CSE543 - Computer and Network Security Module: Trusted Computing

Similar documents
Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Systems View -- Current. Trustworthy Computing. TC Advantages. Systems View -- Target. Bootstrapping a typical PC. Boot Guarantees

Lecture Embedded System Security Trusted Platform Module

Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2007

Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2009

Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing

Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing

Trusted Computing. William A. Arbaugh Department of Computer Science University of Maryland cs.umd.edu

Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD

How to create a trust anchor with coreboot.

TRUSTED COMPUTING TRUSTED COMPUTING. Overview. Why trusted computing?

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD

The Early System Start-Up Process. Group Presentation by: Tianyuan Liu, Caiwei He, Krishna Parasuram Srinivasan, Wenbin Xu

CIS 4360 Secure Computer Systems. Trusted Platform Module

PRIMA: Policy-Reduced Integrity Measurement Architecture

Intelligent Terminal System Based on Trusted Platform Module

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)

From TPM 1.2 to 2.0 and some more. Federico Mancini AFSecurity Seminar,

Flicker: An Execution Infrastructure for TCB Minimization

Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD

TPM v.s. Embedded Board. James Y

An Introduction to Trusted Platform Technology

A TRUSTED STORAGE SYSTEM FOR THE CLOUD

Sirrix AG security technologies. TPM Laboratory I. Marcel Selhorst etiss 2007 Bochum Sirrix AG

Secure, Trusted and Trustworthy Computing

CIS 4360 Secure Computer Systems. Trusted Platform Module

Unicorn: Two- Factor Attestation for Data Security

IBM Research Report. The Role of TPM in Enterprise Security

Jonathan M. McCune. Carnegie Mellon University. March 27, Bryan Parno, Arvind Seshadri Adrian Perrig, Michael Reiter

ISO/IEC INTERNATIONAL STANDARD. Information technology Trusted Platform Module Part 2: Design principles

Applications of Attestation:

Preliminary analysis of a trusted platform module (TPM) initialization process

Trusted Computing: Introduction & Applications

TCG TPM2 Software Stack & Embedded Linux. Philip Tricca

Trusted Computing Group

OVAL + The Trusted Platform Module

TRUSTED SUPPLY CHAIN & REMOTE PROVISIONING WITH THE TRUSTED PLATFORM MODULE

IBM Research Report. Design and Implementation of a TCG-Based Integrity Measurement Architecture

Security of Cloud Computing

Hypervisor Security First Published On: Last Updated On:

Lecture Embedded System Security Introduction to Trusted Computing

Computer Security CS 426 Lecture 17

Trusted Computing: Introduction & Applications

ISO/IEC INTERNATIONAL STANDARD. Information technology Trusted Platform Module Part 1: Overview

Design and Analysis of Fair-Exchange Protocols based on TPMs

Lecture Embedded System Security Introduction to Trusted Computing

Platform Configuration Registers

IBM Research Report. PRIMA: Policy-Reduced Integrity Measurement Architecture. Trent Jaeger Pennsylvania State University

IBM Research Report. Towards Trustworthy Kiosk Computing. Scott Garriss Carnegie Mellon University Pittsburgh, PA

Authenticated booting for L4

Ari Singer. November 7, Slide #1

Enforcing Trust in Pervasive Computing. Trusted Computing Technology.

Offline dictionary attack on TCG TPM authorisation data

Atmel Trusted Platform Module June, 2014

Extending the Linux Integrity Subsystem for TCB Protection. David Safford, Mimi Zohar,

A Robust Integrity Reporting Protocol for Remote Attestation

Mobile Platform Security Architectures A perspective on their evolution

SELinux Protected Paths Revisited

Binding keys to programs using Intel SGX remote attestation

Software Vulnerability Assessment & Secure Storage

TCG. TCG Specification Architecture Overview. Specification Revision nd August Contact:

TLS-ENFORCED ATTESTATION. A Project. California State University, Sacramento. Submitted in partial satisfaction of the requirements for the degree of

Trusted Computing: Security and Applications

Enhancing Data Authenticity and Integrity in P2P Systems

Framework for Prevention of Insider attacks in Cloud Infrastructure through Hardware Security

Strengthening the Chain of Trust. Kevin Lane HP Jeff Bobzin Insyde Software

Building on existing security

Trusted Computing and O/S Security

Isolation And Integrity Management In Dynamic Virtualized Environments

Operating System Security: Building Secure Distributed Systems

6.857 L17. Secure Processors. Srini Devadas

Using existing security infrastructures

Industrial IoT Security Attacks & Countermeasures

Trusted Disk Loading in the Emulab Network Testbed. Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci

Fine-Grained Refinement on TPM-Based Protocol Applications

The American University in Cairo School of Sciences and Engineering. Using Trusted Platform Module for securing virtual environment access in Cloud

Lecture Notes 12 : TCPA and Palladium. Lecturer: Pato/LaMacchia Scribe: Barrows/DeNeui/Nigam/Chen/Robson/Saunders/Walsh

Trusted Computing in Drives and Other Peripherals Michael Willett TCG and Seagate 12 Sept TCG Track: SEC 502 1

Master s Thesis. End-To-End Application Security Using Trusted Computing. Michiel Broekman. August 18, 2005

Designing a digital security envelope using the Trusted Platform Module

TCG Guidance for Securing Resource- Constrained Devices. Version 1.0 Revision 22 March 13, Contact:

OS Security IV: Virtualization and Trusted Computing

Certifying Program Execution with Secure Processors. Benjie Chen Robert Morris Laboratory for Computer Science Massachusetts Institute of Technology

CSE 565 Computer Security Fall 2018

Trusted Disk Loading in the Emulab Network Testbed. Cody Cutler, Eric Eide, Mike Hibler, Rob Ricci

TUX : Trust Update on Linux Kernel

Justifying Integrity Using a Virtual Machine Verifier

Index. Boot sequence DRTM breakout measured launch, 336 local applications, 339 measured launch, 338 SINIT ACM, 338

Digital Certificates Demystified

Bootstrapping Trust in Commodity Computers

Experimenting with TCPA/TCG Hardware, Or: How I Learned to Stop Worrying and Love The Bear

CS Computer Networks 1: Authentication

Solving Bigger Problems with the TPM 2.0

Java Specification Request 321: Trusted Computing API for Java. Tutorial on the Early Draft Review

Injecting Trust to Cryptographic Key Management

Trusted Tamperproof Time on Mobile Devices

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

NGSCB The Next-Generation Secure Computing Base. Ellen Cram Lead Program Manager Windows Security Microsoft Corporation

Transcription:

CSE543 - Computer and Network Security Module: Trusted Computing Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1

What is Trust? 2

What is Trust? dictionary.com Firm reliance on the integrity, ability, or character of a person or thing. 2

What is Trust? dictionary.com Firm reliance on the integrity, ability, or character of a person or thing. What do you trust? Trust Exercise 2

What is Trust? dictionary.com Firm reliance on the integrity, ability, or character of a person or thing. What do you trust? Trust Exercise Do we trust our computers? 2

Trust 3

Trust a system that you are forced to trust because you have no choice -- US DoD 3

Trust a system that you are forced to trust because you have no choice -- US DoD A trusted computer does not mean a computer is trustworthy -- B. Schneier 3

Trusted Computing Base Trusted Computing Base (TCB) Hardware, Firmware, Operating System, etc There is always a level at which we must rely on trust How can we shrink the TCB? 4

Trustworthy Computing Microsoft Palladium (NGSCB) 5

Example of FUD Trusted Computing: An Animated Short - http://www.lafkon.net/tc/ 6

Trusted Computing Components (according to Wikipedia) Secure I/O Memory Curtaining Sealed Storage Remote Attestation Requires hardware support 7

Trusted Platform Module The Trusted Platform Module (TPM) provides hardware support for sealed storage and remote attestation What else can it do? www.trustedcomputinggroup.org 8

Where are the TPMs? 9

TPM Components Non-Volatile Storage Platform Configuration Register (PCR) Attestation Identity Key (AIK) Program Code I/O Random Number Generator SHA-1 Engine Key Generation RSA Engine Opt-In Exec Engine 10

TPM Discrete Components Input/Output (I/O) Allows the TPM to communicate with the rest of the system Non-Volatile Storage Stores long term keys for the TPM Platform Configuration Registers (PCRs) Provide state storage Attestation Identity Keys (AIKs) Public/Private keys used for remote attestation Program Code Firmware for measuring platform devices Random Number Generator (RNG) Used for key generation, nonce creation, etc 11

TPM Discrete Components SHA-1 Engine Used for computing signatures, creating key Blobs, etc RSA Key Generation Creates signing keys, storage keys, etc. (2048 bit) RSA Engine Provides RSA functions for signing, encryption/decryption Opt-In Allows the TPM to be disabled Execution Engine Executes Program Code, performing TPM initialization and measurement taking 12

Tracking State Platform Configuration Registers (PCRs) maintain state values. A PCR can only be modified through the Extend operation Extend(PCR[i], value) : PCR[i] = SHA1(PCR[i]. value) The only way to place a PCR into a state is to extend it a certain number of times with specific values Measurement Flow (Transitive Trust) Application Code OS Code OS Loader Code BIOS Self Measurement 13

Secure vs. Authenticated Secure boot stops execution if measurements are not correct Authenticated boot measures each boot state and lets remote systems determine if it is correct The Trusted Computing Group architecture uses authenticated boot 14

Protected Storage The TPM has limited storage capacity Key pairs are commonly stored on the system, but are encrypted by a storage key Users can protect data by allowing the TPM to control access to the symmetric key Access to keys can be sealed to a particular PCR state 15

Public/Private Keys Endorsement Key (EK) Only one EK pair for the lifetime of the TPM Usually set by manufacturer Private portion never leaves the TPM Storage Root Key (SRK) Created as part of creating a new platform owner Used for protected storage Manages other keys, e.g., storage keys Private portion never leaves the TPM Attestation Identity Keys (AIKs) Used for remote attestation The TPM may have multiple AIKs 16

Using TCG Justify System Integrity Attestation Approaches Trusted Platform on Demand (TPoD) IBM Research Tokyo Linux Integrity Measurement Architecture Sailer et. al. (USENIX Security 2004) BIND: A Fine-grained Attestation Service for Secure Distributed Systems Shi et. al. (IEEE S&P 2005) Network Authentication Trusted Network Connect (TNC) www.trustedcomputinggroup.org 17

Integrity Measurement IPsec and SSL provide secure communication But with whom am I talking? On-Demand / Grid Secure Domains B2B Application Thin-Client Secure Channel 18

Integrity Measurement Execution Flow Measurement Flow TCG-based Integrity Measurement Architecture Defined by Grub (IBM Tokyo Research Lab) Defined by TCG (Platform specific) 0-7 4-7 >= 8 Platform Configuration Registers 0-23 19

Basic Idea System Properties Measurement ext. Information (CERT, ) Data Config data Boot- Process Kernel Program Attested System Kernel module SHA1(Boot Process) SHA1(Kernel) SHA1(Kernel Modules) SHA1(Program) SHA1(Libraries) SHA1(Configurations) SHA1(Structured data) Signed TPM Aggregate Analysis System-Representation Known Fingerprints 20

Measurement List /bin/ bash Execve (*file) SHA1 Memory Map Schedule Integrity Value Measurement List (Kernel-held) Linux Security Module Traditional execution path 21

Some Details Kernel Measures At Executables, Libraries, Modules Load time only Applications May Measure Also Critical input Issues Addressed: Prevents writing on actively measured files Cannot open for write while file is open Non-deterministic loading Need measurement list 22

Key Distribution Before remote attestation can occur, the challenger must have either knowledge of the public portion of an AIK, or a CA s public key Old standards required the Privacy CA to know the TPM s PUBlic Endorsement Key (PUBEK) Direct Anonymous Attestation (DAA), added to the latest specifications, uses a zeroknowledge proof to ensure the TPM is real TPM 2 AIK + Sig CA - {AIK +,...} 3 4 Sig AIK - {PCR}, Sig CA - {AIK +,...} Privacy CA {CA + } 1 Challenger 23

Using TCG Many claim TCG will aid DRM How might one use the TPM for DRM? Discuss Trusted Computing is a doubleedged sword so is cryptography 24

False Claims Having a TPM will keep me from using opensource software No, the TCG architecture only specifies authenticated boot. This simply records each step, but does not, and cannot, stop the use of opensource operating systems, e.g. Linux TPM, Palladium/NGSCB, and DRM are all the same No, the TPM is only one of the components required for NGSCB to function Loss of Internet Anonymity The addition of DAA allows Privacy CAs to function with zero-knowledge proofs Others? 25

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback