the rise of standards in security
DESCRIPTION
The Rise of Standards in Security. Roger L. Kay Founder and President [email protected]. Agenda. Why standards? Arguments against Arguments for Examples of major deployments TPM forecast Conclusions. Why Standards?. Most important is universal agreement - PowerPoint PPT PresentationTRANSCRIPT
![Page 2: The Rise of Standards in Security](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56812e45550346895d93d440/html5/thumbnails/2.jpg)
Agenda
• Why standards?
• Arguments against
• Arguments for
• Examples of major deployments
• TPM forecast
• Conclusions
![Page 3: The Rise of Standards in Security](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56812e45550346895d93d440/html5/thumbnails/3.jpg)
Why Standards?• Most important is universal agreement• Trusted Computing Group (TCG): best overall
technical solution with broad backing• Microsoft — BitLocker• Intel — Core logic?• Long list of OEMs and applications
– Acer, ASUS, Dell, Gateway, Fujitsu, Lenovo, HP, Intel, Mitsubishi, Motion, MPC, NEC, Samsung, Sony, Toshiba
– white box, gaming, hard drives, embedded
• Mostly commercial notebooks for now
![Page 4: The Rise of Standards in Security](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56812e45550346895d93d440/html5/thumbnails/4.jpg)
Two Arguments Against TCG
• System dynamics do not promote development– No user pull; all vendor push
• Shipments ≠ Deployments– Ecosystem doesn’t exist to support broad usage
![Page 5: The Rise of Standards in Security](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56812e45550346895d93d440/html5/thumbnails/5.jpg)
Natural Selection
• What good is half a wing?– Insects, pterosaurs, birds, bats developed flight– A fin is a limb is a wing– Scales to feathers: warmth, display, protection, stealth– Answer: gliding — squirrel’s tail aids jumping
• How do complex eye structures evolve?– Answer: from simple ones
![Page 6: The Rise of Standards in Security](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56812e45550346895d93d440/html5/thumbnails/6.jpg)
TPMs are Useful on Their Own
• User authentication
• Password management
• File and folder encryption
![Page 7: The Rise of Standards in Security](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56812e45550346895d93d440/html5/thumbnails/7.jpg)
Slow Deployment
• Some merit to shipments ≠ deployments• But deployments are rolling out• Education is bringing the value of
TCG to light• Tools are proliferating
![Page 8: The Rise of Standards in Security](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56812e45550346895d93d440/html5/thumbnails/8.jpg)
Help is on the Way
• Centralized remote deployment and management tools (e.g., Wave Systems’s ERAS)
• TPM is used for platform access, data protection, secure messaging, and network security
• Real time enforcement of employee policy through Active Directory– Ex.: If local TPM is informed of being removed from
AD, user is cut off instantly
• Standardized elements (e.g., MS and TPM) based on root of trust secure identities and access
![Page 9: The Rise of Standards in Security](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56812e45550346895d93d440/html5/thumbnails/9.jpg)
Real World Examples
• Pharmaceutical company
• Pizza franchise
• Automobile rental
• Health care in Japan
• Government & regulatory
![Page 10: The Rise of Standards in Security](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56812e45550346895d93d440/html5/thumbnails/10.jpg)
Pharmaceutical Company
• 20,000 seats• Who is connecting?• Vulnerabilities: trade secrets and legal liabilities• With VPN over public network, put TPMs on all
clients• Access dependent on digital certificate• Verifies both user and machine• Hardware and software from Lenovo
![Page 11: The Rise of Standards in Security](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56812e45550346895d93d440/html5/thumbnails/11.jpg)
Pizza Franchise
• Hundreds of seats• Stores communicate sensitive information to HQ
over public network• TPMs secure passwords and certificates• Email, PIM, bank access, credit cards encrypted• Integrated into MS Office; single icon click• Multifactor for some; single for others• Hardware by Dell; software by Wave Systems
![Page 12: The Rise of Standards in Security](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56812e45550346895d93d440/html5/thumbnails/12.jpg)
Car Rental Firm
• Tens of thousands of seats• Local caching of sensitive customer data between
transmissions– Limited expertise and language barriers
• Simple deployment scripts to enable TPMs• Three steps:
– Encrypt cached data– Auth. user & system to server with PKI bound to TPM – Flush cached data after synchronization
• HP hardware and software
![Page 13: The Rise of Standards in Security](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56812e45550346895d93d440/html5/thumbnails/13.jpg)
Japanese Health Care Projects• Obligation to preserve data; METI funded• Public network, home-based patients• Distributed care givers
– Field workers, hospitals, labs, medical databases, nursing records
• Differing levels of access require various auth.• Hitachi’s TPM-based system for home health care• IBM’s Trusted Virtual Domains• Fujitsu’s TNC deployment verifies HW and app
config for session of broadband telemedicine
![Page 14: The Rise of Standards in Security](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56812e45550346895d93d440/html5/thumbnails/14.jpg)
Government & Regulatory
• National Security Agency– Full drive encryption– TCG for compatibility
• U.S. Army– Network Enterprise Technology Command
now requires TPM 1.2 on new computers
• F.D.I.C.– Promotes TPM usage to member banks
![Page 15: The Rise of Standards in Security](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56812e45550346895d93d440/html5/thumbnails/15.jpg)
TPM Shipment Forecast
![Page 16: The Rise of Standards in Security](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56812e45550346895d93d440/html5/thumbnails/16.jpg)
Conclusions
• Vendors are pushing, but users are pulling, too• Real world deployments are taking off• Working with standardized elements is in
everyone’s best interest• Root of trust can anchor larger elements• Once the platforms are in place, more elegant
structures can be erected• Trusted computing is real and it’s here
![Page 17: The Rise of Standards in Security](https://reader036.vdocuments.mx/reader036/viewer/2022062407/56812e45550346895d93d440/html5/thumbnails/17.jpg)
Questions?