Agenda. Cooperation for a promising future. February The Utimaco customer base TCG - the organization TCG technology

Transcription

1 1 Cooperation for a promising future February 2004 Agenda he Utimaco customer base CG - the organization CG technology PM 1.2 CG PC implementation CG products made by Utimaco he make of CG technology and perception he mobile world of tomorrow (or is it already today...) 2

2 2 Blue Chip - Customer Base Banks & Insurances Government rade, ransport & Industry Business Services DBV Versicherung Allianz Gruppe Dresdner Bank Deutsche Bank Foerenings Sparbanken Banque de France National Bank of Sweden SEB Lloyds SB Robert Fleming Société Générale Crédit Suisse UBS Raiffeisen Banken Fed. Res. Bank of Boston Den norske Bank ABN AMRO Bank Fortis Bank United Asia Finance Isaserver Swift Bourse de Luxembourg Banque Central de Luxembourg etc. European Commission NAO FBI Min. of Finance (BUL,D,NL) Min. of Interior (SLO,F) Min. of Justice (B,D,NL) Rijkspolitie (NL) Canadian C & R Agency Justizdirektion Zürich Bundeswehr Skattedirektoratet Kadaster (NL) Sev. national Police forces National reasury Office (S) HKSAR/Government (HK) Bundesamt f. Finanzen Land of Berlin Land of Baden-Württemberg Police of Hamburg Police of Schleswig-Holstein Ministerie van Landsverdediging (B) etc. Nokia Daimler-Chrysler Volkswagen Mitsubishi Norsk Hydro Novartis Astra Zeneca Sanofi Aventis Pfizer Abbott McDonald s Nestlé Cartier British American obacco Alfa Laval Statoil ABB AGA GAS SKF DSM etc. Ernst & Young Price Waterhouse Coopers Danzas Adecco IBM Fujitsu Siemens Swiss Post La Poste (France) -Systems / Debis KPN elecom British elecom HongKong elecom elenor Vodafone China Light & Power UK Lottery Global One Cert Europe PG Group etc. 3 echnology Cooperation In the center of future computing is trusted computing and How ist works > 4

3 3 he Evolution of the Standard Member Status January 04 Promoters: AMD*, Hewlett Packard*, IBM*, Intel*, Microsoft*, Seagate* +, Sony*, Sun Microsystems*, and Verisign* + Contributors: Agere Systems*, ARM*, Ai echnologies*, Atmel*, Broadcom Corporation*, Comodo*, Fujitsu Limited*, Fujitsu-Siemens Computers*, Gemplus*, Infineon*, Legend Limited Group*, National Semiconductor*, Nokia*, NRU Crytosystems, Inc.*, NVIDIA*, Phoenix*, Philips*, Rainbow echnologies*, RSA Security*, Seagate*, Shang Hai Wellhope Information*, Silicon Storage echnology*, Standard Microsystems*, SMicroelectronics*, exas Instruments*, Utimaco Software AG*, VeriSign Inc.*, Wave Systems* Adopters: Ali Corporation*, Gateway*, M-Systems*, Silicon Integrated Systems*, Softex*, oshiba*, Winbond Electronics* A number of additional companies have expressed interest and intent to join * Names and brands are properties of their respective owners 5 CG Components PM (rusted Platform Module) I/O Non-Volatile Storage Random Number Generator SHA-1 Engine Platform Configuration Register (PCR) Key Generation Attestation Identity Key (AIK) RSA Engine rusted Platform Module (PM) Packaging Opt-In Program Code Exec Engine 6

4 4 What (only) a PM can perform Platform integrity 7 What (only) a PM can perform Platform integrity at work: parachute plain text data into a foe or friend environment... and there is a lot more... 8

5 5 What (only) a PM can perform 9 From PM to SS (CG Software Stack) PM is a subsystem with protected storage and protected capabilities he PM is intended to provide trust and intended to be an inexpensive component Narrow resources Cumbersome interfaces Separation Protected storage and protected capabilities Others (CPU, main storage) I/F: SS SS: Single entry point for applications to the PM functionality Synchronization Manage PM resources and their release 10

6 6 CG Policy Position Platform Owner and User Control CG is committed to ensuring owners and users of computing platforms remain in full control of their computing platform, and to require platform owners to opt-in to enable CG features Backwards Compatibility CG commits to make reasonable efforts to ensure backward compatibility in future specifications for currently approved specifications 11 he Evolution of the Standard PM 1.2 Specification announced Nov. 5, 2003 Direct anonymous attestation reliably communicates information about the static or dynamic capabilities of a computer with a rusted Platform Module Locality allows owners of the rusted Platform Module to assign permissions to external software processes Delegation allows platform owners to delegate software, an object or other entity to use specific, owner-authorized commands, without allowing access of other commands in the rusted Platform Module 12

7 7 he Evolution of the Standard PM 1.2 Specification announced Nov. 5, 2003 Non-volatile storage can be used by system software or firmware to store information on the rusted Platform Module ransport protection for commands sent to the rusted Platform Module Monotonic counters ick counter rusted Platform Modules for computing devices to include additional privacy protections, more user control, better defense against attacks 13 he Evolution of the Standard PC Specific Implementation Specification v.1., August 2003 Implementation reference for the 32-bit PC architecture Usage of PCR registers in the Pre-Boot state through the transition to Post-Boot state How the BIOS, or a component thereof, functions as the Core Root of rust for Measurement (CRM) Programmatic Interfaces to the BIOS as it performs the functions of the CG Subsystem (SS and access to the PM) Behavior entering, during, and exiting power and initialization states Guidelines for Option ROMS Status: Work-in-progress! Subject to changes! 14

8 8 he Evolution of the Standard - Implementation rusted Platform Modules (PM) based on 1.1b specification available from PM vendors Atmel*..Atmel PM 1.2 Infineon* RM now! National Semiconductor* Compliant PC platforms shipping now IBM* hinkpad notebooks and NetVista desktops HP* D530 desktops More expected soon Application support by multiple ISV s CG Software Stack (SS) announced Sept. 16, 2003 PM 1.2 Specification announced Nov. 5, 2003 * Names and brands are properties of their respective owners 15 he Evolution of the Standard Work groups operational, Jan 04 Marketing Work Group rusted Platform Module (PM) PM Software Stack (SS) PC Specific Implementation Server Specific Implementation PDA Specific Implementation Mobile Phone Specific Implementation Conformance (Common Criteria) InfraStructure Peripherals Additional work groups anticipated 16

9 9 Utimaco Safeware: CG Related Products 17 Utimaco Safeware: CG Related Products he entire Utimaco portfolio takes advantage of CG SafeGuard Easy (Hard Disk Bulk Encryption) SafeGuard PrivateDisk (confidentiality container) SafeGuard LogonGuard (SingleSignOn) SafeGuard LANCrypt (transparent file encryption, secure collaboration work) SafeGuard Advanced Security (Authentication, Biometrics,Removable Media Management, policy enforcement, integrity,...) HSM (High Security Module), high-level tamper proof and sealed PCI board for servers. It carries a cryptocoprocessor as well as secure key storage facilities. he HSM is used to serve PKI and CG infrastructures 18

10 10 Utimaco CG Products Benefits PM is used as Root of rust Secure storage of credentials without external readers Machine binding only authorized users can access client or hard drive steeling parts is useless SSO to the OS and applications Security joins convenience Challenge/Response via voice recognition: can be used for 24x7h support, even if malicious client logins are a major risk Utimaco High Security Module (HSM) based help desk system can handle malicious help desk users for remote support (credentials are unknown to administrators, smartcards and certificates can be revoked easily) 19 CG, Utimaco and History CG Contributor Membership Member of Infineon Silicon rust World premiere: During the 4 th Security Solutions Forum, London, November 2002, Utimaco presented a prototype of CG technology, comprising harddisk encryption, SSO and automatic virtual drive mounting - based on Infineon PM First sales successes at Fortune 500 customers already achieved IP on application software as well as low-level programming Celebration 5th of Febuary, 2004: 20 years I-security made in Germany by Utimaco Safeware AG Profitable and public company Worldwide sales, support and partners * Names and brands are properties of their respective owners 20

11 11 ech Facts and Public Opinion Anyone who considers arithmetic methods of producing random digits is, of course, in a state of sin. (John von Neumann) Random Number Generator Rob Enderle, he Enderle Group: rusted Computing: "Maligned by Misrepresentations and Creative Fabrications" he rusted Computing Group can help fix a lot of what's wrong with PC security he group is laboring under the burden of a couple of misconceptions by the public: Despite misconceptions to the contrary, this group is not directed by either Microsoft or the U.S. government. hey are not primarily focused on Digital Rights Management; any secure repository would be attractive to a DRM solution, but DRM is not the goal of this group. 21 Mobile Security is Design Inherent Gartner comments, he architecture assumes that the connection is equivalent to the office LAN unfortunately, just a little slower. In practice, response times may make client/server applications unusable Utimaco products are designed to cope with the challenges of the mobile world: Notebook access recovery even when internet access is not possible (sales force) by using an infrastructure with a higher level of ubiquity Decrease of CO via headless helpdesk based on voice recognition systems Error free enforcement of corporate security policy 22

12 12 Your trusted partner for I security since 20 years! Alexander W. Koehler alexander.koehler@utimaco.de 23