Presentation is loading. Please wait.

Presentation is loading. Please wait.

Trusted Computing Platform Alliance

Published byMorgan Summers Modified over 9 years ago

Similar presentations

Presentation on theme: "Trusted Computing Platform Alliance"— Presentation transcript:

1 Trusted Computing Platform Alliance
David Grawrock Security Architect Desktop Architecture Labs Intel Corporation 22 April 2017

2 Agenda Background Attestation Specification What Is Next
Trusted Computing Platform Alliance Background Attestation Specification What Is Next

3 TCPA History Established in spring 1999 Promoters are:
Background Established in spring 1999 Promoters are: Compaq, IBM, Intel, HP and Microsoft Membership over 160 companies Web site

4 TCPA Technical Challenge
Background To maintain the privacy of the platform owner while providing a ubiquitous interoperable mechanism to validate the identity and integrity of a computing platform TCPA provides the base for reporting identity and integrity

5 Are You A Dog? On the Internet no one knows you are a dog
Attestation On the Internet no one knows you are a dog On the Internet no one knows if you have a proper configuration

6 Attestation Definition
“To affirm to be true, correct or genuine”1 Cryptographic proof of information regarding the platform Information that could be attested to includes: HW on platform BIOS Configuration options And much more 1 American Heritage Dictionary

7 TCPA defines an attestation device
Attestation Promise Attestation TCPA never lies about the state of measured information This requires Accurate measurement Protected storage Provable reporting of measurement TCPA defines an attestation device

8 Specifications Available
Main specification defines Trusted Platform Module (TPM) Definition is platform neutral All command to TPM are defined TPM PC Specific specification defines how to implement on a PC platform These specs are available on the web site

9 TPM definition is complete
TPM Components Specification TPM Non-Volatile Storage Key Generation Anonymous Identities RNG PCR RSA Opt-In Generate and use RSA keys Provide long-term protected storage of RSA root key Store measurements in PCR Use anonymous identities to report PCR status TPM definition is complete

10 Summary TCPA provides the base for reporting identity and integrity
Trusted Computing Platform Alliance TCPA provides the base for reporting identity and integrity TCPA defines an attestation device TPM definition is complete

11 What Next? Design platforms and applications for TPM use
Trusted Computing Platform Alliance Design platforms and applications for TPM use Extend the trust and integrity of platforms

12 Trusted Computing Platform Alliance
Questions?

13 Backup Material Trusted Computing Platform Alliance

14 Functionality Non-volatile Storage TPM RNG RSA Non-Volatile Storage Key Generation PCR Anonymous Identities Opt-In The storage is to hold secure the endorsement key (EK) Each TPM has a unique EK The endorsement key must be protected from both exposure and improper use In addition to the EK there are some flags that are kept in non-volatile storage

15 Key Generation The TPM can generate RSA keys
Functionality TPM The TPM can generate RSA keys Default size 2048 bits Other algorithms possible Non-Volatile Storage Key Generation Anonymous Identities RNG PCR RSA Opt-In The keys can be used for signing / verification or encryption / decryption Use of key must be specified at creation time There is no speed requirement on how long or how short a time generation will take

16 Anonymous Identities Functionality TPM All operations attesting to the TPM use an anonymous identity rather than the EK Non-Volatile Storage Key Generation Anonymous Identities RNG PCR RSA Opt-In An anonymous identity certifies that the key came from A TPM not WHICH TPM Devil is in the details see the main spec

17 Random Number Generator
Functionality TPM All TPM’s must have a RNG Implementation is manufacturer specific Non-Volatile Storage Key Generation Anonymous Identities RNG PCR RSA Opt-In The specification asks for, but does not require, FIPS evaluation of the RNG The RNG output is used both internally by the TPM and is offered to outside consumers of randomness

18 PCR Registers Functionality TPM The TPM has a minimum of 16 Platform Configuration Registers (PCR) Non-Volatile Storage Key Generation Anonymous Identities RNG PCR RSA Opt-In The PCR registers uses the EXTEND operation to store measurements regarding the platform PCR value = SHA(new value, old value)

19 RSA Engine The TPM can encrypt and decrypt using RSA keys
Functionality TPM The TPM can encrypt and decrypt using RSA keys Non-Volatile Storage Key Generation Anonymous Identities RNG PCR RSA Opt-In The use of keys is segregated into signing or encryption uses The TPM must handle RSA keys of 2048 bits in size

20 Opt-In Functionality TPM The TPM has mechanisms that make the use of the TPM a complete Opt-In system Non-Volatile Storage Key Generation Anonymous Identities RNG PCR RSA Opt-In The Opt-in selections are maintained across power cycles and the TPM can be deactivated

21 Version 1.0 TCPA Functional Layout
TPS – Trusted Platform Subsystem BIOS Drivers ALL operations come through TPS TPM – Trusted Platform Module Hardware Microcode Protected functionality Shielded locations TPM TPS Requests

22 Version 1.0 TCPA System Architecture
OS Present TPM Hardware and Microcode BIOS Application Ring 3 Library OS / Driver Ring 0 Library TCPA Security Driver OS Absent Library Middleware OS Present TPS Security API OS Absent TPS Security API OS Absent Hard- ware

23 Version 1.0 TCPA Software Architecture
Applications Existing Infrastructure TPS Interface TPM Interface Modified Infrastructure Application CSSM CAPI TPS Other API CDSA TPM CSP DL

24 Version 1.0 Possible TPM Placement
CPU MCH LPC TPM ICH System Memory Flash TPM connecting on LPC bus TPM has low transaction volume so speed of bus not issue Connection of TPM is vendor specific and not specified in specification Specification provides robust set of features

Download ppt "Trusted Computing Platform Alliance"

Similar presentations

Peer-to-Peer Access Control Architecture Using Trusted Computing Technology Ravi Sandhu and Xinwen Zhang George Mason University SACMAT05, June 1--3, 2005,

Peer-to-Peer Access Control Architecture Using Trusted Computing Technology Ravi Sandhu and Xinwen Zhang George Mason University SACMAT05, June 1--3, 2005,
Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.
Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Trusted Computing David Grawrock TPM.

Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Trusted Computing David Grawrock TPM.
Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.

Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.
Introduction to z/OS Security Lesson 4: There’s more to it than RACF

Introduction to z/OS Security Lesson 4: There’s more to it than RACF
Re-envisioning of the TPM

Re-envisioning of the TPM
Vpn-info.com.

Vpn-info.com.
1 Trusted Systems in Networking Infrastructure Rafael Mantilla Montalvo Cisco Systems June 2013.

1 Trusted Systems in Networking Infrastructure Rafael Mantilla Montalvo Cisco Systems June 2013.
 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.

 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.
TCPA TCPA TCPA T rusted C omputing P latform A lliance Saurabh Phansalkar.

TCPA TCPA TCPA T rusted C omputing P latform A lliance Saurabh Phansalkar.
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.

Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.
1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.

1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.
Systems and Internet Infrastructure Security (SIIS) LaboratoryPage Systems and Internet Infrastructure Security Network and Security Research Center Department.

Systems and Internet Infrastructure Security (SIIS) LaboratoryPage Systems and Internet Infrastructure Security Network and Security Research Center Department.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.
Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.

Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.
Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.

Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.
Verification & Validation.  Validation  are we building the right product?  Verification  are we building the product right?

Verification & Validation.  Validation  are we building the right product?  Verification  are we building the product right?

Similar presentations

Ads by Google