Presented by Mert Çetin

Slides:



Advertisements
Similar presentations
Vpn-info.com.
Advertisements

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
TCPA TCPA TCPA T rusted C omputing P latform A lliance Saurabh Phansalkar.
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Trusted Computing Platforms Blessing or Curse? by Bastian Sopora, Seminar DRM 2006.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Trusted Computing BY: Sam Ranjbari Billy J. Garcia.
Week #7 Objectives: Secure Windows 7 Desktop
Trusted Computing Platform Alliance
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Extending user controlled security domain.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 3: VPN and Encryption Technology.
Trusted Computing Or How I Learned to Stop Worrying and Love the MPAA.
Cryptography, Authentication and Digital Signatures
1 NEW GENERATION SECURE COMPUTING BASE. 2 INTRODUCTION  Next Generation Secure Computing Base,formerly known as Palladium.  The aim for palladium is.
Cosc 4765 Trusted Platform Module. What is TPM The TPM hardware along with its supporting software and firmware provides the platform root of trust. –It.
An Introduction to Trusted Platform Technology Siani Pearson Hewlett Packard Laboratories, UK
Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)
Digital Signatures and Digital Certificates Monil Adhikari.
Private key
What is BitLocker and How Does It Work? Steve Lamb IT Pro Evangelist, Microsoft Ltd
Computer Security module October 2008 Mark D. Ryan HP Labs, Bristol University of Birmingham Trusted Platform Module (TPM) introduction.
Computer Security module October 2009 Mark D. Ryan University of Birmingham Trusted Platform Module (TPM) introduction.
TAG Presentation 18th May 2004 Paul Butler
Unit 3 Section 6.4: Internet Security
Security Issues in Information Technology
Key management issues in PGP
Trusted? 05/4/2016 Charles Sheehe, CCSDS Security Working Group GRC POC All information covered is from public sources.
Web Applications Security Cryptography 1
Trusted Computing and the Trusted Platform Module
Security Outline Encryption Algorithms Authentication Protocols
Hardware security: The use of a Trusted Platform Module
Computer Communication & Networks
Secure Sockets Layer (SSL)
TAG Presentation 18th May 2004 Paul Butler
Lecture 5. Security Threats
Trusted Computing and the Trusted Platform Module
Outline What does the OS protect? Authentication for operating systems
Web Services Security.
Outline What does the OS protect? Authentication for operating systems
NET 311 Information Security
TERRA Authored by: Garfinkel, Pfaff, Chow, Rosenblum, and Boneh
Innovations for Grid Security from Trusted Computing
Lecture 4 - Cryptography
CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9
CDK: Chapter 7 TvS: Chapter 9
Intel Active Management Technology
TPM, UEFI, Trusted Boot, Secure Boot
Erica Burch Jesse Forrest
Electronic Payment Security Technologies
Bruce Maggs (with some slides from Bryan Parno)
Bruce Maggs (with some slides from Bryan Parno)
Presentation transcript:

Presented by Mert Çetin Trusted Computing Presented by Mert Çetin

Trust: The Meaning Oxford English Dictionary: Confidence in or reliance on some quality or attribute of a person or thing, or the truth of a statement. Oxford Advanced Learners’ Dictionary: The belief that sb/sth is good, sincere, honest, etc. and will not try to harm or deceive you Longman To believe that something is true without having any proof CS532 - Sabancı University 2008

Trusted Computing Developed by Trusted Computing Group Enforces a specific behaviour on a comp. system Achieved by loading a hardware with a unique ID and unique master key Deny even the owner knowledge and control Extremely controversial Not merely secured for the owner But secured against the owner as well CS532 - Sabancı University 2008

History TC: a broad term 2 main projects Microsoft Palladium Operating system (add “trusted” computing to Windows) Changed to NGSCB TCPA: Trusted Computing Platform Alliance Formed in 2003 to establish an industry standard Published specifications Changed to TCG CS532 - Sabancı University 2008

Trusted Computing Group Initiative started by: AMD Hewlett-Packard IBM Infineon Intel Microsoft Sun Microsystems Many others followed CS532 - Sabancı University 2008

The need for Trusted Computing Security Gap Compromised Systems Rouge Devices and services Lost or stolen data CS532 - Sabancı University 2008

Security Needs a New Model Include the concept of identity Build upon identity with strong authentication Allow organizations to create trust relationships Guarantee information confidentiality and integrity CS532 - Sabancı University 2008

Trusted Platform Module A microcontroller that stores keys, passwords and digital certificates Is affixed to the motherboard of a PC Ensures that the information stored is made more secure from external software attack and physical theft Security processes, such as digital signature and key exchange, are protected Access to data and secrets in a platform could be denied if the boot sequence is not as expected CS532 - Sabancı University 2008

Applications and systems of TPM TPMs offer improved, hardware-based security in numerous applications: file and folder encryption local password management S-MIME e-mail VPN and PKI authentication wireless authentication for 802.1x and LEAP CS532 - Sabancı University 2008

Cryptographic Algorithms TPM specifications require RSA, SHA-1, and HMAC AES is not required, but may be required in future versions Use of symmetric encryption is not required True random number generation is used for: key generation nonce creation to strenghten pass phrase entropy CS532 - Sabancı University 2008

TPM Architecture CS532 - Sabancı University 2008

Key Concepts Endorsement Key Secure Input/Output Memory Curtaining / protected execution Sealed Storage Remote Attestation CS532 - Sabancı University 2008

Endorsement Key 2048 bit RSA public private key pair Created randomly on chip at manufacture Cannot be changed Private key never leaves the chip Public key is used for attestation and encryption The key is used to allow executions of secure transactions CS532 - Sabancı University 2008

Secure I/O A protected path between the computer user and the software Aims to address threats posed by: Keyloggers Screen-grabbers Using checksums to verify the I/O software is not tampered with Malicious software could be identified CS532 - Sabancı University 2008

Memory Curtaining Strong, hardware enforced memory isolation To prevent programs to read/write one another’s memory Today: intruder can read/alter PC Memory In TC: even the OS cannot access curtained memory Can be done in software Rewriting of OS, drivers, applications Hardware is better! Backwards compatibility CS532 - Sabancı University 2008

Sealed Storage Protects private information by binding it to platform configuration info Data can only be read by same combination of HW and SW Solution to a major PC security falling: inability to securely store cryptographic keys! CS532 - Sabancı University 2008

Sealed Storage cont’d Generate keys based on: Keys need not be stored Identity of the software requesting to use them Identity of the computer the software is runing Keys need not be stored Generated when needed Can work together with secure I/O and memory curtaining to ensure that your private data can only be read on your computer and with a particular software CS532 - Sabancı University 2008

Remote Attestation Allows changes to the user’s computer to be detected by authorized parties Works by generating, in hardware, a cryptographic certificate attesting to the identity of the software currently running on a PC Identity is represented by a cryptographic hash When your software is altered other computers can refrain from sending private information to it Combined with public key encryption CS532 - Sabancı University 2008

Known Applications of TC Windows Vista and Server 2008 BitLocker Drive Encryption Encrypts complete volume Protect hard-drive data Plugging to a different system Running different OS to modify boot data Decrypt using TPM Trusted Gentoo give users the ability to store their cryptographic keys (e.g. ssh keys, gnupg keys) in hardware, to be released only to those applications the user wants the keys given to CS532 - Sabancı University 2008

Possible Applications of TC Digital Rights Management e.g. a music file Remote attestation: to enforce player Sealed storage: to refuse to play on another software or on another computer Curtained memory: prevent user from making unrestricted copy while playing Secure I/O: prevent capturing what is being sent to the sound system CS532 - Sabancı University 2008

Possible Applications of TC Identity theft protection Usernames and passwords: sniffable TC creates assurance e.g. Online banking via remote attestation Preventing cheating in online games remote attestation, secure I/O and memory curtaining could be used to verify that all players connected to a server were running an unmodified copy of the software CS532 - Sabancı University 2008

Possible Applications of TC Protection from viruses or spyware Digital signature of software will allow users to identify applications modified by third parties that could add spyware to the software Verification of remote computer for grid computing TC could be used to guarantee participants in a grid are returning the results of the computations they claim to be instead of forging them CS532 - Sabancı University 2008

Criticism of Trusted Computing CS532 - Sabancı University 2008

Criticism of Trusted Computing DRM prevent users from freely sharing and using potentially copyrighted or private files without explicit permission Software inter-operability and lock-in unable to switch to a competing software Word vs. OpenOffice enforce use of specific programs Internet Explorer lock in CS532 - Sabancı University 2008

Criticism of Trusted Computing Unable to non-repudiate email that disappears in two weeks documents that can only be read on the computers in one company Censorship refuse to let anyone read a specific document Users unable to override Requested but denied by TCG CS532 - Sabancı University 2008

Criticism of Trusted Computing Users may be forced to use proprietary software May require the operating system to be specifically authorized by a particular company May require every program to be specifically authorized by the operating system developer Cannot install/use free software on those machines Practicality and Reliability No opportunity of recovery in the case of malfunction CS532 - Sabancı University 2008

Criticism of Trusted Computing Loss of anonymity A TC system can uniquely attest to its own identity Possible for others to zero in the user’s identity Voluntarily or unvoluntarily Lose expectations of anonymity when using the Internet Chilling effect on: political free speech the ability of journalists to use anonymous sources other areas where the public needs protection from retaliation through anonymity CS532 - Sabancı University 2008

Solution to anonymity Direct anonymous attestation enables the remote authentication of a trusted platform while preserving the platform's privacy uses a zero-knowledge proof makes use of: Camenisch-Lysyanskaya signature scheme discrete logarithm-based proofs of knowledge thereon CS532 - Sabancı University 2008

Figures It’s happening! CS532 - Sabancı University 2008

Trustworthy or Treacherous Computing? The decision is yours.. Any questions? CS532 - Sabancı University 2008

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.