abbie barbir tcg final
DESCRIPTION
Securing Platform and Trusted Computing ModelTRANSCRIPT
- 1. Securing Platform and Trusted Computing Model Abbie Barbir, Ph.D Web Services and Security Advisor Nortel
2. Objectives of this Presentation
- Providean overview of TC and my impressions of some of its pros/cons
- Initiatea discussion (within ITU-T) as to what role/value this type of approach has in secure solutions
-
- Identifychallenges / areas for further study ?
dates 3. Technology History
- IBM pioneered technology (early 1990s)
- Founded Trusted Computing Platform Alliance in 1999
- TPM 1.1b spec released early 2002
- Trusted Computing Group Formed in April 2003
- TPM 1.2 specification released February 2005
- In 2004, IBM, Intel, and NTT DoCoMosubmitted a set of Trusted Mobile Platform specifications defining security features for mobile devices has been released for public
-
- Provides comprehensive end-to-end security architecture for mobile wireless platforms
dates 4. TCG Trusted Computing Basic Concepts
- A trustable platform is one that behaves in the expected manner for the intended purpose (e.g. from point of view of IT manager)
- Achieved through the following technology
-
- Platform Authentication and Attestation
-
-
- Identify the platform and its properties to a challenging party
-
-
- Platform Integrity Reporting
-
-
- Ability to query and report on a platform software state in a reliable manner
-
-
- Protected Storage
-
-
- Protect secret data against subversion
-
dates 5. TCG Roots of Trust
- Trusted Platform Module (TPM):
- Root of Trust for Reporting
- Tamper resistant
-
- RSA (default keys 2048 bit)
- Stores Platform Measurements
-
- Platform Configuration Registers (PCR)
- Signature key reports on PCR contents
- Random Number Generator
- SHA-1 Hash Computation Engine
- Nonvolatile memory
dates
- Serve as an anchor for a certificate verification chain
-
- Third parties can rely on this trust
- Core Root of Trust for Measurement
- (CRTM)
- Code that executes at boot time
-
- Example: Bios
- Trusted to properly report to the TPM on thesoftware thatexecutes later
- Only authorized entities can rewrite the CRTM
Hash CPU NV-memory RNG key generation Memory Digital signature & RSA Crypto I/O MAC PCR 6. Attestation Feature
- Attestation creates a shared secret between the application and remote party
-
- Prevents session hijacking
- Attestations are digitally signed
-
- Using various TPM/Platform bound CAs
- Each layer of the platform is checked
-
- Hardware attests what operating system is booted
-
- OS attests on which applications it requires a key for
-
- Report on the value of the PCR
-
- Uses a challenge-response protocol
dates Server TPM Nonce Sign (nonce, PCR,..,log), Certificate ID 7. Trusted Network Connect (TNC)
- Network Access Control
-
- Integrity
-
-
- Access device is healthy
-
-
- Identity
-
-
- Tied to TPM identity
-
- Endpoints Security Policy
-
- Protective S/W configured properly
-
- Allows authorized users (Strong Identity)
-
- Network Access policy compliance
- TPM functionality to thwart attacks
-
- Hardened client
dates
- Access Authorization dialog
-
- 802.1X/ EAP Access
- TNC dialog protected
Access Requester (Client) Dialog TNC Transport TNC Client TCG IntegrityMeasurementAccess Server TCG IntegrityMeasurementPEP/PDP TNC Server 8. Security Design Principles dates
- Least Privilege:Each principle is given the minimum access
- needed to accomplish its task
-
- Keep the Trusted Computing Base small
-
-
- OS parts that ensures proper system functioning
-
-
-
-
- e.g., the OS Kernel & Hardware
-
-
- Current trends
- Todays systems are large
-
- Win2k OS is over 50 MB
- Software is continuously updated on users devices
- A hacker is your next door neighbor
- May need to depend on infrastructure for trust
-
- TPM part of a small Kernel
-
-
- Today may be ideal for Mobile Devices
-
9. Secure Computing Challenges 1/2
- Security for whom ?
- Can TCG solve SPAM, Malicious code etc.
- TPM is acryptographic co-processor , with sometrust anchors(issuer certificates) andprivate keys wired inat the factory
-
- Various cryptographic smart-card technologies, in both PCMCIA and ISO-7816 packaging have been around for nearly a decade
-
-
- Such technology has not measurably improved security
-
- How much TCG will improve security in the real world?
dates 10. Secure Computing Challenges 2/2
- In TCG TPM acts as anotary
- In real world, anotaryissues a special type of signature and seal on a paper document merelyatteststo the existence and superficial contents of the document
-
- Notary seal cannot make any attestations to the underlying truth of the document
-
- How can we enable the TPM to verify the underlying truth of statements that are handed to
- To improve the value of the attestation feature
-
- Do we need to have a small secure operating system, and application software that is moved into the TPM, and fixed at the factory
dates 11. Possible Study Items
- Security is about risk management
-
- Can we have a systematic approach for identifying un-trustworthy devices in a TCG environment
- How does TCG relate to Firmware in devices
-
- Would TCG force hackers to target Firmware instead of software
- It is all aboutNEAT : Non-Bypassable, Evaluate-able, Always Invoked, and Tamper-Proof 1
dates 12. Conclusions
- Trusted Computing offers some good features
-
- Secure Data
-
- Secure Boot
-
- Endpoint Security
-
- Binding of trusted physical identity allows trusted network identity
-
- Great forces behind it
- An interesting topic to follow
dates 13. Acknowledgment dates
- Many thanks to my colleague Marcus Leech for his valuable input and insight that helped make this presentation possible.
14. Q and A dates 15. References dates
- Anderson, J. P.,Computer Security Technology Planning Study , ESD-TR-73-51, ESD/AFSC, Hanscom AFB, Bedford, MA, October 1972
- Trusted Computing Websitehttp://www.trustedcomputinggroup.org
- Trusted Mobilehttp://www.trusted-mobile.org/
- Security Solutionshttp://www.nortel.com/solutions/securenet/index.html