Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presented by Mert Çetin

Published byChristiana Hardy Modified over 7 years ago

Similar presentations

Presentation on theme: "Presented by Mert Çetin"— Presentation transcript:

1 Presented by Mert Çetin
Trusted Computing Presented by Mert Çetin

2 Trust: The Meaning Oxford English Dictionary:
Confidence in or reliance on some quality or attribute of a person or thing, or the truth of a statement. Oxford Advanced Learners’ Dictionary: The belief that sb/sth is good, sincere, honest, etc. and will not try to harm or deceive you Longman To believe that something is true without having any proof CS532 - Sabancı University 2008

3 Trusted Computing Developed by Trusted Computing Group
Enforces a specific behaviour on a comp. system Achieved by loading a hardware with a unique ID and unique master key Deny even the owner knowledge and control Extremely controversial Not merely secured for the owner But secured against the owner as well CS532 - Sabancı University 2008

4 History TC: a broad term 2 main projects Microsoft Palladium
Operating system (add “trusted” computing to Windows) Changed to NGSCB TCPA: Trusted Computing Platform Alliance Formed in 2003 to establish an industry standard Published specifications Changed to TCG CS532 - Sabancı University 2008

5 Trusted Computing Group
Initiative started by: AMD Hewlett-Packard IBM Infineon Intel Microsoft Sun Microsystems Many others followed CS532 - Sabancı University 2008

6 The need for Trusted Computing
Security Gap Compromised Systems Rouge Devices and services Lost or stolen data CS532 - Sabancı University 2008

7 Security Needs a New Model
Include the concept of identity Build upon identity with strong authentication Allow organizations to create trust relationships Guarantee information confidentiality and integrity CS532 - Sabancı University 2008

8 Trusted Platform Module
A microcontroller that stores keys, passwords and digital certificates Is affixed to the motherboard of a PC Ensures that the information stored is made more secure from external software attack and physical theft Security processes, such as digital signature and key exchange, are protected Access to data and secrets in a platform could be denied if the boot sequence is not as expected CS532 - Sabancı University 2008

9 Applications and systems of TPM
TPMs offer improved, hardware-based security in numerous applications: file and folder encryption local password management S-MIME VPN and PKI authentication wireless authentication for 802.1x and LEAP CS532 - Sabancı University 2008

10 Cryptographic Algorithms
TPM specifications require RSA, SHA-1, and HMAC AES is not required, but may be required in future versions Use of symmetric encryption is not required True random number generation is used for: key generation nonce creation to strenghten pass phrase entropy CS532 - Sabancı University 2008

11 TPM Architecture CS532 - Sabancı University 2008

12 Key Concepts Endorsement Key Secure Input/Output
Memory Curtaining / protected execution Sealed Storage Remote Attestation CS532 - Sabancı University 2008

13 Endorsement Key 2048 bit RSA public private key pair
Created randomly on chip at manufacture Cannot be changed Private key never leaves the chip Public key is used for attestation and encryption The key is used to allow executions of secure transactions CS532 - Sabancı University 2008

14 Secure I/O A protected path between the computer user and the software
Aims to address threats posed by: Keyloggers Screen-grabbers Using checksums to verify the I/O software is not tampered with Malicious software could be identified CS532 - Sabancı University 2008

15 Memory Curtaining Strong, hardware enforced memory isolation
To prevent programs to read/write one another’s memory Today: intruder can read/alter PC Memory In TC: even the OS cannot access curtained memory Can be done in software Rewriting of OS, drivers, applications Hardware is better! Backwards compatibility CS532 - Sabancı University 2008

16 Sealed Storage Protects private information by binding it to platform configuration info Data can only be read by same combination of HW and SW Solution to a major PC security falling: inability to securely store cryptographic keys! CS532 - Sabancı University 2008

17 Sealed Storage cont’d Generate keys based on: Keys need not be stored
Identity of the software requesting to use them Identity of the computer the software is runing Keys need not be stored Generated when needed Can work together with secure I/O and memory curtaining to ensure that your private data can only be read on your computer and with a particular software CS532 - Sabancı University 2008

18 Remote Attestation Allows changes to the user’s computer to be detected by authorized parties Works by generating, in hardware, a cryptographic certificate attesting to the identity of the software currently running on a PC Identity is represented by a cryptographic hash When your software is altered other computers can refrain from sending private information to it Combined with public key encryption CS532 - Sabancı University 2008

19 Known Applications of TC
Windows Vista and Server 2008 BitLocker Drive Encryption Encrypts complete volume Protect hard-drive data Plugging to a different system Running different OS to modify boot data Decrypt using TPM Trusted Gentoo give users the ability to store their cryptographic keys (e.g. ssh keys, gnupg keys) in hardware, to be released only to those applications the user wants the keys given to CS532 - Sabancı University 2008

20 Possible Applications of TC
Digital Rights Management e.g. a music file Remote attestation: to enforce player Sealed storage: to refuse to play on another software or on another computer Curtained memory: prevent user from making unrestricted copy while playing Secure I/O: prevent capturing what is being sent to the sound system CS532 - Sabancı University 2008

21 Possible Applications of TC
Identity theft protection Usernames and passwords: sniffable TC creates assurance e.g. Online banking via remote attestation Preventing cheating in online games remote attestation, secure I/O and memory curtaining could be used to verify that all players connected to a server were running an unmodified copy of the software CS532 - Sabancı University 2008

22 Possible Applications of TC
Protection from viruses or spyware Digital signature of software will allow users to identify applications modified by third parties that could add spyware to the software Verification of remote computer for grid computing TC could be used to guarantee participants in a grid are returning the results of the computations they claim to be instead of forging them CS532 - Sabancı University 2008

23 Criticism of Trusted Computing
CS532 - Sabancı University 2008

24 Criticism of Trusted Computing
DRM prevent users from freely sharing and using potentially copyrighted or private files without explicit permission Software inter-operability and lock-in unable to switch to a competing software Word vs. OpenOffice enforce use of specific programs Internet Explorer lock in CS532 - Sabancı University 2008

25 Criticism of Trusted Computing
Unable to non-repudiate that disappears in two weeks documents that can only be read on the computers in one company Censorship refuse to let anyone read a specific document Users unable to override Requested but denied by TCG CS532 - Sabancı University 2008

26 Criticism of Trusted Computing
Users may be forced to use proprietary software May require the operating system to be specifically authorized by a particular company May require every program to be specifically authorized by the operating system developer Cannot install/use free software on those machines Practicality and Reliability No opportunity of recovery in the case of malfunction CS532 - Sabancı University 2008

27 Criticism of Trusted Computing
Loss of anonymity A TC system can uniquely attest to its own identity Possible for others to zero in the user’s identity Voluntarily or unvoluntarily Lose expectations of anonymity when using the Internet Chilling effect on: political free speech the ability of journalists to use anonymous sources other areas where the public needs protection from retaliation through anonymity CS532 - Sabancı University 2008

28 Solution to anonymity Direct anonymous attestation
enables the remote authentication of a trusted platform while preserving the platform's privacy uses a zero-knowledge proof makes use of: Camenisch-Lysyanskaya signature scheme discrete logarithm-based proofs of knowledge thereon CS532 - Sabancı University 2008

29 Figures It’s happening! CS532 - Sabancı University 2008

30 Trustworthy or Treacherous Computing?
The decision is yours.. Any questions? CS532 - Sabancı University 2008

Download ppt "Presented by Mert Çetin"

Similar presentations

Vpn-info.com.

Vpn-info.com.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
TCPA TCPA TCPA T rusted C omputing P latform A lliance Saurabh Phansalkar.

TCPA TCPA TCPA T rusted C omputing P latform A lliance Saurabh Phansalkar.
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.

Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Trusted Computing Platforms Blessing or Curse? by Bastian Sopora, Seminar DRM 2006.

Trusted Computing Platforms Blessing or Curse? by Bastian Sopora, Seminar DRM 2006.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.

Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006.

File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Trusted Computing BY: Sam Ranjbari Billy J. Garcia.

Trusted Computing BY: Sam Ranjbari Billy J. Garcia.
Week #7 Objectives: Secure Windows 7 Desktop

Week #7 Objectives: Secure Windows 7 Desktop

Similar presentations

Ads by Google