Enforcing Trust in Pervasive Computing. Trusted Computing Technology.

Similar documents
Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Applications of Attestation:

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Lecture Embedded System Security Trusted Platform Module

Lecture Embedded System Security Introduction to Trusted Computing

Lecture Embedded System Security Introduction to Trusted Computing

Trusted Computing: Introduction & Applications

Intel s s Security Vision for Xen

Formal Methods for Assuring Security of Computer Networks

CSE543 - Computer and Network Security Module: Trusted Computing

Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing

Systems View -- Current. Trustworthy Computing. TC Advantages. Systems View -- Target. Bootstrapping a typical PC. Boot Guarantees

TRUSTED COMPUTING TRUSTED COMPUTING. Overview. Why trusted computing?

Trusted Computing. William A. Arbaugh Department of Computer Science University of Maryland cs.umd.edu

Trusted Computing: Security and Applications

Security and Privacy in Cloud Computing

Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing

Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2009

Flicker: An Execution Infrastructure for TCB Minimization

How I Learned to Stop Worrying and Love the Internet of Things

TRUSTED COMPUTING TECHNOLOGIES AND THEIR USE IN THE PROVISION OF HIGH ASSURANCE SDR PLATFORMS

Intelligent Terminal System Based on Trusted Platform Module

Lecture Embedded System Security Introduction to Trusted Computing

Old, New, Borrowed, Blue: A Perspective on the Evolution of Mobile Platform Security Architectures

Trusted Virtual Domains: Towards Trustworthy Distributed Services. Ahmad-Reza Sadeghi System Security Lab Ruhr-Universität Bochum

From TPM 1.2 to 2.0 and some more. Federico Mancini AFSecurity Seminar,

Agenda GDPR Overview & Requirements IBM Secure Virtualization Solution Overview Summary / Call to Action Q & A 2

Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2007

Building on existing security

ISO/IEC INTERNATIONAL STANDARD. Information technology Trusted Platform Module Part 2: Design principles

TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

Justifying Integrity Using a Virtual Machine Verifier

Using existing security infrastructures

Mobile Platform Security Architectures A perspective on their evolution

OVAL + The Trusted Platform Module

TRUSTED COMPUTING TECHNOLOGIES

FPKIPA CPWG Antecedent, In-Person Task Group

NGSCB The Next-Generation Secure Computing Base. Ellen Cram Lead Program Manager Windows Security Microsoft Corporation

Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Threat Model of a Scenario Based on Trusted Platform Module 2.0 Specification

Covert Identity Information in Direct Anonymous Attestation (DAA)

Security for the Xen Hypervisor Status Quo & Perspective 2006

Peer-to-Peer Access Control Architecture Using Trusted Computing Technology

GSE/Belux Enterprise Systems Security Meeting

Trusted Computing Special Aspects and Challenges

Platform Configuration Registers

TRUSTED SUPPLY CHAIN & REMOTE PROVISIONING WITH THE TRUSTED PLATFORM MODULE

Better Security with Virtual Machines

Technical Brief Distributed Trusted Computing

Trusted Mobile Keyboard Controller Architecture

Unicorn: Two- Factor Attestation for Data Security

Offline dictionary attack on TCG TPM authorisation data

PKI AND ROAMING IN ITS

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)

Trusted Computing: Introduction & Applications

Enhancing Data Authenticity and Integrity in P2P Systems

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

Offline dictionary attack on TCG TPM weak authorisation data, and solution

Trusted Network Access Control Experiences from Adoption

Online Services Security v2.1

Trusted Computing and O/S Security

Sparta Systems Stratas Solution

Security and Privacy in the Internet of Things : Antonio F. Skarmeta

Windows IoT Security. Jackie Chang Sr. Program Manager

Trusted Mobile Platform

The Road to a Secure, Compliant Cloud

Grid Security Infrastructure

Framework for Prevention of Insider attacks in Cloud Infrastructure through Hardware Security

A Robust Integrity Reporting Protocol for Remote Attestation

Trusted Tamperproof Time on Mobile Devices

TCG. TCG Specification Architecture Overview. Specification Revision nd August Contact:

Intel, OpenStack, & Trust in the Open Cloud. Intel Introduction

COOPERATIVE ITS SECURITY STANDARDIZATION AND ACTIVITIES ON EUROPEAN C ITS TRUST MODEL AND POLICY

Client-side access control enforcement using trusted computing and PEI models

Trusted Computing Use Cases and the TCG Software Stack (TSS 2.0) Lee Wilson TSS WG Chairman OnBoard Security November 20, 2017

Mobile Trusted Computing

Secure Sharing of an ICT Infrastructure Through Vinci

Cisco Desktop Collaboration Experience DX650 Security Overview

Establishing Trust Across International Communities

Binding keys to programs using Intel SGX remote attestation

Advanced Systems Security: Cloud Computing Security

HAROLD BAELE MICROSOFT CLOUD TECHNICAL CONSULTANT MICROSOFT CERTIFIED TRAINER. New protection capabilities in Windows Server 2016

The Smart Grid Security Innovation Alliance. John Reynolds October 26, 2011 Cambridge, Massachusetts

IMPLEMENTING MICROSOFT CREDENTIAL GUARD FOR ISO 27001, PCI, AND FEDRAMP

PRIMA: Policy-Reduced Integrity Measurement Architecture

Influential OS Research Security. Michael Raitza

Hypervisor Security First Published On: Last Updated On:

Software Licence Protection and Management for Organisations

How to create a trust anchor with coreboot.

Enhanced Privacy ID (EPID), 156

ING Public Key Infrastructure Technical Certificate Policy

Protecting your system from the scum of the universe

Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD

Credential Management in the Grid Security Infrastructure. GlobusWorld Security Workshop January 16, 2003

Semantic SOA - Realization of the Adaptive Services Grid

Bootstrapping Trust in Commodity Computers

CPS 510 final exam, 4/27/2015

INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD

TLS-ENFORCED ATTESTATION. A Project. California State University, Sacramento. Submitted in partial satisfaction of the requirements for the degree of

Transcription:

Outline with Trusted Computing Technology. Shiqun Li 1,2 Shane Balfe 3 Jianying Zhou 2 Kefei Chen 1 1 Shanghai Jiao Tong University 2 Institute for InfoComm Research 3 Royal Holloway, University of London 1st International Workshop on Critical Information Infrastructures Security

Outline Outline 1 Trusted Computing 2 Trust Requirement of 3

Outline Outline 1 Trusted Computing 2 Trust Requirement of 3

Outline Outline 1 Trusted Computing 2 Trust Requirement of 3

Outline Trusted Computing 1 Trusted Computing 2 Trust Requirement of 3

Overview Trusted Computing Definition Trusted Computing Group: A trusted system or component is one that behaves in the expected manner for a particular purpose. Deployment TPM (Trusted Platform Module) market saturation by 2010 - IDC. Processor support (Averill) tentatively - 2008. OS support - soon?

Overview Trusted Computing Definition Trusted Computing Group: A trusted system or component is one that behaves in the expected manner for a particular purpose. Deployment TPM (Trusted Platform Module) market saturation by 2010 - IDC. Processor support (Averill) tentatively - 2008. OS support - soon?

Overview Trusted Computing Definition Trusted Computing Group: A trusted system or component is one that behaves in the expected manner for a particular purpose. Deployment TPM (Trusted Platform Module) market saturation by 2010 - IDC. Processor support (Averill) tentatively - 2008. OS support - soon?

Overview Trusted Computing Definition Trusted Computing Group: A trusted system or component is one that behaves in the expected manner for a particular purpose. Deployment TPM (Trusted Platform Module) market saturation by 2010 - IDC. Processor support (Averill) tentatively - 2008. OS support - soon?

Overview Trusted Computing Definition Trusted Computing Group: A trusted system or component is one that behaves in the expected manner for a particular purpose. Deployment TPM (Trusted Platform Module) market saturation by 2010 - IDC. Processor support (Averill) tentatively - 2008. OS support - soon?

Outline Trusted Computing 1 Trusted Computing 2 Trust Requirement of 3

TPM support Measuring, Storing and Reporting Integrity measurement is the process of obtaining metrics of platform characteristics that affect the integrity (trustworthiness) of a platform; storing those metrics; and putting digests of those metrics in PCRs (Platform Configuration Registers). Storage has a double meaning in Trusted Computing. It refers to the intermediate step between measurement and report but also to the protection of keys and data with a TPM Integrity reporting is the process of attesting to the contents of integrity storage.

TPM support Measuring, Storing and Reporting Integrity measurement is the process of obtaining metrics of platform characteristics that affect the integrity (trustworthiness) of a platform; storing those metrics; and putting digests of those metrics in PCRs (Platform Configuration Registers). Storage has a double meaning in Trusted Computing. It refers to the intermediate step between measurement and report but also to the protection of keys and data with a TPM Integrity reporting is the process of attesting to the contents of integrity storage.

TPM support Measuring, Storing and Reporting Integrity measurement is the process of obtaining metrics of platform characteristics that affect the integrity (trustworthiness) of a platform; storing those metrics; and putting digests of those metrics in PCRs (Platform Configuration Registers). Storage has a double meaning in Trusted Computing. It refers to the intermediate step between measurement and report but also to the protection of keys and data with a TPM Integrity reporting is the process of attesting to the contents of integrity storage.

TPM support Remote Attestation Trusted Computing This is the mechanism through which a challenger can inspect a remote platform s state. Before a platform can attest to its state it must obtain a credential using either a Privacy CA or DAA based approach In either case the end result is the same. The platform obtains a credential (or a means of issuing credential like statements) that will be used to adduce current platform state.

TPM support Remote Attestation Trusted Computing This is the mechanism through which a challenger can inspect a remote platform s state. Before a platform can attest to its state it must obtain a credential using either a Privacy CA or DAA based approach In either case the end result is the same. The platform obtains a credential (or a means of issuing credential like statements) that will be used to adduce current platform state.

TPM support Remote Attestation Trusted Computing This is the mechanism through which a challenger can inspect a remote platform s state. Before a platform can attest to its state it must obtain a credential using either a Privacy CA or DAA based approach In either case the end result is the same. The platform obtains a credential (or a means of issuing credential like statements) that will be used to adduce current platform state.

TPM support Delegation and Certified Migration Delegation enables PCR constraints on delegated rights. Certified Migration permits secure transfer of migratory keys from one TCG compliant platform to another. The new platform has full usage of the migrated key.

TPM support Delegation and Certified Migration Delegation enables PCR constraints on delegated rights. Certified Migration permits secure transfer of migratory keys from one TCG compliant platform to another. The new platform has full usage of the migrated key.

Outline Trusted Computing 1 Trusted Computing 2 Trust Requirement of 3

Intel s La Grande, AMD s Presidio, ARM s Trustzone Protected Execution: Provides applications with the ability to run in isolated protected execution environments. Protected Input: Provides a mechanism that protects communication between the keyboard/mouse and applications running in the protected execution environments. Protected graphics: Provides a mechanism that enables applications running within the protected execution environment to send display information to the graphics frame buffer Protected Launch: Provides for the controlled launch and registration of the critical OS and system software components in a protected execution environment.

Intel s La Grande, AMD s Presidio, ARM s Trustzone Protected Execution: Provides applications with the ability to run in isolated protected execution environments. Protected Input: Provides a mechanism that protects communication between the keyboard/mouse and applications running in the protected execution environments. Protected graphics: Provides a mechanism that enables applications running within the protected execution environment to send display information to the graphics frame buffer Protected Launch: Provides for the controlled launch and registration of the critical OS and system software components in a protected execution environment.

Intel s La Grande, AMD s Presidio, ARM s Trustzone Protected Execution: Provides applications with the ability to run in isolated protected execution environments. Protected Input: Provides a mechanism that protects communication between the keyboard/mouse and applications running in the protected execution environments. Protected graphics: Provides a mechanism that enables applications running within the protected execution environment to send display information to the graphics frame buffer Protected Launch: Provides for the controlled launch and registration of the critical OS and system software components in a protected execution environment.

Intel s La Grande, AMD s Presidio, ARM s Trustzone Protected Execution: Provides applications with the ability to run in isolated protected execution environments. Protected Input: Provides a mechanism that protects communication between the keyboard/mouse and applications running in the protected execution environments. Protected graphics: Provides a mechanism that enables applications running within the protected execution environment to send display information to the graphics frame buffer Protected Launch: Provides for the controlled launch and registration of the critical OS and system software components in a protected execution environment.

Outline Trusted Computing 1 Trusted Computing 2 Trust Requirement of 3

Microsoft s NGSCB, OpenTC project Implementation of an isolation kernel that enforces domain separation. NGSCB - Microsoft s efforts in the area of Trusted Operating Systems. OpenTC - EU project for the development of an open source OS (amongst other things).

Microsoft s NGSCB, OpenTC project Implementation of an isolation kernel that enforces domain separation. NGSCB - Microsoft s efforts in the area of Trusted Operating Systems. OpenTC - EU project for the development of an open source OS (amongst other things).

Outline Trusted Computing Trust Requirement of 1 Trusted Computing 2 Trust Requirement of 3

Trust Requirement of needs trust environment is open and dynamic, devices and environment may be unknown to each other. Confidentiality, Integrity, Authentication, Authorisation... Mutual belief of behaviors as expected?

Trust Requirement of needs trust environment is open and dynamic, devices and environment may be unknown to each other. Confidentiality, Integrity, Authentication, Authorisation... Mutual belief of behaviors as expected?

Trust Requirement of needs trust environment is open and dynamic, devices and environment may be unknown to each other. Confidentiality, Integrity, Authentication, Authorisation... Mutual belief of behaviors as expected?

Definition Trusted Computing Group: A trusted system or component is one that behaves in the expected manner for a particular purpose. Transitive trust based on manufacturing process. Trust is established from code identities.

Definition Trusted Computing Group: A trusted system or component is one that behaves in the expected manner for a particular purpose. Transitive trust based on manufacturing process. Trust is established from code identities.

Outline Trusted Computing 1 Trusted Computing 2 Trust Requirement of 3

Controlling Access After Distribution There may be policies restricting use of confidential data Access control - based on proof of possession of a valid credential providing the capabilities. Control after distribution - based on proof of correct authentication data to a TPM.

Controlling Access After Distribution There may be policies restricting use of confidential data Access control - based on proof of possession of a valid credential providing the capabilities. Control after distribution - based on proof of correct authentication data to a TPM.

Controlling Access After Distribution Set-Up:Credential acquirement 1 Instructs TPM to generate non-migratable keys. 2 TPM creates a TPM Key specifying authorisation data and an acceptable platform state for it s usage. 3 Have this key certified by the TPM. 4 TPM returns the TPM Certify Info describing the certified key. Access Control Simple Challenge-Response based protocols incorporating credentials. TPM would unseal the encrypted document at any time provided the authorisation data is valid.

Trusted Printing Service Client requests server s attestation. Server checks the validation of the Client, responses with running integrity measurement and other necessary information. Client checks the response to assure the server s behavior, then send request.

Trusted Printing Service Client requests server s attestation. Server checks the validation of the Client, responses with running integrity measurement and other necessary information. Client checks the response to assure the server s behavior, then send request.

Trusted Printing Service Client requests server s attestation. Server checks the validation of the Client, responses with running integrity measurement and other necessary information. Client checks the response to assure the server s behavior, then send request.

Outline Trusted Computing 1 Trusted Computing 2 Trust Requirement of 3

Concluding points Trusted Computing could end up playing an important role in future architectures. Both from a hardware perspective and in establishing communicability infrastructure - Trusted Network Connect. Stable force of homogeneity in heterogenous environments. Perhaps not at the minor device level (Ubicomp in its truest sense) but more at the meta-interaction level performing abstract services.

Concluding points Trusted Computing could end up playing an important role in future architectures. Both from a hardware perspective and in establishing communicability infrastructure - Trusted Network Connect. Stable force of homogeneity in heterogenous environments. Perhaps not at the minor device level (Ubicomp in its truest sense) but more at the meta-interaction level performing abstract services.

Concluding points Trusted Computing could end up playing an important role in future architectures. Both from a hardware perspective and in establishing communicability infrastructure - Trusted Network Connect. Stable force of homogeneity in heterogenous environments. Perhaps not at the minor device level (Ubicomp in its truest sense) but more at the meta-interaction level performing abstract services.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback