Trusted Computing Special Aspects and Challenges

Similar documents
Lecture Embedded System Security Introduction to Trusted Computing

Lecture Embedded System Security Introduction to Trusted Computing

Lecture Embedded System Security Introduction to Trusted Computing

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Lecture Embedded System Security Trusted Platform Module

Applications of Attestation:

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)

Trusted Virtual Domains: Towards Trustworthy Distributed Services. Ahmad-Reza Sadeghi System Security Lab Ruhr-Universität Bochum

Trusted Computing Group

Systems View -- Current. Trustworthy Computing. TC Advantages. Systems View -- Target. Bootstrapping a typical PC. Boot Guarantees

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Accelerating the implementation of trusted computing

Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing

Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2009

Platform Configuration Registers

Trusted Platform for Mobile Devices: Challenges and Solutions

An Introduction to Trusted Platform Technology

Embedded System Security Mobile Hardware Platform Security

Trusted Network Access Control Experiences from Adoption

Trusted Computing: Introduction & Applications

Trusted Computing in Drives and Other Peripherals Michael Willett TCG and Seagate 12 Sept TCG Track: SEC 502 1

TRUSTED COMPUTING TRUSTED COMPUTING. Overview. Why trusted computing?

CSE543 - Computer and Network Security Module: Trusted Computing

IDACCS Wireless Integrity protection in a smart grid environment for wireless access of smart meters

SECURITY ARCHITECTURES CARSTEN WEINHOLD

Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge

Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2007

Trusted Computing Today: Benefits and Solutions

TERRA. Boneh. A virtual machine-based platform for trusted computing. Presented by: David Rager November 10, 2004

Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD

Trusted Computing. William A. Arbaugh Department of Computer Science University of Maryland cs.umd.edu

Creating the Complete Trusted Computing Ecosystem:

Lecture 3 MOBILE PLATFORM SECURITY

Embedded System Security Mobile Hardware Platform Security

How to create a trust anchor with coreboot.

Easy Incorporation of OPTIGA TPMs to Support Mission-Critical Applications

Trusted Computing and O/S Security

Security and Privacy in Cloud Computing

Trusted Network Connect (TNC) 3rd European Trusted Infrastructure Summer School September 2008

Server side management system for multiple IoT terminals in industrial systems

Trusted Computing Use Cases and the TCG Software Stack (TSS 2.0) Lee Wilson TSS WG Chairman OnBoard Security November 20, 2017

Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing

Intelligent Terminal System Based on Trusted Platform Module

Technical Brief Distributed Trusted Computing

Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD

DICE: Foundational Trust for IoT

Who s Protecting Your Keys? August 2018

Demonstration Lecture: Cyber Security (MIT Department) Trusted cloud hardware and advanced cryptographic solutions. Andrei Costin

Trusted Mobile Platform Technology for Secure Terminals

Flicker: An Execution Infrastructure for TCB Minimization

Advanced Systems Security: Principles

CIS 4360 Secure Computer Systems SGX

NGSCB The Next-Generation Secure Computing Base. Ellen Cram Lead Program Manager Windows Security Microsoft Corporation

Weak Spots Enterprise Mobility Management. Dr. Johannes Hoffmann

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

TCG activities on Mobile Security standardization. Mr. Janne Uusilehto, Nokia Chairman, TCG MPWG Embedded Security Seminar September 12, 2005

INF3510 Information Security. Lecture 6: Computer Security. Universitetet i Oslo Audun Jøsang

Agenda GDPR Overview & Requirements IBM Secure Virtualization Solution Overview Summary / Call to Action Q & A 2

Standardizing Network Access Control: TNC and Microsoft NAP to Interoperate

Hypervisor Security First Published On: Last Updated On:

GSE/Belux Enterprise Systems Security Meeting

Trusted Computing and O/S Security. Aggelos Kiayias Justin Neumann

TPM v.s. Embedded Board. James Y

Trusted Computing: Security and Applications

Network Working Group Request for Comments: 1984 Category: Informational August 1996

TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

Building Trust Despite Digital Personal Devices

Google Cloud Platform: Customer Responsibility Matrix. April 2017

The next step in IT security after Snowden

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

Security in ECE Systems

Enforcing Trust in Pervasive Computing. Trusted Computing Technology.

Connecting Securely to the Cloud

Trusted Mobile Platform

The Road to a Secure, Compliant Cloud

Network Security Issues and Cryptography

Intel Software Guard Extensions

Overview of Information Security

A NEW MODEL FOR AUTHENTICATION

ARM Security Solutions and Numonyx Authenticated Flash

Designing Secure Storage for the Cloud Jesus Molina Fujitsu Laboratories of America

INF3510 Information Security Spring Lecture 4 Computer Security. University of Oslo Audun Jøsang

Advanced Systems Security: Principles

Computers and Security

Intel s s Security Vision for Xen

Secure, Trusted and Trustworthy Computing

Lecture Notes 12 : TCPA and Palladium. Lecturer: Pato/LaMacchia Scribe: Barrows/DeNeui/Nigam/Chen/Robson/Saunders/Walsh

EXTERNALLY VERIFIABLE CODE EXECUTION

Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD

L1: Computer Security Overview. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

IBM PowerSC. Designed for Enterprise Security & Compliance in Cloud and Virtualised environments. Highlights

Google Cloud Platform: Customer Responsibility Matrix. December 2018

Crypto Background & Concepts SGX Software Attestation

Windows 10 IoT Core Azure Connectivity and Security

Java Specification Request 321: Trusted Computing API for Java. Tutorial on the Early Draft Review

Windows IoT Security. Jackie Chang Sr. Program Manager

Click to edit Master. Trusted Storage. title style. Master subtitle style Seagate Technology

Advanced Systems Security: Principles

Secure Set Intersection with Untrusted Hardware Tokens

Transcription:

Trusted Computing Special Aspects and Challenges Prof. Dr. Ing. Ahmad Reza Sadeghi Chair for System Security Horst Görtz Institute for IT Security Ruhr University Bochum, Germany http://www.trust.rub.de

Organizational Issues Lecture Mondays 10.15 am 11.45 am in IC 1/161 Exercises Theoretical part (homework) Practical part (in the Lab for Operating System Security and Trusted Computing, IC 4/31 7 Exercises of two hours, starting in the middle of Mai Tutors Hans Löhr, Biljana Cubaleska (contact data on www.trust.rub.de) Exam Oral examination (75 % of the mark) Exercises (25 % of the mark) Slide Nr. 2, Lecture Trusted Computing SS 09 Chapter 0: Organizational Issues

Recommended Literature D. Challenger, K. Yoder, et al. A Practical Guide to Trusted Computing IBM Press, 2008 Thomas Müller Trusted Computing Systeme Konzepte und Anforderungen Springer Verlag, 2008 Lecture Website: http://www.ei.rub.de/studierende/lehrveranstaltungen/231/ Lecture slides Exercises Other references All announcements Slide Nr. 3, Lecture Trusted Computing SS 09 Chapter 0: Organizational Issues

Roadmap of this Lecture Introduction to trusted computing Trusted Platform Module (TCG) Selected TCG Functionalities Authenticated boot, binding and sealing, attestation, trusted network connect Trusted virtualization Some research concepts and challenges IBM Integrity Measurement Architecture, property based attestation, trusted channels, virtual TPM, TPM compliance, trusted virtual domains Slide Nr. 4, Lecture Trusted Computing SS 09 Chapter 0: Organizational Issues

Lecture Trusted Computing Chapter 1: Introduction to Trusted Computing Prof. Dr. Ing. Ahmad Reza Sadeghi Chair for System Security Horst Görtz Institute for IT Security Ruhr University Bochum, Germany http://www.trust.rub.de

Roadmap of Chapter 1 Introduction to Trusted Computing Motivation Notion of trust Towards trustworthy computing platforms Trusted Computing Group (TCG) approach to trusted computing Basic TCG concepts Slide Nr. 6, Lecture Trusted Computing SS 09

The Big Picture Trustworthiness in distributed IT systems Different parties with potentially conflicting requirements involved Cryptographic methods are of limited help How to define trustworthiness? How to determine/verify it? How could common computing platforms support such functionality? Even a secure OS cannot verify own integrity The role of Trusted Computing Enable the reasoning about the trustworthiness of own and other s IT system Slide Nr. 7, Lecture Trusted Computing SS 09 User Adversary

Demand for TC and Application Domains Demand for Trusted Computing Improve security of existing IT Systems (malware, phishing, etc.) Increasing threats for IT systems Inflexibility of traditional secure systems (reference monitors) Improve existing IT infrastructures (e.g., VPN) Enable new applications with sophisticated (security) requirements Application domains Monitoring and verifying integrity of IT systems Controlling access to and usage of services and resources (online services, shared hardware, sensitive data) Slide Nr. 8, Lecture Trusted Computing SS 09

Possible Use Cases E Services Government (e.g., e Voting integrity) Health (e.g., confidentiality of sensitive medical records) Commerce (e.g., enforceability of digital signatures) Online banking Grid computing Digital/enterprise rights management Secure supply chains Mobile computing Slide Nr. 9, Lecture Trusted Computing SS 09

Roadmap of Chapter 1 Introduction to Trusted Computing Motivation Notion of trust Towards trustworthy computing platforms Trusted Computing Group (TCG) approach to trusted computing Basic TCG concepts Slide Nr. 10, Lecture Trusted Computing SS 09

Issues and Vocabulary Trust Complicated notion studied and debated in different areas (social sciences, philosophy, psychology, computer science, ) Notion relating to belief in honesty, truthfulness, competence, reliability etc. of the trusted entity Social Trust belief in the safety or goodness of something because of reputation, association, recommendation, perceived benefit Meanings (an attempt) Secure: system or component will not fail with respect to protection goals Trusted: system or component whose failure can break the (security) policy (Trusted Computing base (TCB)) Trustworthy: the degree to which the behavior of the component or system is demonstrably compliant with its stated functionality Trusted Computing Group (TCG) defines a system as trusted [...] if it always behaves in the expected manner for the intended purpose. Slide Nr. 11, Lecture Trusted Computing SS 09

Basic Idea for Trusted Platform Trusted components in hardware and software Provides a variety of functions that must be trusted in particular a set of cryptographic and security functions Creates a foundation of trust for software Provides hardware protection for sensitive data e.g., keys, counters, etc. Desired goals Trusted Computing Base (TCB) should be minimized Compatibility to commodity systems Application Application Application Application Operating System (OS) Hardware OS Hardware Trusted Component Trusted Component Conventional Platform Trusted Platform Slide Nr. 12, Lecture Trusted Computing SS 09

Objectives Multilateral security Considers different and possibly conflicting security requirements of different parties and strives to balance these requirements Refers to (classical) security goal (e.g., confidentiality, integrity and availability) Typical conflict occurs between the wish for privacy and the interest in cooperation Problems Insufficient protection in SW and HW of existing computing platforms Malicious code (viruses, Trojan horses, ) DMA (Direct Memory Access) No secure storage Main reasons High complexity and poor fault isolation of operating systems Lack of functional and protection mechanisms in hardware Security unawareness of users or security measures still not useable enough Slide Nr. 13, Lecture Trusted Computing SS 09

Roadmap of Chapter 1 Introduction to Trusted Computing Motivation Notion of trust Towards trustworthy computing platforms Trusted Computing Group (TCG) approach to trusted computing Basic TCG concepts Slide Nr. 14, Lecture Trusted Computing SS 09

Primary Goals Improve security of computing platforms Reuse existing modules e.g., GUI, common OS Applicable for different OS No monopoly, space for innovation (small and mid sized companies) Open architecture Use open standards and open source components Trustworthiness/costs/reliability/compatibility Efficient portability Allow realization of new applications/business models Providing multilateral security needed for underlying applications (based on various sets of assumptions and trust relations) Avoiding potential misuse of trusted computing functionalities Slide Nr. 15, Lecture Trusted Computing SS 09

Desired Primitives 1. Metric for code configuration I/O behavior of a machine based on an initial state e.g., represented by the hash value of the binary code Problematic when functionality depends on other codes not included in hashing (e.g., shared or dynamically linked libraries) Sometimes the notion of code identity is used [EnLaMaWi2003] 2. Integrity verification (Attestation) Allows a computing platform to export verifiable information about its properties (e.g., identity and initial state) Comes from the requirement of assuring the executing image and environment of an application located on a remote computing platform Slide Nr. 16, Lecture Trusted Computing SS 09

Desired Primitives (cntd.) 3. Secure storage to persist data securely between executions using traditional untrusted storage like hard drives To encrypt data and assured to be the only capable of decrypting it 4. Strong process isolation Assured (memory space) separation between processes Prevents a process from reading or modifying another process s memory 5. Secure I/O Allows application to assure the end points of input and output operations A user can be assured to securely interact with the intended application Slide Nr. 17, Lecture Trusted Computing SS 09

Need for Secure Hardware and Software Hardware Even a secure operating system cannot verify its own integrity (another party is needed) Secure storage DMA control Isolation of security critical programs Hardware based random numbers Fundamental to cryptography Software (operating systems) Hardening, e.g., SE Linux [LoSm2001] Still too complex and large TCB (Trusted Computing Base) Complete new design e.g., Trusted Mach, EROS (Extremely Reliable Operating System) [TrustedMach1991, Shap1999] Compatibility problem, less market acceptance Secure Virtual Machine Monitors (e.g., [Gold74, Sailer et al 2005]) Allow reuse of legacy software Slide Nr. 18, Lecture Trusted Computing SS 09

Roadmap of Chapter 1 Introduction to Trusted Computing Motivation Notion of trust Towards trustworthy computing platforms Trusted Computing Group (TCG) approach to trusted computing Basic TCG concepts Slide Nr. 19, Lecture Trusted Computing SS 09

Trusted Computing Group (TCG) Consortium of IT Enterprises (since April 2003) Today more than 120 members [TCG] www.trustedcomputing.org/about/members/ Focus on development of hardware enabled trusted computing and security technology across multiple platforms and devices Evolved from Trusted Computing Platform Alliance (TCPA) Formed by Hewlett Packard (HP), Compaq (today part of HP), IBM, Intel and Microsoft in January 1999 Has published various specifications Slide Nr. 20, Lecture Trusted Computing SS 09

TCG Work Groups I Trusted Platform Module (TPM) Work Group Specifies Trusted Platform Module (TPM) TCG Software Stack (TSS) Work Group Specifies hardware and operating system independent interfaces for using TPM features Trusted Network Connect (TNC) Work Group Standards ensuring multi vendor interoperability that enable network operators to enforce security policies for endpoint integrity for network connections Infrastructure Work Group (IWG) Adoption and integration of TCG concepts into Internet and enterprise infrastructure technologies Slide Nr. 21, Lecture Trusted Computing SS 09

TCG Work Groups II PC Client Work Group Specifies functionality, interfaces, and security and privacy requirements for PC clients using TCG components Has advisory role for TPM and other TCG work groups Server Work Group Specifies integration of TCG technology into server systems Mobile Phone Work Group Adoption of TCG concepts for mobile devices Addresses specific features of mobile devices like connectivity and limited capability Slide Nr. 22, Lecture Trusted Computing SS 09

TCG Work Groups III Storage System Work Group Standards for security services on dedicated storage systems with removable media drives, flash storage and multiple storage device systems including dedicated storage controller interfaces E.g., ATA, Serial ATA, SCSI, FibreChannel, USB storage, FireWire (IEEE 1394) and Network Attached Storage (NAS) Slide Nr. 23, Lecture Trusted Computing SS 09

TCG Main Specification Trusted Platform Module (TPM) [TPM2002, TPM2003, TPM2007] Provides a set of immutable cryptographic and security functions Trusted Software Stack (TSS) [TSS2003, TSS2007] Issues low level TPM requests and receives low level TPM responses on behalf of higher level applications Slide Nr. 24, Lecture Trusted Computing SS 09

Roadmap of Chapter 1 Introduction to Trusted Computing Motivation Notion of trust Towards trustworthy computing platforms Trusted Computing Group (TCG) approach to trusted computing Basic TCG concepts Chain of trust Integrity measurements Abstract model of TCG concept Slide Nr. 25, Lecture Trusted Computing SS 09

Chain of Trust for Measurements Goal is to gain trust in entity E n Operational standpoint: E 0 launches E 1, E 1 launches E 2, To trust E n one must trust E n 1 E 0, E 1 to E n creates a chain of trust Transitive trust Trust is transitive from E 0 to E 1 to E 2 It does not invert: trusting E 0 does NOT imply that one must trust E 2 Trusting E 2 REQUIRES one to trust E 0 and E 1 Entity E 0 Entity E 1 Entity E 2 Entity E n Slide Nr. 26, Lecture Trusted Computing SS 09

Chain Measurement What does one need to trust the chain The identity of each item in the chain identity = measurement (according to TCG definition) E.g., a hash value of the binary code Generic flow: each member measures its successor before passing the control to it E 0 measures E 1 before passing control to E 1 and so on Who measures E 0? Root of Trust for Measurements (RTM) Must be trusted, no mechanism to measure it To create a chain of trust the first entity must be the RTM RTM Entity E 0 Entity E 1 Entity E 2 Entity E n Slide Nr. 27, Lecture Trusted Computing SS 09

Performing Integrity Measurements CRTM 3. SM (Security Module) Registers 2. 4. 1. Entity E SM Event Log one Event Structure per measurement Event Structure Extend Value (digest of E) Extend Data (information about E) 1. RTM measures entity E 2. RTM creates Event Structure in TPM Event Log SML contains the Event Structures for all measurements extended to the SM SM Event Log can be stored on any storage device E.g., hard disk 3. RTM extends value into Registers 4. Execute/pass control to entity E Slide Nr. 28, Lecture Trusted Computing SS 09

Abstract Model of TCG Concept Trusted Platform P provides integrity of host H Host H (untrusted) firmware operating system applications D execute(c H ) Attestor A trusted component (hard and software) Securely stores C H SM/RTM challenge response attest( hash(c H )) Bind(hash(C H ), D ) init( C H ) Challenger / Verifier Verifier V local or remote can decide whether C H violates its security requirements can bind/seal data D to a specific (probably secure) configuration/state of H Attest: Verify system integrity Bind/Seal: Access control depending on system configuration C H - initial configuration/state of host H when platform P has been booted D - data to be revealed only if host H is in the (secure) configuration C H User / Adversary insecure channel secure channel 29

Concerns About TCG Approach Potential basis for Digital Rights Management (DRM) Less freedom Including freedom of choice and user control Privacy violation Disclosure of platform identity and configuration Confusing language Trust, control, opt in, Core specifications unreadable Leads to misunderstanding Danger of restricting competition Misuse of sealed storage capabilities, locking out alternative applications and inhibiting interoperation Much of the criticism related to Microsoft s NGSCB Several name changes Palladium, NGSCB, Longhorn, Vista Bad publicity or legal challenges on rights to the names Slide Nr. 31, Lecture Trusted Computing SS 09

Legal Requirements on TC/TCG Main actors German Government Requirements Catalogue on TCG Electronic Frontier Foundation (EFF) European Commission Article 29 (Data Protection Working Party) New Zealand Government s initiative on TC/DRM technologies Main requirements Prevent confusion and clarify terms (trust, trusted, trustworthy, thread model) Privacy issues (user, platform, ), application and design of new technologies should be privacy compliant by default Unrestricted user control (e.g., over keys and IT technology) Transparency of certification Option for transferring secrets between different machines Functional separation of TPM and CPU/chipsets Product discrimination TC/DRM should not adversely affect security of government held information Slide Nr. 32, Lecture Trusted Computing SS 09

Next Chapter: Chapter 2: Trusted Platform Module (TPM) Main TCG Specification 33

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback