Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cosc 4765 Trusted Platform Module. What is TPM The TPM hardware along with its supporting software and firmware provides the platform root of trust. –It.

Published byDrusilla Kennedy Modified over 9 years ago

Similar presentations

Presentation on theme: "Cosc 4765 Trusted Platform Module. What is TPM The TPM hardware along with its supporting software and firmware provides the platform root of trust. –It."— Presentation transcript:

1 Cosc 4765 Trusted Platform Module

2 What is TPM The TPM hardware along with its supporting software and firmware provides the platform root of trust. –It is able to extend its trust to other parts of the platform by building a chain of trust, where each link extends its trust to the next one.

3 Hardware Crypto Capabilities RSA Accelerator –contains a hardware engine to perform up to 2048 bit RSA encryption/decryption. –uses its built-in RSA engine during digital signing and key wrapping operations. Engine for SHA-1 hash algorithm –uses its built-in hash engine to compute hash values of small pieces of data. –Large pieces of data (such as an email message) may be hashed outside of the TPM, for performance reasons.

4 Hardware Crypto Capabilities Random Number Generator –used to generate keys for various purposes

5 Allows Remote attestation –creates a hash key for summary of the hardware and software. Depends on the encryption software –This allows a third party to verify that the software has not been changed.

6 Allows (2) Sealing encrypts data in such a way that it may be decrypted only if the TPM releases the right decryption key, –which it only does if the exact same software is present as when it encrypted the data. –Binding encrypts data using the TPM's endorsement key, a unique RSA key burned into the chip during its production, or another trusted key.

7 Allows (3) Authentication of hardware devices. –Since each TPM chip has a unique and secret RSA key burned in during the production, it is capable of performing platform authentication. –For example it can be used to verify that the system seeking the access is the expected system. So we can verify the correct computer is attempting to access “something”.

8 Vista With Ultimate and Enterprise editions –Includes BitLocker software. Encrypts the boot volume. –Provides integrity authentication for trusted boot pathway (from BIOS to boot sector to start up)

9 Example with MS Outlook

10 Example with MS Outlook (2)

11 File Encryption A file can be encrypted using a standard RSA key pair, stored by the TPM. And again The file can be encrypted using the TPM chip’s unique and secret RSA key. Now the file can only be decrypted by the system that encrypted it. Bonded to that system.

12 Problems? Issues with the File Encryption? Issues with Updates? General issues of privicy?

13 References http://en.wikipedia.org/wiki/Trusted_Platform_Mod ule http://buytough.com/tb_pdf/TPM_WP.pdf http://www.techworld.com/storage/features/index.cf m?featureid=1777 https://www.trustedcomputinggroup.org/faq/TPMF AQ/ http://www.microsoft.com/whdc/system/platform/h wsecurity/default.mspx http://www.msnbc.msn.com/ID/10441443/

14 Q A &

Download ppt "Cosc 4765 Trusted Platform Module. What is TPM The TPM hardware along with its supporting software and firmware provides the platform root of trust. –It."

Similar presentations

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.
Rambling on the Private Data Security

Rambling on the Private Data Security
Network Security: Lab#2 J. H. Wang Apr. 28, 2011.

Network Security: Lab#2 J. H. Wang Apr. 28, 2011.
Vpn-info.com.

Vpn-info.com.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.
 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.

 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Pretty Good Privacy (PGP). How PGP works PGP uses both public-key cryptography and symmetric key cryptography, and includes a system which binds the public.

Pretty Good Privacy (PGP). How PGP works PGP uses both public-key cryptography and symmetric key cryptography, and includes a system which binds the public.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.
Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.

Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.
Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.

Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
SEC316: BitLocker™ Drive Encryption

SEC316: BitLocker™ Drive Encryption

Similar presentations

Ads by Google