1. Securing Platform and Trusted Computing Model Abbie Barbir, Ph.D Web Services and Security Advisor Nortel

2. Objectives of this Presentation

Providean overview of TC and my impressions of some of its pros/cons

Initiatea discussion (within ITU-T) as to what role/value this type of approach has in secure solutions

• Identifychallenges / areas for further study ?

dates 3. Technology History

IBM pioneered technology (early 1990s)

Founded Trusted Computing Platform Alliance in 1999

TPM 1.1b spec released early 2002

Trusted Computing Group Formed in April 2003

TPM 1.2 specification released February 2005

In 2004, IBM, Intel, and NTT DoCoMosubmitted a set of Trusted Mobile Platform specifications defining security features for mobile devices has been released for public

• Provides comprehensive end-to-end security architecture for mobile wireless platforms

dates 4. TCG Trusted Computing Basic Concepts

A trustable platform is one that behaves in the expected manner for the intended purpose (e.g. from point of view of IT manager)

Achieved through the following technology

• Platform Authentication and Attestation

• • Identify the platform and its properties to a challenging party

• Platform Integrity Reporting

• • Ability to query and report on a platform software state in a reliable manner

• Protected Storage

• • Protect secret data against subversion

dates 5. TCG Roots of Trust

Trusted Platform Module (TPM):

Root of Trust for Reporting

Tamper resistant

• RSA (default keys 2048 bit)

Stores Platform Measurements

• Platform Configuration Registers (PCR)

Signature key reports on PCR contents

Random Number Generator

SHA-1 Hash Computation Engine

Nonvolatile memory

dates

Serve as an anchor for a certificate verification chain

• Third parties can rely on this trust

Core Root of Trust for Measurement

(CRTM)

Code that executes at boot time

• Example: Bios

Trusted to properly report to the TPM on thesoftware thatexecutes later

Only authorized entities can rewrite the CRTM

Hash CPU NV-memory RNG key generation Memory Digital signature & RSA Crypto I/O MAC PCR 6. Attestation Feature

Attestation creates a shared secret between the application and remote party

• Prevents session hijacking

Attestations are digitally signed

• Using various TPM/Platform bound CAs

Each layer of the platform is checked

• Hardware attests what operating system is booted

• OS attests on which applications it requires a key for

• Report on the value of the PCR

• Uses a challenge-response protocol

dates Server TPM Nonce Sign (nonce, PCR,..,log), Certificate ID 7. Trusted Network Connect (TNC)

Network Access Control

• Integrity

• • Access device is healthy

• Identity

• • Tied to TPM identity

Endpoints Security Policy

• Protective S/W configured properly

• Allows authorized users (Strong Identity)

• Network Access policy compliance

TPM functionality to thwart attacks

• Hardened client

dates

Access Authorization dialog

• 802.1X/ EAP Access

TNC dialog protected

Access Requester (Client) Dialog TNC Transport TNC Client TCG IntegrityMeasurementAccess Server TCG IntegrityMeasurementPEP/PDP TNC Server 8. Security Design Principles dates

Least Privilege:Each principle is given the minimum access

needed to accomplish its task

• Keep the Trusted Computing Base small

• • OS parts that ensures proper system functioning

• • • e.g., the OS Kernel & Hardware

Current trends

Todays systems are large

• Win2k OS is over 50 MB

Software is continuously updated on users devices

A hacker is your next door neighbor

May need to depend on infrastructure for trust

• TPM part of a small Kernel

• • Today may be ideal for Mobile Devices

9. Secure Computing Challenges 1/2

Security for whom ?

Can TCG solve SPAM, Malicious code etc.

TPM is acryptographic co-processor , with sometrust anchors(issuer certificates) andprivate keys wired inat the factory

• Various cryptographic smart-card technologies, in both PCMCIA and ISO-7816 packaging have been around for nearly a decade

• • Such technology has not measurably improved security

How much TCG will improve security in the real world?

dates 10. Secure Computing Challenges 2/2

In TCG TPM acts as anotary

In real world, anotaryissues a special type of signature and seal on a paper document merelyatteststo the existence and superficial contents of the document

• Notary seal cannot make any attestations to the underlying truth of the document

• How can we enable the TPM to verify the underlying truth of statements that are handed to

To improve the value of the attestation feature

• Do we need to have a small secure operating system, and application software that is moved into the TPM, and fixed at the factory

dates 11. Possible Study Items

Security is about risk management

• Can we have a systematic approach for identifying un-trustworthy devices in a TCG environment

How does TCG relate to Firmware in devices

• Would TCG force hackers to target Firmware instead of software

It is all aboutNEAT : Non-Bypassable, Evaluate-able, Always Invoked, and Tamper-Proof 1

dates 12. Conclusions

Trusted Computing offers some good features

• Secure Data

• Secure Boot

• Endpoint Security

• Binding of trusted physical identity allows trusted network identity

• Great forces behind it

An interesting topic to follow

dates 13. Acknowledgment dates

Many thanks to my colleague Marcus Leech for his valuable input and insight that helped make this presentation possible.

14. Q and A dates 15. References dates

Anderson, J. P.,Computer Security Technology Planning Study , ESD-TR-73-51, ESD/AFSC, Hanscom AFB, Bedford, MA, October 1972

Trusted Computing Websitehttp://www.trustedcomputinggroup.org

Trusted Mobilehttp://www.trusted-mobile.org/

Security Solutionshttp://www.nortel.com/solutions/securenet/index.html