1. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three – Software Basis for TC January 26, 2007 Dr. Clifford Neuman University of Southern California Information Sciences Institute

2. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Prelim Project 1A Pick an application that could benefit from the use of trusted computing. –Prepare 5-15 slides explaining the benefits for the application to use trusted computing and describing how trusted computing provides those benefits. OR

3. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Prelim Project 1B OR Pick an function critical for trusted computing. –Prepare 5-15 slides explaining the purpose of the function and how it is implemented or would be implemented within an operating system or hardware platform. OR

4. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Prelim Project 1B OR Pick an OS that has support for Trusted Computing. –Prepare 5-15 slides explaining how the OS provides important TC functions. What is the underlying basis for the trust, and how do applications use the functionality.

5. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Software Basis for Trusted Computing Last week we discussed the hardware base – the TPM. This week we look at the requirements within an operating system for Trusted Computing.

6. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE OS Concepts Trusted computing base Trusted path Separation of processes

7. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE The Trusted Computing Bases (TCB) That part of the system which is critical for security. –Vulnerability of the TCB affects the core security of the system. –Trusted Computing Extends the TCB across physical system boundaries. ▪Allows remote components to be part of the TCB for a particular function.

8. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Trusted Path Provides attestation of the system to the user. –Requires confidence in the hardware by the user. –Requires training of the user on how to invoke trusted path.

9. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Separation of Processes Allows process that are trusted to run without interference from other processes. –Requires isolation that is provided by lower level trusted modules. –Include hardware support, much of which is already standard in chips, but some which is not.

10. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Vista Security Technologies Summary of some of the support for trusted computing in Vista (on the following slides)

11. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Trusted Platform Module (TPM)? Smartcard-like module on the motherboard that: Performs cryptographic functions –RSA, SHA-1, RNG –Meets encryption export requirements Can create, store and manage keys –Provides a unique Endorsement Key (EK) –Provides a unique Storage Root Key (SRK) Performs digital signature operations Holds Platform Measurements (hashes) Anchors chain of trust for keys and credentials Protects itself against attacks TPM 1.2 spec: www.trustedcomputinggroup.org Slide From Steve Lamb at Microsoft

12. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Why Use A TPM? Trusted Platforms use Roots-of-Trust –A TPM is an implementation of a Root-of-Trust A hardware Root-of-Trust has distinct advantages –Software can be hacked by Software ▪Difficult to root trust in software that has to validate itself –Hardware can be made to be robust against attacks ▪Certified to be tamper resistant –Hardware and software combined can protect root secrets better than software alone A TPM can ensure that keys and secrets are only available for use when the environment is appropriate –Security can be tied to specific hardware and software configurations Slide From Steve Lamb at Microsoft

13. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Boot Windows Partition Contains  Encrypted OS  Encrypted Page File  Encrypted Temp Files  Encrypted Data  Encrypted Hibernation File Boot Partition Contains: MBR, Loader, Boot Utilities (Unencrypted, small) Where’s the Encryption Key? 1.SRK (Storage Root Key) contained in TPM 2.SRK encrypts VEK (Volume Encryption Key) protected by TPM/PIN/Dongle 3.VEK stored (encrypted by SRK) on hard drive in Boot Partition VEK2 3 Windows SRK 1 Disk Layout & Key Storage Slide From Steve Lamb at Microsoft

14. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE BitLocker™ Architecture Static Root of Trust Measurement of early boot components Slide From Steve Lamb at Microsoft

15. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Vista co-existence BitLocker encrypts Windows partition only You won’t be able to dual-boot another OS on the same partition OSes on other partitions will work fine Attempts to modify the protected Windows partition will render it unbootable –Replacing MBR –Modifying even a single bit Slide From Steve Lamb at Microsoft

16. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE More on Vista signatures Don’t confuse hash validation with signatures x6 4 All kernel mode code must be signed or it won’t load Third-party drivers must be WHQL-certified or contain a certificate from a Microsoft CA –No exceptions, period User mode binaries need no signature unless they— Implement cryptographic functions Load into the software licensing service x3 2 Signing applies only to drivers shipped with Windows Can control by policy what to do with third-party Unsigned kernel mode code will load User mode binaries—same as x64 Slide From Steve Lamb at Microsoft

17. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Code integrity non-goals Protecting from attackers with physical access Verifying the integrity of NTLDR –Requires secure startup on TPM-enabled machines –Requires read-only fixed media otherwise Supporting rebinding or hotpatching –These change the on-disk image –CI will work if patch includes updated hash Boot-time checks for revocation lists Slide From Steve Lamb at Microsoft

18. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE More on Vista Loading New Super-Secret feature in 64 bit version of Vista (not TC related, but useful to know) –System files load at random locations in memory. –Uses no-execute feature in 64 bit chipsets.

19. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Linux and Trusted Computing An IBM research project based –Foundations are TPM and Linux Security Modules Provides –TPM based trusted boot –Authenticated File Metadata –Also supports mandatory access controls

20. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Linux and Trusted Computing Future plans include –Integration with SELinux –Integration with Xen –Integration with encrypted file systems.