Presentation is loading. Please wait.

Presentation is loading. Please wait.

Trusted Computing Security for the Digital World Industry Leader in Trusted Systems and Services Lark M. Allen Wave Systems Corp.

Published byDinah Roberts Modified over 8 years ago

Similar presentations

Presentation on theme: "Trusted Computing Security for the Digital World Industry Leader in Trusted Systems and Services Lark M. Allen Wave Systems Corp."— Presentation transcript:

1 Trusted Computing Security for the Digital World Industry Leader in Trusted Systems and Services Lark M. Allen Wave Systems Corp. lallen@wavesys.com

2 The Evolution of the Digital Infrastructure Processing (PC) Time Connectivity (Internet) Access (WWW) Trust/SecurityTrust/Security Web Services

3 Trusted Computing  Trusted Computing: Hardware and Software behave as designed

4 Trusted Computing – Who Is Trusting? nTrust is in the eye of the beholder PARTNERS SERVICE PROVIDERS ENTERPRISE USER Trusted PC ?

5 Trusted Computing: Why Required? Bugbear worm tries to steal credit cards, passwords VITAL SIGNS FOR OCTOBER 2, 2002 etc, etc. Intuitively Obvious?

6 Trusted Computing Initiatives Microsoft Palladium Smart Cards Intel LaGrande Cell Phones Set Top Boxes Gaming Platforms TCPA FinRead

7 Trust: A Political Lightning Rod Control Privacy Closed Surveillance Tracking Conspiracy Theories Opt-In/ Opt-out

8 Trusted Computing – Adoption Drivers  Market Adoption Requires the ‘Gorillas’ “Trustworthy Computing is the highest priority for all the work we are doing. We must lead the industry…” Bill Gates Microsoft Jan 15, 2002 “Trustworthy Computing is the highest priority for all the work we are doing. We must lead the industry…” Bill Gates Microsoft Jan 15, 2002 THE BIG SECRET By Steven Levy, Newsweek, July 1, 2002 A First Look At Microsoft’s Palladium An exclusive first look at Microsoft’s ambitious and risky-plan to remake the personal computer to ensure security, privacy and intellectual property rights. Will you buy it? THE BIG SECRET By Steven Levy, Newsweek, July 1, 2002 A First Look At Microsoft’s Palladium An exclusive first look at Microsoft’s ambitious and risky-plan to remake the personal computer to ensure security, privacy and intellectual property rights. Will you buy it?

9 Trusted Systems – Hardware Based  Hardware is a requirement for Trusted Systems S.2048 Hollings Bill “Consumer Broadband and Digital Television Promotion Act” S.2048 Hollings Bill “Consumer Broadband and Digital Television Promotion Act” FEDS EYE COPY LOCKS FOR PC GEAR “If you can’t protect anything you own, you don’t own anything” VALENTI “You can layer all the security and digital rights management software you want on top of the PC platform, but without trusted hardware the PC is still not secure”. Scott Dinsdale Executive VP, Digital Strategy Motion Picture Association Digital Hollywood Conf, 2/4/2002

10 Pyramid of Protection Security Strength Software Only Tamper-Resistant Software Tamper-Resistant Firmware DRMs BIOS Secure Software Hdwr/Sftwr PKI Trust System Trusted, Shared Hardware - Static Hardware – Prog. TCPA Smart Cards Trusted, Unshared Hardware

11 Trusted Computing – Bottom to Top Trusted Hardware PC Hardware BIOS Firmware Operating System System Services Applications User Services nSecurity at any layer can be defeated by accessing the next lower layer nTrusted Computing requires security hardware as the foundation for platform security nPlus security enablement features in each layer

12 Trusted Computing Technologies Hidden Processing Secure Storage Secure Time Random Number Generator Trust Infrastructure Tamper Resistant Hardware Encryption Algorithms Public Key Infrastructure Digital Certificates Digital Signatures Trusted Operating Systems Global Unique Identities Trusted Applications Trusted Computing

13 Example: Single Security Chip System Code USB Interface ISO 7816 Controller GPIO Microprocessor DES MME MMULT Real Time Clock Flash Memory Internal RAM (IRAM) Device Control SRAM Flash Optional I/O RS-232C Interface SHA CacheMMU Timers RNG Crystal Battery External I/F Encrypted Memory I/F LPC Slave Interface LPC Master Interface Non-vol SRAM PROCESSOR MEMORY MANAGEMENT SECURE TIME CRYPTO ALGORITHMS ENCRYPTED MEMORY SECURE INPUT / OUTPUT NON-VOLATILE MEMORY INTRUSION DETECTION TRUSTED OS SECURE KEYPAD/ DISPLAY

14 Trusted Systems – Overview Is n E-Commerce Is Complex Trust Relationships “Hardware-level security is required for complex trust relationships. Internet transactions by their nature are done at a distance, not face to face, therefore the security requirements to protect the interests of every party in a digital transaction are even more important than in the physical world.” Dr. Robert Thibadeau Computer Science Carnegie Mellon University

15 Trusted Devices Multiparty Trust for E-Commerce Content & Services Protection / Digital Rights Mgmt. Multi-Party Trust FINANCIALMERCHANTUSER Digital Identity Credit Cards Consumer Relationship System Wallet Distributed Transaction System

16 Trusted Computing – Open, Shared  OpenProgrammableInteroperable Trust  Open, Programmable and Interoperable Trust Required for Internet Devices  OpenProgrammableInteroperable Trust  Open, Programmable and Interoperable Trust Required for Internet Devices USER Cards / Tokens/ Authentication  Smart Cards  Biometrics  SecureID  Passwords  PINs  Passport/Liberty  X509 Cert Auth.  Registration Auth. User Devices  Cell Phones  Trusted Readers  FINREAD/GTI  PDAs  Wireless Devices  Merchant Terminals  Access Devices Platforms / Peripherals / Consumer Electronics  PC  Set Top Box  Cable Modems  Keyboards/Input  Storage Devices  Output-TV/Prntrs  Graphics Cards  Receivers, Players  DTLA Applications / Services / Software  OS / Boot  Applications  Certified Applets  Digital Signatures  Firmware  Web Agents  Authenticode  CDSA Data / DRM / Media Streams  DRMs  5C / DTCP  MHCP/DVI  Conditional Access  SDMI  Watermarking  DeCSS “Incredibly secure and trustworthy computer systems exist today, but they are largely independent, single- purpose systems that are meticulously engineered and then isolated.” Craig Mundie SVP, CTO Microsoft

17 Trusted Computing – Models Cell Phones Cable Networks Credit Cards Satellite Networks nClosed, isolated systems nSingle party control nProprietary security and trust technology PC / Internet Devices nShared trust nMultiple web services nOpen standards

18 Trusted Computing – Trust Models Number of Trustors Applications/Services 1Multiple 1 STB TCPA Cell Phone Driver’s License / Passports / Credit Cards Smart Cards Difficulty

19 Wave Systems Corp. TRUST ROOT KEY Trusted Device #1 Device Server CA Authorization Agent CA Application Development Service CA Trusted Device #x Trusted Device #y Trusted Device #n Initialization Service CA Application Certification CA ADS #mACA #m AA #m IS #mDS #m ROOTS: The Genealogy of Trust Trust Assurance Network CA(s) X509V3 Identification Certificates Key Based Identification Trust Assurance Network Trusted Devices and Components TRUSTED THIRD PARTY “Source” of Trust Trusted Applications And Services

20 Wave Systems Corp. T Open Trust Infrastructures T T T T n Goal: ‘Hosts’ Trust ‘Controllers’ Open, Interoperability Standards Critical Infrastructures Protection Basis for Digital Commerce

21 Trusted Computing – Overview  Trusted Computing is a system solution “Security is a chain; it’s only as secure as the weakest link. Security is a process, not a product” “Complexity is the enemy of security. Things are getting more complex. Security must be designed in from the beginning” Bruce Schneier Co-Founder, CTO Counterpane Internet Security Author, Secrets and Lies

22 T T T T T nTrusted Systems Design – End to End Solutions nUntrusted T T T T T nTrusted U U nTrusted devices or components can communicate securely over untrusted networks nUntrusted devices cause the result to become untrusted

23 Trusted Systems – Overview  Every Device and Component Must Be Trusted Trusted Input, Processing, Output, Storage, Network  Every Device and Component Must Be Trusted Trusted Input, Processing, Output, Storage, Network Self-Securing Devices Dr. Greg Ganger Carnegie Mellon University Ganger Distributed Trust Boundaries A Better Defensive Structure: Security Hardware Input / Keyboard Network Adapter Graphics Adapter Output Devices Storage Memory Processor

24 Kernel Programs CD-R DVD-R Trusted Computing – System Design Video Capture Main Memory NIC Network SIC Keyboard Graphics Card Motherboard nTrusted Peripherals nSecure Channels

25 Market Investment  Trusted Computing market is very large and one of the fastest growing IT segments Hardware $16.1 B Software $16.6 B Integration Services $10.8 B Security Hardware, Software and Services “The Bush Administration has proposed a 56% increase in IT-Security spending in fiscal 2003 to $4.3 B from $2.7 B in 2002. The numbers do no include another $20 B for IT spending in Intelligence Agencies.” Dow Jones Newswire 6/13/2002

26 Trusted Computing – Services  Trusted Systems and Then Web Services: Deployment Will Drive Services  Trusted Systems and Then Web Services: Deployment Will Drive Services Keyboards PCs Peripherals STBs Finance Government Consumers Enterprise Networks

27 Trusted Systems – Overview  Customers will pay for Trusted Systems $25 $50 $75 $100 $200 Privacy and the Internet/Hart Research 84% 71% 57% 49% 34% Definitely interested in adding security technology to new computer Probably interested in adding security technology IBM Embedded Security Subsystem $25.00

28 Strong Authentication Content Protection Services Delivery E-Commerce Privacy Protection Platform Security(TCPA) Secure VPNs & Peer-Peer Conditional Access Distributed Transactions Applications Trusted Operating System Trusted Hardware Components Trust Infrastructure Key Management Trusted Computing Applications

29 Trusted Computing – Smart Credentials 1. USID Number 2. Optical Strip – 4MB 3. Digital Photo 4. Smart Card Chip 5. Internal Memory Strip – 20 MB 6. 2D Bar Code – 2KB

30 Trusted Input Devices - FinRead  Financial Transactions Embedded Trusted Client Processor Secure Display Secure Input Secure Processing Storage Java Strong Cryptography  EU Finance Industry Spec  Java Support- Finlets  Multi-factor Authentication  Keyboards, smart card readers, cell phones

31 Trusted Systems – Authentication ■ The Internet Perimeter Must Be Both Trusted and Intelligent INTERNET (VPN) INTERNET (VPN) PHYSICAL WORLD DIGITAL WORLD IDENTITY CREDENTIALS / PASSWORDS Server Trusted AUTHENTICATION PC Client Trusted UntrustedTrusted

32 Internet Devices Need Flexibility  Must support more multiple security specifications simultaneously  Must fill the role for hardware security from many different locations-every component is trusted  Keyboards  Motherboards  Network Adapters  Peripherals – Graphics, Disk, Output Drives  Must support interim and long term security requirements  Must provide the security strength of hardware with the flexibility of software  Must support multi-party trust, not just first party control

33 Trusted Computing Challenges nStandardization and convergence of trusted computing components Platform security and peripherals Open trust infrastructures Web services and identity management Content protection nPrivacy and security laws, policies, and practices nDevelopment time for complex eco-systems nSuccessful business and technical models for trusted services, including Internet content nLegacy population of untrusted devices

34 Trusted Computing Overview Thank You!

Download ppt "Trusted Computing Security for the Digital World Industry Leader in Trusted Systems and Services Lark M. Allen Wave Systems Corp."

Similar presentations

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Embedded System Lab. What is an embedded systems? An embedded system is a computer system designed for specific control functions within a larger system,

Embedded System Lab. What is an embedded systems? An embedded system is a computer system designed for specific control functions within a larger system,
Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards

Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards
A l a d d i n. c o m eToken NG-OTP Combined PKI - OTP Authentication Solution November, 2008.

A l a d d i n. c o m eToken NG-OTP Combined PKI - OTP Authentication Solution November, 2008.
SPD1 Improving Security and Access to Network with Smart Badge Eril Pasaribu CISA,CISSP Security Consultant.

SPD1 Improving Security and Access to Network with Smart Badge Eril Pasaribu CISA,CISSP Security Consultant.
Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.
1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.

Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.
Computer and Network Security Mini Lecture by Milica Barjaktarovic.

Computer and Network Security Mini Lecture by Milica Barjaktarovic.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Computer Basics 1 Computer Basic 1 includes two lessons:

Computer Basics 1 Computer Basic 1 includes two lessons:
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems.

User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
02/12/00 E-Business Architecture

02/12/00 E-Business Architecture
Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.

Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Similar presentations

Ads by Google