Trusted Computing

Don RauCs489

May 10, 2011

TC History

• 1999 Trusted Computing Platform Alliance (TCPA) – Five Members: Compaq, HP, IBM, Intel and Microsoft

• 2003 TCG (Trusted Computing Group)– 2003 Successor Group to TCPA– Today Enjoys Broad Support of

Technology Industry Leaders– over 200 members, adopters, and

contributors such as…

Over 100 Industry Contributors and Promoters

AMD, NVIDIA, Phoenix, Western Digital, Oracle, Fujitsu, Toshiba

TC History

TCA Mission Statement

The Trusted Computing Group is a not-for-profit organization formed to develop, define and promote open, vendor-neutral, industry standards for trusted computing building blocks and software interfaces across multiple platforms.

What is TC?

What is TC?

Trust Definitions

– Assured reliance on the character, strength or truth of something

– Expectation of an outcome with some degree of assurance– System who’s behavior is predictable and reliable

What is TC?

TCG Definition

“The computer or system will consistently behave in specific ways, and those behaviors will be enforced by hardware and software when the owner of those systems enables these technologies”

What is TC?

TCG Stated Goals of TC

“TC technology will make computers safer, less prone to viruses and malware, and thus more reliable. In addition, Trusted Computing will allow computer systems to offer improved security and efficiency”

What is TC?

How Does TC Serve these Goals?

•Establish Strong Machine Identity and Integrity•Secure Authentication and Strong Protection of User IDs•Protect Business Critical Data and Systems•Regulatory Compliance with Hardware-Based Security

How does TC work?

How Does it Work?1983 Ken Thompson Turing Award Acceptance Speech– Login application back-door modification– Compiler hacked so that rebuild of O/S yields same Trojan

horse defectThe system Thompson described was severely compromised

and could not be trusted.– Trust is Only as Strong as Weakest Link– Suggests a need for a basis or “Common Root” for Trust

How Does it Work?• TPM (Trusted Platform Module)– Provides this “Root of Trust”– Processor securely mounted to

motherboard in a tamper resistant fashion– Provides Cryptographic and Hash services– Verifies Boot Sequence– Extends Services to Applications providing a mechanism to

verify configurations and identities of components– AKA Fritz Chip

A cynical reference to S. Carolina Senator and DRM Advocate, Fritz Hollings

How Does it Work?• Crypto ‘Endorsement’ Key

embedded at time of manufacture• Key Generation • Hash Generation to uniquely

id components• Encryption/Decryption

Services• Exposes services via TSS

(Trusted Software Stack)

Establishing Trust

TPM Validates the Boot Process by Providing Evidence and attesting that the system boot was carried out by trusted firmware.•TPM Verifies Itself and the BIOS•BIOS Extends Trust by using the TSS to Verify Boot Loader•Boot loader verifies Operating System•Operating System verifies devices and drivers•Etc.

And so a chain of trust is established.

Extending the ChainTPM Provided Services• TSS (Trusted Software Stack) provides API for applications

and devices to use trusted services• Uniquely Identifying Signatures

typically based on hash codes generated from binary code of underlying component.

• Identities are secured by Cryptographic Keys• External Certificates of Authority • TPM/TSS serve as a basis to implement other core TC

concepts, including…

Key TC Concepts

• Attestation • Memory Curtaining

• Secure I/O• Sealed Storage

TC ConceptsAttestation

Attest to the Identity of a system and it’s configuration. – Local

• Secured boot• Request and verify identity of a specified configuration of

applications• Trusted Applications request cryptographic services through TSS

– Remote• Confirmation of expected remote client configuration• Remote Authentication and Access to Secured Networks

TC Concepts

Memory CurtainingPrevent applications from accessing other app’s memory– In a TC platform even the Operating System should not have

access to a programs curtained memory– Prevent Virus or Malicious code from reading or altering

data in a PCs memory

TC ConceptsSecure I/O

Secure Input and Output attempt to address two concerns:– Thwart screen-grabbing and key-logger exploits– Applications can assure that a user is physically

present user, as distinct from another program impersonating a user

TC Concepts• Sealed StorageOptional secured access to sensitive data–Addresses inability of a PC to securely store passwords–Ability to seal data access to only known apps and users on approved hosts–Use Cases• Data Encryption• DRM

Applications for Trusted Computing Include…

Example Use Cases

Corporate –Authentication and Remote Access/Distributed Firewalls–Data Encryption

•Trusted Distributed Collaboration–Verify distributed Clients integrity (SETI etc)–Distributed Gaming Anti-CheatXbox and PS currently use proprietary means for secure boot

•Digital Rights Management (DRM)

TC OpponentsMany opponents express concerns with trusted

computing, going as far as calling it

Treacherous Computing.

Paranoid or Justified?and

What are the concerns…

TC Opponents

Concerns?

TC Opponents• Too Much Control to Commercial Interests• Treats Owner as Adversary• DRM– Video, Audio, and Game Content Restrictions

• Constrain play back to certain applications?

• Loss of Flexibility– Attestation restrictions to certain browsers for certain

content – Sealed Storage complicates backup options– Open Source Future?– Complicates HW/SW upgrades or replacement

Concerns

• Ease of use?IMPORTANT: When using BitLocker with a TPM, it is recommended that BitLocker be

turned on immediately after the computer has been restarted. If the computer has resumed from sleep prior to turning on BitLocker, the

TPM may incorrectly measure the pre-boot components on the computer.

In this situation, when the user subsequently attempts to unlock the computer, the TPM verification check will fail and the computer will enter BitLocker recovery mode and prompt the user to provide recovery information before unlocking the drive!!!!

Conclusion

• Near Future– Corporate Use•Remote Authentication and Access•Drive Encryption Technology

– Government “As of 2007 requires all new computer assets, including PDAs to include a version 1.2 or higher TPM” – DOD Memorandum

– Regulatory EnforcementSecured Finances and Identity protection

Questions?

TC References• TCG. 2007, TCG specification architecture overview, 2 August 2008

http://www.trustedcomputinggroup.org/files/resource_files/AC652DE1-1D09-3519-ADA026A0C05CFAC2/TCG_1_4_Architecture_Overview.pdf• TCG. 2007, Trusted Computing, http://

www.trustedcomputinggroup.org/trusted_computing• BERGER, B. D. 2009. Securing data and systems with trusted computing now

and in the future. 2010. http://www.trustedcomputinggroup.org/files/static_page_files/C71DF61F-1A4B-B294-D01538F6E3B1C39D/DSCI_InfosecSummit_2010%2010%2002_v2.pdf• BERGER, B. 2005, Trusted computing group history. 2005. Information Security

Technical Report, Vol 10, Issue 2, 2005, Pp 59-62• PROUDLER, G., 2002, What’s in a trusted computing platform?, http://

www.informit.com/articles/article.aspx?p=28804&seqNum=4• COKER, G., GUTTMAN, J, LOSCOCCO, P., HERZOG, A., MILLEN, J., O’HANLON,

B., RAMSDELL, J., SEGALL, A., SHEEHY, J., SNIFFEN, B., Principals of remote attestation, National Security Agency, The MITRE Corporation. http://web.cs.wpi.edu/~guttman/pubs/good_attest.pdf• LEMOS, R., (2002) Trust or treachery, Cnet News.com,

http://news.cnet.com/2009-1001-964628.html

Real World Examples

• Xbox Secure Boot & DRM• Printer Cartridges• MS Palladium NGSCB• Smart Cards Technology

• Hitachi ’09 1st TC Compliant Hard Drive• Drive Encryption

• Remote Authentication