Abbie Barbir Tcg Final
Upcoming SlideShare
Loading in...5

Abbie Barbir Tcg Final



Securing Platform and Trusted Computing Model

Securing Platform and Trusted Computing Model



Total Views
Views on SlideShare
Embed Views



1 Embed 1 1



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Abbie Barbir Tcg Final Abbie Barbir Tcg Final Presentation Transcript

  • Securing Platform and Trusted Computing Model Abbie Barbir, Ph.D Web Services and Security Advisor Nortel
  • Objectives of this Presentation
    • Provide an overview of “TC” and my impressions of some of its pros/cons
    • Initiate a discussion (within ITU-T) as to what role/value this type of approach has in secure solutions
      • Identify challenges / areas for further study ?
  • Technology History
    • IBM pioneered technology (early 1990’s)
    • Founded Trusted Computing Platform Alliance in 1999
    • TPM 1.1b spec released early 2002
    • Trusted Computing Group Formed in April 2003
    • TPM 1.2 specification released February 2005
    • In 2004, IBM, Intel, and NTT DoCoMo submitted a set of Trusted Mobile Platform specifications defining security features for mobile devices has been released for public
      • Provides comprehensive end-to-end security architecture for mobile wireless platforms
    dates View slide
  • TCG Trusted Computing Basic Concepts
    • A trustable platform is one that behaves in the expected manner for the intended purpose (e.g. from point of view of IT manager)
    • Achieved through the following technology
      • Platform Authentication and Attestation
        • Identify the platform and its properties to a challenging party
      • Platform Integrity Reporting
        • Ability to query and report on a platform software state in a reliable manner
      • Protected Storage
        • Protect secret data against subversion
    dates View slide
  • TCG Roots of Trust
    • Trusted Platform Module (TPM):
    • Root of Trust for Reporting
    • Tamper resistant
      • RSA (default keys 2048 bit)
    • Stores Platform Measurements
      • Platform Configuration Registers (PCR)
    • Signature key reports on PCR contents
    • Random Number Generator
    • SHA-1 Hash Computation Engine
    • Nonvolatile memory
    • Serve as an anchor for a certificate verification chain
      • Third parties can rely on this trust
    • Core Root of Trust for Measurement
    • (CRTM)
    • Code that executes at boot time
      • Example: Bios
    • Trusted to properly report to the TPM on the software that executes later
    • Only authorized entities can rewrite the CRTM
    Hash CPU NV-memory RNG key generation Memory Digital signature & RSA Crypto I/O MAC PCR
  • Attestation Feature
    • Attestation creates a shared secret between the application and remote party
      • Prevents session hijacking
    • Attestations are digitally signed
      • Using various TPM/Platform bound CAs
    • Each layer of the platform is checked
      • Hardware attests what operating system is booted
      • OS attests on which applications it requires a key for
      • Report on the value of the PCR
      • Uses a challenge-response protocol
    dates Server TPM Nonce Sign (nonce, PCR,..,log), Certificate ID
  • Trusted Network Connect (TNC)
    • Network Access Control
      • Integrity
        • Access device is healthy
      • Identity
        • Tied to TPM identity
    • Endpoints Security Policy
      • Protective S/W configured properly
      • Allows authorized users (Strong Identity)
      • Network Access policy compliance
    • TPM functionality to thwart attacks
      • Hardened client
    • Access Authorization dialog
      • 802.1X/ EAP Access
    • TNC dialog protected
    Access Requester (Client) Dialog TNC Transport TNC Client TCG Integrity Measurement Access Server TCG Integrity Measurement PEP/PDP TNC Server
  • Security Design Principles dates
    • Least Privilege: Each principle is given the minimum access
    • needed to accomplish its task
      • Keep the Trusted Computing Base small
        • OS parts that ensures proper system functioning
          • e.g., the OS Kernel & Hardware
    • Current trends
    • Today’s systems are large
      • Win2k OS is over 50 MB
    • Software is continuously updated on users devices
    • A hacker is your next door neighbor
    • May need to depend on infrastructure for trust
      • TPM part of a small Kernel
        • Today may be ideal for Mobile Devices
  • Secure Computing Challenges 1/2
    • Security for whom ?
    • Can TCG solve SPAM, Malicious code etc.
    • TPM is a cryptographic co-processor , with some trust anchors (issuer certificates) and private keys “wired in” at the factory
      • Various cryptographic smart-card technologies, in both PCMCIA and ISO-7816 packaging have been around for nearly a decade
        • Such technology has not measurably improved security
    • How much TCG will improve security in the real world?
  • Secure Computing Challenges 2/2
    • In TCG TPM acts as a notary
    • In real world, a notary issues a special type of signature and seal on a paper document merely attests to the existence and superficial contents of the document
      • Notary seal cannot make any attestations to the underlying truth of the document
      • How can we enable the TPM to verify the underlying truth of statements that are handed to
    • To improve the value of the attestation feature
      • Do we need to have a small secure operating system, and application software that is moved into the TPM, and fixed at the factory
  • Possible Study Items
    • Security is about risk management
      • Can we have a systematic approach for identifying un-trustworthy devices in a TCG environment
    • How does TCG relate to Firmware in devices
      • Would TCG force hackers to target Firmware instead of software
    • It is all about NEAT : Non-Bypassable, Evaluate-able, Always Invoked, and Tamper-Proof 1
  • Conclusions
    • Trusted Computing offers some good features
      • Secure Data
      • Secure Boot
      • Endpoint Security
      • Binding of trusted physical identity allows trusted network identity
      • Great forces behind it
    • An interesting topic to follow
  • Acknowledgment dates
    • Many thanks to my colleague Marcus Leech for his valuable input and insight that helped make this presentation possible.
  • Q and A dates
  • References dates
    • Anderson, J. P., Computer Security Technology Planning Study , ESD-TR-73-51, ESD/AFSC, Hanscom AFB, Bedford, MA, October 1972
    • Trusted Computing Website
    • Trusted Mobile
    • Security Solutions