ACN Trusted Computing - zcu.czledvina/DHT/tugraz/trusted_computing.pdf · 2008. 3. 6. · See slide...
Transcript of ACN Trusted Computing - zcu.czledvina/DHT/tugraz/trusted_computing.pdf · 2008. 3. 6. · See slide...
![Page 2: ACN Trusted Computing - zcu.czledvina/DHT/tugraz/trusted_computing.pdf · 2008. 3. 6. · See slide nr. 3 What does „chain of trust“ mean? See slide nr. 10 Example on slide nr.](https://reader036.fdocuments.net/reader036/viewer/2022070215/611776716ee2ab703819dd3a/html5/thumbnails/2.jpg)
Terms and definitions
� TC = Trusted Computing
� TCG = Trusted Computing Group, group of
companies developing the TC specs
� TCPA = Trusted Computing Platform Alliance,
predecessor of TCG
� TPM = Trusted Platform Module, the hardware
� Palladium, LaGrande,… = implementations from
various companies, are not always covered by
TCG specs, but are very close
![Page 3: ACN Trusted Computing - zcu.czledvina/DHT/tugraz/trusted_computing.pdf · 2008. 3. 6. · See slide nr. 3 What does „chain of trust“ mean? See slide nr. 10 Example on slide nr.](https://reader036.fdocuments.net/reader036/viewer/2022070215/611776716ee2ab703819dd3a/html5/thumbnails/3.jpg)
What is trust?
� Trust does NOT equal goodness!
� Trust means that the entity does what it is
supposed to do
� Trust an e-banking software to perform financial
operations correctly
� But also trust a trojan horse to talk to the villain
� Official definition by the TCG: An entity can
be trusted if it always behaves in the
expected manner for the intended purpose.
![Page 4: ACN Trusted Computing - zcu.czledvina/DHT/tugraz/trusted_computing.pdf · 2008. 3. 6. · See slide nr. 3 What does „chain of trust“ mean? See slide nr. 10 Example on slide nr.](https://reader036.fdocuments.net/reader036/viewer/2022070215/611776716ee2ab703819dd3a/html5/thumbnails/4.jpg)
TC fundamentals
� TCG works in workgroups, suppliesspecifications, others implement them�TPM hardware specs, trusted storage specs,
trusted network connect, software stack specs,…
� on a PC a TC system consists of hardware and software:�TPM, the core hardware device
�TSS, the TC software stack, the API for developerstaking use of an TPM
�(and an OS/application using them)
�Basic functionality: store, measure, report/attest identity
![Page 5: ACN Trusted Computing - zcu.czledvina/DHT/tugraz/trusted_computing.pdf · 2008. 3. 6. · See slide nr. 3 What does „chain of trust“ mean? See slide nr. 10 Example on slide nr.](https://reader036.fdocuments.net/reader036/viewer/2022070215/611776716ee2ab703819dd3a/html5/thumbnails/5.jpg)
The hardware: TPM (1/3)
� Low cost chip permanently bound to a platform(PC, cell phone, PDA,…)
� Provides a random number generator, a RSA engine (up to 2048 bit), a SHA1 engine, a limited, limited secure volatile storage (platformconfiguration registers (PCR) & slots for RSA keys) and a very limited non-volatile storage (forspecial keys and passwords)
� Is a slave device: does not perform any actionswithout being asked for it; neither has it accessto any system resources;
![Page 6: ACN Trusted Computing - zcu.czledvina/DHT/tugraz/trusted_computing.pdf · 2008. 3. 6. · See slide nr. 3 What does „chain of trust“ mean? See slide nr. 10 Example on slide nr.](https://reader036.fdocuments.net/reader036/viewer/2022070215/611776716ee2ab703819dd3a/html5/thumbnails/6.jpg)
The hardware: TPM (2/3)
�TPM memory is a „shielded location“: datacannot be accessed/manipulated from theoutside
�TPM provides „protected capabilities“: on-chip functions to operate on shieldedlocations and perform operationsnecessary for all TC subsystems
�Assumption: it is much harder to manipulate
hardware than software
![Page 7: ACN Trusted Computing - zcu.czledvina/DHT/tugraz/trusted_computing.pdf · 2008. 3. 6. · See slide nr. 3 What does „chain of trust“ mean? See slide nr. 10 Example on slide nr.](https://reader036.fdocuments.net/reader036/viewer/2022070215/611776716ee2ab703819dd3a/html5/thumbnails/7.jpg)
The hardware: TPM (3/3)
�Current Version: TPM 1.2, partlyincompatible to TPM 1.1 (which were thefirst actually sold TPMs), TPM next (= v1.3) to be released soon
�Manufacturers: Infineon, Atmel, ST Microelectronincs,…
�Mostly found on newer laptops, can beturned on via BIOS, although mostly notused at all
![Page 8: ACN Trusted Computing - zcu.czledvina/DHT/tugraz/trusted_computing.pdf · 2008. 3. 6. · See slide nr. 3 What does „chain of trust“ mean? See slide nr. 10 Example on slide nr.](https://reader036.fdocuments.net/reader036/viewer/2022070215/611776716ee2ab703819dd3a/html5/thumbnails/8.jpg)
The software: TSS
� „Low level“ API for programmers to take
advantage of a TPM, „talks“ to the TPM
� has to overcome the limitations of the TPM (e.g.
swapping keys in & out, encrypting & storing
data on HDD using the TPMs keys)
� build into Windows Vista, but Vista‘s
implementation differs from the official TCG spec
� „High level“ Java wrapper library available from
IAIK
![Page 9: ACN Trusted Computing - zcu.czledvina/DHT/tugraz/trusted_computing.pdf · 2008. 3. 6. · See slide nr. 3 What does „chain of trust“ mean? See slide nr. 10 Example on slide nr.](https://reader036.fdocuments.net/reader036/viewer/2022070215/611776716ee2ab703819dd3a/html5/thumbnails/9.jpg)
Taking ownership of a TPM
� TPM is shipped in an unknown state, owner of the platform has to execute the TakeOwnership-command by setting the password
� This creates the Storage Root Key, a RSA keywho never leaves the TPM; all other keys/data(e.g. the RSA key you use for e-banking) areprotected by this key
� Certain operations require the SRK = require theowner password
� SRK is one of the few keys that are storeddirectly on the non-volatile storage of the TPM
![Page 10: ACN Trusted Computing - zcu.czledvina/DHT/tugraz/trusted_computing.pdf · 2008. 3. 6. · See slide nr. 3 What does „chain of trust“ mean? See slide nr. 10 Example on slide nr.](https://reader036.fdocuments.net/reader036/viewer/2022070215/611776716ee2ab703819dd3a/html5/thumbnails/10.jpg)
Chain of trust
�TC uses a „chain of trust“: Root A istrusted a priori, A signs(measures/protects) B, B signs(measures/protects) C,…
� If I trust A (the TPM), and the chain is notbroken, I can trust C
�Different chains of trust for storage, formeasurement, for reporting
![Page 11: ACN Trusted Computing - zcu.czledvina/DHT/tugraz/trusted_computing.pdf · 2008. 3. 6. · See slide nr. 3 What does „chain of trust“ mean? See slide nr. 10 Example on slide nr.](https://reader036.fdocuments.net/reader036/viewer/2022070215/611776716ee2ab703819dd3a/html5/thumbnails/11.jpg)
Storage (1/2)
�root of trust for storage is the SRK
�all data/keys are in a hierarchical order with the SRK on top
� two methods of storage:
�Binding: storing data outside the TPM using
public keys from the TPM
�Sealing: combines external data with the state
of the system -> encrypt data with a reference
to the state of the system
![Page 12: ACN Trusted Computing - zcu.czledvina/DHT/tugraz/trusted_computing.pdf · 2008. 3. 6. · See slide nr. 3 What does „chain of trust“ mean? See slide nr. 10 Example on slide nr.](https://reader036.fdocuments.net/reader036/viewer/2022070215/611776716ee2ab703819dd3a/html5/thumbnails/12.jpg)
Storage (2/2)
![Page 13: ACN Trusted Computing - zcu.czledvina/DHT/tugraz/trusted_computing.pdf · 2008. 3. 6. · See slide nr. 3 What does „chain of trust“ mean? See slide nr. 10 Example on slide nr.](https://reader036.fdocuments.net/reader036/viewer/2022070215/611776716ee2ab703819dd3a/html5/thumbnails/13.jpg)
Measurement (1/2)
� Intention: measure state of the system/platform
and store it as hash values into a PCR
� does NOT prevent the system to run malware,
but owner or verifyer can deny the execution of
your program/function
� Root of trust for measurement on PCs: the BIOS
� Big drawback: nobody knows how to measure
the state of a big system like a PC (how do I
measure Windows XP? Patches, drivers,…)
![Page 14: ACN Trusted Computing - zcu.czledvina/DHT/tugraz/trusted_computing.pdf · 2008. 3. 6. · See slide nr. 3 What does „chain of trust“ mean? See slide nr. 10 Example on slide nr.](https://reader036.fdocuments.net/reader036/viewer/2022070215/611776716ee2ab703819dd3a/html5/thumbnails/14.jpg)
Measurement (2/2)
![Page 15: ACN Trusted Computing - zcu.czledvina/DHT/tugraz/trusted_computing.pdf · 2008. 3. 6. · See slide nr. 3 What does „chain of trust“ mean? See slide nr. 10 Example on slide nr.](https://reader036.fdocuments.net/reader036/viewer/2022070215/611776716ee2ab703819dd3a/html5/thumbnails/15.jpg)
Reporting / Attestation / Privacy (1/2)
� every TPM is a unique device, identifyable to others bythe Endorsement Key (EK)
� EK is „injected“ by the manufacturer of the TPM, manufacturer has to supply (a X509) certificate for the(RSA) EK
� uniqueness of EK means privacy problems, ownerbecomes trackable
� Solution: owner can create Attestation Identy Keys (AIK); a trusted third party supplies a certificate validating yourAIKs
� Using the unique EK and the EK certificate, a user cancreate different AIKs, signed by a trusted third party, butstill can prove that he is operating on a trusted platform
![Page 16: ACN Trusted Computing - zcu.czledvina/DHT/tugraz/trusted_computing.pdf · 2008. 3. 6. · See slide nr. 3 What does „chain of trust“ mean? See slide nr. 10 Example on slide nr.](https://reader036.fdocuments.net/reader036/viewer/2022070215/611776716ee2ab703819dd3a/html5/thumbnails/16.jpg)
Reporting / Attestation / Privacy (2/2)
![Page 17: ACN Trusted Computing - zcu.czledvina/DHT/tugraz/trusted_computing.pdf · 2008. 3. 6. · See slide nr. 3 What does „chain of trust“ mean? See slide nr. 10 Example on slide nr.](https://reader036.fdocuments.net/reader036/viewer/2022070215/611776716ee2ab703819dd3a/html5/thumbnails/17.jpg)
Common criticism
�Even owner does not get private SRK
�TPM does nothing until specifically askedfor it – but will developers/companiesmake use of it their own interests? (thinkof DRM, copy protection, customeridentification,…)
�Technical problem: how do we measurethe state of a large system?
![Page 18: ACN Trusted Computing - zcu.czledvina/DHT/tugraz/trusted_computing.pdf · 2008. 3. 6. · See slide nr. 3 What does „chain of trust“ mean? See slide nr. 10 Example on slide nr.](https://reader036.fdocuments.net/reader036/viewer/2022070215/611776716ee2ab703819dd3a/html5/thumbnails/18.jpg)
Trusted Network Connect
� for secure endpoint communication (e.g. a homeworker accessing his corporate‘snetwork)
�does not require a explicitly require a TPM, but is a useful application for it
![Page 19: ACN Trusted Computing - zcu.czledvina/DHT/tugraz/trusted_computing.pdf · 2008. 3. 6. · See slide nr. 3 What does „chain of trust“ mean? See slide nr. 10 Example on slide nr.](https://reader036.fdocuments.net/reader036/viewer/2022070215/611776716ee2ab703819dd3a/html5/thumbnails/19.jpg)
Aim / Purpose
� Platform authentication�Requestor has to prove platform identity and platform
integrity
� Endpoint Policy Compliance�Requestor has to establish a level of trust (e.g. firewall
present, antivirus up-to-date,...)
�Policy compliance can be used for authorization whenplatform integrity is used for the authorization decision
� Assessment, Isolation and Remediation�Platforms that don‘t fullfil policies can be isolated from
the rest of the network
![Page 20: ACN Trusted Computing - zcu.czledvina/DHT/tugraz/trusted_computing.pdf · 2008. 3. 6. · See slide nr. 3 What does „chain of trust“ mean? See slide nr. 10 Example on slide nr.](https://reader036.fdocuments.net/reader036/viewer/2022070215/611776716ee2ab703819dd3a/html5/thumbnails/20.jpg)
TNC Architecture (1/2)
�Access Requestor (AR)
�Entity that wants access to a protected network
(„the client“, „the caller“)
�Policy Enforcement Point (PEP)
�Grants network access / enforces policies by
consulting the PDP
�Policy Decision Point (PDP)
�The entity that grants/declines the AR‘s request
(„the server“, „the callee“)
![Page 21: ACN Trusted Computing - zcu.czledvina/DHT/tugraz/trusted_computing.pdf · 2008. 3. 6. · See slide nr. 3 What does „chain of trust“ mean? See slide nr. 10 Example on slide nr.](https://reader036.fdocuments.net/reader036/viewer/2022070215/611776716ee2ab703819dd3a/html5/thumbnails/21.jpg)
TNC Architecture (2/2)
![Page 22: ACN Trusted Computing - zcu.czledvina/DHT/tugraz/trusted_computing.pdf · 2008. 3. 6. · See slide nr. 3 What does „chain of trust“ mean? See slide nr. 10 Example on slide nr.](https://reader036.fdocuments.net/reader036/viewer/2022070215/611776716ee2ab703819dd3a/html5/thumbnails/22.jpg)
Open discussion
�Applications?
�Privacy?
�DRM?
�Treacherous computing?
�…
![Page 23: ACN Trusted Computing - zcu.czledvina/DHT/tugraz/trusted_computing.pdf · 2008. 3. 6. · See slide nr. 3 What does „chain of trust“ mean? See slide nr. 10 Example on slide nr.](https://reader036.fdocuments.net/reader036/viewer/2022070215/611776716ee2ab703819dd3a/html5/thumbnails/23.jpg)
References
� Literature:
�www.trustedcomputing.org
�www.iaik.tugraz.at/teaching/04_trustedcomputing/index.php
� Software:
�TPM Emulator for Linux: http://developer.berlios.de/projects/tpm-emulator/
�Trousers TSS: http://sourceforge.net/
projects/trousers/
�Java-Trousers-Wrapper: trustedjava.sf.net
![Page 24: ACN Trusted Computing - zcu.czledvina/DHT/tugraz/trusted_computing.pdf · 2008. 3. 6. · See slide nr. 3 What does „chain of trust“ mean? See slide nr. 10 Example on slide nr.](https://reader036.fdocuments.net/reader036/viewer/2022070215/611776716ee2ab703819dd3a/html5/thumbnails/24.jpg)
Questions
�When speaking of Trusted Computing: What is trust?
�See slide nr. 3
�What does „chain of trust“ mean?
�See slide nr. 10
�Example on slide nr. 12