Lecture Embedded System Security Introduction to Trusted Computing

Similar documents
Lecture Embedded System Security Introduction to Trusted Computing

Lecture Embedded System Security Introduction to Trusted Computing

Trusted Computing Special Aspects and Challenges

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Lecture Embedded System Security Trusted Platform Module

Applications of Attestation:

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)

Security and Privacy in Cloud Computing

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge

Trusted Computing Group

Trusted Virtual Domains: Towards Trustworthy Distributed Services. Ahmad-Reza Sadeghi System Security Lab Ruhr-Universität Bochum

Accelerating the implementation of trusted computing

Advanced Systems Security: Principles

Advanced Systems Security: Principles

Embedded System Security Mobile Hardware Platform Security

Embedded System Security Mobile Hardware Platform Security

Technical Brief Distributed Trusted Computing

Trusted Platform for Mobile Devices: Challenges and Solutions

Demonstration Lecture: Cyber Security (MIT Department) Trusted cloud hardware and advanced cryptographic solutions. Andrei Costin

Systems View -- Current. Trustworthy Computing. TC Advantages. Systems View -- Target. Bootstrapping a typical PC. Boot Guarantees

Creating the Complete Trusted Computing Ecosystem:

SECURITY ARCHITECTURES CARSTEN WEINHOLD

TERRA. Boneh. A virtual machine-based platform for trusted computing. Presented by: David Rager November 10, 2004

Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2009

Trusted Network Access Control Experiences from Adoption

Trusted Disk Loading in the Emulab Network Testbed. Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci

Platform Configuration Registers

Trusted Computing in Drives and Other Peripherals Michael Willett TCG and Seagate 12 Sept TCG Track: SEC 502 1

Trusted Computing: Introduction & Applications

Lecture Secure, Trusted and Trustworthy Computing Introduction to SGX

Advanced Systems Security: Principles

Trusted Network Connect (TNC) 3rd European Trusted Infrastructure Summer School September 2008

TRUSTED COMPUTING TRUSTED COMPUTING. Overview. Why trusted computing?

EXTERNALLY VERIFIABLE CODE EXECUTION

OVAL + The Trusted Platform Module

IDACCS Wireless Integrity protection in a smart grid environment for wireless access of smart meters

Easy Incorporation of OPTIGA TPMs to Support Mission-Critical Applications

Lecture 3 MOBILE PLATFORM SECURITY

Server side management system for multiple IoT terminals in industrial systems

TUX : Trust Update on Linux Kernel

The next step in IT security after Snowden

Hypervisor Security First Published On: Last Updated On:

GSE/Belux Enterprise Systems Security Meeting

Trusted Disk Loading in the Emulab Network Testbed. Cody Cutler, Eric Eide, Mike Hibler, Rob Ricci

Network Security Issues and Cryptography

Secure, Trusted and Trustworthy Computing

Trusted Mobile Platform

Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing

Intelligent Terminal System Based on Trusted Platform Module

Security of Embedded Systems

Flicker: An Execution Infrastructure for TCB Minimization

Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2007

Cisco Secure Boot and Trust Anchor Module Differentiation

Leveraging Intel SGX to Create a Nondisclosure Cryptographic library

Trusted Platform Modules Automotive applications and differentiation from HSM

Google Cloud Platform: Customer Responsibility Matrix. April 2017

Lecture 1 Applied Cryptography (Part 1)

INF3510 Information Security Spring Lecture 4 Computer Security. University of Oslo Audun Jøsang

Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD

CSE 237B Fall 2009 Virtualization, Security and RTOS. Rajesh Gupta Computer Science and Engineering University of California, San Diego.

I Don't Want to Sleep Tonight:

DICE: Foundational Trust for IoT

March 2018 Version 0.5. PCI Express Device Security Enhancements

BUILDING SECURE (CLOUD) APPLICATIONS USING INTEL S SGX

Windows IoT Security. Jackie Chang Sr. Program Manager

Securing IoT with the ARM mbed ecosystem

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

Coordinated Disclosure of Vulnerabilities in AVG Antivirus Free Android

Coordinated Disclosure of Vulnerabilities in McAfee Security Android

Influential OS Research Security. Michael Raitza

Weak Spots Enterprise Mobility Management. Dr. Johannes Hoffmann

Intel, OpenStack, & Trust in the Open Cloud. Intel Introduction

IBM PowerSC. Designed for Enterprise Security & Compliance in Cloud and Virtualised environments. Highlights

10 FOCUS AREAS FOR BREACH PREVENTION

SGX Security Background. Masab Ahmad Department of Electrical and Computer Engineering University of Connecticut

R E F E R E N C E TCG. Trusted Multi-Tenant Infrastructure Work Group. Use Cases. Version 1.1. November 15, 2013

Who s Protecting Your Keys? August 2018

TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

Windows 10 IoT Core Azure Connectivity and Security

Master s Thesis. End-To-End Application Security Using Trusted Computing. Michiel Broekman. August 18, 2005

June 2018 Version 0.7. PCI Express Device Security Enhancements

Unicorn: Two- Factor Attestation for Data Security

Secure Set Intersection with Untrusted Hardware Tokens

Enforcing Trust in Pervasive Computing. Trusted Computing Technology.

Google Cloud Platform: Customer Responsibility Matrix. December 2018

Security in NVMe Enterprise SSDs

L1: Computer Security Overview. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

OS Security IV: Virtualization and Trusted Computing

Module: Cloud Computing Security

How to create a trust anchor with coreboot.

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report

Towards Application Security on Untrusted Operating Systems

TCG Guidance for Securing Resource- Constrained Devices. Version 1.0 Revision 22 March 13, Contact:

Trusted Platform Module explained

TCG TPM2 Software Stack & Embedded Linux. Philip Tricca

High-Assurance Cyber Space Systems (HACSS) for Small Satellite Mission Integrity

An Introduction to Trusted Platform Technology

Syllabus: The syllabus is broadly structured as follows:

Transcription:

1 Lecture Embedded System Security Introduction to Trusted Computing Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Summer Term 2017

Roadmap: Trusted Computing Motivation Notion of trust Trusted Computing Chain of trust Integrity measurements

The Big Picture Trustworthiness in distributed IT systems Different parties with potentially conflicting requirements involved Cryptographic methods are of limited help The challenges How to define trustworthiness? How to determine/verify trustworthiness? How could common computing platforms support such functionality? Even a secure OS cannot verify own integrity The role of Trusted Computing Enable the reasoning about trustworthiness of own and other IT systems

Demand for Trusted Computing Increasing threats for IT systems Malware, phishing, targeted attacks, etc. Inflexibility of traditional secure systems Example: reference monitors Improve security of existing IT systems and infrastructures Servers, PCs, mobile phones, embedded systems, VPN, etc. Enable new applications with sophisticated (security) requirements

Roadmap: Trusted Computing Motivation Notion of trust Trusted Computing Chain of trust Integrity measurements

Notions of Trust

Trust Complicated notion Studied and debated in different areas (social sciences, philosophy, psychology, computer science, ) Notion relating to belief in honesty, truthfulness, competence, reliability, etc. of the trusted entity Social trust Belief in the safety or goodness of something because of reputation, association, recommendation, perceived benefit, etc.

Secure, Trusted, Trustworthy Secure: System or component will not fail with respect to security goals Trusted: System or component whose failure can break the (security) policy (Trusted Computing Base, TCB) Trustworthy: Degree to which behavior of a component or system is demonstrably compliant with its stated functionality

Roadmap: Trusted Computing Motivation Notion of trust Trusted Computing Chain of trust Integrity measurements

Trusted Platform (Basic Idea) Has trusted components in hardware and software Provides a variety of trusted functions In particular a set of cryptographic and security functions Ideally creates a foundation of trust for software Provides hardware protection for sensitive data Examples: Keys, counters, etc. Desired goals in practice Trusted Computing Base (TCB) should be minimized Compatibility to commodity systems Application Application Application Application Operating System (OS) Hardware OS Hardware Trusted Component Trusted Component Conventional Platform Trusted Platform

Problems of Existing IT Systems Insufficient protection in software and hardware of existing computing platforms Malicious code (e.g., viruses, Trojan horses) Runtime attacks (e.g., return-oriented programming) DMA (Direct Memory Access) No secure storage Main reasons High complexity and poor fault isolation of existing operating systems Lack of protection mechanisms in hardware User unawareness and poor usable security

Primary Goals of TC in Practice Improve security of (existing) computing platforms Reuse existing modules GUI, common OS, etc. Applicable to different operating systems No monopoly, room for innovation Open architecture Use open standards and open source components Trustworthiness, costs, reliability, compatibility Efficient portability New applications/business models Providing security needed for underlying applications (based on various sets of assumptions and trust relations) Avoid potential misuse of trusted computing

Desired Primitives and Tools 1. Metric for code configuration/identity I/O behavior of machine determined by its code Example of a simple metric: Hash value of binary code Problematic when code functionality depends on other code not included in hash digest (e.g., shared or dynamically linked libraries) 2. Integrity verification (Attestation) Allows computing platform to export verifiable information about its properties (e.g., identity and initial state) Comes from the requirement of assuring the code configuration and execution environment of an application located on a remote computing platform

Desired Primitives and Tools (ctd.) 3. Secure storage Securely stores data on untrusted storage (e.g. hard disks) Encrypts data and assures that no other entity can decrypt it 4. Strong process isolation Assures process (memory space) separation Prevents a process from reading or modifying the memory used by another process 5. Secure I/O Allows applications to assure the endpoints of input and output operations Assures to the user that he securely interacts with the intended application

Need for Secure Hardware and Software Need for secure hardware Even a secure operating system cannot verify its own integrity Another party is needed Secure storage (e.g., for cryptographic keys) Isolation of security-critical programs (e.g., by DMA control) Hardware-based random numbers Fundamental to cryptography Need for secure software (operating systems) Hardening Still too complex and too large TCB (Trusted Computing Base) Complete new design Compatibility problem, low market acceptance Secure virtual machine monitors Allow reuse of legacy software (operating system and applications)

Trusted Computing Group (TCG) Consortium of many IT-Enterprises Founded in April 2003 www.trustedcomputinggroup.org Focus development of hardware-enabled trusted computing and security technologies across multiple platforms/devices Publications Various specifications on Trusted Platforms and Infrastructures

TCG Main Specifications Trusted Platform Module (TPM) Provides a set of immutable cryptographic and security functions Trusted Software Stack (TSS) Issues low-level TPM requests and receives low-level TPM responses on behalf of higher-level applications

Roadmap: Trusted Computing Motivation Notion of trust Trusted Computing Chain of trust Integrity measurements

Main TCG Concept: Chain of Trust Consider Entities E 0,, E n Goal is to gain trust in entity E n Operational standpoint: E 0 launches E 1, E 1 launches E 2, etc. To trust E n one must trust E n 1 The sequence E 0, E 1 to E n creates a chain of trust Transitive trust from E 0 to E 1 to E 2, etc. Trusting E 2 requires one to trust E 0 and E 1 However: Trusting E 0 does not imply that one trusts E 2 Entity E 0 Entity E 1 Entity E 2 Entity E n

Chain Measurement What is needed to trust the chain? The identity of each entity E i in the chain Identity = measurement (according to TCG definition) Example: Hash digest of the binary code of E i Generic flow: Each E i measures E i+1 before passing control to it Who measures E 0? E 0 must be trusted, no mechanism to measure E 0 E 0 is called Root of Trust for Measurement (RTM) RTM Entity E 0 Entity E 1 Entity E 2 Entity E n

Root of Trust for Measurement (RTM) Immutable portion of trusted platform s initialization code executed on every platform boot Trust in all integrity measurements based on integrity of RTM

Performing Integrity Measurements RTM 1. Entity E 1. RTM measures entity E SM (Security Module) Registers Event Log

Performing Integrity Measurements 1. RTM measures entity E RTM SM (Security Module) Registers 2. 1. Entity E Event Log One Event Structure per measurement Event Structure Extend Value (hash digest of E) Extend Data (information about E) 2. RTM creates Event Structure in Event Log Event Log contains Event Structures for all measurements extended to the SM Event Log can be stored on (untrusted) storage device (e.g., hard disk)

Performing Integrity Measurements 1. RTM measures entity E RTM 3. SM (Security Module) Registers 2. 1. Entity E Event Log One Event Structure per measurement Event Structure Extend Value (hash digest of E) Extend Data (information about E) 2. RTM creates Event Structure in Event Log Event Log contains Event Structures for all measurements extended to the SM Event Log can be stored on (untrusted) storage device (e.g., hard disk) 3. RTM extends measurement value into SM registers

Performing Integrity Measurements RTM 3. SM (Security Module) Registers 2. 4. 1. Entity E Event Log One Event Structure per measurement Event Structure Extend Value (hash digest of E) Extend Data (information about E) 1. RTM measures entity E 2. RTM creates Event Structure in Event Log Event Log contains Event Structures for all measurements extended to the SM Event Log can be stored on (untrusted) storage device (e.g., hard disk) 3. RTM extends measurement value into SM registers 4. RTM executes/passes control to entity E

Abstract Model of TCG Concept Trusted Platform P Provides integrity of host H Host H (untrusted) Firmware Operating system Applications execute(c H ) Attestor A Trusted component (hard- and software) Securely stores C H RTM init(c H ) User / Adversary C H - initial configuration/state of host H when platform P has been booted insecure channel secure channel

Abstract Model of TCG Concept Trusted Platform P Provides integrity of host H Host H (untrusted) Firmware Operating system Applications challenge response Challenger / Verifier Verifier V execute(c H ) Attestor A Trusted component (hard- and software) Securely stores C H RTM init(c H ) User / Adversary C H - initial configuration/state of host H when platform P has been booted insecure channel secure channel

Abstract Model of TCG Concept Trusted Platform P Provides integrity of host H Host H (untrusted) Firmware Operating system Applications execute(c H ) Attestor A Trusted component (hard- and software) Securely stores C H challenge response Attest(Hash(C H )) Challenger / Verifier Verifier V Can decide whether C H violates its security requirements RTM init(c H ) Attest: Verify system integrity C H - initial configuration/state of host H when platform P has been booted User / Adversary insecure channel secure channel

Abstract Model of TCG Concept Trusted Platform P Provides integrity of host H Host H (untrusted) Firmware Operating system Applications D execute(c H ) Attestor A Trusted component (hard- and software) Securely stores C H RTM challenge response Attest(Hash(C H )) Bind(Hash(C H ), D) init(c H ) Challenger / Verifier Verifier V H Can decide whether C H violates its security requirements Can bind/seal data D to a specific (probably secure) configuration/state o Attest: Verify system integrity Bind/Seal: Access control depending on system configuration C H - initial configuration/state of host H when platform P has been booted D - data to be revealed only if host H is in the (secure) configuration C H User / Adversary insecure channel secure channel

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback