Download presentation
Presentation is loading. Please wait.
Published byDinah Roberts Modified over 8 years ago
1
Trusted Computing Security for the Digital World Industry Leader in Trusted Systems and Services Lark M. Allen Wave Systems Corp. lallen@wavesys.com
2
The Evolution of the Digital Infrastructure Processing (PC) Time Connectivity (Internet) Access (WWW) Trust/SecurityTrust/Security Web Services
3
Trusted Computing Trusted Computing: Hardware and Software behave as designed
4
Trusted Computing – Who Is Trusting? nTrust is in the eye of the beholder PARTNERS SERVICE PROVIDERS ENTERPRISE USER Trusted PC ?
5
Trusted Computing: Why Required? Bugbear worm tries to steal credit cards, passwords VITAL SIGNS FOR OCTOBER 2, 2002 etc, etc. Intuitively Obvious?
6
Trusted Computing Initiatives Microsoft Palladium Smart Cards Intel LaGrande Cell Phones Set Top Boxes Gaming Platforms TCPA FinRead
7
Trust: A Political Lightning Rod Control Privacy Closed Surveillance Tracking Conspiracy Theories Opt-In/ Opt-out
8
Trusted Computing – Adoption Drivers Market Adoption Requires the ‘Gorillas’ “Trustworthy Computing is the highest priority for all the work we are doing. We must lead the industry…” Bill Gates Microsoft Jan 15, 2002 “Trustworthy Computing is the highest priority for all the work we are doing. We must lead the industry…” Bill Gates Microsoft Jan 15, 2002 THE BIG SECRET By Steven Levy, Newsweek, July 1, 2002 A First Look At Microsoft’s Palladium An exclusive first look at Microsoft’s ambitious and risky-plan to remake the personal computer to ensure security, privacy and intellectual property rights. Will you buy it? THE BIG SECRET By Steven Levy, Newsweek, July 1, 2002 A First Look At Microsoft’s Palladium An exclusive first look at Microsoft’s ambitious and risky-plan to remake the personal computer to ensure security, privacy and intellectual property rights. Will you buy it?
9
Trusted Systems – Hardware Based Hardware is a requirement for Trusted Systems S.2048 Hollings Bill “Consumer Broadband and Digital Television Promotion Act” S.2048 Hollings Bill “Consumer Broadband and Digital Television Promotion Act” FEDS EYE COPY LOCKS FOR PC GEAR “If you can’t protect anything you own, you don’t own anything” VALENTI “You can layer all the security and digital rights management software you want on top of the PC platform, but without trusted hardware the PC is still not secure”. Scott Dinsdale Executive VP, Digital Strategy Motion Picture Association Digital Hollywood Conf, 2/4/2002
10
Pyramid of Protection Security Strength Software Only Tamper-Resistant Software Tamper-Resistant Firmware DRMs BIOS Secure Software Hdwr/Sftwr PKI Trust System Trusted, Shared Hardware - Static Hardware – Prog. TCPA Smart Cards Trusted, Unshared Hardware
11
Trusted Computing – Bottom to Top Trusted Hardware PC Hardware BIOS Firmware Operating System System Services Applications User Services nSecurity at any layer can be defeated by accessing the next lower layer nTrusted Computing requires security hardware as the foundation for platform security nPlus security enablement features in each layer
12
Trusted Computing Technologies Hidden Processing Secure Storage Secure Time Random Number Generator Trust Infrastructure Tamper Resistant Hardware Encryption Algorithms Public Key Infrastructure Digital Certificates Digital Signatures Trusted Operating Systems Global Unique Identities Trusted Applications Trusted Computing
13
Example: Single Security Chip System Code USB Interface ISO 7816 Controller GPIO Microprocessor DES MME MMULT Real Time Clock Flash Memory Internal RAM (IRAM) Device Control SRAM Flash Optional I/O RS-232C Interface SHA CacheMMU Timers RNG Crystal Battery External I/F Encrypted Memory I/F LPC Slave Interface LPC Master Interface Non-vol SRAM PROCESSOR MEMORY MANAGEMENT SECURE TIME CRYPTO ALGORITHMS ENCRYPTED MEMORY SECURE INPUT / OUTPUT NON-VOLATILE MEMORY INTRUSION DETECTION TRUSTED OS SECURE KEYPAD/ DISPLAY
14
Trusted Systems – Overview Is n E-Commerce Is Complex Trust Relationships “Hardware-level security is required for complex trust relationships. Internet transactions by their nature are done at a distance, not face to face, therefore the security requirements to protect the interests of every party in a digital transaction are even more important than in the physical world.” Dr. Robert Thibadeau Computer Science Carnegie Mellon University
15
Trusted Devices Multiparty Trust for E-Commerce Content & Services Protection / Digital Rights Mgmt. Multi-Party Trust FINANCIALMERCHANTUSER Digital Identity Credit Cards Consumer Relationship System Wallet Distributed Transaction System
16
Trusted Computing – Open, Shared OpenProgrammableInteroperable Trust Open, Programmable and Interoperable Trust Required for Internet Devices OpenProgrammableInteroperable Trust Open, Programmable and Interoperable Trust Required for Internet Devices USER Cards / Tokens/ Authentication Smart Cards Biometrics SecureID Passwords PINs Passport/Liberty X509 Cert Auth. Registration Auth. User Devices Cell Phones Trusted Readers FINREAD/GTI PDAs Wireless Devices Merchant Terminals Access Devices Platforms / Peripherals / Consumer Electronics PC Set Top Box Cable Modems Keyboards/Input Storage Devices Output-TV/Prntrs Graphics Cards Receivers, Players DTLA Applications / Services / Software OS / Boot Applications Certified Applets Digital Signatures Firmware Web Agents Authenticode CDSA Data / DRM / Media Streams DRMs 5C / DTCP MHCP/DVI Conditional Access SDMI Watermarking DeCSS “Incredibly secure and trustworthy computer systems exist today, but they are largely independent, single- purpose systems that are meticulously engineered and then isolated.” Craig Mundie SVP, CTO Microsoft
17
Trusted Computing – Models Cell Phones Cable Networks Credit Cards Satellite Networks nClosed, isolated systems nSingle party control nProprietary security and trust technology PC / Internet Devices nShared trust nMultiple web services nOpen standards
18
Trusted Computing – Trust Models Number of Trustors Applications/Services 1Multiple 1 STB TCPA Cell Phone Driver’s License / Passports / Credit Cards Smart Cards Difficulty
19
Wave Systems Corp. TRUST ROOT KEY Trusted Device #1 Device Server CA Authorization Agent CA Application Development Service CA Trusted Device #x Trusted Device #y Trusted Device #n Initialization Service CA Application Certification CA ADS #mACA #m AA #m IS #mDS #m ROOTS: The Genealogy of Trust Trust Assurance Network CA(s) X509V3 Identification Certificates Key Based Identification Trust Assurance Network Trusted Devices and Components TRUSTED THIRD PARTY “Source” of Trust Trusted Applications And Services
20
Wave Systems Corp. T Open Trust Infrastructures T T T T n Goal: ‘Hosts’ Trust ‘Controllers’ Open, Interoperability Standards Critical Infrastructures Protection Basis for Digital Commerce
21
Trusted Computing – Overview Trusted Computing is a system solution “Security is a chain; it’s only as secure as the weakest link. Security is a process, not a product” “Complexity is the enemy of security. Things are getting more complex. Security must be designed in from the beginning” Bruce Schneier Co-Founder, CTO Counterpane Internet Security Author, Secrets and Lies
22
T T T T T nTrusted Systems Design – End to End Solutions nUntrusted T T T T T nTrusted U U nTrusted devices or components can communicate securely over untrusted networks nUntrusted devices cause the result to become untrusted
23
Trusted Systems – Overview Every Device and Component Must Be Trusted Trusted Input, Processing, Output, Storage, Network Every Device and Component Must Be Trusted Trusted Input, Processing, Output, Storage, Network Self-Securing Devices Dr. Greg Ganger Carnegie Mellon University Ganger Distributed Trust Boundaries A Better Defensive Structure: Security Hardware Input / Keyboard Network Adapter Graphics Adapter Output Devices Storage Memory Processor
24
Kernel Programs CD-R DVD-R Trusted Computing – System Design Video Capture Main Memory NIC Network SIC Keyboard Graphics Card Motherboard nTrusted Peripherals nSecure Channels
25
Market Investment Trusted Computing market is very large and one of the fastest growing IT segments Hardware $16.1 B Software $16.6 B Integration Services $10.8 B Security Hardware, Software and Services “The Bush Administration has proposed a 56% increase in IT-Security spending in fiscal 2003 to $4.3 B from $2.7 B in 2002. The numbers do no include another $20 B for IT spending in Intelligence Agencies.” Dow Jones Newswire 6/13/2002
26
Trusted Computing – Services Trusted Systems and Then Web Services: Deployment Will Drive Services Trusted Systems and Then Web Services: Deployment Will Drive Services Keyboards PCs Peripherals STBs Finance Government Consumers Enterprise Networks
27
Trusted Systems – Overview Customers will pay for Trusted Systems $25 $50 $75 $100 $200 Privacy and the Internet/Hart Research 84% 71% 57% 49% 34% Definitely interested in adding security technology to new computer Probably interested in adding security technology IBM Embedded Security Subsystem $25.00
28
Strong Authentication Content Protection Services Delivery E-Commerce Privacy Protection Platform Security(TCPA) Secure VPNs & Peer-Peer Conditional Access Distributed Transactions Applications Trusted Operating System Trusted Hardware Components Trust Infrastructure Key Management Trusted Computing Applications
29
Trusted Computing – Smart Credentials 1. USID Number 2. Optical Strip – 4MB 3. Digital Photo 4. Smart Card Chip 5. Internal Memory Strip – 20 MB 6. 2D Bar Code – 2KB
30
Trusted Input Devices - FinRead Financial Transactions Embedded Trusted Client Processor Secure Display Secure Input Secure Processing Storage Java Strong Cryptography EU Finance Industry Spec Java Support- Finlets Multi-factor Authentication Keyboards, smart card readers, cell phones
31
Trusted Systems – Authentication ■ The Internet Perimeter Must Be Both Trusted and Intelligent INTERNET (VPN) INTERNET (VPN) PHYSICAL WORLD DIGITAL WORLD IDENTITY CREDENTIALS / PASSWORDS Server Trusted AUTHENTICATION PC Client Trusted UntrustedTrusted
32
Internet Devices Need Flexibility Must support more multiple security specifications simultaneously Must fill the role for hardware security from many different locations-every component is trusted Keyboards Motherboards Network Adapters Peripherals – Graphics, Disk, Output Drives Must support interim and long term security requirements Must provide the security strength of hardware with the flexibility of software Must support multi-party trust, not just first party control
33
Trusted Computing Challenges nStandardization and convergence of trusted computing components Platform security and peripherals Open trust infrastructures Web services and identity management Content protection nPrivacy and security laws, policies, and practices nDevelopment time for complex eco-systems nSuccessful business and technical models for trusted services, including Internet content nLegacy population of untrusted devices
34
Trusted Computing Overview Thank You!
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.