Your SlideShare is downloading. ×
Wave Armed Forces Comm's & Electronics Presentation 8-12
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Wave Armed Forces Comm's & Electronics Presentation 8-12


Published on

Presentation on device, network & data security and new paradigms including trusted computing that substantially solve most current problems in cost effective manner. Wave Systems sells software …

Presentation on device, network & data security and new paradigms including trusted computing that substantially solve most current problems in cost effective manner. Wave Systems sells software solutions that enable and manage trusted computing hardware and applications help change the nature of how we can interact in the connected economy - phones, tablets, laptops, PCs etc.

Published in: Business, Technology

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Armed Forces Communications and Electronics Association (AFCEA) TechNet Land Forces East August 14 - 16, 2012 Plenary Address by Steven Sprague, CEO of Wave Systems Corp.Video: you and good morning everybody. Hopefully they’re going to put my slides up here. There we go. SoBecky referenced my cow story. On Memorial Day, we were, my – we live on a horse farm. Our next doorneighbor’s cows had escaped and we captured one in the pasture and we were chasing it around and it decided tohead butt me. And so, much to my children’s great entertainment I was dragged off to the hospital unconscious. Itwas brilliantly good fun. So now, anything I say I can blame on a cow for at least another six months or so. Butanyway. So we can – do I have the ability to move the slides forward? Can you just move…? Thank you.So maybe just a little background on who Wave is. We’ve been in this space for a really long time. And we’vebeen focused on how do we bring hardware security into the PC platform as a standard capability. And the problemwith hardware security is how do you get it built in. Because resetting all of the devices is a challenge. And soback now in 2000-2003, hardware security was standardized, and we’re on today over 600 million machines withindustry-standard security in the box. (Move to the next slide. [3])AFCEA TechNet Land Forces East Plenary Address, Steven Sprague 1 of 19Transcribed by C. Nerrie ( © 2012 Wave Systems Corp. All Rights Reserved. (
  • 2. But I thought the more interesting thing to discuss is we have a problem with cybersecurity today. We’re notseeming to make any progress. Almost every chart looks like that. It’s getting worse. Over time, the number ofincidents is going up. But if you look back in history there’s one place where we successfully licked the problem.(And if you click one forward.) [NOTE: Modified slide not available.] That’s the mobile industry in the mid-1990s. We need to make the cyber fraud curves look like that. So what did they do? They put hardware securityin every handset and eliminated cloning in the middle of the nineties, and fraud effectively went to zero. When youopen your cellular bill, and you look at the phone calls you made, if there’s an incorrect phone call, you believe thatit is a billing error not that it’s fraud. So this is only for calling and texting, this isn’t all of your mobile phone.There are other issues that have to be addressed with that. (You can move forward a slide. [4])But the interesting question is, “What’s mobile?” Because if we could do this for everything, it would be cool. SoI had a very entertaining time with this subject because: “Is it the size of the device? Is it that it has a keyboard?”If you read the current NIST specifications, it’s quite entertaining. They say that it is an operating system that isnot a full-fledged desktop or laptop. You should try that test on both the Android guys and the iOS guys. “Oh, soyou have an inadequate operating system. The Microsoft guys are real computers, you’re just like littlecomputers.” Well, that’s not true. Actually in the NIST definition it also says the microphone is optional, which Ifind very funny. So what is mobile? So I would argue that mobile (You can move one slide forward. [5])AFCEA TechNet Land Forces East Plenary Address, Steven Sprague 2 of 19Transcribed by C. Nerrie ( © 2012 Wave Systems Corp. All Rights Reserved. (
  • 3. mobile is a transition of the network architecture. This is probably out of all the things I’ll say this morning, onething if you take away, this is probably the most useful piece of information. It’s a transformation of a networkbased on connections to a network based on identity. What that means is, to use some examples: If I take thephone out of my house and I take it to your house and I plug it in, what’s the phone number? Well it’s your house’sphone number. On the other hand, if I take my mobile phone from my house to your house and I use it, what’s thephone number? It’s my mobile phone’s number. It has no basis on the connection. And yet all of enterprise is stillbuilding a network that’s based on the connection. You have to form the VPN, then you get your mail. Where witha mobile appliance, you just connect. It doesn’t care whether you’re on WiFi or 4G or DSL. And if you’redynamically moving between them, it’s able to maintain the session. So you get on your T-Mobile phone now,start a phone call on Wi-Fi, walk outside onto 4G and it just continues. That’s pretty tricky, but it’s done becausethere’s identity in the device. And so the device plays a huge role in the securing of the enterprise. (Move forwarda slide. [6])So how should you think of the enterprise? Think of the enterprise as its own little carrier. So actually DoD is likekind of medium size. You’ve got ten million endpoints. Ten million endpoints, you don’t even make it on page 1of the size of carriers on a global basis. Right? Ten million endpoints is a small country that you’re running as acarrier, and you’re delivering services. But a ten million system carrier today can tell you with 100% certainty allthe phones on their network. How are we doing at the ability to tell you all the machines on the DoD networktoday? Like, can I get a list in 15 minutes of all the machines on the DoD network? Verizon could print you a list.It might take longer than 15 minutes to print it, but they could print you a list of every Verizon phone authorized onthe network this morning. We can’t do that for the machines that are PCs. And so every device, in essence, needsits own SIM module because what we’re trying to do right now is build carriers with 1989 technology. We have nohardware security in the box and so we have this little cloning and fraud problem that’s going like this.There are other great examples. Like how much video theft was there in a DIRECTV set-top box global networkvs. how much video theft is there in Netflix? Well, Netflix is hugely – has a dramatically greater problem withfraud because we’ve entrusted security of the network to the user. And I don’t know about your kids, but my kidstrade Netflix passwords with everybody.AFCEA TechNet Land Forces East Plenary Address, Steven Sprague 3 of 19Transcribed by C. Nerrie ( © 2012 Wave Systems Corp. All Rights Reserved. (
  • 4. So what we need to do is we need to remove reliance for securing the enterprise from the user. If we can build anetwork where the network itself is secure, where the Information Assurance professionals are responsible forsecuring the network and we don’t have to train the users. So there are great examples of this. Anybody everwatch that program on how things are built on TV? It’s great by the way. They’re putting the hood assembly forsome car into a punch press machine. There’s not a big sign that says, “Do not stick your hands in the punch pressmachine.” No, they’ve handcuffed the guy’s hands to strings and when he puts it in and pulls his hands back likethis, it activates the machine. That requires a lot less training and you lose a lot less hands because you can’tactivate the machine unless you’re standing like this with your hands not in the machine. And certainly there arecases of people with duct tape that are modifying the safety guards. (Move to the next slide. [7])So thus was formed the Trusted Computing Group. The Trusted Computing Group is an industry standards body.It’s made up of over 130 companies today. And it sets the standards for hardware security within the device.(Move one more slide forward. [8])It has a very broad array of standards: standards in servers, standards in virtualization of TPMs, standards forTrusted Platform Modules, standards for mobile devices, standards for storage. And so it really encompasses avery broad array of standards within the infrastructure.AFCEA TechNet Land Forces East Plenary Address, Steven Sprague 4 of 19Transcribed by C. Nerrie ( © 2012 Wave Systems Corp. All Rights Reserved. (
  • 5. So one of the most important devices in the Trusted Computing standards body is the TPM. The Trusted PlatformModule is a little chip that sits on the motherboard of your computer, and we’re on like 90%+ of all DoD machinesdeployed worldwide today. Ninety percent of your coalition partners, 90% of NATO, 90% of your systemsintegrators, 90% of the hospitals on a worldwide basis have this in place. Why? Because we’ve shipped, asindustry, 600 million TPMs to date. And so 600 million is a big number. What’s intriguing is not very many ofthem are in use. You don’t think the device is important. Almost everybody says, “Any service, any time, anyplace, any device.” The “any device” is wrong. That’s putting a dollar on the table and investing in real networksand arguing that Apple is a bunch of fools and idiots. ‘Cause Apple said, “Any time, any place, anywhere, Appledevice.” So how much happier are the consumers with a device that’s magically managing all their access control?They’re pretty happy.So recently, one of the most interesting things that’s happened is Microsoft just made TPMs part of all theirWindows mobile strategy. A TPM is required for Windows RT, which means their ARM-based platforms have aTPM in them. And this has resulted in actually bridging the technology to ARM and the mobile phone players.And decisions are being made now as to how much security should be put in a cell phone that can be controlled bythe enterprise not just controlled by the carrier. You desperately need the ability to hold tamper-resistant keys inevery device that are under control of your enterprise. You’re not trusting Apple or trusting a carrier to provisionthe device for you. And it really is also the foundation of how you do Trusted Execution. How do you assure thatcode that runs in the machine is the code you expect?If you want to look at a little investment that’s been made in this: NSA spent the better part of a few millions ofdollars on doing High Assurance Platform. Underneath High Assurance Platform is a TPM providing the securityto the independent isolation kernels. So the goal is, “How do I make my cell phone at a consumer product level runHigh Assurance Platform for a buck or two.” That’s the goal. And we’ll absolutely get there. The technology todo that is there. And classified and unclassified is kind of fun and entertaining language. It’s the same as my kid’sPC and HBO. Same problem. I need to be able to assure that the content that’s leveraged is shared properly, can’tbe copied, and is under control of a licensing authority. So the coolest thing about TPM is you already deployed itand you already paid for it.[Minute 10:25]And so one of the interesting other challenges today in cybersecurity is, “How’s your budget going?” Not so good.Could we spend twice as much? Yes. But do we have twice as much? No. So you can do two things. You can doless or you can spend other people’s money. It’s much more fun to spend other people’s money. So how do youdo that? With industry standards. Industry spent $2 billion building this for you. Didn’t cost you a dime. Somaybe we should turn it on and use it, but it’s been an interesting and entertaining challenge. (Next slide. [10])AFCEA TechNet Land Forces East Plenary Address, Steven Sprague 5 of 19Transcribed by C. Nerrie ( © 2012 Wave Systems Corp. All Rights Reserved. (
  • 6. So today with Trusted Computing you have the hardware deployed, the tools are available. They’re only from acouple of different companies. We’re one of the vendors that supplies tools in this area. And what we really needis the economy to start. The broader-based use of this technology. It’s an industry standard. How many companiescan build tools for Trusted Computing? Everybody. You can build your own, you can buy tools from third partyvendors, you can get them from Microsoft or other OS vendors where they’re including TPM in the OS. It’sinfrastructure that’s already there.The other interesting aspect is, if I have 600 million TPMs and you call up Cisco and you say, “So, does your stuffwork with a TPM?” If they say “no” then they’re clearly ignoring the entire enterprise market because there are600 million PCs that could work with that Cisco equipment. And so, as we increase the usage of this, every vendorthat’s out there should be able to provide you with that little bullet point at the bottom of tear sheet #3 that says,“Works with and supports Trusted Computing.” And if today you’re a vendor building infrastructure in thecybersecurity space and you don’t have interoperability with Trusted Platform Modules, you should understandwhat its impacts are. So it’s one of the most effective cyber security tools ever deployed that’s been proven towork. Only known devices. Not any device. Not the special Russian computer you picked up at the mall withevery virus on the planet known as your kid’s laptop. Right? You don’t want to use that to manage the nuclearpower plant. It’s a bad idea. What you want to do is have known devices that are connected to the services. (Nextslide please. [11])AFCEA TechNet Land Forces East Plenary Address, Steven Sprague 6 of 19Transcribed by C. Nerrie ( © 2012 Wave Systems Corp. All Rights Reserved. (
  • 7. So the other interesting one is just economics. So there are some great examples of infrastructures out there withknown devices. I would argue that every major service-delivery network bar none has known devices in itsinfrastructure. How much do they spend? What do you think it costs Apple to manage an iPad? What’s Apple getfor what they pay? They get only five iPads on their iTunes account. 100% knowledge of machines. Only Applesoftware running on the Apple device. They have hardware Digital Rights Management if you wanted to use it forcontent protection in the Apple device. Our guess is they’re spending about $20 a year at iTunes to manage all theiPads per iPad. Lifecycle management of the device. Now they’re a single organization, it’s fully controlled, it’sall contained. One would spend more. But should we be spending 200 times more or 20 times more or 3 timesmore? It’s a really interesting context. Verizon spends even less to manage the phones on its enterprise network.How much does DoD spend? And what do we get? So again, can we print a list of all the devices? Is it one ofyours? We don’t know. Is HBSS running? Can you prove it? Like mathematically prove HBSS is running onevery machine? Not so simple. Does the machine have data-at-rest encryption before I send you the file with allthe sensitive information in it? How do you know if you didn’t check to see if it was one of your machines? Evenif I have a policy that says “every machine must have data-at-rest.” Do we ever get to 100% saturation to everymachine? No. This machine might have been accidentally provisioned without it. How do I know? How do Icheck? Has this machine been patched? This is where we’re having the problems. We’re not having the humansget viruses, although I have a cold today so clearly somebody gave me a virus. I think I can blame it on mychildren. (Next slide. [12])So in leveraging the device not the user, I can do interesting things from a policy perspective. I can make thedevice safe to lose. How do we do that? By putting hardware security in the box. One of the other standards out ofTrusted Computing is the standards for self-encrypting hard drives, and I’ll talk a little bit about them becausethey’re a great little microcosm of the benefits both economically, technologically, and the benefit of a group ofpeople getting together to drive a standard as opposed to buying proprietary one-off solutions. So the Opal standard– Opal doesn’t stand for anything – is the standard for how hardware security is done inside an encrypted harddrive. And so it really defines how do I provision the user, how do I de-provision the user, where do I keep keys,etc. And we’ll talk a little bit more about that.The other piece is, “How do I assure the integrity of my device?” So if I have a PC and I turn it on, what softwareis it running? ‘Cause it would be really cool if we knew what software it’s running. And so TPM plays anabsolutely critical role in measuring the assurance of the pre-OS environment, and that builds a stack up into theoperating system and then ultimately the applications. And whether you measure it with a TNC, or TrustedNetwork Connect-type infrastructure, or you can measure it with a cloud service, literally with a device identityserver. Doesn’t matter. They’re just different mechanisms to check the integrity of the device. (Next slide. [13])AFCEA TechNet Land Forces East Plenary Address, Steven Sprague 7 of 19Transcribed by C. Nerrie ( © 2012 Wave Systems Corp. All Rights Reserved. (
  • 8. So lets talk a little bit about self-encrypting drives. This is a technology that has been broadly available since 2009.Every drive manufacturer makes it. You have Toshiba, Fujitsu, Hitachi, Samsung, Western Digital, Micron,Seagate, Intel, Sandisk, etc. Industry-standard, vendor-neutral, in every box. Same thing. Interoperability testinghas gone really well with it. They have their own processor and RAM. They run just as fast as the hard disk runs.There’s no performance impact. The encryption keys are permanently stored in the drive controller. There are nokeys to lose or manage. You’re managing access control to the drive, not keys. It has always-on AES encryption,some of the drives are FIPS-approved. It supports standard SATA interfaces. I can re-image a computer withoutturning off the encryption. Because it’s just a normal drive, so I have no cost in removing the encryption, re-imagethe computer, put the encryption back.And there’s this little minor technical detail, which is just a technology concept, that in a solid state drive, softwareencryption and delete don’t work very well. And the reason is is because inside a solid state drive there are five orsix copies of your data. And with the five or six copies of your data – Micron did a demonstration two years agowhere they did a full DoD wipe of a solid state drive and then did 85% recovery of the data that was on the drive.Because the data was still there, it just moved all the pointers around. And so, as you move forward and you buysolid state drives, which are really cool – they’re the best performance thing you can add to a PC – you really wantto make sure that they are Opal-compliant solid state drives so you can do a crypto erase. (Next slide. [14])[Minute 18:00]AFCEA TechNet Land Forces East Plenary Address, Steven Sprague 8 of 19Transcribed by C. Nerrie ( © 2012 Wave Systems Corp. All Rights Reserved. (
  • 9. And all the major OEMs have solid state drives – or have self-encrypting drives – available today. So some peoplelook at it and say, ‘Yeah, but I don’t want to spend $5 or $10 extra for encryption for my machine.” Because it’s anindustry standard and because it’s been implemented and because it has better performance characteristics, it’sactually the cheapest solution you can buy in data-at-rest even if you assume Microsoft BitLocker is free. Becauseit turns out – when we were kids and your mom gave you some money to go buy a laptop and you had a choice tospend an extra hundred bucks on the Nvidia card or a hundred bucks on the hot smokin’ Intel processor, which didyou buy? Why you bought the graphics card because your games ran faster. Everybody knows that.So it turns out if you’re required to have encryption and you buy encryption built-in in hardware and it runs faster,it’s cheaper to buy a self-encrypting drive than two gigs of RAM. And the computer’s faster. A two gig machinewith a self-encrypting drive is faster than a four gig machine with BitLocker. And cheaper. But hey, let’s deployBitLocker because we got extra money. Cause the budget’s overflowing with extra cash and we just want tosupport the thing that comes in enterprise software for free because we believe it to be free, but nobody actually rana performance test. It’s also invisible to the end user.So there’s a very interesting business model here to look at: industry-standard built-in security. How many peoplehave duct taped air bags to the front of their car? Nobody. No, it comes built-in. We send it off for crash testing.There was a whole thing about the other day of off-set crash tests. We want other people running off-set crash testson our car telling us which car is safer. That’s cool. That’s certification. That’s actually much better certificationthan just a government test. Because an independent lab spent their money, published in Consumer Reports, andyou know you should buy a Volvo now instead of a Mercedes because it’s supposed to be safer.So it’s an interesting aspect of how do we procure technology with built-in security. How many people have IA incharge of hardware commodity buy? Nobody. Whoops. You’re doing the safety tests after you buy the car.That’s the problem. If the security’s built-in, you don’t want to be adding seat belts after the fact. You want thembuilt in to the car with good engineering from the ground up. (Next slide please. [15])AFCEA TechNet Land Forces East Plenary Address, Steven Sprague 9 of 19Transcribed by C. Nerrie ( © 2012 Wave Systems Corp. All Rights Reserved. (
  • 10. So I put a couple of slides up just for fun. We’ll only spend a second on these. See the blue lines? That’s the drivethroughput, regular hard drive / self-encrypting drives. See the red lines? That’s software encryption. (Next slide.[16])Time required to encrypt the drive. See the top line, there’s no bar. That’s because you never have to encrypt aself-encrypting drive, it comes encrypted from the factory. It takes zero seconds. You’re provisioning user accesscontrol. The other one takes a couple of hours and the bottom one there took 24 hours for a 500 gig drive.Everybody got an extra 24 hours every time you re-image a computer? And time to return from hibernate. Howmany people are walking around with their laptops open because it takes too long to reboot the machine? Right?You’re like under 20 seconds to reboot a computer in DoD, right? No. You’ve got all sorts of stuff that’s running.So, let’s build it in. We added, with self-encrypting drives, two seconds to the boot time in this process. (Nextslide please. [17])AFCEA TechNet Land Forces East Plenary Address, Steven Sprague 10 of 19Transcribed by C. Nerrie ( © 2012 Wave Systems Corp. All Rights Reserved. (
  • 11. This one is my favorite one. This is independent data research. So the first is (and then you can just build the slide)hard drive with software FDE, hard drive with self-encrypting drive, solid state drive with software FDE, and solidstate drive with self-encrypting. It’s just entertaining the fact that their independent research came out with thesame number for a Seagate drive with self-encryption vs. a solid state drive. Now this, to be fair, is for heavyread/writes, this is your full data throughput. But you spent like $100 extra to get all that stuff to the right there. Orat least it’s my right, your right too. (Next. Click one more. So anyway, next slide. [18])So what’s really fun about a self-encrypting drive: it’s not about the encryption. That’s actually not really what thetechnology does. Yes, it happens to do encryption. It’s the primary medium-assurance hardware mechanism tobind a user to a machine. Let me say that again. It’s the primary mechanism to bind a user to a machine at amedium assurance level. So what happens now when I unlock my machine in a pre-OS environment – there’s noOS running, it’s on the drive – I’m supplying the user credentials to unlock the drive and I can do it with a CACcard.You want to try and watch that process? It’s really, really hard. If I complement it with BIOS integrity, I have aTrusted Execution Environment with measured software in a pre-OS environment with no OS running, allowing meto bind the human to the machine. You can’t phish it. That’s cool and it comes for free. It’s always encrypting. Ican re-image the computer in the field and it’s always encrypting. I could actually give the ability to turn offencryption to three people in an enterprise of 100,000 because the day-to-day system test guys and system rebuildAFCEA TechNet Land Forces East Plenary Address, Steven Sprague 11 of 19Transcribed by C. Nerrie ( © 2012 Wave Systems Corp. All Rights Reserved. (
  • 12. guys do not need to have the tools to turn off encryption. They don’t have to be part of the equation, they don’thave to be trained, they don’t have to be watched. They just have to rebuild machines. All machines are alwaysencrypting.Also, do you really want encryption or do you want proof the device was encrypted when you lost it? YourCommanding General or your legal department – it doesn’t really matter who you are – the only thing they want toknow is, “Yes we understand you left the laptop at the restaurant last night. It was a great time at AFCEA, and youleft your bag under the table and poof. What was on it? Oh, all of the secret plans for the thing we were going tobuild. Cool. Was it encrypted?” If you can’t answer that question of “was it encrypted,” if you have no evidenceof that encryption process, then you have to assume it wasn’t encrypted when you lost it. So proof of encryption isactually really, really, really important. What’s interesting to me: no one tests that. Everybody wants to know howit’s installed, everybody wants to know how it’s managed, everybody wants to know what strength the encryptionis. No one has yet called the legal department and said, “Here’s the evidence that it’s encrypted. Would this meetthe minimum requirements for data-at rest?” I just find that funny. That’s actually the thing we’re trying to buy.Millions and millions of dollars have been spent, nobody tested the product. It’s actually quite easy to buildmachines that are encrypted. (So let’s move to the next slide. [19])But ultimately this is a cheaper, stronger, better, faster solution.[Minute 25:30]So the nice thing about standards is standards get absorbed by others and then they write more standards around it.So last year NIST published 800-147. It’s now required on 100% of machines acquired by DoD. What is it? It’sthat the BIOS is done in such a way that it can be measured. Now in draft form is NIST 800-155, which says,“Now that I have something to be measured, we should collect the measurements.” So it’s great that it’s self-test,let’s collect the self-test and determine whether the machine booted correctly in the morning. So both of these areexisting. One is in draft form, I think it’s going to be published very soon, and the other one’s already part ofprocurement strategy. (Next slide. [20])AFCEA TechNet Land Forces East Plenary Address, Steven Sprague 12 of 19Transcribed by C. Nerrie ( © 2012 Wave Systems Corp. All Rights Reserved. (
  • 13. So let’s talk a little bit about BIOS integrity. At the end of the day, the first thing you’ve got to do is deploy yourTPM, put a key in it. That gives me device identity. Then I can start to monitor that endpoint and understand howdo I assure that this machine booted the way I expected it to be. (Next slide. [21])So we’ve built a product that today, what it does is a very simple thing. It just goes out on the network, checks theidentity of all the machines, and every morning when every machine boots, it collects the integrity informationfrom the BIOS. Doesn’t do anything with it, just collects it. Because we’re not really ready to do anything with it.It’s kind of like putting smoke detectors throughout an entire building when you’ve never tried smoke detectorsbefore. Don’t hook them to the fire department on the first day. Hook them to a light or a buzzer so that when youdiscover that if you’re cooking French fries and there’s smoke going up to the kitchen, that all of a sudden therearen’t 27 fire trucks parked outside going, “What’s going on, dudes?”It takes some time to understand how we’re going to use this and what it even means. The ability to collectinformation about every machine is really intriguing ‘cause now I have a list every morning of every machine onthe enterprise and the health of its BIOS. First step: known devices. Then we’ll integrate health. So I had a veryinteresting experience. We built this little product and we built self-encrypting drive management, all this kind ofstuff, and it turns out that when you turn on and off locking of a self-encrypting drive, it changes the BIOS integritymeasurement, so we use it as a demo. Push the button, and lock the drive, and then you reboot the computer andyou can see that it changed. And what I enjoyed about this experience was, the first time I saw it we realized weAFCEA TechNet Land Forces East Plenary Address, Steven Sprague 13 of 19Transcribed by C. Nerrie ( © 2012 Wave Systems Corp. All Rights Reserved. (
  • 14. didn’t know a thing about what we were talking about. So what did we learn? We learned it’s not about health, it’sabout confirm.So what should we do? We should hook the system that says “lock drive,” lock the drive, and hold the transactionpending. Then when that machine reboots and we measure the alteration of the BIOS integrity through a second,independent hardware security system, we get a confirm. And now for the first time ever, you have a dynamically-managed endpoint device where I got confirmation of the management transaction. So instead of mailing Grandmaa check and I have no idea whether she got it, I sent her a wire transfer with an ACH confirm. That’s cool. But it’sgoing to take a while for everybody to figure that out, but this is the beginning of how we would do standards-basedconfirmation of known endpoint configuration of all machines.So you want this in every management console you buy today. You’re not asking for it yet. If you started askingtoday, in five years you could have it for free. This doesn’t incrementally increase the cost of your endpointmanagement by a lot. It should be incorporated in the price you’re already spending. (Next slide. [22])So I put this up there. This is actually stolen from a slide from Microsoft. This is Windows 8 Malware Resistance.And what it does (I think it builds a little bit, just click a little bit. I didn’t animate this as well as I would haveliked to. One more click.) Anyway, what happens is it does a UEFI boot and measures the TPM. (Next click.)Then it goes to Windows and it measures the Windows OS kernel. And so this actually completes the picture. InWindows 8 you’re going to get UEFI boot, measured OS, and measured third-party malware components. Andthen they report to that little attestation (Push one more click.) – that little attestation service was the previous slide,which tells me that this actually happened. So TPM is an integral part of Windows 8. Are you ready? No, you’renot going to deploy Windows 8 for two or three years. Cool. It’s going to take you two or three yeas to turn on theidentity in 100% of all your machines.We just completed a pilot, or we’re in the final stages of a pilot, at NSA. Guess what the #1 thing we learned in thepilot was. You’re going to love this. It is way cheaper to turn on the TPM before it’s deployed as opposed toautomatically turning it on in the network. Guess what the second really funny thing we learned is. This is BIOSintegrity; you have to reboot the computer. The network they put us on never turns the computers off. So we senta message out and said, “Please reboot your computers.” Couple hundred machines. Next day, 25 machinesrebooted. Those users are so compliant. All they had to do was turn the thing on and off. It was really good fun.So don’t rely on the users to reboot your machines. It’ll actually turn out at the end that if they were to turn themachines off at 6 o’clock at night and turn them on in the morning, that the power savings over a one-year period oftime would completely pay for the infrastructure that they deployed, so maybe we should just turn the machines offat night. That actually would be really cool. (But anyway, next slide. [23])AFCEA TechNet Land Forces East Plenary Address, Steven Sprague 14 of 19Transcribed by C. Nerrie ( © 2012 Wave Systems Corp. All Rights Reserved. (
  • 15. [Minute 31:00]So I put this in there – I don’t expect everybody to fully understand this next train of thought – but I want to say it.Here’s the ultimate PC today in consumer PC. And I could replace user login with a CAC card as well. Do thesame thing. So BIOS integrity management first. Ensures the integrity of the BIOS. Then I load a self-encryptingdrive. Then I log the user in, without network connectivity, to authorize the user on that machine in a secureTrusted Execution, pre-OS BIOS. Because it’s measured and verified and incorporated as part of the driveauthentication. If the BIOS changes, you will not log in to that machine.Then I run Microsoft Direct Access. Microsoft Direct Access is enormously cool because it turns my PC into amobile device. This is before the user logs in, I form a connection back to the enterprise. It’s a policy-managedmachine, held by the TPM as my mechanism for identity, and Direct Access. So I have a SIM module, and analways-connected machine. If it’s got on the IP network, it’s on my domain and it’s policy managed. Then I logthe user in and I can do it with a smartcard or I could use the TPM as a virtual smartcard. And so a consumerenterprise, my employees have no domain credentials.Now, I did these in two colors on purpose because NSA tells you if you want to do Top Secret you should havedual independent systems that are Commercial Off The Shelf technology in order to combine the threat vectors sothat if I have a 10% chance of compromising this and a 10% chance of compromising that, actually I have a 1%chance of compromising both or even better. The light blue is TPM, the dark blue is self-encrypting drives. Youhave two independently-sourced, independently-manufactured, independently-generated hardware security chips,Commercial Off The Shelf, under $10 in cost, gives you the highest assurance authentication to a machine. Youcan’t phish that user. That user has no credentials. (Next slide. [24])AFCEA TechNet Land Forces East Plenary Address, Steven Sprague 15 of 19Transcribed by C. Nerrie ( © 2012 Wave Systems Corp. All Rights Reserved. (
  • 16. So what’s the challenge? How many people have 1,000 seats deployed? Nobody. There’s 600 million devices,I’m on 95% of all your network endpoints. You have no experience. Go play. Find some project, turn it on.PriceWaterhouse turned it on for WiFi and VPN. 132 offices worldwide with three guys, 90,000 machines, andabout a year project. They have no credentials for WiFi. Very cool. Industry-built self-encrypting drives. Howmany are deploying self-encrypting drives today? No, you’re all deploying BitLocker. But you have extra cash soit’s not a problem because BitLocker is more expensive and lower performance. So it’s an interesting challenge.These are industry-standard, vendor-neutral technologies. Now, you can buy SEDs off, for example, the U.S. ArmyCHESS program. They’re an option. They’re available for deployment today. And slowly but surely they’regetting mandated because you shouldn’t buy solid state without Opal. If you look, I think coming in the fall you’llsee solid state requiring Opal in those commodity programs.And so the early value in this is it lays the foundation for stuff you want to do. The big problem is you want to getall the way to here but you haven’t built the foundation yet. You need device identity, you need to know yourdevices before you can manage the integrity of your device. You can’t do integrity first without knowing thedevice. (Next slide. [25])AFCEA TechNet Land Forces East Plenary Address, Steven Sprague 16 of 19Transcribed by C. Nerrie ( © 2012 Wave Systems Corp. All Rights Reserved. (
  • 17. So a final piece of the puzzle. This is just a list, I’m not going to read through it, of the Trusted Computing usecases for mobile. It’s a fun list. (Next slide. [26])This is the architecture for Trusted Platform Module in an ARM smartphone. Because Microsoft has put thetechnology into the Microsoft mobile products, we’re now getting it built in to all the major device manufacturers,in through their silicon. And so within 2013 we’ll start to see broad availability of smartphones with TrustedPlatform Modules on them. Ask for them. Define the minimum requirements of what you need in hardware. Myconversation with people like Samsung is, “Oh, they don’t need hardware, we’ll just emulate the TPM in software.”Really? How do you feel about that? Want to take the fundamental security component of the entire security ofyour enterprise mobile network and move it to a virtual software image? (So last slide. [27])Time to start. Come play.AFCEA TechNet Land Forces East Plenary Address, Steven Sprague 17 of 19Transcribed by C. Nerrie ( © 2012 Wave Systems Corp. All Rights Reserved. (
  • 18. This is, and will be, the most important technology in the next decade. Why? This is the set-top box for cloudservices. This is how you assure that only DoD machines are connected to that service. This is how you can run aTrusted Execution Environment to do secure information sharing because you need a conditional access system inthe box. You don’t know how to build one today.I’m doing a little entertaining thing in social media encryption which is really great fun. But what we’re doing isencrypting messages on Twitter. One of the top important messages from the U.S. government is “spectraldominance.” Right? Cool. Anybody in here sent an encrypted message on Twitter yet? Because Twitter’sspectrum. It’s really interesting spectrum. In Egypt when they shut down everything, it turned that the one thingthat was left was Twitter. It’s just messages. You can get little cigarette boxes from all the big guys in systemsintegrators, right, that will make you a high assurance little box that will secure a link. We can get a Type 1encrypted link. Can you send me a Type 1 encrypted Tweet? And why not?So the network is moved up a level. It’s moved from protecting links to protecting identity and infrastructure. Thisis how we go build the next generation of network sharing, where I have assurance of both the creation of thecontent and the consumption of the content. What happens in the middle is irrelevant. But if you look at last year’sbudget, you spent 25% of your budget on securing the network. The network’s irrelevant if I encrypt all theTweets. It’s not entirely irrelevant: Transmission is really important, quality of service is really important.Content inspection? Well the content’s encrypted, you can’t see it. This is the beginning of getting towards thatmodel, but before I can do that I have to get to a known good executing device in which I can run an isolationkernel or a bare metal hypervisor for my VM or whatever on running on known devices. You can’t run a thin clienton anybody else’s machine: It’s a special Russian computer that automatically sends everything on that thin clientto Russia or China or the guys in Ohio. It doesn’t really matter who’s trying to hack the network.So I’ll leave you with this final concept. Only Known Devices. It’s the one thing that we do. It’s a simpleconcept. It’s a simple policy. It’s not so simple in its execution. But Only Known Devices is how all the majorglobal enterprises secure their services network.With that I’ll stop. And I’m sure there’s a couple of minutes for questions. And I’m around after this. So thankyou.[Minute 38:30] [Q&A]Q. Thank you. Our first question: we’ve heard that TPM is coming to handheld computers like smartphones. Isthere a current roadmap?A. So there is. I would say it’s balanced in the concept of demand. And this is where I think people need to beclear in asking for it, as well. So Microsoft’s built it in to all mobile. So this fall you will have tablets and phoneswith TPMs, running Windows RT. It’s why Windows 8 doesn’t run on the Nokia 7.5-compatible phone: it doesn’thave a TPM. And so it plays a very important role in assuring the Microsoft integrity. Google has secured Chromewith TPM, the Chrome operating system. And it’s in all the Google Chrome laptops.There’s a very broad set of conversations. I would say 2013 we’ll see devices. Samsung’s building chips today,Qualcomm is, so are a number of other manufacturers – that have TPM functionality. But I think we need to beclearer on our needs and requirements because you want them in every device. Instead we’re still sort of messingaround with what mobile device management is. It’s – there is no such thing as mobile. Get that out of your head.There’s no such thing as mobile. It’s a change in network architecture, not change in the device. Like wipe. Can Iwipe a laptop? Does that give me data-at-rest? Can I wipe a laptop? No. Doesn’t give me data-at-rest. So why is100 MB laptop storage not the same as a 100 MB iPad storage? Where’s the encryption? Anyway. Next question.Q. Thank you. Are there any downsides to TPMs other than cost?AFCEA TechNet Land Forces East Plenary Address, Steven Sprague 18 of 19Transcribed by C. Nerrie ( © 2012 Wave Systems Corp. All Rights Reserved. (
  • 19. A. So I don’t think cost is the issue. I think the challenge is is that you actually have to manage the device. Theearlier you think about that process, the better off you are. The fundamental downside is you are binding thedevice so therefore I can’t just walk up to any Greek cyber café, supply my smartcard and type in the targetingcoordinates. Probably a bad idea to begin with. Because the concept of “any device” is a false concept. And so Iwould argue that the benefits today outweigh the management costs of “how do I provision the machines withidentity?” You’re spending way more watching all the traffic because you have no knowledge of the machines.Q. In your opinion, what is the best solution for identity management? DoD is moving toward a CAC card. Is thisthe direction that best supports the future?A. So. Let’s look at the kids. The kids have one of these, right? So let’s fast forward a decade just to make it longenough that we can really look at kids. So. The kid decides to join the Army. How’s he get to base camp? Well,he’s going to leave his house, he’s going to pay for the taxi ride with his phone. Then he’s going to get to theairport. He’s going to check into his flight with his phone. He’s going to get to the airport where he gets to, he’sgoing to get on the bus and pay for his bus pass with his phone, and he’s going to have bought a coffee, a bag ofchips, two sodas, and a Gatorade along the way with his phone. Then he’s going to stand in line and they’re goingto hand him a CAC card. And there’s no damn slot.By the way, on the plane and the train, he’s going to have bumped phones with all his recruits so when he arriveseverybody else who was going to boot camp has already formed a completely self-formed social securedcommunications network on their phone. And if you had TPMs on all the phones they’re doing AES 256 cryptowith every single call on a unique key session automatically managed by a central server doing classified-levelsecured communication. On the bus! And you’re going to give him a card. Where’s the slot? So I would justargue that “make this the card.”So check your rules because you can’t make this a FIPS 201 compatible device today because in FIPS 201 thesmartcard guys put in a little line that says, “the primary authentication identity credentials must be separate fromthe device that uses it.” Really! Well, you don’t have a secure reader so it doesn’t actually matter. By the way,you have no secure PIN entry so the thing’s pretty hokey compared to a payment terminal in Europe. You could,with Trusted Execution in this, have an assured ARM Trust Zone PIN entry pad that would assure that the PINswhen collected on this device are securely supplied only to the credential held in this device so this will be, andprobably is today, more secure than the CAC card you have today. But let’s give them a card.So I don’t know what the plan is. It just seems to me that we have – we’re reading about the plan in The New YorkTimes but when we get on down on the ground and we have an identity conference about it, everybody wants toknow where it is.By the way if I had your identity credential in a phone, doesn’t that make every phone a secure reader? Oh, that’sreally cool. So now I could identity-proof you by having you bump your phone with my phone or send me amessage or a proximity-based message, and your picture comes up on this in a trusted manner because this is anauthorized terminal allowed to check to see whether you are or are not on the list.I think it’s a simple question. The answer is “the phone is the credential.” Do I also want a CAC card? Sure. Itfits in my wallet way better than my phone. So the real thing I think you got to focus on is a transition that says,“I’m going to have more than one credential that represents me.” That’s the really big change. I’m going to haveone in my phone, one in my computer, one in my car, one in …. I want them everywhere so I can assert myidentity when I need to.I think we’ve used up our time.Q. Thank you.A. Thank you very much.AFCEA TechNet Land Forces East Plenary Address, Steven Sprague 19 of 19Transcribed by C. Nerrie ( © 2012 Wave Systems Corp. All Rights Reserved. (