Presentation is loading. Please wait.

Presentation is loading. Please wait.

Randy Fort CS 265 Trusted Platform Modules April 19 th, 2005.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Randy Fort CS 265 Trusted Platform Modules April 19 th, 2005."— Presentation transcript:

1 Randy Fort CS 265 Trusted Platform Modules April 19 th, 2005

2 What is Trusted Computing? In 1999, many industry heavyweights came together to form an industry group. Mission Statement “to create a standard set of system hardware based functions needed to establish trust on the platform.” [2]

3 What is a TPM? A chip integrated into the platformA chip integrated into the platform The (alleged) purpose is to provide more securityThe (alleged) purpose is to provide more security It is a separate trusted co-processorIt is a separate trusted co-processor “The TPM represents a separate trusted coprocessor, whose state cannot be compromised by potentially malicious host system software.” IBM Research Report [4]

4 “The theory is that software based key generation or storage will always be vulnerable to software attack, so private keys should be created, stored, and used by dedicated hardware” Andy Dornan, Trusted Computing: A Matter of Trust Why?

5 The Trusted Computing Group The Trusted Computing Group is a non- profit industry consortium, which develops hardware and software standards. It is funded by many member companies, including IBM, Intel, AMD, Microsoft, Sony, Sun, and HP among others. www.trustedcomputinggroup.org

6 Attestation The TPM's most controversial feature is attestation, the ability to measure the state of a computer and send a signed message certifying that particular hardware or software is or isn't present. Most TC opponents fear that this will be abused by vendors [1].

7 How? PKI private keys could be stored in the chip.PKI private keys could be stored in the chip. PK signatures calculated in the chip itself, never visible outsidePK signatures calculated in the chip itself, never visible outside Random number generatorsRandom number generators SHA-1 encryptionSHA-1 encryption Monotonic countersMonotonic counters Process isolation (encrypted I/O, prevents keystroke loggers, screen scrapers.Process isolation (encrypted I/O, prevents keystroke loggers, screen scrapers.

8 How? Protection from malware and detection of compromised systems. [4] Shows that syslogd has been compromised by a root kit.Protection from malware and detection of compromised systems. [4] Shows that syslogd has been compromised by a root kit. Tick counter, Timestamps are a security critical parameter in KERBEROS.Tick counter, Timestamps are a security critical parameter in KERBEROS. Provide stronger 2 factor authentication.Provide stronger 2 factor authentication.

9 What’s new? Conceptually, not much. Most, if not all of the security ideas already existConceptually, not much. Most, if not all of the security ideas already exist What TPMs bring to the table is a secure sealed storage chip for private keys, on-chip crypto, and random number generators among othersWhat TPMs bring to the table is a secure sealed storage chip for private keys, on-chip crypto, and random number generators among others The state of the TPM can not be compromised by malicious host softwareThe state of the TPM can not be compromised by malicious host software

10 Cons Advanced features will require O/S support.Advanced features will require O/S support. Microsoft's NGSCB (Longhorn Due 2006 ???)Microsoft's NGSCB (Longhorn Due 2006 ???) Will require rewrites to interface with the NEXUS.Will require rewrites to interface with the NEXUS. Potential for abuse by Software vendors.Potential for abuse by Software vendors. Is trusted computing just DRM on steroids?Is trusted computing just DRM on steroids? Is TC a security tool or cash flow weapon?Is TC a security tool or cash flow weapon? Co-processor or Cop-processor?Co-processor or Cop-processor?

11 Pro vs. Con Great for Corporations and GovernmentGreat for Corporations and Government Prevents unauthorized softwarePrevents unauthorized software Helps prevent malwareHelps prevent malware User privacy not a concernUser privacy not a concern DRM lock-in less of a concern for companies or governmentDRM lock-in less of a concern for companies or government

12 Pro vs. Con “Trusted Computing requires you to surrender control of your machine to the vendors of your hardware and software, thereby making the computer less trustworthy from the user’s perspective” [11] Ross Anderson“Trusted Computing requires you to surrender control of your machine to the vendors of your hardware and software, thereby making the computer less trustworthy from the user’s perspective” [11] Ross Anderson

13 Windows Media Player 9 EULA "Digital Rights Management (Security). You agree that in order to protect the integrity of content and software protected by digital rights management ('Secure Content'), Microsoft may provide security related updates to the OS Components that will be automatically downloaded onto your computer. These security related updates may disable your ability to copy and/or play Secure Content and use other software on your computer. If we provide such a security update, we will use reasonable efforts to post notices on a web site explaining the update."

14 “For years Bill Gates has dreamed of finding a way to make the Chinese pay for software, TC looks like being the answer to his prayer.” [11] Ross Anderson.

15 Conclusion Increased securityIncreased security PKIPKI Malware protectionMalware protection AttestationAttestation A very abuseable capability for software vendorsA very abuseable capability for software vendors

16 Bibliography [1] Andy Doman, Trusted Computing: A matter of Trust, http://www.networkmagazine.com/shared/article/showArticle.jhtml?articleId=2210 2889 http://www.networkmagazine.com/shared/article/showArticle.jhtml?articleId=2210 2889 [2] DigitalIDWorld, "Assuring Networked Data and Application Reliability", Digital ID World Jan/Feb 2004 https://www.trustedcomputinggroup.org/press/1- 3412425E_SC.pdfhttps://www.trustedcomputinggroup.org/press/1- 3412425E_SC.pdf [4] Reiner Sailer, et al,, "The Role of TPM in Enterprise Security", https://www.trustedcomputinggroup.org/press/news_articles/rc23363.pdf https://www.trustedcomputinggroup.org/press/news_articles/rc23363.pdf [11] Ross Anderson, http://www.againsttcpa.com/index.shtmlhttp://www.againsttcpa.com/index.shtml

17

Download ppt "Randy Fort CS 265 Trusted Platform Modules April 19 th, 2005."

Similar presentations

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Cobalt: Separating content distribution from authorization in distributed file systems Kaushik Veeraraghavan Andrew Myrick Jason Flinn University of Michigan.

Cobalt: Separating content distribution from authorization in distributed file systems Kaushik Veeraraghavan Andrew Myrick Jason Flinn University of Michigan.
Vpn-info.com.

Vpn-info.com.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.
 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.

 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.
TCPA TCPA TCPA T rusted C omputing P latform A lliance Saurabh Phansalkar.

TCPA TCPA TCPA T rusted C omputing P latform A lliance Saurabh Phansalkar.
Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.

Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.
Trusted Computing Platforms Blessing or Curse? by Bastian Sopora, Seminar DRM 2006.

Trusted Computing Platforms Blessing or Curse? by Bastian Sopora, Seminar DRM 2006.
1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.

1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.
Using Secure Coprocessors to Protect Access to Enterprise Networks Dr. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh

Using Secure Coprocessors to Protect Access to Enterprise Networks Dr. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh
Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.

Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
SEC316: BitLocker™ Drive Encryption

SEC316: BitLocker™ Drive Encryption
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
More on AuthenticationCS-4513 D-term 20081 More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
outline Purpose Design Implementation Market Conclusion presentation Outline.

outline Purpose Design Implementation Market Conclusion presentation Outline.

Similar presentations

Ads by Google