Lecture Embedded System Security Introduction to Trusted Computing

Similar documents
Lecture Embedded System Security Introduction to Trusted Computing

Lecture Embedded System Security Introduction to Trusted Computing

Trusted Computing Special Aspects and Challenges

Lecture Embedded System Security Trusted Platform Module

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)

Applications of Attestation:

Trusted Computing Group

Systems View -- Current. Trustworthy Computing. TC Advantages. Systems View -- Target. Bootstrapping a typical PC. Boot Guarantees

Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2009

Trusted Virtual Domains: Towards Trustworthy Distributed Services. Ahmad-Reza Sadeghi System Security Lab Ruhr-Universität Bochum

Embedded System Security Mobile Hardware Platform Security

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Embedded System Security Mobile Hardware Platform Security

Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing

Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2007

An Introduction to Trusted Platform Technology

SECURITY ARCHITECTURES CARSTEN WEINHOLD

Trusted Platform for Mobile Devices: Challenges and Solutions

TERRA. Boneh. A virtual machine-based platform for trusted computing. Presented by: David Rager November 10, 2004

Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge

Accelerating the implementation of trusted computing

TRUSTED COMPUTING TRUSTED COMPUTING. Overview. Why trusted computing?

NGSCB The Next-Generation Secure Computing Base. Ellen Cram Lead Program Manager Windows Security Microsoft Corporation

Advanced Systems Security: Principles

Security and Privacy in Cloud Computing

Platform Configuration Registers

Trusted Computing. William A. Arbaugh Department of Computer Science University of Maryland cs.umd.edu

Trusted Computing in Drives and Other Peripherals Michael Willett TCG and Seagate 12 Sept TCG Track: SEC 502 1

Advanced Systems Security: Principles

Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD

Trusted Computing: Introduction & Applications

Lecture 3 MOBILE PLATFORM SECURITY

Technical Brief Distributed Trusted Computing

Creating the Complete Trusted Computing Ecosystem:

Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing

INF3510 Information Security. Lecture 6: Computer Security. Universitetet i Oslo Audun Jøsang

CIS 4360 Secure Computer Systems SGX

Enforcing Trust in Pervasive Computing. Trusted Computing Technology.

Demonstration Lecture: Cyber Security (MIT Department) Trusted cloud hardware and advanced cryptographic solutions. Andrei Costin

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

INF3510 Information Security Spring Lecture 4 Computer Security. University of Oslo Audun Jøsang

Dawn Song

Hypervisor Security First Published On: Last Updated On:

CSE543 - Computer and Network Security Module: Trusted Computing

Building Trust Despite Digital Personal Devices

Trusted Computing and O/S Security

Who s Protecting Your Keys? August 2018

Trusted Computing Today: Benefits and Solutions

Trusted Network Access Control Experiences from Adoption

Towards Application Security on Untrusted Operating Systems

Server side management system for multiple IoT terminals in industrial systems

The Road to a Secure, Compliant Cloud

Flicker: An Execution Infrastructure for TCB Minimization

Trusted Computing Use Cases and the TCG Software Stack (TSS 2.0) Lee Wilson TSS WG Chairman OnBoard Security November 20, 2017

Network Security Issues and Cryptography

DICE: Foundational Trust for IoT

Intelligent Terminal System Based on Trusted Platform Module

TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

Lecture Notes 12 : TCPA and Palladium. Lecturer: Pato/LaMacchia Scribe: Barrows/DeNeui/Nigam/Chen/Robson/Saunders/Walsh

Advanced Systems Security: Principles

Operating System Security, Continued CS 136 Computer Security Peter Reiher January 29, 2008

GSE/Belux Enterprise Systems Security Meeting

EXTERNALLY VERIFIABLE CODE EXECUTION

TCG activities on Mobile Security standardization. Mr. Janne Uusilehto, Nokia Chairman, TCG MPWG Embedded Security Seminar September 12, 2005

Trusted Network Connect (TNC) 3rd European Trusted Infrastructure Summer School September 2008

RISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas

Intel Software Guard Extensions

Connecting Securely to the Cloud

IDACCS Wireless Integrity protection in a smart grid environment for wireless access of smart meters

TPM v.s. Embedded Board. James Y

IBM PowerSC. Designed for Enterprise Security & Compliance in Cloud and Virtualised environments. Highlights

Security Using Digital Signatures & Encryption

Wrapup. CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger.

Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD

Secure Set Intersection with Untrusted Hardware Tokens

Computers and Security

Agenda GDPR Overview & Requirements IBM Secure Virtualization Solution Overview Summary / Call to Action Q & A 2

Lecture 1 Applied Cryptography (Part 1)

Trusted Computing: Security and Applications

Weak Spots Enterprise Mobility Management. Dr. Johannes Hoffmann

OVAL + The Trusted Platform Module

Standardizing Network Access Control: TNC and Microsoft NAP to Interoperate

CSE 237B Fall 2009 Virtualization, Security and RTOS. Rajesh Gupta Computer Science and Engineering University of California, San Diego.

Most Common Security Threats (cont.)

Lecture Secure, Trusted and Trustworthy Computing Introduction to SGX

How to create a trust anchor with coreboot.

Network Working Group Request for Comments: 1984 Category: Informational August 1996

Security & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of

SECURITY ARCHITECTURES CARSTEN WEINHOLD

The next step in IT security after Snowden

Master s Thesis. End-To-End Application Security Using Trusted Computing. Michiel Broekman. August 18, 2005

Click to edit Master. Trusted Storage. title style. Master subtitle style Seagate Technology

QUANTUM SAFE PKI TRANSITIONS

Easy Incorporation of OPTIGA TPMs to Support Mission-Critical Applications

Leveraging Intel SGX to Create a Nondisclosure Cryptographic library

TUX : Trust Update on Linux Kernel

Trusted Platform Modules Automotive applications and differentiation from HSM

Crypto Background & Concepts SGX Software Attestation

Transcription:

1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2012

Roadmap: Trusted Computing Motivation Notion of trust Trusted Computing Group (TCG) approach Basic TCG concepts Chain of trust Integrity measurements Slide Nr. 2, Embedded System Security, SS 2012

The Big Picture Trustworthiness in distributed IT systems Different parties with potentially conflicting requirements involved Cryptographic methods are of limited help The challenges How to define trustworthiness? How to determine/verify trustworthiness? How could common computing platforms support such functionality? Even a secure OS cannot verify own integrity The role of Trusted Computing Enable the reasoning about trustworthiness of own and other s IT system Slide Nr. 3, Embedded System Security, SS 2012

Demand for Trusted Computing Improve security of existing IT Systems Malware, phishing, etc. Increasing threats for IT systems Inflexibility of traditional secure systems Reference monitors Improve existing IT infrastructures (e.g., VPN) Enable new applications with sophisticated (security) requirements Slide Nr. 4, Embedded System Security, SS 2012

Possible Use-Cases E-Services Government (e.g., e-voting integrity) Health (e.g., confidentiality of sensitive medical records) Commerce (e.g., enforceability of digital signatures) Online banking Digital/enterprise rights management and copyright protection Mobile computing Slide Nr. 5, Embedded System Security, SS 2012

Roadmap: Trusted Computing Motivation Notion of trust Trusted Computing Group (TCG) approach Basic TCG concepts Chain of trust Integrity measurements Slide Nr. 6, Embedded System Security, SS 2012

Vocabulary I Trust Complicated notion studied and debated in different areas (social sciences, philosophy, psychology, computer science, ) Notion relating to belief in honesty, truthfulness, competence, reliability, etc. of the trusted entity Social Trust: Belief in the safety or goodness of something because of reputation, association, recommendation, perceived benefit Slide Nr. 7, Embedded System Security, SS 2012

Vocabulary II Meanings (an attempt) Secure: System or component will not fail with respect to protection goals Trusted: System or component whose failure can break the (security) policy (Trusted Computing Base, TCB) Trustworthy: Degree to which the behavior of a component or system is demonstrably compliant with its stated functionality Trusted Computing Group (TCG) defines a system as trusted if it always behaves in the expected manner for the intended purpose. Slide Nr. 8, Embedded System Security, SS 2012

Basic Idea for Trusted Platform Trusted components in hardware and software Provides a variety of trusted functions In particular a set of cryptographic and security functions Ideally creates a foundation of trust for software Provides hardware protection for sensitive data e.g., keys, counters, etc. Desired goals in practice Trusted Computing Base (TCB) should be minimized Compatibility to commodity systems Application Application Application Application Operating System (OS) Hardware OS Hardware Trusted Component Trusted Component Conventional Platform Slide Nr. 9, Embedded System Security, SS 2012 Trusted Platform

General Objective: Multilateral Security Considers different and possibly conflicting security requirements of different parties and strives to balance these requirements Refers to (classical) security goals Confidentiality, integrity, availability, etc. Typical conflict occurs between the wish for privacy and the interest in cooperation Slide Nr. 10, Embedded System Security, SS 2012

Problems Insufficient protection in SW and HW of existing computing platforms Malicious code (viruses, Trojan horses, etc.) DMA (Direct Memory Access) No secure storage Main reasons High complexity and poor fault isolation of operating systems Lack of functional and protection mechanisms in hardware Security unawareness of users or security measures still not useable enough Slide Nr. 11, Embedded System Security, SS 2012

Primary Goals in Practice Improve security of computing platforms Reuse existing modules GUI, common OS, etc. Applicable for different OS No monopoly, space for innovation (small and mid-sized companies) Open architecture Use open standards and open source components Trustworthiness, costs, reliability, compatibility Efficient portability Allow realization of new applications/business models Providing security needed for underlying applications (based on various sets of assumptions and trust relations) Avoiding potential misuse of trusted computing functionalities Slide Nr. 12, Embedded System Security, SS 2012

Desired Primitives 1. Metric for code configuration/identity I/O behavior of a machine based on an initial state Example of a simple metric: Hash value of binary code Problematic when code functionality depends on other code not included in hash digest (e.g., shared or dynamically linked libraries) 2. Integrity verification (Attestation) Allows computing platform to export verifiable information about its properties (e.g., identity and initial state) Comes from the requirement of assuring the executing image and environment of an application located on a remote computing platform Slide Nr. 13, Embedded System Security, SS 2012

Desired Primitives (cntd.) 3. Secure storage Securely stores data on traditional untrusted storage (e.g. hard disks) Encrypts data and assures that no other entity can decrypt it 4. Strong process isolation Assures process (memory space) separation Prevents a process from reading or modifying another process memory 5. Secure I/O Allows applications to assure the endpoints of input and output operations Assures to the user that he securely interacts with the intended application Slide Nr. 14, Embedded System Security, SS 2012

Need for Secure Hardware and Software Hardware Even a secure operating system cannot verify its own integrity Another party is needed Secure storage DMA control Isolation of security-critical programs Hardware-based random numbers Fundamental to cryptography Software (operating systems) Hardening (e.g., SE Linux) Still too complex and too large TCB (Trusted Computing Base) Complete new design (e.g., EROS) Compatibility problem, less market acceptance Secure Virtual Machine Monitors Allow reuse of legacy software Slide Nr. 15, Embedded System Security, SS 2012

Roadmap: Trusted Computing Motivation Notion of trust Trusted Computing Group (TCG) approach Basic TCG concepts Chain of trust Integrity measurements Slide Nr. 16, Embedded System Security, SS 2012

Trusted Computing Group (TCG) Consortium of IT-Enterprises (since April 2003) Today more than 100 members www.trustedcomputinggroup.org Focus on development of hardware-enabled trusted computing and security technology across multiple platforms and devices Evolved from Trusted Computing Platform Alliance (TCPA) Formed by Hewlett-Packard (HP), Compaq (today part of HP), IBM, Intel and Microsoft in January 1999 Has published many specifications on Trusted Platforms and Infrastructures Slide Nr. 17, Embedded System Security, SS 2012

TCG Main Specifications Trusted Platform Module (TPM) Provides a set of immutable cryptographic and security functions Trusted Software Stack (TSS) Issues low-level TPM requests and receives low-level TPM responses on behalf of higher-level applications Slide Nr. 18, Embedded System Security, SS 2012

Chain of Trust Consider Entities E 0,, E n Goal is to gain trust in entity E n Operational standpoint: E 0 launches E 1, E 1 launches E 2, etc. To trust E n one must trust E n 1 The sequence E 0, E 1 to E n creates a chain of trust Transitive trust from E 0 to E 1 to E 2, etc. Trusting E 2 requires one to trust E 0 and E 1 However: Trusting E 0 does not imply that one must trust E 2 Entity E 0 Entity E 1 Entity E 2 Entity E n Slide Nr. 19, Embedded System Security, SS 2012

Chain Measurement What is needed to trust the chain The identity of each entity E i in the chain Identity = measurement (according to TCG definition) For instance the hash digest of the binary code of E i Generic flow: Each entity E i measures its successor E i+1 before passing control to it Who measures E 0? Root of Trust for Measurements (RTM) Must be trusted, no mechanism to measure E 0 To create a chain of trust the first entity E 0 must be the RTM RTM Entity E 0 Entity E 1 Entity E 2 Entity E n Slide Nr. 20, Embedded System Security, SS 2012

Performing Integrity Measurements RTM 3. SM (Security Module) Registers 2. 4. 1. Entity E SM Event Log One Event Structure per measurement Event Structure Extend Value (digest of E) Extend Data (information about E) Slide Nr. 21, Embedded System Security, SS 2012 1. RTM measures entity E 2. RTM creates Event Structure in SM Event Log SM Event Log contains the Event Structures for all measurements extended to the SM SM Event Log can be stored on any (untrusted) storage device (e.g. hard disk) 3. RTM extends measurement value into SM registers 4. RTM executes/passes control to entity E

Abstract Model of TCG Concept Trusted Platform P Provides integrity of host H Host H (untrusted) Firmware Operating system Applications D execute(c H ) Attestor A Trusted component (hard- and software) Securely stores C H RTM challenge response Attest(Hash(C H )) Bind(Hash(C H ), D) init(c H ) Challenger / Verifier Verifier V Local or remote Can decide whether C H violates its security requirements Can bind/seal data D to a specific (probably secure) configuration/state of H Attest: Verify system integrity Bind/Seal: Access control depending on system configuration C H - initial configuration/state of host H when platform P has been booted D - data to be revealed only if host H is in the (secure) configuration C H User / Adversary insecure channel secure channel

Concerns About TCG Approach Potential basis for Digital Rights Management (DRM) Less freedom Including freedom of choice and user control Privacy violation Disclosure of platform identity and configuration Confusing language Trust, control, opt-in, etc. Core specifications not really readable Leads to misunderstanding Potentially restricting competition Misuse of sealed storage capabilities, locking out alternative applications and inhibiting interoperation Much of the criticism related to Microsoft s NGSCB NGSCB = Next Generation Secure Computing Base Several name changes Palladium, NGSCB, Longhorn, Vista Bad publicity or legal challenges on rights to the names Slide Nr. 23, Embedded System Security, SS 2012

Some Legal Requirements on TC/TCG Prevent confusion and clarify terms Trust, trusted, trustworthy, thread model, etc. Privacy issues (user, platform, ) Application and design of new technologies should be privacy compliant by default Unrestricted user control e.g., over keys and IT technology Transparency of certification Option for transferring secrets between different machines Functional separation of TPM and CPU/chipsets Product discrimination TC/DRM should not adversely affect security of government-held information Slide Nr. 24, Embedded System Security, SS 2012

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback