Today at the CeBIT Fair, IBM is announcing the Secure Enterprise Desktop, an innovative service that enables corporate users to securely access the contents of their entire hard disk, including operating system, applications and company data, from anywhere in as little as two minutes.
With the consumerization of IT and the emergence of bring your own device to work, organizations are being forced to figure out how to manage new security challenges in the enterprise. In addition, according to the 2011 IBM CIO Study, two of three CIOs have visionary plans that include mobility solutions and virtualization to remain competitive.
To address these challenges IBM scientists in Zurich, also known for developing the secure operating system used on hundreds of millions of smart cards today, have developed the Secure Enterprise Desktop.
2. Secure Enterprise Desktop: Core problem addressed
All Internet connected devices are (and will remain) under attack …
– Attack vectors (selection)
• Spam (mail): “Click-and-be-doomed”
• Some “free helper tools”
• “popular” websites (porn, warez, etc.): “Drive-by infection”
• Google-found websites
– Sample attack method (beyond traditional vulnerability + standard API exploits)
• APEG (Automatic Patch-based exploit generation)
– Attack goals (selection)
• Get at company secrets (SpearPhishing, Advanced Persistent Threats and beyond)
• Log company communication in real-time
• Find out about customer’s customers
– Attack professionalism
• Very high and rising (task “outsourcing”, physical “enforcement” the norm)
• To some accounts, e-crime is already more profitable than drug trafficking
IBM Secure Enterprise Desktop
3. Authentication: Main Attack classes
Spoofed email (phishing) Fake server
Link
Credentials
login:
Im
pe
rs on
a ti
on
a ta
ny
Fake Fake tim
e Server
server client
Impersonation while
genuine client connects
e/
Man-in-the-middle (MITM)
y tim on
an ti
at nsac
n tra
t io
na uine
rso n
Trojan horse virus pe g ge
Im r in
Du
Credentials
Malicious
software (MSW)
Man-in-the-browser (MITB)
IBM Secure Enterprise Desktop
4. Secure Enterprise Desktop: So what?
You cannot trust the PC (tablet, smart phone, etc.) display – nor any SW.
You need separate protection – crypto & I/O HW outside the PC.
Based on some “trust anchor” – ideally a mobile one.
IBM Secure Enterprise Desktop
5. classicZTIC concept: How it works (high-level)
2: ZTIC initiates connection to server
(automatically via auto-run or after user clicks on ZTIC icon)
3: ZTIC establishes TLS connection to server
(incl. automatic certificate check and possibly, using client authentication)
TLS Proxy
1: User approaches any appliance
with USB port and inserts ZTIC
TLS Server Connection
4: Server validates authenticity
(using existing authentication protocols like EMV CAP or via PKI/SSL client authentication)
IBM Secure Enterprise Desktop
6. Approaches to Desktop Security
Corporate-issue PCs: Machines are custom-installed and centrally managed.
Challenges: limited choice of machines; cost for dedicated hardware; zero-day exploits; mobility
Trusted Platform Modules, Smart Cards, etc: Security hardware protecting system software
Challenges: Without I/O, user cannot ascertain what’s happening; mobility
Secure Execution Environments: Software controlling applications executing
Challenges: Size & origin of software; can software be protected by software?
Secure boot stick: user carries a secure OS to boot from on a USB stick
Challenges: maintenance of OS; no central control; no user credential control
Virtualization: adding an access & security control layer for all resources
Challenges: host-OS security; installation; performance/scalability
IBM Secure Enterprise Desktop
7. IBM Secure Enterprise Desktop: Design Goals
Protect against “State of the Art” Attacks (esp. Malware & Man-in-the-Middle)
– Do not rely on PC or smart phone for input or output of critical data
Do not require the installation of additional software
– No device drivers (no new user/support center hassles)
– Work on as many platforms as possible
Do not interfere with existing protection technologies
– VPNs, Firewalls, Virus scanners, etc.
Be easy-to-use
– Do not create performance penalties
– Use “familiar” device/interaction pattern mobility
Be easy-to-administrate & integrate
– Require minimal server changes
• Re-use existing authentication protocols, e.g., CAP, PKI/SSL client-
authentication
– Allow for “fool-proof” device maintenance
IBM Secure Enterprise Desktop
11. Secure Enterprise Desktop: Architecture
Hypervisor allows SED…
…to be hardware agnostic: hardware support delegated to the hypervisor
…to implement specialized drivers without changing the user image
…run multiple images on the same client
IBM Secure Enterprise Desktop
13. Secure Enterprise Desktop: Key Differentiators
VM + OS provisioning is server-controlled via trusted channel
– ZTIC establishes basic trust level and pulls disk-keys & software via SSL
– Future extension: Build VPN support into low-level drivers + ZTIC
No need for or reliance on pre-installed software
– ZTIC possession is sufficient to get started boot off empty/’bare metal’ machines
– All OS & user data is streamed as needed Fast start-up time on empty machines
– Local machine used as ‘cache’ scalability from overall system perspective
Constant ‘backup’ when online
– Offline operation also possible (e.g., when traveling)
– All local data encrypted via ZTIC and mirrored back when online again
User credentials handled outside of PC
– Protection even against hacked BIOS’
– Smart card support without need for drivers
IBM Secure Enterprise Desktop
14. Secure Enterprise Desktop: Next steps for 2012
IBM internal pilot operation
Introduction of standard/’out-of-the-box’ usage scenarios
Pilot deployment at lead customers
Integration with IBM standard offerings
IBM Secure Enterprise Desktop
15. Questions?
http://www.zurich.ibm.com/secure-ed
eztic@zurich.ibm.com
YouTube: http://www.youtube.com/watch?v=mPZrkeHMDJ8
Michael Baentsch (mib@zurich.ibm.com; +41 44 724 8620)
Paolo Scotton (psc@zurich.ibm.com; +41 44 724 8948)
IBM Secure Enterprise Desktop