TRUST and STANDARDIZATION

Slides:



Advertisements
Similar presentations
Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.
Advertisements

1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary December 2010 Irvine, CA – PWG Meeting Ira McDonald (High.
1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary and IDS WG TCG Activity Summary August 2010 Bagsvaerd, Denmark – PWG Meeting.
1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary 10 June 2010 Rochester, NY – PWG F2F Meeting Ira McDonald.
1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary 7 April 2010 Camas, WA – PWG F2F Meeting Ira McDonald (High.
1Copyright © 2011, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary May 2011 Webster, NY – PWG Meeting Ira McDonald (High North.
Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
 What Is Desktop Virtualization?  How Does Application Virtualization Help?  How does V3 Systems help?  Getting Started AGENDA.
Vpn-info.com.
1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.
Dongyan Wang GlobalPlatform Technical Program Manager
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.
Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.
Using Secure Coprocessors to Protect Access to Enterprise Networks Dr. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh
Enforcement of Security Policy Compliance in Virtual Private Networks Prof. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.
Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
Trusted Computing Platform Alliance – Introduction and Technical Overview – Joe Pato HP Labs MIT 6.805/ October 2002.
Aircraft is a Node on the Internet
Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
By Mihir Joshi Nikhil Dixit Limaye Pallavi Bhide Payal Godse.
Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Open Standards for Network Access Control Trusted Network Connect.
Cloud Computing & Security Issues Prepared by: Hamoud Al-Shammari CS 6910 Summer, 2011 University of Colorado at Colorado Springs Engineering & Applied.
© Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. Trusted Computing Yaron Sheffer Manager, Standards.
Network Access Control for Education
Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.
Trusted Computing BY: Sam Ranjbari Billy J. Garcia.
Week #7 Objectives: Secure Windows 7 Desktop
Trusted Computing Platform Alliance
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Extending user controlled security domain.
SODA Archiving October 2013
Copyright © 2011 EMC Corporation. All Rights Reserved. MODULE – 6 VIRTUALIZED DATA CENTER – DESKTOP AND APPLICATION 1.
Trusted Computing Or How I Learned to Stop Worrying and Love the MPAA.
DSKPP And PSKC: IETF Standard Protocol And Payload For Symmetric Key Provisioning Philip Hoyer Senior Architect – CTO Office.
DSKPP And PSKC: IETF Standard Protocol And Payload For Symmetric Key Provisioning Philip Hoyer Senior Architect – CTO Office.
Cosc 4765 Trusted Platform Module. What is TPM The TPM hardware along with its supporting software and firmware provides the platform root of trust. –It.
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
An Introduction to Trusted Platform Technology Siani Pearson Hewlett Packard Laboratories, UK
Trusted Infrastructure Xiaolong Wang, Xinming Ou Based on Dr. Andrew Martin’s slides from TIW 2013.
Wireless and Mobile Security
Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)
Cyber in the Cloud & Network Enabling Offense and Defense Mark Odell April 28, 2015.
TCS Internal Security. 2 TCS Internal Objective Objective :  Android Platform Security Architecture.
Agenda 5G Capabilities to Drive 5G Security Network Slicing
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
IoT R&I on IoT integration and platforms INTERNET OF THINGS
Copyright © 2009 Trusted Computing Group An Introduction to Federated TNC Josh Howlett, JANET(UK) 11 June, 2009.
*Trusted Platform Module
Trusted? 05/4/2016 Charles Sheehe, CCSDS Security Working Group GRC POC All information covered is from public sources 1.
Trusted? 05/4/2016 Charles Sheehe, CCSDS Security Working Group GRC POC All information covered is from public sources.
Chapter 6: Securing the Cloud
Trusted Computing and the Trusted Platform Module
Protecting Network Equipment
TCG’s Embedded System and IoT Focus
draft-fitzgeraldmckay-sacm-endpointcompliance-00
Intel Active Management Technology
System Center Operations Manager 2007 – Technical Overview
Presentation transcript:

TRUST and STANDARDIZATION ITU Workshop on "Future Trust and Knowledge Infrastructure", Phase 1 Geneva, Switzerland, 24 April 2015 PLATFORM INTEGRITY TRUST and STANDARDIZATION Alec Brusilovsky Co-chair of TCG TMS WG and Manager, Security Standardization, Interdigital alec.brusilovsky@interdigital.com

Agenda Problem Statement Foundation of Trust TCG Overview Scope, Members, Platforms, Liaisons, Meetings, Work Groups TCG Technologies TPM, TNC, SED, Mobile Summary Acknowledgements

Problem Statement Migration of network core functionality to the cloud introduces new security vulnerabilities due to loss of the security provided by the physical protection and isolation of traditional network systems When moving functionality to the Cloud, scalable security controls and tools to provide MNO/enterprise with trust and assurance that their data and computing will remain private and uncompromised do not exist There is a need for explicit and verifiable ways of protecting software components (guest OS, applications/library code and data) that reside in the Cloud (a virtual machine or a container) Trust in computing platform (boot, runtime, crash, and storage integrity) as well as security automation have to be defined and standardized to ensure interoperability

Presentation Title Foundation of Trust Trust is the belief that a person or system will behave predictably, even under stress It is based on experience and/or evidence It is based on fundamental properties (identity, integrity) It is easy to lose and hard to regain A trusted system is… predictable, even under stress trusted based on experience and/or evidence based on fundamental properties (identity, integrity) © 2015 Trusted Computing Group

TCG – Trusted Computing Group Presentation Title TCG – Trusted Computing Group TCG is one of the principal standards bodies focused on trusted computing standards and platform integrity TPM 1.2 and TPM 2.0 specs are ISO 11889:2009/2015 and are implemented in more than two billion devices Servers, PCs, tablets, smartphones, printers, kiosks, industrial systems, and many embedded systems Trusted Computing includes more than secure boot Security Automation Secure Cloud Secure Storage Secure Mobile Devices Secure Legacy Devices © 2015 Trusted Computing Group

TCG – Trusted Computing Group Presentation Title TCG – Trusted Computing Group The Trusted Computing Group (TCG) is a not-for-profit organization formed to develop, define and promote open, vendor-neutral, global industry standards, supportive of a hardware-based root of trust, for interoperable trusted computing platforms. Members include manufacturers, governments, and academics – cloud computing, operating systems, security research, aerospace, automotive, SoC, IoT, embedded systems, mobile phones, servers, PCs, laptops, tablets, memory, hard drives, and more © 2015 Trusted Computing Group

100+ Members: Chips, Cloud, Embedded, IoT, Mobile, PC TCG – Members 100+ Members: Chips, Cloud, Embedded, IoT, Mobile, PC Complete Membership List Available: http://www.trustedcomputinggroup.org/about_tcg/tcg_members

TCG – Where trust begins… Trusted Computing Technologies Trusted Platform Module (TPM) – hardware root-of-trust & key storage Trusted Network Connect (TNC) – access control & endpoint compliance Self-Encrypting Drive (SED) – hardware encryption & fine-grained locking PC Client, Mobile, Automotive – Profiles of TPM 2.0 Library Spec Trusted Computing Platforms Interfaces across multiple platforms for trusted data, devices, and networks Automobiles, Embedded Systems, Internet of Things, Cloud/SDN, Virtual Machines, Servers, Desktops, Laptops, Tablets, Mobile Phones, and more Formal Liaisons ETSI, Global Platform, Mobey Forum, ISO, IEEE, IETF, OASIS, and more Next TCG Member Meetings 15-19 June 2015 in Edinburgh, Scotland 19-23 October 2015 in Montreal, Canada

TCG – Work Groups Technical Work Groups – Specifications & Guidelines Embedded Systems – auto, IoT, financial, industrial, medical, SmartGrid Infrastructure – integrating TCG technologies into enterprises & Internet Mobile – phones, PDAs, eReaders, etc. PC Client – desktop/laptop/tablet interfaces & profiles for security & trust Server – server requirements, guidelines, and specifications Software Stack – standard APIs for accessing the functions of a TPM Storage – standards for security services on dedicated storage systems Trusted Network Connect – endpoint integrity and access control Trusted Platform Module – hardware root-of-trust, crypto, key management Virtualized Platform – virtual TPM, multi-persona, isolation, migration Solutions Work Groups – Use Cases & Best Practices Trusted Mobility Solutions – end-to-end mobile ecosystems & solutions Trusted Multitenant Infrastructure – Cloud trust models & best practices

Platform security for NFV (boot, crash, and runtime) TCG – Key Technologies Platform security for NFV (boot, crash, and runtime)

Trusted Platform Module (TPM) Trusted Platform Module offers facilities for the secure generation of cryptographic keys, and limitation of their use, in addition to a random number generator. It also includes capabilities such as remote attestation and sealed storage, as follows: Remote attestation – creates a nearly unforgeable hash summary of the hardware and software configuration. The program hashing the configuration data determines the extent of the summary of the software. This allows a third party to verify that the software has not been changed. Binding – encrypts data using TPM bind key, a unique RSA key descended from a storage key. Sealing – encrypts data in a similar manner to binding, but in addition specifies a state in which TPM must be in order for the data to be decrypted (unsealed). Software can use a Trusted Platform Module to authenticate hardware devices. Since each TPM chip has a unique and secret RSA key burned in as it is produced, it is capable of performing platform authentication. TPM components (figure by Guillaume Piolle).

TCG – Trusted Platform Module TPM 2.0 Library Spec – Revision 01.16 – October 2014 http://www.trustedcomputinggroup.org/resources/tpm_library_specification Part 1: Architecture – concepts, roots-of-trust, features, authorizations Part 2: Structures – types, constants, handles, interfaces, structures Part 3: Commands – startup, self-test, sessions, objects, crypto, attestation, signatures, audit, integrity, authorization, key hierarchies, dictionary attack defense, field upgrade, context mgmt, clocks & timers, capabilities, NVRAM Part 4: Supporting Routines – automation, header files, execute, sessions, attestation, context mgmt, policies, NVRAM, objects, crypto, audit, etc. TPM 2.0 Library Errata – Version 1.2 – February 2015 sessions, authorizations, quotes, signatures, NVRAM, etc. TCG Algorithm Registry – Rev 01.22 – February 2015 http://www.trustedcomputinggroup.org/resources/tcg_algorithm_registry RSA, ECC Curves, Hash Algorithms, Symmetric Block Ciphers, etc.

TCG – Trusted Platform Module A Practical Guide to TPM 2.0 – February 2015 http://www.trustedcomputinggroup.org/resources/a_practical_guide_to_tpm_20 http://www.apress.com/9781430265832 Will Arthur (Intel) and David Challener (Johns Hopkins University) with Ken Goldman (IBM) eBook version is FREE for download TPM history, basic concepts, quick tutorial, TPM 2.0 Library spec overview TPM Software Stack 2.0 (TSS) – high-level and low-level APIs TPM entities, hierarchies, keys, NV indices Platform configuration registers (PCRs) – for secure and measured boot Authorizations, sessions, enhanced authorization (EA) policies Key management, auditing, encryption, decryption, context management Startup, shutdown, and provisioning, debugging, applications

Trusted Network Connect – attestation and security automation Trusted Network Connect (TNC) network security architecture and open standards enable intelligent policy decisions, dynamic security enforcement, and communication between security systems. TNC provides pervasive security, Network Access Control (NAC) and interoperability in multi-vendor environments. IETF "Posture Attribute (PA) Protocol Compatible with Trusted Network Connect" (PA-TNC) defined by RFC 5792 IETF "Posture Broker (PB) Protocol Compatible with Trusted Network Connect" (PB-TNC) defined by RFC 5793. Both RFCs are part of the IETF's "Network Endpoint Assessment" (NEA) framework defined by RFC 5209.

TCG – Trusted Network Connect TNC FAQs, Specifications, Developer Tools, Resources http://www.trustedcomputinggroup.org/developers/trusted_network_connect admission control, endpoint integrity verification, endpoint compliance IF-TNCCS TLV Binding – Version 2.0 – May 2014 http://www.trustedcomputinggroup.org/resources/tnc_iftnccs_specification TNC Client/Server – endpoint integrity measurement collection Posture Broker – technically aligned with IETF NEA PB-TNC – RFC 5793 IF-M TLV Binding – Version 1.0 – May 2014 http://www.trustedcomputinggroup.org/resources/tnc_ifm_tlv_binding_specification Posture Attribute – technically aligned with IETF NEA PA-TNC – RFC 5792 IF-T Tunneled EAP Methods – Version 2.0 – May 2014 http://www.trustedcomputinggroup.org/resources/tnc_ift_protocol_bindings_for_tunneled_eap_methods_specification Posture Transport – technically aligned with IETF NEA PT-EAP – RFC 7171 IT-T TLS Binding – Version 2.0 – February 2013 http://www.trustedcomputinggroup.org/resources/tnc_ift_binding_to_tls Posture Transport – technically aligned with IETF NEA PT-TLS – RFC 6876

Self-Encrypting Storage ‘Data at rest’ solution for data protection Self-encrypting drives have integrated encryption hardware. The result: Zero performance impact. Software full disk encryption/decryption is processor intensive and is performed by the main processor of the personal computer. During periods of high data usage this can have a major negative performance impact. For data intensive applications such as scans, backup, and large file operations, self-encrypting drives can provide more than double the drive performance of software FDE products All encryption and decryption is done in the protected hardware of the self-encrypting drive Encryption keys are generated in the controller hardware of the self-encrypting drive, never leave the drive, and are not accessible outside of the drive Integrated Authentication User authentication is performed by the self-encrypting drive in order to unlock the drive Authentication is performed by a protected pre-boot OS which is the only software in the system when authentication of the user is performed by the drive Authentication cannot be separated from the drive Rapid cryptographical data destruction

TCG – Self-Encrypting Drive Storage FAQs, Specifications, Developer Tools, Resources http://www.trustedcomputinggroup.org/developers/storage ATA, SATA, SCSI, FibreChannel, USB, IEEE 1394, NAS, iSCSI Storage Security Subsystem Class: Opal v2.0 – Feb 2012 http://www.trustedcomputinggroup.org/resources/storage_work_group_storage_security_subsystem_class_opal Core specification for Opal self-encrypting drives (desktops/laptops) Storage Security Subsystem Class: Enterprise v1.0 – Jan 2011 http://www.trustedcomputinggroup.org/resources/storage_work_group_storage_security_subsystem_class_enterprise_specification Core specification for enterprise self-encrypting drives (servers)

TCG – Mobile Mobile FAQs, Specifications, Developer Tools, Resources http://www.trustedcomputinggroup.org/developers/mobile ATA, SATA, SCSI, FibreChannel, USB, IEEE 1394, NAS, iSCSI TPM 2.0 Mobile Reference Architecture – 16 December 2014 http://www.trustedcomputinggroup.org/resources/tpm_20_mobile_reference_architecture_specification Secure boot, measured boot, protected environment, security requirements, and implementation examples for all mobile devices TPM 2.0 Mobile CRB Interface – 16 December 2014 http://www.trustedcomputinggroup.org/resources/tpm_20_mobile_command_response_buffer_interface_specification TPM 2.0 kernel command/response buffer interface TPM 2.0 Mobile Common Profile – 3 February 2015 – DRAFT http://www.trustedcomputinggroup.org/resources/tcg_tpm_20_mobile_common_profile Medium subset of TPM 2.0 – for feature phone or basic phone

Summary Platform integrity can be provided by standardized solutions for Hardware Root of Trust Security Automation Secure Cloud Secure Storage Secure Mobile Devices Secure Legacy Devices

Acknowledgements Much gratitude goes to my colleagues from TCG TMS, Ira McDonald and Carlin Covey

Thank you alec.brusilovsky@interdigital.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.