locking down the endpoint with measured boot and uefi
DESCRIPTION
There’s been a lot buzz about UEFI Secure Booting and its ability to lock out third-party loaders and rootkits. Even the NSA has been advocating the adoption of measured boot and hardware-based integrity checks. But what role can these technologies play in securing cloud infrastructure, as well as protecting it from “bring your own device” consumer-class hardware, while enabling the next generation of services? In this presentation I demonstrate measured boot in action. I show sample Trusted Platform Module (TPM) boot data and discuss how to identify risks such as unsigned early-boot drivers. I also demonstrate how measured boot is used for remote device authentication both in the datacenter and over the internet. Finally, I discuss weaknesses in the system, what this technology means to the consumerization trend in IT, and what software and services gaps exist in this space. Attendees learn the following. For starters, what is UEFI and what is a TPM? Regarding the hardware landscape, what do new capability standards for tablets, smartphones, workstations, and servers mean for cloud security? Next, why lock down: risk management, reducing security TCO, and protecting service revenue streams. Based on live demonstrations, I show what line of business scenarios stand to benefit the most from UEFI and TPM capabilities, what are the deployment and manageability challenges, and how they can be met. Attendees also learn about weaknesses in the system: provisioning, integrity of the TPM hardware, and the ramifications of the trend of migration from hardware to firmware. Finally, what is the likelihood of mainstream adoption, what does the consumerization trend mean for hackers, and what are the opportunities in this space?TRANSCRIPT
Locking Down the Endpoint:Measured Boot and UEFI
Dan Griffin, President, JW Secure, Inc.
Introduction
• What is UEFI?• What is a TPM?• What is “secure boot”?• What is “measured boot”?• What is “remote attestation”?
Hardware Landscape
• BYOD• Capability standards• Phones• Tablets• PCs
UEFI secure boot
• Usually can be disabled/modified by user o Behavior varies by implementationo Complicated, even for power users
• But not on Windows 8 ARM. Options:o Buy a $99 signing certificate from VeriSigno Use a different ARM platformo Use x86
Measured Boot + Remote Attestation
What is measured boot?
TPM
BIOS
Boot Load
er
Kernel
Early Driver
s
Hash of next item(s)
Boot Log
[PCR data][AIK pub][Signature]
What is remote attestation?
Client Device
TPM
Signed Boot Log Attestati
on Server
some token…
DEMO
• Measured Boot Tool (http://mbt.codeplex.com/)
• Part 1: What’s in the boot log?
DEMO
• Measured Boot Tool (http://mbt.codeplex.com/) • Part 2: How do you do remote
attestation?
Data Flows
C: Get AIK creation nonceS: Nonce
C: Get challenge (EK pub, AIK pub)
S: Challenge
C: Get attestation nonce
S: Nonce
C: Signed boot log
S: Token
Client Device
Attestation Service
DEMO
Sample application #1: reduce fraud in mobile/consumer
scenarios
Cloud Services Demand ID
• Enterprise: BYOD• Consumer
Targeted advertising eCommerce, mobile banking, etc.
• But most user IDs are static & cached on device
That only works for low-value purchasesHow to improve ID for high-value purchases?
Low Friction Authentication
• Each additional screen requiring user inputSlows down the process while user reorients
Causes more users to abandon the web site
• In contrast, Progressive Authentication:Let users investigate a site using just cookies
Defers questions until information is needed
Reduces user drop out from frustration
Splash Screen
• The screen a user sees when app launched
• With similar data in the launch tile
User Sign in
• User name can be taken from cookie
• But account details are hidden until the user enters a password
Enrollment - 1
• The first time the app is used the user must active the app
• When this button is pressed an SMS message is sent to the phone # on file
Enrollment - 2
• After the user gets the pin from the SMS message, it is entered
• After this the user proceeds as with a normal sign-in procedure
After Sign-in
• The user sees all account information
User tries to move money
• When user goes to move $ out of account
• The health of the device is checked
Remediation Needed
• If the device is not healthy enough to allow money transfer
• The user is directed to a site to fix the problem
DEMO
Sample application #2:Protect your data
Policy-Enforced File Access
• BYOD• Download sensitive files from
document repository• Leave laptop in back of taxi
Device AuthZ for SharePoint
Device AuthZ for SharePoint
Device AuthZ for SharePoint
Device AuthZ for SharePoint
Device AuthZ for SharePoint (SAML)
Web Browser
Client Agent
Health Service
Client
Data Repository
Custom Attribute Store
ADFSSharePoint
54
6 2
3
Registration Portal
1
Device AuthZ for SharePoint (PKI)
Web Browser
Client Agent
Registration Authority
Client
Certificate Authority
SharePoint
23
4
Registration Portal
1
Weaknesses
• Firmware & boot binary whitelist maintenance
• What about user mode? • Integrity of the TPM in SOC architecture• UEFI: complex codebase, evolving
rapidly
TPM Platform Attestation – DFD
Conclusion
• Likelihood of mainstream adoption?
• What the consumerization trend means for hackers
• Opportunities in this space
Questions?
@JWSdan
JW Secure provides custom security software development
services.