Trusted Component Deployment Trusted Components Bernd Schoeller January 30 th, 2006.

Slides:



Advertisements
Similar presentations
Security Issues of Peer-to-Peer Systems February 14, 2001 OReilly Peer-to-Peer Conference Nelson Minar, CTO POPULAR POWER.
Advertisements

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Vpn-info.com.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Java Applet Security Diana Dong CS 265 Spring 2004.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Cryptographic Technologies
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.
Week #7 Objectives: Secure Windows 7 Desktop
Java Virtual Machine Java Virtual Machine A Java Virtual Machine (JVM) is a set of computer software programs and data structures that use.
Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)
An approach to on the fly activation and deactivation of virtualization-based security systems Denis Efremov Pavel Iakovenko
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.
COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.
1 Information Security Practice I Lab 5. 2 Cryptography and security Cryptography is the science of using mathematics to encrypt and decrypt data.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz
1 Part 7: State of the Art and Future u Are we in a sorry state? u How to keep us Safe? u Software trust management u Hardware trust management u Evasive.
Java Security Session 19. Java Security / 2 of 23 Objectives Discuss Java cryptography Explain the Java Security Model Discuss each of the components.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
ITP 109 Week 2 Trina Gregory Introduction to Java.
Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.
 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.
Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.

Security Fundamentals
Key management issues in PGP
Trusted? 05/4/2016 Charles Sheehe, CCSDS Security Working Group GRC POC All information covered is from public sources.
Trusted Computing and the Trusted Platform Module
Security Outline Encryption Algorithms Authentication Protocols
Authentication, Authorisation and Security
Hardware Cryptographic Coprocessor
POPULAR POWER Security Issues of Peer-to-Peer Systems
IS3230 Access Security Unit 9 PKI and Encryption
Information Security message M one-way hash fingerprint f = H(M)
Using SSL – Secure Socket Layer
Public Key Infrastructure
Message Digest Cryptographic checksum One-way function Relevance
Secure Electronic Transaction (SET) University of Windsor
Lecture 4 - Cryptography
The Secure Sockets Layer (SSL) Protocol
Install AD Certificate Services
Advanced Computer Networks
Electronic Payment Security Technologies
Presentation transcript:

Trusted Component Deployment Trusted Components Bernd Schoeller January 30 th, 2006

Code from the Web ➢ Can I trust the software on my machine, knowing that there are “very bad people” out there ? ● risk of malicious code ● risk of insecure code ● risk of misbehaving code

Overview ➢ Cryptographic crash course ➢ Component deployment technologies ● signed binaries ● public key infrastructure ● trusted computing ● processes and virtual machines ➢ Next week: proof-carrying code

Cryptographic Crash Course ➢ Encryption / Decryption Hello World xrundctba asjfijas43 xrundctba asjfijas43 Hello World

Cryptographic Crash Course ➢ Symmetric Encryption Hello World xrundctba asjfijas43 xrundctba asjfijas43 Hello World = “shared secret”

Cryptographic Crash Course ➢ Asymmetric Encryption Hello World xrundctba asjfijas43 xrundctba asjfijas43 Hello World = “private key”= “public key” = “key pair”+

Hash Function Hello World 4711 Hallo World 0815 = “hash function” 4711 = “hash value”

Digital Signatures (very short) Hello World Hello World equal ?

Using Hash Values for Trust

Bad guy TM

“Man in the Middle” Attack Request hash value for X The hash value for X is H Bad guy TM Request hash value for X The hash value for X is H'

Signed Binaries ➢ A signed binary can be authenticated to come from a certain source ● trust developer, but not deployment channel ● safe for “man in the middle” attack ● automatic check ● liability and damages

The Next Problem ➢ How do we get the public keys to the users ?

PKI ➢ “Public Key Infrastructure”: an global or local arrangement that provides the vetting of, and the vouching for user identities and the connected distribution of public keys. ➢ Types of PKI ● Hierarchical ● Distributed

Hierarchical PKIs Central Authority Central Authority Key Issuer signs the public keys of CAs: VeriSign, BSI

Distributed PKIs ➢ “Chain of Trust” ● all participants of a security network start to sign each others keys ● a key is officially seen as valid if ● signed by myself ● signed by “enough” other key holders, which are trusted by myself

PGP “Web of Trust” ➢ Levels of trust ● untrusted: signatures with this key are ignored ● marginal: 2 signatures make a key valid ● complete/unlimited: signatures with this key make a key valid

APT Secure ➢ APT is the standard package distribution tool of the Debian linux distribution ➢ Packages can be distributed world-wide ➢ User are encouraged to use a local package server with good connectivity ➢ Authenticity of packages automatically validated with digital signatures

APT Secure (cont.) Maintainer Debian Developer Software 3476 Software 3476 Packages Release Packages Release Packages User

Trusted Computing ➢ Definition I: System that lets the user verify/control the software that he is running on his machine ➢ Definition II: System that lets the manufacturer verify/control the software that the user is running on his machine Not part of this lecture

Trusted Computing (cont.) ➢ Integrate a chip into computers that can ● supervise the boot process ● safely store (write only) keys ● verify signatures of code before execution ➢ Integrated into many IBM Thinkpad notebooks ➢ Driver available for Linux (tpm) ● Part of Linux Kernel rc2 or later

Untrusted Execution ➢ Can we execute code that we do not trust ? ● separate the code execution from the rest of the system ● control access to resources (CPU, memory, IO) ● support the user in assessing computational results

Assessing Computational Results Am I trustworthy?

UNIX Processes ➢ Traditional system separation ● code execution is associated with a user account ● control hardware resources (ulimit) ● IO access controlled by “user mode” ● CPU resource controlled by scheduler ● memory access controlled by MMU

Virtual Machines ➢ Hardware support not needed ● Code JIT compiled or interpreted ➢ Byte-code allows static analysis ➢ Code verification at load time ● verified code can disable monitoring ➢ JIT compiler can integrate run-time checks ➢ Fine-grained verification

Examples of Virtual Machines ➢ JVM,.NET ➢ JavaScript ➢ Postscript ➢ Online Games: Quake, UT, Doom, Half-Life

Summary ➢ We have to be careful about the code that is executed on our machines ● There are many reasons not to trust code that others give you ● Dynamic systems require complex deployment and verification mechanisms

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.