugbear worm tries to steal credit cards, passwords etc, etc. Trusted Computing Initiatives Smart Microsoft Cards Intel Palladium LaGrande Cell Gaming Phones Platforms TCPA Set Top FinRead Boxes Trust: A Political Lightning Rod Conspiracy Theories Control Tracking Opt-In/ Opt-out Closed Privacy Surveillance Trusted Computing – Adoption Drivers Market Adoption Requires the ‘Gorillas’ “Trustworthy Computing is the highest priority THE BIG SECRET are doing. for all the work we By Steven Levy, Newsweek, July 1, 2002 We must Microsoft’s Palladium A First Look At lead the industry…” An exclusive first look at Microsoft’s ambitious and risky-plan to remake Bill Gates the personal computer to ensure Microsoft security, privacy and intellectual Jan 15, 2002 property rights. Will you buy it? Trusted Systems – Hardware Based Hardware is a requirement for Trusted Systems “You can layer all the security and digital rights FEDS EYE COPY LOCKS FOR PC GEAR management software you want on top of the S.2048 Hollings trusted hardware PC platform, but without Bill “Consumer Broadband the PC is still not secure”. and Digital Television Scott Dinsdale Promotion Act” Executive VP, Digital Strategy VALENTI Motion Picture Association Digital Hollywood Conf, 2/4/2002 “If you can’t protect anything you own, you don’t own anything” Pyramid of Protection Trusted, Trusted, Unshared Shared Hdwr/Sftwr Hardware Security Strength PKI Trust System Smart Cards Hardware – Prog. TCPA Hardware - Static Tamper-Resistant Firmware BIOS Software Secure DRMs Tamper-Resistant Software Software Only Trusted Computing – Bottom to Top User Services Security at any layer can be defeated by accessing Applications the next lower layer System Services Trusted Computing requires security hardware Operating System as the foundation for BIOS Firmware platform security PC Hardware Plus security enablement features in each layer Trusted Hardware Trusted Computing Technologies Public Key Digital Infrastructure Certificates Global Secure Unique Time Digital Signatures Identities Random Number Generator Trusted Computing Example: Single Security Chip System SECURE TIME INTRUSION Crystal RS-232C Interface DETECTION Real Time Clock Battery SECURE LPC Slave Non-vol INPUT / Interface SRAM NON-VOLATILE OUTPUT LPC Master MME MEMORY Code Interface MMULT TRUSTED USB SHA Interface OS CRYPTO ISO 7816 DES ALGORITHMS Controller Internal RAM GPIO (IRAM) RNG Optional Timers I/O SECURE External I/F KEYPAD/ Device Flash DISPLAY Control Flash Memory Encrypted SRAM Microprocessor MMU Cache Memory I/F PROCESSOR MEMORY ENCRYPTED MANAGEMENT MEMORY Trusted Systems – Overview E-Commerce Is Complex Trust Relationships “Hardware-level security is required for complex trust relationships. Internet transactions by their nature are done at a distance, not face to face, therefore the security requirements to protect the interests of every party in a digital transaction are even more important than in the physical world.” Dr. Robert Thibadeau Computer Science Carnegie Mellon University Multiparty Trust for E-Commerce USER FINANCIAL MERCHANT Distributed Content & Services Consumer Transaction System Protection / Relationship System Digital Rights Mgmt. Credit Cards Digital Identity Wallet Multi-Party Trusted Trust Devices Trusted Computing – Open, Shared Open, Programmable and Interoperable Trust Required for Internet Devices USER computer systems “Incredibly secure and trustworthy exist today, but they are largely independent, single- purpose systems that are meticulously engineered and then isolated.” Platforms / Applications / Cards / Tokens/ User Devices Peripherals / Data / DRM / Authentication Services / Media Streams Consumer Electronics Software Smart Cards Cell Phones PC OS / Boot DRMs Biometrics Trusted Readers Set Top Box Applications 5C / DTCP Cable Modems SecureID Passwords FINREAD/GTI PDAs Craig Mundie Keyboards/Input Certified Applets Digital Signatures MHCP/DVI Conditional Access Storage Devices PINs Wireless Devices Firmware SDMI Passport/Liberty Merchant SVP, CTO Output-TV/Prntrs Graphics Cards Web Agents Watermarking X509 Cert Auth. Terminals Receivers, Players Authenticode DeCSS Registration Auth. Access Devices DTLA Microsoft CDSA Trusted Computing – Models Closed, isolated Satellite Networks Cable Networks systems Credit Cards Cell Phones Single party control Proprietary security and trust technology Shared trust Multiple web PC / Internet Devices services Open standards Trusted Computing – Trust Models Multiple Cell Phone Applications/Services Smart Cards TCPA STB Driver’s License / 1 Passports / Credit Cards 1 Multiple Number of Trustors ROOTS: The Genealogy of Trust TRUSTED TRUST THIRD PARTY ROOT KEY Application Application Authorization Initialization Device Trust Development Certification Agent Service Server Assurance Service CA CA CA CA CA Network CA(s) Trust ADS #m ACA #m AA #m IS #m DS #m Assurance X509V3 Identification Certificates Network Key Based Trusted Trusted Trusted Trusted Identification Device #1 Device #x Device #y Device #n Wave Systems Corp. Open Trust Infrastructures Goal: ‘Hosts’ Trust ‘Controllers’ T • Open, Interoperability Standards • Critical Infrastructures Protection • Basis for Digital T Commerce T T T Wave Systems Corp. Trusted Computing – Overview Trusted Computing is a system solution “Security is a chain; it’s only as secure as the weakest link. Security is a process, not a product” “Complexity is the enemy of security. Things are getting more complex. Security must be designed in from the beginning” Bruce Schneier Co-Founder, CTO Counterpane Internet Security Author, Secrets and Lies Systems Design – End to End Solutions T T U T U T T Untrusted Trusted Untrusted devices cause the result to become Trusted devices or components can communicate untrusted securely over untrusted networks Trusted Systems – Overview Every Device and Component Must Be Trusted • Trusted Input, Processing, Output, Storage, Network Distributed Trust Boundaries A Better Defensive Structure: Self-Securing Devices Security Hardware Input / Keyboard Dr. Greg Ganger Network Adapter Carnegie Mellon University Graphics Adapter Output Devices Storage Memory Processor Ganger Trusted Computing – System Design Programs Kernel Main Memory Motherboard Keyboard CD-R DVD-R Graphics Card Video Capture SIC NIC Network Trusted Peripherals Secure Channels Market Investment Trusted Computing market is very large and one of the fastest growing IT segments Security Hardware, Software and Services “The Bush Administration has proposed a 56% increase in IT-Security spending in fiscal 2003 to $4.3 B from $2.7 B in 2002. The numbers do no include another $20 B Hardware Software for IT spending in IntelligenceB Integration $16.6 Agencies.” $16.1 B Services Dow Jones Newswire $10.8 B 6/13/2002 Trusted Computing – Services Trusted Systems and Then Web Services: Deployment Will Drive Services Finance Keyboards Government PCs Networks Peripherals Consumers STBs Enterprise Trusted Systems – Overview Customers will pay for Trusted Systems Definitely interested in adding security technology to new computer Embedded Security Subsystem IBMProbably interested in adding security technology $25.00 $25 84% $50 71% $75 57% $100 49% $200 34% Privacy and the Internet/Hart Research Trusted Computing Applications Content Protection Strong Services Authentication Delivery Applications Trusted Operating System E-Commerce Privacy Protection Trusted Hardware Components Distributed Trust Infrastructure Transactions Platform Key Management Security(TCPA) Conditional Secure Access VPNs & Peer-Peer Trusted Computing – Smart Credentials 1. USID Number 3. Digital Photo 2. Optical Strip – 4MB 4. Smart Card Chip 5. Internal Memory Strip – 20 MB 6. 2D Bar Code – 2KB Trusted Input Devices - FinRead Embedded Strong Financial Trusted Cryptography Transactions Client Processor Secure • Processing Multi-factor • Storage Authentication • Java Secure EU Finance Display Industry Spec Secure Java Support- Input Finlets Keyboards, smart card readers, cell phones Trusted Systems – Authentication ■ The Internet Perimeter Must Be Both Trusted and Intelligent PHYSICAL AUTHENTICATION DIGITAL WORLD WORLD Untrusted Trusted Trusted PC Client Trusted IDENTITY Server CREDENTIALS / Trusted PASSWORDS Internet Devices Need Flexibility Must support more multiple security specifications simultaneously Must fill the role for hardware security from many different locations-every component is trusted Keyboards Motherboards Network Adapters Peripherals – Graphics, Disk, Output Drives Must support interim and long term security requirements Must provide the security strength of hardware with the flexibility of software Must support multi-party trust, not just first party control Trusted Computing Challenges Standardization and convergence of trusted computing components • Platform security and peripherals • Open trust infrastructures • Web services and identity management • Content protection Privacy and security laws, policies, and practices Development time for complex eco-systems Successful business and technical models for trusted services, including Internet content Legacy population of untrusted devices Trusted Computing Overview Thank You!
Pages to are hidden for
"Interoperability Open Trust Infrastructures"Please download to view full document