Presentation is loading. Please wait.

Presentation is loading. Please wait.

Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)

Published byShona Gibson Modified over 9 years ago

Similar presentations

Presentation on theme: "Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)"— Presentation transcript:

1 Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)

2 Bryan Parno’s Travel Story 2

3 Attestation How can we know that a system that we would like to use has not been compromised? 3

4 H( ) ^ Bootstrapping Trust is Hard! 4 OS App 1 App 1 App 2 App 2 App 3 App 3 App 4 App 4 App N App N Module 1 Module 3 Module 2 Module 4 App 5 App 5 Challenges: Hardware assurance Ephemeral software User Interaction Safe? Yes! S 1 ( ) S 2 ( ) S 3 ( ) S 4 ( ) S 5 ( ) S 6 ( ) S 7 ( ) S 8 ( ) S 9 ( ) S 10 ( ) S 11 ( ) S 12 ( ) S 13 ( ) S 14 ( ) S 15 ( )

5 Evil App Evil App Evil OS Evil OS Bootstrapping Trust is Hard! 5 Challenges: Hardware assurance Ephemeral software User Interaction Safe? Yes!

6 Trusted Platform Module Components https://en.wikipedia.org/wiki/Trusted_Platform_Module#/media/File:TPM.svg 6

7 TPM Chip Often found in business-class laptops https://en.wikipedia.org/wiki/Trusted_Platform_Module#/media/File:TPM_Asus.jpg 7

8 Caveat The TPM is not 100% tamper proof! Safe use requires physical security In 2010 Christopher Tarnovsky extracted the private key from an Infineon TPM chip by soaking the chip in acid to remove plastic removing RF-shield wire mesh probing with an extremely small needle 8

9 Built-In Unique Identifier “Endorsement Key” permanently embedded in TPM RSA public-private key pair Private key never leaves the TPM chip Public key can be certified Master “storage root key” (SRK) created when TPM first used 9

10 On-Chip Algorithms RSA key-pair generation RSA encryption/decryption RSA signing Random number generation SHA-1 hashing Keyed-hash message authentication code (HMAC) 10

11 Platform Configuration Registers (PCRs) A TPM contains several 20-byte PCRs A PCR is initialized to zero at power on. The only operation allowed on a PCR is to extend it: val[PCR] = SHA1(val[PCR]. newval) At boot time, a TPM-enabled PC takes a series of measurements and stores them in PCRs 11

12 HMAC Hash with two inputs: a key and a block of data Typically key is randomly generated Key can be used (for example) to guarantee that the hash was freshly created 12

13 How HMAC can be used TPM can hash contents of all storage on computer, or storage in certain places Disks Memory Registers in the CPU User can choose to execute only from known safe states 13

14 Applications Storing and protecting sensitive information Trusted boot Attestation 14

15 TPM-Based Attestation Example 15 BIOS TPM PCRs K Priv BIOS [Gasser et al. ‘89], [Arbaugh et al. ‘97], [Sailer et al. ‘04], [Marchesini et al. ‘04] Bootloader

16 Establishing Trust via a TPM [Gasser et al. ‘89], [Arbaugh et al. ‘97], [Sailer et al. ‘04], [Marchesini et al. ‘04] 16 BIOSBootloader TPM PCRs K Priv random # Guarantees freshness K Pu b Guarantees real TPM Sign ( ) K priv BIOS Bootloader random # Guarantees actual TPM logs Accurate! BIOS Bootloader

17 Microsoft BitLocker Drive Encryption Password-protected encryption of volume containing Windows OS, user files, e.g., C: Separate unencrypted volume contains files needed to load Windows TPM protects disk encryption key by encrypting it TPM releases key only after comparing hash of early (unencrypted) boot files with previous hash 17

18 Microsoft Secure Boot (Windows 8+) Enabled by “UEFI” – Unified Extensible Firmware Interface (replacement for traditional BIOS) Manufacturer’s and Microsoft public keys stored in firmware (can add other OS vendors) TPM checks that firmware is signed TPM checks that hash of boot loader has been signed with Microsoft public key 18

19 Microsoft Trusted Boot Takes over after Secure Boot Verifies all OS components, starting with Windows kernel Windows kernel verifies boot drivers, start-up files 19

20 Microsoft Measured Boot TPM signs measured boot log file Remote attestation possible by transmitting signed boot log 20

Download ppt "Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)"

Similar presentations

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.
Rambling on the Private Data Security

Rambling on the Private Data Security
Vpn-info.com.

Vpn-info.com.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.

Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
CSUF Chapter 3.2 1. CSUF Operating Systems Security 2.

CSUF Chapter CSUF Operating Systems Security 2.
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.

Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.
Section 3.2: Operating Systems Security

Section 3.2: Operating Systems Security
1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.

1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.
1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.

1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.

Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.
Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.

Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.
Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.

Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture notes.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture notes.
Mobility for the Enterprise

Mobility for the Enterprise
File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006.

File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006.

Similar presentations

Ads by Google