Presentation is loading. Please wait.

Presentation is loading. Please wait.

Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected."— Presentation transcript:

1 Trusted Computing Initiative Beyond trustworthy

2 Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected Execution >Sealed Storage >Remote Attestation

3 What is Trusted Computing  Enhanced Hardware >TPM – Trusted Program Module  Encryption Chip (aka Fritz)  Secure Key Store  BIOS support  Used in IPL (Initial Program Load) >Aka Booting  Also used in encryption to avoid software >E.g Bitlocker, encrypted drives

4 Trusted Computing  Trusted Computing Group >Manufacturer Consortium >Control TPM specification  Required for US DoD equipment  TPM available on many systems (e.g. Dell, Toshiba)  Proposal: Trusted Network Connect  Further: >Next-Generation Secure Computing Base ­Aka Palladium ­Is Trusted Computing in Vista ­Some dilution – to avoid lockouts

5 TPM

6 Endorsement Key  Each TPM provides a unique internal Key  A RSA 2048 bit public/private key pair  Created randomly in chip manufacture  Private key never leaves chip and is secure  Public key used for encryption of data sent to chip  Chip memory and processes are hidden

7 Secure I/O  Also known as a trusted path  I/O can be secured with encryption keys  Motherboard paths secured by TPM  TPM must be bonded to motherboard so it cannot be reused elsewhere

8 Memory Curtain/ Protected Execution  Internal memory and computation of TPM is not visible  Motherboard may have memory hidden from Operating System  Can be implemented by some BIOS

9 Sealed Storage  TPM has its own endorsement store locked by internal keys

10 Remote Attestation  Certification originated from individual keys and identities of TPM

11 Application of Trusted Computing  Tamperproof booting >Uses TPM to compute secure signatures >Uses this to endorse each stage in the boot  BIOS uses TPM to identify authorised MBR >By storing measurement of MBR in TPM  MBR uses TPM to identify authorised IPL >E.g. boot loader  IPL uses TPM to identify authorised OS >E.g. Loads Windows after authentication

12 Application of Trusted Computing  Protecting Hard Drive Data >Uses Key Store & Encryption of TPM >Bitlocker in Windows >Enforcer in Linux  Can be done wrongly >Security boffins unveil BitUnlocker- Disk encryption decryptedSecurity boffins unveil BitUnlocker- Disk encryption decrypted  Or correctly >Bitlocker hack is easily prevented, Microsoft says - Restoring Vista disk crypto's good nameBitlocker hack is easily prevented, Microsoft says - Restoring Vista disk crypto's good name

13 Further Applications  Digital Rights Management >Authenticating Media Player Application >Authenticating Right to Media  Bootleg Software Prevention >Using TPM bootlegs cannot be loaded and used >Enforces Copyright  Identity Theft Prevention  Protection from Malware  Cheat Prevention in Online Games

14 The problems  Hardware Change Renders Software Inoperable  Hardware Change Renders Data Unreadable  Humans are Fallible >They Forget Keys!  Enforces Software Monopoly >Unable to modify & improve software  Protects Big Money Media >Users not in control of data  Independent Software & Media Harmed  People no Longer in Control of their own computer!  Enforced Censorship  Loss of anonymity & privacy

15 Trusted Computing and Virtualisation  TPM can be used with Virtual PCs  Establish a chain of trust links from BIOS  Tree-of-Trust

16 Bibliography  Trusted Computing in Wikipedia Trusted Computing in Wikipedia  TPM entry in Wikipedia TPM entry in Wikipedia  Trusted Computing Group in Wikipedia Trusted Computing Group in Wikipedia

17

Download ppt "Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected."

Similar presentations

Rambling on the Private Data Security

Rambling on the Private Data Security
Vpn-info.com.

Vpn-info.com.
Physical Unclonable Functions and Applications

Physical Unclonable Functions and Applications
 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.

 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.
TCPA TCPA TCPA T rusted C omputing P latform A lliance Saurabh Phansalkar.

TCPA TCPA TCPA T rusted C omputing P latform A lliance Saurabh Phansalkar.
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.

Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.
Section 3.2: Operating Systems Security

Section 3.2: Operating Systems Security
Trusted Computing Platforms Blessing or Curse? by Bastian Sopora, Seminar DRM 2006.

Trusted Computing Platforms Blessing or Curse? by Bastian Sopora, Seminar DRM 2006.
1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.

1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.

Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.
SEC316: BitLocker™ Drive Encryption

SEC316: BitLocker™ Drive Encryption
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture notes.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture notes.
Trusted Computing Platform Alliance – Introduction and Technical Overview – Joe Pato HP Labs MIT 6.805/6.857 17 October 2002.

Trusted Computing Platform Alliance – Introduction and Technical Overview – Joe Pato HP Labs MIT 6.805/ October 2002.
CS 0008 Day 2 1. Today Hardware and Software How computers store data How a program works Operators, types, input Print function Running the debugger.

CS 0008 Day 2 1. Today Hardware and Software How computers store data How a program works Operators, types, input Print function Running the debugger.
File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006.

File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006.
Mobile Operating System Security A PRESENTATION BY DANIEL ADAMS CSC 345 DR. BOX.

Mobile Operating System Security A PRESENTATION BY DANIEL ADAMS CSC 345 DR. BOX.
Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,

Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,

Similar presentations

Ads by Google