Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)

Slides:



Advertisements
Similar presentations
Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.
Advertisements

Rambling on the Private Data Security
Re-envisioning of the TPM
Vpn-info.com.
Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.
1 Privacy Enhancing Technologies Elaine Shi Lecture 5 Trusted Computing.
Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
CSUF Chapter CSUF Operating Systems Security 2.
 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.
1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.
1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.
Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.
Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.
Trusted Computing Technology and Client-side Access Control Architecture Acknowledgement: Some slides and diagrams are adapted from TCG Architecture Overview,
Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.
1 How Low Can You Go? Recommendations for Hardware- Supported Minimal TCB Code Execution Bryan Parno Arvind Seshadri Adrian Perrig Carnegie Mellon University.
SEC316: BitLocker™ Drive Encryption
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture notes.
1 Flicker: An Execution Infrastructure for TCB Minimization April 4, 2008 Jonathan McCune 1, Bryan Parno 1, Adrian Perrig 1, Michael Reiter 2, and Hiroshi.
File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Basic Input Output System
Electronic Mail Security
Bootstrapping Trust in Commodity Computers Bryan Parno, Jonathan McCune, Adrian Perrig 1 Carnegie Mellon University.
© Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. Trusted Computing Yaron Sheffer Manager, Standards.
Trusted Computing BY: Sam Ranjbari Billy J. Garcia.
Week #7 Objectives: Secure Windows 7 Desktop
Trusted Computing Platform Alliance
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Extending user controlled security domain.
Architecture for Protecting Critical Secrets in Microprocessors Ruby Lee Peter Kwan Patrick McGregor Jeffrey Dwoskin Zhenghong Wang Princeton Architecture.
Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
An approach to on the fly activation and deactivation of virtualization-based security systems Denis Efremov Pavel Iakovenko
Key Management Workshop November 1-2, Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.
Trusted Computing Or How I Learned to Stop Worrying and Love the MPAA.
Senior Project Ideas: Blind Communication & Internet Measurements Mehmet H. Gunes.
COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.
Chapter 15: Electronic Mail Security
Cosc 4765 Trusted Platform Module. What is TPM The TPM hardware along with its supporting software and firmware provides the platform root of trust. –It.
Chapter 3.2: Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as.
Virtual Memory Review Goal: give illusion of a large memory Allow many processes to share single memory Strategy Break physical memory up into blocks (pages)
出處 :2010 2nd International Conference on Signal Processing Systems (ICSPS) 作者 :Zhidong Shen 、 Qiang Tong 演講者 : 碩研資管一甲 吳俊逸.
Reducing Trust Domain with TXT Daniel De Graaf. TXT overview Original TPM – Static Root of Trust – BIOS, all boot ROMs, bootloader, hypervisor, OS TPM.
Trusted Infrastructure Xiaolong Wang, Xinming Ou Based on Dr. Andrew Martin’s slides from TIW 2013.
Trusted Platform Module as Security Enabler for Cloud Infrastructure as a Service (IaaS). Gregory T. Hoffer CS7323 – Research Seminar (Dr. Qi Tian)
Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)
Sofia, 2008 Valery Konyavsky New Approaches to Ensure Cybersecurity VNIIPVTI All-Russia Research-and- Development Institute for Problems of Computing Equipment.
Understand Encryption LESSON 2.5_A Security Fundamentals.
1 Information Security – Theory vs. Reality , Winter Lecture 12: Trusted computing architecture (cont.), Eran Tromer Slides credit:
What is BitLocker and How Does It Work? Steve Lamb IT Pro Evangelist, Microsoft Ltd
Computer Security module October 2008 Mark D. Ryan HP Labs, Bristol University of Birmingham Trusted Platform Module (TPM) introduction.
Computer Security module October 2009 Mark D. Ryan University of Birmingham Trusted Platform Module (TPM) introduction.
Trusted Computing and the Trusted Platform Module
Trusted Computing and the Trusted Platform Module
Outline What does the OS protect? Authentication for operating systems
PV204 Security technologies
Outline What does the OS protect? Authentication for operating systems
TERRA Authored by: Garfinkel, Pfaff, Chow, Rosenblum, and Boneh
User-mode Secret Protection (SP) architecture
Bruce Maggs (with some slides from Bryan Parno)
Bruce Maggs (with some slides from Bryan Parno)
Presentation transcript:

Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)

Bryan Parno’s Travel Story 2

Attestation How can we know that a system that we would like to use has not been compromised? 3

H( ) ^ Bootstrapping Trust is Hard! 4 OS Ap p 1 Ap p 1 Ap p 2 Ap p 2 Ap p 3 Ap p 3 Ap p 4 Ap p 4 Ap p N Ap p N Module 1 Module 3 Module 2 Module 4 Ap p 5 Ap p 5 Challenges: Hardware assurance Ephemeral software User Interaction Safe? Yes! S 1 ( ) S 2 ( ) S 3 ( ) S 4 ( ) S 5 ( ) S 6 ( ) S 7 ( ) S 8 ( ) S 9 ( ) S 10 ( ) S 11 ( ) S 12 ( ) S 13 ( ) S 14 ( ) S 15 ( )

Evil App Evil App Evil OS Evil OS Bootstrapping Trust is Hard! 5 Challenges: Hardware assurance Ephemeral software User Interaction Safe? Yes!

TPM Chip Often found in business-class laptops (image from Wikipedia) 6

Caveat The TPM is not tamper proof! Safe use requires physical security! 7

Built-In Unique Identifier “Endorsement Key” RSA public-private key pair Private key never leaves the TPM chip Public key can be certified 8

On-Chip Algorithms RSA key-pair generation RSA encryption/decryption RSA signing Random number generation SHA-1 hashing Keyed-hash message authentication code (HMAC) 9

Platform Configuration Registers (PCRs) A TPM contains several 20-byte PCRs A PCR is initialized to zero at power on. The only operation allowed on a PCR is to extend it: val[PCR] = SHA1(val[PCR]. newval) At boot time, a TPM-enabled PC takes a series of measurements and stores them in PCRs 10

HMAC Hash with two inputs: a key and a block of data Typically key is randomly generated Key can be used (for example) to guarantee that the hash was freshly created 11

How HMAC can be used TPM can hash contents of all storage on computer, or storage in certain places Disks Memory Registers in the CPU User can choose to execute only from known safe states 12

Applications Storing and protecting sensitive information Trusted boot Attestation 13

TPM-Based Attestation Example 14 BIOS TPM PCRs K Priv BIOS [Gasser et al. ‘89], [Arbaugh et al. ‘97], [Sailer et al. ‘04], [Marchesini et al. ‘04] Bootloader

Establishing Trust via a TPM [Gasser et al. ‘89], [Arbaugh et al. ‘97], [Sailer et al. ‘04], [Marchesini et al. ‘04] 15 BIOSBootloader TPM PCRs K Priv random # Guarantees freshness K Pu b Guarantees real TPM Sign ( ) K priv BIOS Bootloader random # Guarantees actual TPM logs Accurate! BIOS Bootloader

Microsoft uses of TPM Bitlocker drive encryption Secure Boot 16

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.