trusted computing · 2015-05-28 · tpm lcryptographic processor l rsa engine (encryption and...
TRANSCRIPT
![Page 2: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/2.jpg)
Can you trust your computer?
l By Richard Stallmanl http://www.newsforge.com/article.pl?sid=02/10/21/1449250
l Who should your computer take its orders from?
l Treacherous computingl the plan is designed to make sure your computer will
systematically disobey you.
l In fact, it is designed to stop your computer fromfunctioning as a general-purpose computer. Everyoperation may require explicit permission.
![Page 3: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/3.jpg)
Can your computer trustyou?
l Trusted Computing involves verifying thatone computer is trustable to anotherl What you do on your computer may make it
untrustworthy
l The real goal is to be able to bind data toapplications, users, and/or computers.
![Page 4: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/4.jpg)
Example Problem (Real)
Network OperationsCenter (NOC)
Remote Site
MobileDevice
ServerApplication
ProxyApplication
ClientApplication
DataBase
![Page 5: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/5.jpg)
Example Problem (Real)
Network OperationsCenter (NOC)
Remote Site
ServerApplication
ProxyApplicationHow to secure the inter
application link?
l Encryption is possible without stored secretsl Diffie-Hellman
l Authentication requires stored secrets onboth systemsl Store secrets are a vulnerability
l Applications
![Page 6: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/6.jpg)
Why is this difficult
l Secrets must be stored in persistent storage
l Where is secret storedl In Applicationl Applications may be reversed engineered
l In file system / databasel Non secure§ At best protected by encryption, but where is the key stored
l Obfuscatedl Non secure
![Page 7: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/7.jpg)
Securing Information
l What is neededl Ability to store a secret on a computer such thatl Application can get the secretl No other application can get the secret
l Secret must be secure within the applicationl No other application can retrieve the secret from the
application
l Can not be a software only solutionl Data (secret) needs to be bound to an
application.
![Page 8: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/8.jpg)
A lesson from Xbox
l Xbox: $200 PC dedicated to videogamesl Microsoft looses money on each Xbox sold
l Microsoft makes money on each game sold
l Gamers like to mod video gameconsolesl Increase functionality
l Circumvent Copy protection
![Page 9: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/9.jpg)
Xbox Architecture733 MHz PentiumIII
CPU733 MHz PentiumIII
CPU
GPUGPU
MultiIO
MultiIO
64 MBMemory
USB 1.1
VideoEncoder
BIOS
Hard/DVD drive
Network
![Page 10: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/10.jpg)
Xbox Security (1.0)
l Boot sequencel CPU starts execution at fixed location in ROMl This location has op codes to jump to appropriate place in
BIOS to continue execution
l Setup commands§ GDT, IDT, Jam Table Interpreter
l Decrypts ROM contents (key is in ROM)
l Executes decrypted codes.
l BIOS should be replaceble and/or modifiablel All info in ROM
![Page 11: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/11.jpg)
Xbox Security (1.0)
l Exceptl The boot block in ROM is fake
l The Multi IO chip stored an alternative ROM used onlyduring boot. This code replaces the setup commands inROM.
l The only info really needed is the RC4 keyl Alternative BIOS could be used
l Security Brokenl Secret Data in Multi IO chip could be extractedl Sniffing internal buses
l Security weaknesses in Multi IO chip
![Page 12: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/12.jpg)
Xbox Security (1.1)
l The secret ROM modifiedl Checks hash of ROM section before decryptingl Flash Boot Loader (FBL)l TEA hash algorithm
l Potentially Stronger Securityl Its not required to keep data in secret ROM confidential.
Only integrity needs to be assured.
l How it was brokenl Weak hash algorithm usedl Modifying the FBL to jump to a new address, without
changing the hash of the FBL.
![Page 13: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/13.jpg)
Xbox Security
l What is needed for Xbox securityl Need to ensure Xbox integrityl Correct BIOS§ BIOS will only load intended OS
l Correct OS§ Will only load signed Applications (Games)
l Correct Applications§ Games must not open security holes
![Page 14: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/14.jpg)
Xbox Security
l Xbox security was broken by people eating torun Linux on Xbox
l Security model is backwardsl Each stage verifies the next
l If the next stage is verifiedl It is executed
l Each stage should verify all previous stages
![Page 15: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/15.jpg)
Windows Media Player
l Windows Media Player and DRMl Displays filesl Honors DRM restrictions encoded in formats
l Its just software applicationl It can be reverse engineered
l And has beenl Encryption keys, algorithms, and protocols have been extractedl New application can be constructed which does not honor DRM
restrictions in content
l Server only
![Page 16: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/16.jpg)
Windows Media Player
l What is requiredl Media Server needs to be sure that data is not
going to imposter applications
l Server needs to verify the application it is sendingcontent to
l Content needs to be bound tol Application
l Application Environment§ Software and hardware
![Page 17: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/17.jpg)
Security Initiatives
MicrosoftNext Generation Secure
Computing Base
Intel LaGrande
Technology
TCPATPM
AMDSEM
BIOSGraphic
IOProc.
ApplicationsOperating System
PC Chipsets
SecureHardware
![Page 18: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/18.jpg)
Next Generation SecureComputing Base (NGSCB)
l Formerly called Palladiuml Windows can not be made completely securel Kernel is too bigl Will always have bugs/security holes
l Applications and servicesl Offer many potential holes to external attackers to get
to kernel.
l Secure applications should run outside ofWindowsl Still have acsess to windows services
![Page 19: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/19.jpg)
NGSCB
Attestation
StrongProcessIsolation
SecureIO
SealedStorage
![Page 20: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/20.jpg)
NGSCB
l Attestationl Ability to verify the operating environmentl Remote verification
l Strong Process Isolationl Memory isolation (curtained memory)
l Sealed Storagel Data bound to operating environmentl Application, OS, drivers, CPU, hardware, TPM,…
l Secure Path to IOl No keyboard sniffingl No framebuffer reading/writing
![Page 21: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/21.jpg)
NGSCB
WindowsKernel
Hardware Abstraction Layer
DeviceDriver
DeviceDriver
NexusManager
Nexus Abstraction Layer
Nexus
UserAppl
UserAppl
UserAppl
Agent Agent Agent
Trusted UI Engine
NCA Runtime Library
TSP TSP TSP
![Page 22: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/22.jpg)
NGSCB Complexity
![Page 23: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/23.jpg)
NGSCB
l Isolation of Nexus from Windows is done athardware levell No windows bug will affect nexus applications
l Nexusl Only one nexus at a timel Not a complete Operating Systeml Implements§ Process, thread, memory, and IO manager
l Does not implement§ File System, networking, device drivers, plugins, nor directX
![Page 24: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/24.jpg)
Nexus Applications
l Application Agentsl Standalone program which runs in Nexus space
l Component Agentsl Agents appear as external Com object or
managed objectl Windows proxy translate COM to IPC
l Service Provider Agents (SPA)l Agents provide services to other agentsl IPC facility exists for agents to communicate
![Page 25: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/25.jpg)
NGSCB
UserAppl
UserAppl
UserAppl
ComponentAgent
SPA
StandaloneAgent
SPA SPACOM COM
![Page 26: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/26.jpg)
NGSCB (logical Equivalent)
UserAppl
UserAppl
UserAppl
ComponentAgent
SPA
StandaloneAgent
SPA SPACOM COM
Windows Stripped down OS
TPM
![Page 27: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/27.jpg)
Trusted UI Engine
l Nexus agents need to be able to securely putgraphics on the displayl Windows robust graphics systems are not
available to nexus agentsl Potential security hole
l Nexus windows must not be hidden by windowsapplications
l Lightweight graphic systeml XML basedl Processed by graphics card
![Page 28: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/28.jpg)
Attestation
l Attestation challenges must come from othercomputersl ????
l Nexus and agents can not directly determine ifthey are running in secure model It is up to others to determine if they trust the nexus or
the agents.
![Page 29: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/29.jpg)
Manifests
l Each agent has a singed manifestl Extension of manifests to appear in Longhorn
l XML description of agentl Agent components and propertiesl Agent policy requests (non binding, controlled by owner)l System Requirementsl Descriptive Propertiesl Secret migration
l For examplel A flag indicates if the agent is debuggable
![Page 30: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/30.jpg)
Debugging
l Nexus agents are debuggablel Debugging occurs in Windows
l Debugger communicates with agent
l A debuggable agent generates a different digestthan a non debuggable agentl A remote entity can attest that the agent is not in
debug mode when it interacts
l The nexus itself is debuggablel Special version of nexus
![Page 31: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/31.jpg)
NGSCB Policies
l Microsoft promises policies to control theoperation and resources of nexus and agentsl Running agents
l Accessing secrets
l Seal Storage
l Networks and file systems
l Policies are a mixed blessingl Implies there is lots to manage
![Page 32: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/32.jpg)
NGSCB Caveats
l Nexus does not mitigate bad/insecuresoftware designl Onus is still on designer
l Must carefully use windows services
l What protects nexus agents from each otherl Nexusl Kept open(?) and simple
![Page 33: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/33.jpg)
NGSCB Hardware Requirments
Strong process Isolation
Secure IO
Sealed Storage
Attestation
Intel LaGrande
Technology
TCPATPM
AMDSEM
BIOSGraphic
IOProc.
![Page 34: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/34.jpg)
NGSCB Real Challenges
l Keep things from getting too complexl Putting IE in a nexus agent will not make it secure
l Manage Sealed Storagel Lots of potential to lose data with hardware/
software failures
l How to backup data in sealed storage
l Hardware management as part of datamanagement
![Page 35: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/35.jpg)
PC Architecture
CPUCPU
NorthBridgeNorthBridge
SouthBridgeSouthBridge
Memory
USB
GraphicsCard
BIOS
IO
![Page 36: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/36.jpg)
Trusted ComputingPC Architecture
TPM
CPU
NorthBridge
SouthBridge
Memory
USB
GraphicsCard
BIOS
IO
![Page 37: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/37.jpg)
Intel LaGrande Technologies
l Strong Processor Isolation
l Secure path to IO
![Page 38: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/38.jpg)
Secure Path
l Goal: to protect data within the PCl No keyboard sniffers
l No reading/writing framebuffer
l Input and output is secured to Agentl USB to nexus
l Graphics card
l Keyboard/pointer (for notebooks)
![Page 39: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/39.jpg)
LaGrande Protection Model
WindowsKernel
Hardware Abstraction LayerNexus Abstraction Layer
Nexus
UserAppl
UserAppl
UserAppl Agent Agent Agent
Domain Manager
CPU TPM Chipsets
![Page 40: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/40.jpg)
Domain Manager
l Runs in processorl Software
l Maintains process isolation
l Below Ring 0l Intel CPUs have ringsl Kernel runs in Ring 0
l Apps run in Ring 3
l Ring “-1” ???
![Page 41: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/41.jpg)
Memory Isolation
l Protecting memory is criticall Northbridge usually contains memory manager
l Memory curtaining prohibits DMA from protectedareas
l Devil in the detailsl Lots of things that need to be controlledl Memory during system resets
l Memory during system sleeps
l Initial trust ????
![Page 42: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/42.jpg)
TCPA / TPM
l Trusted Computing Platform Alliance(TCPA)l http://www.trustedcomputing.org
l Trusted Computing Groupl https://www.trustedcomputinggroup.org/home
l Successor to TCPA
l Same initiative
l Trusted Platform Module (TPM)l One component of TCPA
![Page 43: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/43.jpg)
Anti-TCPAl http://www.againsttcpa.com/l The informational self-determination isn't existing
anymore, it's not possible to save, copy, create, program,..., the data like you want. This applies for privates as forcompanies
l The free access to the IT/Software market is completelyprevented for anyone except the big companies, themarket as we know it today will get completely destroyed
l Restrictions in the usage of owned hardware would applyl The liberty of opinion and the free speech on the internet
would finally be eliminatedl The own rights while using IT-technologies are history.l The national self-determination of the der particular
countries would be fully in the hands of the USAl Probably the world would break into two digital parts
(Countries that express against TCPA)
![Page 44: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/44.jpg)
TPM
l Trusted Platform Module
l Current version 1.2
l Shipping Projectsl IBM Thinkpad Notebooks
l Chipsetsl Infineon, Atmel, National SemiConductor, IBM
![Page 45: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/45.jpg)
TPM Sealed Storage
TPMDataKey State
Data
Encrypted Blob
l Keys never leave TPM
l Data can only be unsealedl When system in is specified state
l Authorized command
![Page 46: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/46.jpg)
TPM Architecture
IOComponent
CryptographicCo-Processor
HMACEngine
SHA-1Engine
Opt-In
N-VolatileMemory
VolatileMemory
KeyGeneration
RNG
PowerDetection
ExecutionEngine
![Page 47: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/47.jpg)
TPM
l Cryptographic Processorl RSA Engine (encryption and digital signatures)l PKCS #1
l Key Sizes : 512, 768, 1024, 2048
l Public exponent e: 216+1
l Symmetric Encryption Enginel Vernam one-time pad with XOR
l The engine is for internal use, and not generalmessage encryption.
Note : These are the required characteristics of the TPM, actual implementations may use a superset
![Page 48: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/48.jpg)
TPM
l Keysl TPM can generate, store, and protect symmetric
keys
l Key Generationl RSA Asymmetricl In accordance with IEEE P1363 standard
![Page 49: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/49.jpg)
TPM
l HMAC Enginel Uses:l Proof of knowledge of authorized data
l Command integrity
l IETF RFC 2104 using SHA-1
l 20 byte key, 64 byte blocks
![Page 50: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/50.jpg)
TPM
l RNGl Used forl Random values for nonces.
l Key generation
l Randomness in signatures
l May be RNG or PRNG
l SHA –1 Enginel As defined by FIPS 180-1, 20 byte output.
![Page 51: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/51.jpg)
TPM
l Power Detectionl TPM is required to be informed of all power state
changes
l Opt-Inl Allows the TPM module to bel Turned on/off
l Enabled/disabled
l Activated/deactivated
![Page 52: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/52.jpg)
TPM
l Execution Enginel Processes TPM commands
l Non-Volatile Memoryl Persistent identity
l Data Integrity Registers (DIR)l Deprecated: Legacy from TPM 1.1
l Still required
![Page 53: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/53.jpg)
TPM
l Platform Configuration Registers (PCR)l Volatile storage
l 16 or more (32 bit index, 230 and above arereserved)
160 bit Hash Status Locality
![Page 54: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/54.jpg)
TPM
l Platform Configuration Registers (PCR)l Can hold an unlimited number of measurements
Secure Hash
PCR1n = Hash( PCR n-1 || Measurementn )
PCR0PCR1
PCR2
PCR3
PCR4
Measurement
![Page 55: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/55.jpg)
Endorsement Key (EK)
l Each TPM contains a 2048 bit RSA key pair(PUKEK, PIVEK)l These keys are created before delivery to end
userl When the EK is created, a credential is also created
attesting to the validity of the EK
l Any attempted to set/generate new keys must fail
l PRIVEK never leaves the TPM
![Page 56: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/56.jpg)
Endorsement Key (EK)
l Used ONLY forl TPM ownership insertion
l AIK creation/verification
l EK is bound to Platform
l EK acts as Root of Trust for Reporting (RTR)
![Page 57: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/57.jpg)
Attestation Identity Keys (AIK)
l Alias to the Endorsement Key (EK)l TPM Owner can create anytime
l A TPM can have multiple identities.l Increase privacy (different operation can be done
with different identities)
![Page 58: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/58.jpg)
AIK
l AIK is used ONLY forl Signing PCR datal If used for signing other data, it might be possible to
create fake PCR signatures.
l Must only sign data generated by TPM
l There is no migration of AIK from onecomputer to another
l AIK’s may be stored externally to the TPM
![Page 59: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/59.jpg)
Attestation
l EK is permanentl AIK may be temporaryl Zero Knowledge Proofl Used to prove knowledge of EK without disclosing
EK
TPMAIK EK
Verifies AIKComes from valid TPM
![Page 60: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/60.jpg)
TPM Ownership
l TPM must have no owner when shippedl TPM ownership can always be reset via a physical
presencel Old secrets are discarded
l TPM ownership can be asserted by physicalpresencel No secrets are exposed
l Taking ownershipl A secret is encrypted with PUBEKl Ownership is proved by showing knowledge of shared
secret
![Page 61: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/61.jpg)
TPM Ownership
l TPM ownership is not equivalent “super-user”l Does not give access to all operations
l Each authorization must be provided for entity oroperation that has protection
![Page 62: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/62.jpg)
Roots of Trust for Storage
l When ownership is establishedl New Storage Root Key (SRK)
l New TPMProof value
![Page 63: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/63.jpg)
Authorization
l Authorization data is 160 bit shared secretplus high entropy random numberl Hashed together
l Dictionary attackl stateless
l Response degradation/lockout ?
![Page 64: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/64.jpg)
TPM
l TPM Startupl Optionsl Clear: TPM is to start with default values (specified by
TPM Owner)
l State: TPM is to recover a saved state and continueoperation from this saved state
l Deactivate: The TPM should not allow any furthercommands to be processed. Can only be reset byTPM_Init command.
![Page 65: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/65.jpg)
TPM States
l Three operational state bitsl Enabled, Active, Owned
E A Oü ü ü S1 : Fully Operational Stateü ü
ü ü
S2 : ownership is and can be setS3S4 : ownership can not be setü
ü ü
ü
S5 ; local or remote ownership possibleS6 : ownership can be setS7
ü
S8 : All functions are off
![Page 66: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/66.jpg)
TPM States
l Enabled/Disabledl Disabled: TPM can not execute commands which
use TPM resourcesl Any command needing a key is prohibited
l SHA is still available (no keys)
l Ownership can be disabled
l Persistent Flag
l Immediate
![Page 67: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/67.jpg)
TPM States
l Deactive/Activel Similar to Enable except allows
TPM_TakeOwnership command
l Persistent
l Deactivating does not take effect until re-initialization (reboot)
![Page 68: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/68.jpg)
TPM
l Physical Presencel An indication to the TPM of a direct operation with
a person/operatorl Not maskable or setable via software.
l Certain operations on TPM require physicalpresencel Clearing existing owner
l Temorarily deactivating/disabling TPM
![Page 69: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/69.jpg)
Authorization Protocols
l Object Independent Authorization Protocol(OIAP)
l Object Specific Authorization Protocol(OSAP)
l Delegate Specific Authorization Protocol(DSAP)
![Page 70: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/70.jpg)
Authorization Protocols
l Based on shared secretl Gives access to operation
l Does not give access to secrets
l Rolling nonce paradigml Nonces from one command to the next
![Page 71: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/71.jpg)
OIAP
TPM_OIAP
TPM
authHandle, authLastNonceEven
TPM_COMMAND, Arguments, nonceOdd,authHandle, HMAC(key,SHA-1(arguments) ,authHandle, authLastNonceEven,nonceOdd,…….),
TPM_COMMAND tag, Arguments, nonceEven,authHandle, HMAC(key,SHA-1(arguments) ,authHandle, nonceEven,nonceOdd,…….),
![Page 72: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/72.jpg)
OSAP
TPM_OIAP, keyHandle, nonceOddOSAP
TPM
authHandle, authLastNonceEven, nonceOddOSAP
TPM_COMMAND, Arguments, nonceOdd,authHandle, HMAC(key,SHA-1(arguments) ,authHandle, authLastNonceEven,nonceOdd,…….),
TPM_COMMAND tag, Arguments, nonceEven,authHandle, HMAC(key,SHA-1(arguments) ,authHandle, nonceEven,nonceOdd,…….),
![Page 73: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/73.jpg)
Maintenance
l Things breakl There may be a need to migrate data from one
TPM to another (eg replacing motherboard)
l Manufacturer or others must not be able tointercept data in migration.
l Only needs to work between boards of samemodel and manufacturer
l Requires owner and manufacturer authorization
![Page 74: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/74.jpg)
Maintenance
l All maintenance features are optionall Specific mechanisms not defined
l Security requirements defined
![Page 75: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/75.jpg)
Counters
l TPM must support at least 4 countersl Increment rate : Every 5 secs for 7 years
l Internal Basel Always moves forward, never reset
![Page 76: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/76.jpg)
Transport Protection
l Sessions (set of commands)l Protectionl Rolling nonces
l MGF1 function§ Shared secret, nonceOdd, nonceEven
l Loggingl Command, command parameters, and tick count
![Page 77: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/77.jpg)
Audit Commands
l Ability for TPM owner to determine thatcertain operations have been executed
l Two partsl Internal Digest
l External Log
l Which functions are audited is set by theTPM owner.
![Page 78: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/78.jpg)
TPM Hardware
l Hardware Connection is not standardized(vendor specific)l Low Pin Count (LPC) Busl Low bandwidth/volume
l Implementationsl Infineon
(http://www.infineon.jp/event_topics/events/schedule/wireless2003/img/tpm.pdf)
![Page 79: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/79.jpg)
Locality
l New feature in version 1.2
l Used to distinguish different classes ofprocesses1: reserved
2: trusted OS
3: trusted initialization software
4: special initialization hardware
![Page 80: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/80.jpg)
Locality
l Why localityl Different requirements for a TPM from nexus agents than
from hardware (eg BIOS)l The digest modell Only the final is storedl If a new card is added§ You can not replace old value§ You must reboot, and recalculate all§ Okay process for hardware
l For software§ Applications come and go§ Some PCRs can be reset
![Page 81: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/81.jpg)
TPM Summary
l TPM is a security resource for the PCarchitecture.l By itself it is harmless
l It is opt-in. No need to worry about loosing controlof your PC
l TPM is a piece of the NGSCB architecture
![Page 82: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/82.jpg)
Trusted Computing
l What is the role of Linux (or other OSes)?l Linux can also use TPM and trusted computing
hardware on PC
l Its unlikely Linux can interoperate with MSNGSCB
![Page 83: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/83.jpg)
Trusted Computing
Constraining
Or
Opportunity?
![Page 84: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/84.jpg)
TPM Ownership
l Who owns the TPM ?l Somebody has tol Most useful operations require ownership
l Choicesl BIOSl Its the first entity that requires ownership exists
l Can not keep ownership secret secure
l Operating Systeml Can not keep ownership secret secure
![Page 85: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/85.jpg)
TPM Ownership
l Choices (cont)l Nexusl Seems logical
l Userl Most trustworthy
l Least reliable
l It really doesn’t matterl Ownership doesn’t grant access to secrets
l Ownership only controls servicesl If the wrong entity gains ownership, they can only do DOS
![Page 86: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/86.jpg)
Back to Original Problems
l Secure communications between serversl All authentication secrets stored in sealed storagel Only a security hole in application can reveal secrets
l System is not dependent upon OS security
l Xboxl NGSCB/TPM is only partial solutionl OS and application self attest (TPM allows)
l Still need to prohibit certain appsl Stronger version of what is currently done
![Page 87: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/87.jpg)
Back to Original Problems
l Windows Media Playerl Server attests client
l Server sends content to client (securely)l Encrypted with unique key for application/device
l Keys stored in sealed storagel Bound to application/device
l Some additional info stored with keys§ Number of time played (to prevent copy/play/restore)
![Page 88: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/88.jpg)
What if Microsoft is Lying
l Nexus code will be available for inspectionl You can run your own nexus*l You can trust nexusl There may be unknown security holes
l You can run your own Nexusl Build a nexus under linux…….
l NGSCB is Opt-Inl Subject to DOS attacks from Windowsl Disable TPM
![Page 89: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/89.jpg)
Is this Safe Technology
Yes
![Page 90: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/90.jpg)
Bonus Material - TPM
l TPM Info
l TPM Commands
![Page 91: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/91.jpg)
TPM Information
l Trusted Computing Group(www.trustedcomputinggroup.org)l TPM Main Part 1 Design Principles (version 1.2)
![Page 92: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/92.jpg)
TPM Commands
l Adminl TPM_Init,TPM_Startup, TPM_SaveState,
TPM_SelfTestFull, TPM_ContinueSelfTest,TPM_GetTestResult
l Opt-Inl TPM_SetOwnerInstall, TPM_SetOwnerDisable,
TPM_PhysicalEnable, TPM_PhysicalDisable,TPM_PhysicalSetDeactivated,TPM_SetTempDeactivated,TPM_SetOperatorAuth,
![Page 93: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/93.jpg)
TPM_Commands
l Ownershipl TPM_TakeOwnership, TPM_OwnerClear,
TPM_ForceClear, TPM_DisaleOwnerClear,TPM_DisableForceClear, TSC_PhysicalPresence,TSC_ResetEstablishmentBit,
l Adminl TPM_GetCapability, TPM_FieldUpgrade,
TM_SetRedirection,
![Page 94: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/94.jpg)
TPM_Commands
l Auditingl TPM_GetAuditDigest,
TPM_GetAuditDigestSigned,TPM_SetOrdinalAuditStatus,
l Storagel TPM_Seal, TPM_Unseal, TPM_UnBind,
TPM_CreateWrapKey, TPM_LoadKey,TPM_GetPubKey,
![Page 95: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/95.jpg)
TPM_Commands
l Migrationl TPM_CreateMigrationBlob, TPM_ConvertMigrationBlob,
TPM_AuthorizeMigrationKey, TPM_CMK_CreateKey,TPM_CMK_CreateTicket, TPM_CMK_CreateBlob,TPM_CMK_SetRestrictions,
l Maintenance Commands (Optional)l TPM_CreateMaintenanceArchive,
TPM_LoadMaintenanceArchive,TPM_KillMaintenanceFeature, TPM_LoadManuMaintPub,TPM_ReadManuMaintPub,
![Page 96: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/96.jpg)
TPM_Commands
l Cryptographics Functionsl TPM_SHA1Start, TPM_SHA1Update,
TPM_SHA1Complete,TPM_SHA1CompleteExtend, TPM_Sign,TPM_GetRandom, TPM_StirRandom,TPM_CertifyKey, TPM_CertifyKey2,
l Credential Handlingl TPM_CrateEndorsementKeyPair,
TPM_CreateRevocableEK, TPM_RevokeTrust,TPM_ReadPubek, TPM_DisablePubekRead,TPM_OwnerReadInternalPub,
![Page 97: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/97.jpg)
TPM_Commands
l Identity Commandsl TPM_MakeIdentity, TPM_ActivateIdentity,
l Integrity Commandsl TPM_Extend, TPM_PCRRead, TPM_Quote, TPM_PCR_Reset,
l Authorization Commandsl TPM_ChangeAuth, TPM_ChangeAuthOwner,
l Authorization Sessionsl TPM_OIAP, TPM_OSAP, TPM_DSAP, TPM_SetOwnerPointer,
l Deleagtionl TPM_Delegate_Manage, TPM_CreatekeyDelegation,
TPM_Delegate_CreateOwnerDelegation,TPM_Delegate_LoadOwnerDelegation,TPM_Delegate_ReadTable, TPM_Delegate_UpdateVerification,TPM_Delegate_VerifyDelegation,
![Page 98: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/98.jpg)
TPM_Commandsl NV Storage
l TPM_NV_DefineSpace, TPM_NV_WriteValue, TPM_NV_WriteValueAuth,TPM_NV_ReadValue, TPM_NV_ReadValueAuth,
l Session Managementl TPM_KeyControlOwner, TPM_SaveContext, TPM_LoadContext,
TPM_FlushSpecific,l Timing Ticks
l TPM_SetTickType, TPM_GetTicks, TPM_TickStampBlob,l Session
l TPM_EstablishTransport, TPM_ExecuteTransport,TPM_ReleaseTransportSigned,
l Countersl TPM_CreateCounter, TPM_IncrementCounter, TPM_ReadCounter,
TPM_ReleaseCounter, TPM_ReleaseCounterOwner
![Page 99: Trusted Computing · 2015-05-28 · TPM lCryptographic Processor l RSA Engine (encryption and digital signatures) lPKCS #1 lKey Sizes : 512, 768, 1024, 2048 lPublic exponent e: 216+1](https://reader031.vdocuments.mx/reader031/viewer/2022011814/5e57515222bada709647094a/html5/thumbnails/99.jpg)
TPM_Commands
l DAA Commandsl TPM_DAA_Join, TPM_DAA_Sign,
l GPIO Commandsl TPM_GPIO_AuthChannel,
TPM_GPIO_ReadWrite,
l Deprecated commandsl Not listed…….