Trusted Computing Don Rau Cs489 May 10, 2011
TC History • 1999 Trusted Computing Platform Alliance (TCPA) • Five Members: Compaq, HP, IBM, Intel and Microsoft • 2003 TCG (Trusted Computing Group) • 2003 Successor Group to TCPA • Today Enjoys Broad Support of Technology Industry Leaders • over 200 members, adopters, and contributors such as…
AMD, NVIDIA, Phoenix, Western Digital, Oracle, Fujitsu, Toshiba Over 100 Industry Contributors and Promoters
TC History TCA Mission Statement The Trusted Computing Group is a not-for-profit organization formed to develop, define and promote open, vendor-neutral, industry standards for trusted computing building blocks and software interfaces across multiple platforms. What is TC?
What is TC? Trust Definitions • Assured reliance on the character, strength or truth of something • Expectation of an outcome with some degree of assurance • System who’s behavior is predictable and reliable
What is TC? TCG Definition “The computer or system will consistently behave in specific ways, and those behaviors will be enforced by hardware and software when the owner of those systems enables these technologies”
What is TC? TCG Stated Goals of TC “TC technology will make computers safer, less prone to viruses and malware, and thus more reliable. In addition, Trusted Computing will allow computer systems to offer improved security and efficiency”
What is TC? How Does TC Serve these Goals? • Establish Strong Machine Identity and Integrity • Secure Authentication and Strong Protection of User IDs • Protect Business Critical Data and Systems • Regulatory Compliance with Hardware-Based Security How does TC work?
How Does it Work? 1983 Ken Thompson Turing Award Acceptance Speech • Login application back-door modification • Compiler hacked so that rebuild of O/S yields same Trojan horse defect The system Thompson described was severely compromised and could not be trusted. • Trust is Only as Strong as Weakest Link • Suggests a need for a basis or “Common Root” for Trust
How Does it Work? • TPM (Trusted Platform Module) • Provides this “Root of Trust” • Processor securely mounted to motherboard in a tamper resistant fashion • Provides Cryptographic and Hash services • Verifies Boot Sequence • Extends Services to Applications providing a mechanism to verify configurations and identities of components • AKA Fritz Chip A cynical reference to S. Carolina Senator and DRM Advocate, Fritz Hollings
How Does it Work? • Crypto ‘Endorsement’ Key embedded at time of manufacture • Key Generation • Hash Generation to uniquely id components • Encryption/Decryption Services • Exposes services via TSS (Trusted Software Stack)
Establishing Trust TPM Validates the Boot Process by Providing Evidence and attesting that the system boot was carried out by trusted firmware. • TPM Verifies Itself and the BIOS • BIOS Extends Trust by using the TSS to Verify Boot Loader • Boot loader verifies Operating System • Operating System verifies devices and drivers • Etc. And so a chain of trust is established.
Extending the Chain TPM Provided Services • TSS (Trusted Software Stack) provides API for applications and devices to use trusted services • Uniquely Identifying Signatures typically based on hash codes generated from binary code of underlying component. • Identities are secured by Cryptographic Keys • External Certificates of Authority • TPM/TSS serve as a basis to implement other core TC concepts, including…
Key TC Concepts • Attestation • Memory Curtaining • Secure I/O • Sealed Storage
TC Concepts Attestation Attest to the Identity of a system and it’s configuration. • Local • Secured boot • Request and verify identity of a specified configuration of applications • Trusted Applications request cryptographic services through TSS • Remote • Confirmation of expected remote client configuration • Remote Authentication and Access to Secured Networks
TC Concepts Memory Curtaining Prevent applications from accessing other app’s memory • In a TC platform even the Operating System should not have access to a programs curtained memory • Prevent Virus or Malicious code from reading or altering data in a PCs memory
TC Concepts Secure I/O Secure Input and Output attempt to address two concerns: • Thwart screen-grabbing and key-logger exploits • Applications can assure that a user is physically present user, as distinct from another program impersonating a user
TC Concepts • Sealed Storage Optional secured access to sensitive data • Addresses inability of a PC to securely store passwords • Ability to seal data access to only known apps and users on approved hosts • Use Cases • Data Encryption • DRM Applications for Trusted Computing Include…
Example Use Cases Corporate • Authentication and Remote Access/Distributed Firewalls • Data Encryption • Trusted Distributed Collaboration • Verify distributed Clients integrity (SETI etc) • Distributed Gaming Anti-Cheat Xbox and PS currently use proprietary means for secure boot • Digital Rights Management (DRM)
TC Opponents Many opponents express concerns with trusted computing, going as far as calling it Treacherous Computing. Paranoid or Justified? and What are the concerns…
TC Opponents Concerns?
TC Opponents • Too Much Control to Commercial Interests • Treats Owner as Adversary • DRM • Video, Audio, and Game Content Restrictions • Constrain play back to certain applications? • Loss of Flexibility • Attestation restrictions to certain browsers for certain content • Sealed Storage complicates backup options • Open Source Future? • Complicates HW/SW upgrades or replacement
Concerns • Ease of use? IMPORTANT: When using BitLocker with a TPM, it is recommended that BitLocker be turned on immediately after the computer has been restarted. If the computer has resumed from sleep prior to turning on BitLocker, the TPM may incorrectly measure the pre-boot components on the computer. In this situation, when the user subsequently attempts to unlock the computer, the TPM verification check will fail and the computer will enter BitLocker recovery mode and prompt the user to provide recovery information before unlocking the drive!!!!
Conclusion • Near Future • Corporate Use • Remote Authentication and Access • Drive Encryption Technology • Government “As of 2007 requires all new computer assets, including PDAs to include a version 1.2 or higher TPM” – DOD Memorandum • Regulatory Enforcement Secured Finances and Identity protection
TC References • TCG. 2007, TCG specification architecture overview, 2 August 2008 http://www.trustedcomputinggroup.org/files/resource_files/AC652DE1-1D09-3519-ADA026A0C05CFAC2/TCG_1_4_Architecture_Overview.pdf • TCG. 2007, Trusted Computing, http://www.trustedcomputinggroup.org/trusted_computing • BERGER, B. D. 2009. Securing data and systems with trusted computing now and in the future. 2010. http://www.trustedcomputinggroup.org/files/static_page_files/C71DF61F-1A4B-B294-D01538F6E3B1C39D/DSCI_InfosecSummit_2010%2010%2002_v2.pdf • BERGER, B. 2005, Trusted computing group history. 2005. Information Security Technical Report, Vol 10, Issue 2, 2005, Pp 59-62 • PROUDLER, G., 2002, What’s in a trusted computing platform?, http://www.informit.com/articles/article.aspx?p=28804&seqNum=4 • COKER, G., GUTTMAN, J, LOSCOCCO, P., HERZOG, A., MILLEN, J., O’HANLON, B., RAMSDELL, J., SEGALL, A., SHEEHY, J., SNIFFEN, B., Principals of remote attestation, National Security Agency, The MITRE Corporation. http://web.cs.wpi.edu/~guttman/pubs/good_attest.pdf • LEMOS, R., (2002) Trust or treachery, Cnet News.com, http://news.cnet.com/2009-1001-964628.html
Real World Examples Xbox Secure Boot & DRM Printer Cartridges MS Palladium NGSCB Smart Cards Technology Hitachi ’09 1st TC Compliant Hard Drive Drive Encryption Remote Authentication