infrastructures for trusted computing - securetechalliance.org · infrastructures for trusted...

Infrastructures for Trusted Computing

Smart Cards – Intelligent ReadersThe Role of Trusted Peripherals

Industry Leader in Trusted Systems and Services

Lark M. AllenWave Systems Corp.lallen@wavesys.com

The Evolving Digital Infrastructure

Processing (PC)Time

Connectivity (Internet)

Access (WWW)

Trust/SecurityTrust/SecurityTrust/SecurityWeb ServicesWeb ServicesWeb Services

Trusted Computing Initiatives

MicrosoftNGSCB) Palladium

SmartCards

IntelLaGrande

CellPhones

Set TopBoxes

GamingPlatforms TCPA

FinRead

Trust Infrastructures – Open, Shared

! Open, Programmable and Interoperable TrustRequired for Internet Devices

!! OpenOpen, ProgrammableProgrammable and Interoperable TrustInteroperable TrustRequired for Internet Devices

USER

Cards / Tokens/Authentication

" Smart Cards" Biometrics" SecureID" Passwords" PINs" Passport/Liberty" X509 Cert Auth." Registration Auth.

User Devices

" Cell Phones" Trusted Readers" FINREAD/GTI" PDAs" Wireless Devices" Merchant

Terminals" Access Devices

Platforms /Peripherals /

Consumer Electronics" PC" Set Top Box" Cable Modems" Keyboards/Input" Storage Devices" Output-TV/Prntrs" Graphics Cards" Receivers, Players" DTLA

Applications /Services /Software

" OS / Boot" Applications" Certified Applets" Digital Signatures" Firmware " Web Agents" Authenticode" CDSA

Data / DRM /Media Streams

" DRMs" 5C / DTCP" MHCP/DVI" Conditional Access" SDMI" Watermarking" DeCSS

�Incredibly secure and trustworthy computer systems exist today, but they are largely independent, single-purpose systems that are meticulously engineered and then isolated.�

Craig MundieSVP, CTOMicrosoft

Trust and the Platform

Trusted Hardware

PC Hardware

BIOS Firmware

Operating System

System Services

Applications

User Services # Security at any layer can be defeated by accessing the next lower layer

# Trusted Computing requires security hardware as the foundation for platform security

# Plus security enablement features in each layer

User

KernelPrograms

CD-RDVD-R

Trusted Computing – Platform Design

VideoCapture

MainMemory

NIC

Network

SIC

KeyboardGraphicsCard

Motherboard

# Trusted Peripherals# Secure Channels

T

T

T

TT

# Trusted

Systems Design – End to End Solutions

# Untrusted

T

T

T

TT

# Trusted

UU

#Trusted devices or components can communicate securely over untrusted networks

#Trusted devices or components can communicate securely over untrusted networks

# Untrusted devices cause the result to become untrusted

# Untrusted devices cause the result to become untrusted

Trusted Peripherals - FinRead

" FinancialTransactions

EmbeddedTrustedClient

Processor

Secure Display

Secure Input

Secure� Processing� Storage� Java

Strong Cryptography

" EU Finance Industry Spec

" Java Support-Finlets

" Multi-factor Authentication

" Keyboards, smart card readers, cell phones

Authentication: Role of Trusted Peripherals■ Extending the trust boundary creates a strong

foundation for trusted interactions■ Extending the trust boundary creates a strong

foundation for trusted interactions

INTERNET(VPN)

INTERNET(VPN)

PHYSICALWORLD

DIGITALWORLD

IDENTITY CREDENTIALS /PASSWORDS

ServerTrusted

Trusted

AUTHENTICATION

PC Client

TrustedUntrusted Trusted

Trusted Systems Eco System

TrustInfrastructure

Trusted Platforms, Tokens and Peripherals

Trusted Services and Applications

- EMBASSY - TCPA - Palladium

PC MotherboardsKeyboardsSmart Card

Readers

Platform SecurityContent ProtectionUser AuthenticationDigital SignaturesAccess Control Premium ServicesDist. Transactions

Life Cycle Management# Trusted Applications# Trusted Hardware

TrustInfrastructure

Trusted Platforms, Tokens and Peripherals

Trusted Services and Applications

- EMBASSY - TCPA - Palladium

PC MotherboardsKeyboardsSmart Card

Readers

Platform SecurityContent ProtectionUser AuthenticationDigital SignaturesAccess Control Premium ServicesDist. Transactions

Life Cycle Management# Trusted Applications# Trusted Hardware

TCPA EMBASSY LeGrande Palladium

TrustInfrastructure

Trusted Platforms, Tokens and Peripherals

Trusted Services and Applications

- EMBASSY - TCPA - Palladium

PC MotherboardsKeyboardsSmart Card

Readers

Platform SecurityContent ProtectionUser AuthenticationDigital SignaturesAccess Control Premium ServicesDist. Transactions

Life Cycle Management# Trusted Applications# Trusted Hardware

TrustInfrastructure

Trusted Platforms, Tokens and Peripherals

Trusted Services and Applications

- EMBASSY - TCPA - Palladium

PC MotherboardsKeyboardsSmart Card

Readers

Platform SecurityContent ProtectionUser AuthenticationDigital SignaturesAccess Control Premium ServicesDist. Transactions

Life Cycle Management# Trusted Applications# Trusted Hardware

TrustInfrastructure

Trusted Platforms, Tokens and Peripherals

Trusted Services and Applications

- EMBASSY - TCPA - Palladium

PC MotherboardsKeyboardsSmart Card

Readers

Platform SecurityContent ProtectionUser AuthenticationDigital SignaturesAccess Control Premium ServicesDist. Transactions

Life Cycle Management# Trusted Applications# Trusted Hardware

TrustInfrastructure

Trusted Platforms, Tokens and Peripherals

Trusted Services and Applications

- EMBASSY - TCPA - Palladium

PC MotherboardsKeyboardsSmart Card

Readers

Platform SecurityContent ProtectionUser AuthenticationDigital SignaturesAccess Control Premium ServicesDist. Transactions

Life Cycle Management# Trusted Applications# Trusted Hardware

TCPA EMBASSY LeGrande Palladium

Evolution of Trust Infrastructures

!Closed!Centralized!Dedicated!Isolated!Unmanaged!Static

!Open!Distributed!Shared Multi-party!Interconnected!Managed!Dynamic

Why Open, Multi-Party Trust?Va

lue

of T

rust

ed S

ervi

ces

TCPA/TPM TrustedPeripheral

Palladium

W/O TrustInfrastructure

With TrustInfrastructure

Trust Infrastructure Functions" Life Cycle Management of Trust

" Hardware" Software / OS / Applications

" Dynamic Services Mgmt." Source of Trust

StrongAuthentication

ContentProtection Services

Delivery

E-CommercePrivacy

Protection

PlatformSecurity(TCPA)

SecureVPNs &

Peer-Peer

Digital Signatureand eSign

DistributedTransactions

Applications

Trusted Operating System

Trusted Hardware Components

Trust Infrastructure

Key Management

Trusted Web Services

Summary

"Trusted Identity requires trusted tokens and trusted peripherals

"Cards provide portability, rights, credentials"Readers provide expanded storage, processing, and secure I/O

"Trusted Computing initiatives are driving a new generation of open trust infrastructures"End result: development and delivery of families of robust trusted Webservices