Applying ‘Trusted Brokered IO’ as trust boundary and policy enforcement point in Hardware for IoT devices For the Trusted Computing.

Slides:

Advertisements

Similar presentations

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.

Advertisements

Internet of Things Security Architecture

Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Preventing Theft of Quality of Service on Open Platforms Kwang-Hyun Baek and Sean W. Smith Department of Computer Science Dartmouth College

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,

Script Kiddies; CybercrimeCyber-espionage; Cyber-warfare CybercriminalsState sponsored actions; Unlimited resources Attacks on fortune 500All sectors.

Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.

FIT3105 Smart card based authentication and identity management Lecture 4.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture notes.

Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.

Setting Up a Sandbox Presented by: Kevin Brunson Chief Technology Officer.

Security and privacy in the age of software controlled surroundings Prashanth Mohan David Culler.

Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Bootstrapping Trust in Commodity Computers Bryan Parno, Jonathan McCune, Adrian Perrig 1 Carnegie Mellon University.

Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,

Trusted Computing BY: Sam Ranjbari Billy J. Garcia.

Week #7 Objectives: Secure Windows 7 Desktop

Trusted Computing Or How I Learned to Stop Worrying and Love the MPAA.

Cryptography, Authentication and Digital Signatures

1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.

Cosc 4765 Trusted Platform Module. What is TPM The TPM hardware along with its supporting software and firmware provides the platform root of trust. –It.

出處 :2010 2nd International Conference on Signal Processing Systems (ICSPS) 作者 :Zhidong Shen 、 Qiang Tong 演講者 : 碩研資管一甲吳俊逸.

Virtual Workspaces Kate Keahey Argonne National Laboratory.

An Introduction to Trusted Platform Technology Siani Pearson Hewlett Packard Laboratories, UK

14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,

Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)

The FIDO Approach to Privacy Hannes Tschofenig, ARM Limited 1.

Operating Systems Security

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Wireless and Mobile Security

Digital Rights Management and Trusted Computing Kari Kostiainen T Special Course in Operating System Security April 13 th 2007.

Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)

CHAPTER 2 Laws of Security. Introduction Laws of security enable user make the judgment about the security of a system. Some of the “laws” are not really.

TRUSTED FLOW: Why, How and Where??? Moti Yung Columbia University.

THE WINDOWS OPERATING SYSTEM Computer Basics 1.2.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

Data-Tech Guardian Endpoint Security Suite. Guardian Endpoint Security Suite secures All Things Mobile TM from one management console.

By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.

Trusted? 05/4/2016 Charles Sheehe, CCSDS Security Working Group GRC POC All information covered is from public sources 1.

CMSC 818J: Privacy enhancing technologies Lecture 2.

Trusted? 05/4/2016 Charles Sheehe, CCSDS Security Working Group GRC POC All information covered is from public sources.

Securing Network Servers

Hardware-rooted Trust for Secure Key Management & Transient Trust

LAS16-203: Platform Security Architecture for embedded devices

Trusted Computing and the Trusted Platform Module

Operating Systems Protection Alok Kumar Jagadev.

TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES NAMED AFTER MUHAMMAD AL-KHWARIZMI THE SMART HOME IS A BASIC OF SMART CITIES: SECURITY AND METHODS OF.

Trusted Computing and the Trusted Platform Module

Outline What does the OS protect? Authentication for operating systems

Computer System Structures

Outline What does the OS protect? Authentication for operating systems

TCG’s Embedded System and IoT Focus

Building hardware-based security with a Trusted Platform Module (TPM)

Shielding applications from an untrusted cloud with Haven

Aimee Coughlin, Greg Cusack, Jack Wampler, Eric Keller, Eric Wustrow

Erica Burch Jesse Forrest

Security in SDR & cognitive radio

CS703 - Advanced Operating Systems

A Firmware Update Architecture for Internet of Things Devices

What is needed in the Next Generation Cloud trusted platform?

Presentation transcript:

Applying ‘Trusted Brokered IO’ as trust boundary and policy enforcement point in Hardware for IoT devices For the Trusted Computing Group

…and now that your buzzword Bingo card is already half full, the more pragmatic title: How to prevent your device from becoming a ‘Brain in a Jar’

IoT devices are all the rave today! 3

The unavoidable hangover is looming 4 Our life is filled with myriads of devices Devices are deployed in hard to reach places Everyone single one needs special attention Which ones are really mine? Yesterday it worked today it doesn’t – What happened? How do I replace or dispose a device? Which device has access to what? Cloud consumes huge amounts of questionable data Who else lives on my devices?

What does it take? 5 Isolated execution – Either by time or physical isolation Strong Device Identity – Cryptographic Endorsement Key Sealed Storage – Encrypted and bound to separate trust boundaries Attestation – Allows 3 rd parties to form trust relationships Policy Bound Operation – Device and user policies are enforced

Divide and Conquer 6 Security starts in the platform hardware Apply principle of least privilege to your device Enforce defined parameters of operation Trust nobody, especially not your own code The design process starts with security and cannot be added with a firmware update  Create strong defendable trust boundaries inside your device

What does it take? 7 Isolated execution – Either by time or physical isolation Strong Device Identity – Cryptographic Endorsement Key Sealed Storage – Encrypted and bound to separate trust boundaries Attestation – Allows 3 rd parties to form trust relationships Policy Bound Operation – Device and user policies are enforced

Who the hell are you?!? 8 No, a MAC address is not a good device identity and some GUID in flash memory is also useless A secret seed inaccessible to software Only accessible by policy restricted hardware Can never be read directly or indirectly Is used as a key in a cryptographic algorithm Can be used to re-establish trust after a break-in Backed by manufacturer identity service or certificate  Employ Cryptographic Endorsement Key

What does it take? 9 Isolated execution – Either by time or physical isolation Strong Device Identity – Cryptographic Endorsement Key Sealed Storage – Encrypted and bound to separate trust boundaries Attestation – Allows 3 rd parties to form trust relationships Policy Bound Operation – Device and user policies are enforced

Keeping the lid on things 10 How to protect data at rest against offline attacks? Differentiating between using keys and reading them Controlled object migration in and out of the device Immutable persisted storage with individual read, write and lockout policies  Sealed and Protected Storage

What does it take? 11 Isolated execution – Either by time or physical isolation Strong Device Identity – Cryptographic Endorsement Key Sealed Storage – Encrypted and bound to separate trust boundaries Attestation – Allows 3 rd parties to form trust relationships Policy Bound Operation – Device and user policies are enforced

Mom said to always tell the truth 12 Only device reset, resets security posture Secure logging facility to measure device state Attestation of objects, persisted storage and state with trusted identities  Trusted Reporting and Attestation

What does it take? 13 Isolated execution – Either by time or physical isolation Strong Device Identity – Cryptographic Endorsement Key Sealed Storage – Encrypted and bound to separate trust boundaries Attestation – Allows 3 rd parties to form trust relationships Policy Bound Operation – Device and user policies are enforced

Having a reality check 14 Ensure linear forward progression of time Dictionary attack protection Secure monotonic counting BitFields that behave like fuses Algorithm and usage restrictions on keys Flexible object authorization policies  Policy bound operation

…and what else? 15 A good entropy source is also a nice thing.

What can a TPM do for a modern MCU? 16 Immutable boot loader (CRTM) Secure seeding of an internal PRNG Manufacturer authenticated platform boot Measured boot as tamperproof record of code and data Establishing ownership and device identity generation Attestation client to report device state Confidential storage of device configuration Secure identity and data protection key import Firmware rollback protection Secure forward migration of configuration data There is actually a lot more down here but unfortunately the slide cut that off…

…so it looks something like this 17 MCU TPM CRTM Physically and cryptographically bound Device Firmware aka Payload Device Firmware aka Payload Bootloader IO control Service hookup

Now, what is this Trusted Brokered IO thing? 18 If you are still sitting in the audience I assume that at least to some degree you bought into the 5 bullets of the “What does it take” slide. - Good, and let me thank you at this point already - Now we are going off the deep end: So far we created a MCU that adheres to the TCG software platform – This means we are done, right? Everything is secure, right? In a perfect world where software ships free of bugs, processors can interpret the developers intentions and nobody hacks devices on the internet, then by all means yes absolutely! Lets go home early today.

Let’s look at that picture again… 19 MCU TPM CRTM Device Firmware aka Payload Device Firmware aka Payload Bootloader Trustboundary

Let’s look at that picture again… 20 MCU TPM CRTM Device Firmware aka Payload Device Firmware aka Payload Bootloader Trustboundary Turn on gas, wait 30 minutes, ignite.

Let’s look at that picture again… 21 MCU TPM CRTM Device Firmware aka Payload Device Firmware aka Payload Bootloader Trustboundary

Why can’t we apply policies to IO? 22 If it is good for software why not also apply it to the hardware? Apply hard formulated policies on IO operations that the MCU cannot override Revoke MCU access from critical IO if the MCU is in an unknown state Provide IO override policy for authorized entities Provide data attestation on data that the MCU reads IoT device data with attached attestation meta data provides trust level Reduction of attack surface for high integrity IO devices  The TPM library specification defines GPIO pins for this purpose

Trusted Brokered IO 23 Trustboundary MCU TPM CRTM Device Firmware aka Payload Device Firmware aka Payload Bootloader PrivilegedIO: Igniter and fuel control Display, knobs and oven light PEP AttestedIO: Oven State

Demo: Trusted Door 24

Questions? 25