TPM v.s. Embedded Board James Y
What Is A Trusted Platform Module? (TPM 1.2) TPM 1.2 on the Enano-8523 that: How Safe is your INFORMATION? Protects secrets from attackers Performs cryptographic functions RSA, SHA-1, RNG Meets encryption export requirements Can create, store and manage cryptographic keys Provides a unique Endorsement Key (EK) Performs digital signature operations Holds Platform Measurements (hashes) Anchors chain of trust for keys, digital certificates and other credentials Direction of sensitive data Automation Banking Healthcare Military Hardware Security: Reliable User Authentication Data, Secure Storage and Hardware identify by Trusted Platforms
Why Use A TPM 1.2? I. The advantage of Hardware security Threats Current Solutions Weaknesses IEI TPM 1.21.2 Solutions Data Encryption (EFS, VPN, Encrypted email, etc.) Encryption keys stored on hard disk are susceptible to tampering Protected storage of keys through hardware Unauthorized access Username/ Password Biometrics & External tokens for user authentication Windows network logon Subject to dictionary attacks Biometrics can be spoofed Authentication credentials not bound to platform Can be bypassed Protection of authentication credentials by binding them to platform Hardware protection of authentication data Current Solutions Hacking all information after bypassing firewall!! Hacker IEI TPM 1.21.2 Solutions X Benefits Requiring physical security ID matching Enano-8523 inside No ways for hackers to perform a remote transaction. Unless, hacker is physically inside the bank. Enano-8523 provides the hardware security with the most cost effective solution to build up the best value system for financial banking, healthcare environment or military applications. Hackers will never get data though network, all operations will keep records for tracking.
Why Use A TPM 1.2? II. Enano-8523 HW security solution / Boot Of The Trusted OS Step 1 Step 2 Step 3 Step 4 %@#$ TPM 1.2 module Chipset confirm Windows Authentication Data Finger print, Biometric data BIOS Hardware identify Secure Storage Linux Working Concepts Benefit During boot the TPM 1.2 gathers measurements about the running environment To measure == perform hash, log and extend appropriate register What can be measured? BIOS, Loader, Trusted OS, Applications Collected PCRs values are later used for Sealed Storage & Attestation TPM 1.2 only measures the running environment Remote entity can decide whether to trust the running platform based on the PCR values Secrets are sealed to a particular state of the platform using these measurements Only verified authentication data can activate system! The most secure system control now!
TPM 1.2 Console I. Configuration TPM 1.2 Software Architecture TPM 1.2 Initialization Wizard Software Compliances Intel architecture compatible Microsoft architecture compatible CCE EAL compliance Linux support Future collaboration with major IT players Passed WHQL test, which is designed for Windows XP and Windows server 2003 Password Box Personal Security Virtual Disk (PSVD) Built in Windows file system Virtual disks share single hard disk III. Protection Login Assistant II. Security storage Auto fill-up username and password login items Application hotkey pop up Automatically generate random password and match with specific username Username/password backup and migration
Security Peripherals Support II. Display TPM 1.2 module Data confirmation I. Authentication Data input devices Finger print, Biometric data Dual independent display VGA Dual 18bit LVDS Biometric reader Bank Check reader III. Storage 16:9 Panel support 8GB CF Security Pin number pad RFID Tag reader
TPM v.1.2 on EPIC Board