trusted computing base
DESCRIPTION
The lecture by Sartakov A. Vasily for Summer Systems School'12. Brief introduction to Trusted Computing. SSS'12 - Education event, organized by ksys labs[1] in 2012, for students interested in system software development and information security. 1. http://ksyslabs.org/TRANSCRIPT
TCB – Trusted Computing Base
четверг, 26 июля 12 г.
2
• The trusted computing base (TCB) of a computer system is the set of all hardware, firmware, and/or software components that are critical to its security, in the sense that bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.• By contrast, parts of a computer system outside the TCB must not be able to breach the security policy and may not get any more privileges than are granted to them in accordance to the security policy.
четверг, 26 июля 12 г.
3
Trusted Computing: basic idea
• Addition of security hardware functionality to a computer system to compensate for insecure software• Enables external entities to have increased level of trust that the system will perform as expected/specified• Trusted platform = a computing platform with a secure hardware component that forms a security foundation for software processes• Trusted Computing = computing on a Trusted Platform
четверг, 26 июля 12 г.
4
Trusted Hardware Examples
четверг, 26 июля 12 г.
5
Characteristics of Trusted Hardware
• Physically secure module• Environmental monitoring (temperature, power supply, structural integrity)• Tamper responsive• Optimized hardware support for cryptography• I/O interface
четверг, 26 июля 12 г.
6
Trusted Hardware – Example
• IBM 4764 Secure Coprocessor
четверг, 26 июля 12 г.
7
IBM 4764 Application Example
четверг, 26 июля 12 г.
8
TCG (Trusted Computing Group) History & Evolution
• October 1999: TCPA formed– Trusted Computing Platform Alliance– Founders: IBM, HP, Compaq, Intel and Microsoft• 2001: 1st TPM specification released – Trusted Platform Module• 2002: TCPA becomes TCG– Trusted Computing Group– Not-for-profitindustrystandardsorganization• 2003: TPM specification adopted by TCG – Currently TPM specification 1.2• 2010: Reduced interest– TPM has failed to meet industry expectations
четверг, 26 июля 12 г.
9
Trusted Platform Module (TPM)
• Hardware module at heart of hardware / software approach to trusted computing• Protected memory (key storage, platform configuration metrics)• TPM chip mounted on motherboard,• Supports 3 basic services:– Secure / authenticated boot,– Remote attestation, allows remote party to verify platform state– Sealed storage / encryption, makes decryption depend on platform state
четверг, 26 июля 12 г.
10
TCG supports two modes of booting
• Secure boot– the platform owner can define expected (trusted) PCR values that are stored in special non-volatile Data Integrity Registers (DIR) in the TPM.– If a PCR value does not match the expected value for that stage of the boot process, TPM can signal a boot termination request.• Authenticated boot– does not check measured values against expected values – just records in PCRs
четверг, 26 июля 12 г.
11
TPM – A Passive Security Enabler
• Note that TPM is passive:– It doesn’t decide which software can and can’t run.– It provides a way to reliably report the post-boot state of the platform– TCG aware application or OS can be designed to not start unless platform is in a particular state (no malware etc)– TCG aware application or OS can be designed to require a TPM mediated online authorisation from a vendor before starting (check for current license etc.):• TCG can be used to build systems where somebody else decides whether software can or can’t run• TCG does not provide this functionality – it merely enables it
четверг, 26 июля 12 г.
12
TPM Architecture
Processor
Hash engine
RSA Key gen.
RSA Signing and encryptyon
RND generator
Processor
Endorsement K.
Storage Root Key
PCR
Loaded Keys
Volatile memory
Non-Volatile memory
четверг, 26 июля 12 г.
Endorsement Key (EK)The Endorsement Key (EK) is a public/private key-pair. The size of the key-pair is mandated to have a modulus (a.k.a. key size) of 2048 bits. The private component of the key-pair is generated within the TPM and is never exposed outside the TPM.
Attestation Identity Key (AIK)AIKs are used to provide platform authentication to a service provider. This is also called pseudo-anonymous authentication and is different from user authentication. Refer to the section on attestation under usage models for an illustration of how AIKs are obtained.
Certificates:The Endorsement Cert contains the public key of the EK. The purpose of the Endorsement Cert is to provide attestation that the particular TPM is genuine, i.e. that the EK is protected.
The Platform Cert is provided by the platform vendor and provides attestation that the security components of the platform are genuine.
The Conformance Cert is provided by the platform vendor or an evaluation lab. It provides attestation by an accredited party as to the security properties of the platform.
* RSA / AES / SHA-1 / GOST* Import banned in:
RussiaChinaKazakhstanBelarus
четверг, 26 июля 12 г.