TPM v.s. Embedded Board. James Y

Size: px

Start display at page:

Download "TPM v.s. Embedded Board. James Y"

Garey Sparks
6 years ago
Views:

1 TPM v.s. Embedded Board James Y

What Is A Trusted Platform Module? (TPM 1.2) TPM 1.

Protects secrets from attackers Performs cryptographic functions RSA, SHA-1, RNG

keys Provides a unique Endorsement Key (EK) Performs digital signature

digital certificates and other credentials Direction of sensitive data

2 What Is A Trusted Platform Module? (TPM 1.2) TPM 1.2 on the Enano-8523 that: How Safe is your INFORMATION? Protects secrets from attackers Performs cryptographic functions RSA, SHA-1, RNG Meets encryption export requirements Can create, store and manage cryptographic keys Provides a unique Endorsement Key (EK) Performs digital signature operations Holds Platform Measurements (hashes) Anchors chain of trust for keys, digital certificates and other credentials Direction of sensitive data Automation Banking Healthcare Military Hardware Security: Reliable User Authentication Data, Secure Storage and Hardware identify by Trusted Platforms

Why Use A TPM 1.2? I. The advantage of Hardware security Threats Current Solutions Weaknesses IEI TPM 1.21.

) Encryption keys stored on hard disk are susceptible to tampering Protected storage of keys through hardware

Subject to dictionary attacks Biometrics can be spoofed Authentication credentials not bound to platform Can be

data Current Solutions Hacking all information after bypassing firewall!! Hacker IEI TPM 1.21.

remote transaction. Unless, hacker is physically inside the bank.

3 Why Use A TPM 1.2? I. The advantage of Hardware security Threats Current Solutions Weaknesses IEI TPM Solutions Data Encryption (EFS, VPN, Encrypted , etc.) Encryption keys stored on hard disk are susceptible to tampering Protected storage of keys through hardware Unauthorized access Username/ Password Biometrics & External tokens for user authentication Windows network logon Subject to dictionary attacks Biometrics can be spoofed Authentication credentials not bound to platform Can be bypassed Protection of authentication credentials by binding them to platform Hardware protection of authentication data Current Solutions Hacking all information after bypassing firewall!! Hacker IEI TPM Solutions X Benefits Requiring physical security ID matching Enano-8523 inside No ways for hackers to perform a remote transaction. Unless, hacker is physically inside the bank. Enano-8523 provides the hardware security with the most cost effective solution to build up the best value system for financial banking, healthcare environment or military applications. Hackers will never get data though network, all operations will keep records for tracking.

Why Use A TPM 1.2? II. Enano-8523 HW security solution / Boot Of The Trusted OS Step 1 Step 2 Step 3 Step 4 %@#$ TPM 1.

BIOS, Loader, Trusted OS, Applications Collected PCRs values are later used for Sealed Storage & Attestation TPM 1.

4 Why Use A TPM 1.2? II. Enano-8523 HW security solution / Boot Of The Trusted OS Step 1 Step 2 Step 3 Step 4 %@#$ TPM 1.2 module Chipset confirm Windows Authentication Data Finger print, Biometric data BIOS Hardware identify Secure Storage Linux Working Concepts Benefit During boot the TPM 1.2 gathers measurements about the running environment To measure == perform hash, log and extend appropriate register What can be measured? BIOS, Loader, Trusted OS, Applications Collected PCRs values are later used for Sealed Storage & Attestation TPM 1.2 only measures the running environment Remote entity can decide whether to trust the running platform based on the PCR values Secrets are sealed to a particular state of the platform using these measurements Only verified authentication data can activate system! The most secure system control now!

2 Initialization Wizard Software Compliances Intel

compatible CCE EAL compliance Linux support Future

which is designed for Windows XP and Windows server 2003

in Windows file system Virtual disks share single hard

Security storage Auto fill-up username and password

5 TPM 1.2 Console I. Configuration TPM 1.2 Software Architecture TPM 1.2 Initialization Wizard Software Compliances Intel architecture compatible Microsoft architecture compatible CCE EAL compliance Linux support Future collaboration with major IT players Passed WHQL test, which is designed for Windows XP and Windows server 2003 Password Box Personal Security Virtual Disk (PSVD) Built in Windows file system Virtual disks share single hard disk III. Protection Login Assistant II. Security storage Auto fill-up username and password login items Application hotkey pop up Automatically generate random password and match with specific username Username/password backup and migration

6 Security Peripherals Support II. Display TPM 1.2 module Data confirmation I. Authentication Data input devices Finger print, Biometric data Dual independent display VGA Dual 18bit LVDS Biometric reader Bank Check reader III. Storage 16:9 Panel support 8GB CF Security Pin number pad RFID Tag reader

7 TPM v.1.2 on EPIC Board

Unicorn: Two- Factor Attestation for Data Security

ACM CCS - Oct. 18, 2011 Unicorn: Two- Factor Attestation for Data Security M. Mannan Concordia University, Canada B. Kim, A. Ganjali & D. Lie University of Toronto, Canada 1 Unicorn target systems q High