Presentation is loading. Please wait.

Presentation is loading. Please wait.

Trusted Computing and the Trusted Platform Module

Published byAgnes Cross Modified over 6 years ago

Similar presentations

Presentation on theme: "Trusted Computing and the Trusted Platform Module"— Presentation transcript:

1 Trusted Computing and the Trusted Platform Module
Bruce Maggs (with some slides from Bryan Parno)

2 Bryan Parno’s Travel Story

3 Attestation How can we know that a system that we would like to use has not been compromised?

4 Bootstrapping Trust is Hard!
Challenges: Hardware assurance Ephemeral software User Interaction App 1 App 4 App 3 App N App 2 App 5 S5( ) S6( ) S4( ) S7( ) S3( ) S10( ) S11( ) S2( ) S9( ) S8( ) S15( ) S1( ) S14( ) S12( ) S13( ) OS Module 1 Module 3 Module 2 Module 4 Safe? H( ) ^ H( ) Yes!

5 Bootstrapping Trust is Hard!
Challenges: Hardware assurance Ephemeral software User Interaction Evil App OS Safe? Yes!

6 Trusted Platform Module Components
permanent public/private key pair created when TPM first used

7 Often found in business-class laptops
TPM Chip Often found in business-class laptops

8 Caveat The TPM is not 100% tamper proof!
Safe use requires physical security In 2010 Christopher Tarnovsky extracted all keys from an Infineon TPM chip by soaking the chip in acid to remove plastic removing RF-shield wire mesh probing with an extremely small needle

9 Built-In Unique Identifier
“Endorsement Key” permanently embedded in TPM RSA public-private key pair Private key never leaves the TPM chip Public key can be certified (e.g., TPM may include an EKCERT certificate signed by a TPM CA such as the TPM manufacturer)

10 Storage Root Key Master “storage root key” (SRK) created when TPM first used Can be changed by clearing the TPM Protects TPM keys created by other applications

11 On-Chip Algorithms RSA key-pair generation RSA encryption/decryption
RSA signing and signature checking Random number generation SHA-1 hashing Keyed-hash message authentication code (HMAC) (more on this later) NOT a crypto accelerator

12 Platform Configuration Registers (PCRs)
A TPM contains several 20-byte PCRs A PCR is initialized to zero at power on. The only operation allowed on a PCR is to extend it: val[PCR] = SHA1(val[PCR] || newval) At boot time, a TPM-enabled PC takes a series of measurements and stores them in PCRs (more on this later)

13 HMAC Hash with two inputs: a key and a block of data
Typically key is randomly generated and secret Key can be used (for example) to guarantee that the hash was freshly created

14 How HMAC can be used TPM can hash contents of all storage on computer, or storage in certain places Disks Memory Registers in the CPU User can choose to execute only from known safe states

15 Applications Protecting sensitive stored information from modification
Trusted boot Attestation

16 TPM-Based Attestation Example
[Gasser et al. ‘89], [Arbaugh et al. ‘97], [Sailer et al. ‘04], [Marchesini et al. ‘04] OS Module OS Module App App BIOS BIOS Bootloader Bootloader TPM PCRs KPriv

17 Establishing Trust via a TPM
[Gasser et al. ‘89], [Arbaugh et al. ‘97], [Sailer et al. ‘04], [Marchesini et al. ‘04] Accurate! BIOS Bootloader OS Module App Guarantees freshness random # random # BIOS Bootloader OS Module App TPM PCRs KPriv KPub Guarantees real TPM Sign ( ) Kpriv BIOS Bootloader OS Module App random # Guarantees actual TPM logs

18 Static Chain of Trust at Power-On
PCRs set to default values Hardware instructs TPM to measure Authenticated Code Module (ACM) provided by manufacturer on motherboard, extend PCR0 Processor runs ACM to measure BIOS, i.e., software instructs TPM to extend PCR0 with BIOS BIOS code extends PCR4 with IPL (initial program loader) from master boot record

19 Dynamic Chain of Trust OS invokes special security instruction, resetting PCRs to default values Hardware measures SINIT ACM, also provided by hardware manufacturer SINIT ACM measures OS startup code (Measured Launch Environment MLE), extends PCR18 Before running MLE, SINIT verifies that MLE and PCRs 0-7 have known good values MLE measures OS, extends PCRs 19-20 Before running OS, MLE compares PCRs to known good values

20 Microsoft Secure Boot (Windows 8+)
Enabled by “UEFI” – Unified Extensible Firmware Interface (replacement for traditional BIOS) Manufacturer’s and Microsoft public keys stored in firmware (can add other OS vendors) TPM checks that firmware is signed by the manufacturer TPM checks that hash of boot loader has been signed with Microsoft public key

21 Microsoft Trusted Boot
Takes over after Secure Boot Verifies all OS components, starting with Windows kernel Windows kernel verifies boot drivers, start-up files

22 Microsoft Measured Boot
TPM signs measured boot log file Remote attestation possible by transmitting signed boot log

23 Microsoft BitLocker Drive Encryption
Encryption of volume containing Windows OS, user files, e.g., C:\ Separate unencrypted volume contains files needed to load Windows (MLE) Volume master encryption key encrypted and stored on volume. Key to decrypt volume master key can be stored on TPM (backup stored elsewhere) MLE retrieves key from TPM to decrypt OS OS doesn’t decrypt user files unless a valid password is provided – better password protect your account! BitLocker can be used without a TPM – user supplies an encryption password

24 Intel SGX Intel Software Guard Extensions – new instructions added to the x64 instruction set Incorporated directly into CPU, e.g., Intel i7-6700K, Dell Inspiron 11 i3153 (Not a separate chip like TPM.) Application can created trusted memory “enclave” Only trusted functions (stored in enclave) can see or modify enclave Application software can be protected from privileged software

25 Container Virtualization
Containers share the host operating system, using less resources, and instances can be created more quickly than VMs. But there is no isolation from the host OS.

26 Secure Containers SCONE: Secure Linux Containers with Intel SGX (OSDI 16) Use SGX to protect container processes from outside attacks (e.g., through host OS) Transparent to Docker

Download ppt "Trusted Computing and the Trusted Platform Module"

Similar presentations

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.
Rambling on the Private Data Security

Rambling on the Private Data Security
Vpn-info.com.

Vpn-info.com.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.

Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.

 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.

Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.
1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.

1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.
1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.

1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.

Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.
Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.

Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.
Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.

Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.
SEC316: BitLocker™ Drive Encryption

SEC316: BitLocker™ Drive Encryption
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture notes.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture notes.
File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006.

File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006.
Bootstrapping Trust in Commodity Computers Bryan Parno, Jonathan McCune, Adrian Perrig 1 Carnegie Mellon University.

Bootstrapping Trust in Commodity Computers Bryan Parno, Jonathan McCune, Adrian Perrig 1 Carnegie Mellon University.
Trusted Computing BY: Sam Ranjbari Billy J. Garcia.

Trusted Computing BY: Sam Ranjbari Billy J. Garcia.

Similar presentations

Ads by Google