#trustedcomputing, #tpm

1. Trusted Computing

2. Agenda
 Why Trusted Computing
 The Trusted Computing Architecture
 Uses of Trusted Computing
 Issues with Trusted Computing
 Trusted Computing in practice
 Details: 3rd party attestation

3. Agenda
 Why Trusted Computing
 The Trusted Computing Architecture
 Uses of Trusted Computing
 Issues with Trusted Computing
 Trusted Computing in practice
 Details: 3rd party attestation

4. Trusted Computing
 Trust (RFC 4949):A feeling of certainty (sometimes
based on inconclusive evidence) either (a) that the
system will not fail or (b) that the system meets its
specifications (i.e., the system does what it claims to do
and does not perform unwanted functions)
 When approaching a PC, do we have this feeling?

5. Lack of Trust
 Mutability
– Data
– Applications and libraries
– Device drivers
– Kernel components
– And… the BIOS
 “Least privilege” principle is ignored
– Administrator privileges
 Huge amounts of trusted code
 Secure development principles are not applied

6. Trusted Computing Group
 [An] organization formed to develop, define, and
promote open standards for hardware-enabled
trusted computing and security technologies, including
hardware building blocks and software interfaces, across
multiple platforms, peripherals, and devices
 Implicitly: software alone will not do
 Established (as TCPA) 1999
 TPM 1.0 published Feb. 2001
 TNC work started 2004
 Around 200 member companies
 www.trustedcomputing.org

7. Agenda
 Why Trusted Computing
 The Trusted Computing Architecture
 Uses of Trusted Computing
 Issues with Trusted Computing
 Trusted Computing in practice
 Details: 3rd party attestation

8. Trusted Computing Architecture
TPM (Trusted Platform Module): a tamper-resistant hardware module
mounted in a platform.
Responsible for: measurement, storage, reporting and policy enforcement
Protected
Code
TPM
Boot Process
Operating System
App1 App2 App3
Encrypted
Files

9. Roots of Trust
 A Root ofTrust is a component that must behave as
expected, because its misbehavior cannot be detected
– A piece of code
 Root ofTrust for Measurement: the component that can
be trusted to reliably measure and report to the Root of Trust
for Reporting what software executes at the start of platform
boot
 Root ofTrust for Reporting: the component that can be
trusted to report reliable information about the platform
 Root ofTrust for Storage: the component that can be
trusted to securely store any quantity of information

10. A Chain of Trust (Illustrate with Possible
Attack Scenarios)
 The core idea of the Trusted Computing architecture
 Each stage measures and validates the next one
– Measurements go into Platform Configuration Registers
(PCRs) on theTPM
 The chain starts with the hardwareTPM
 Then software:
– RTM,TPM Software Stack, BIOS, kernel
– Applications?
 At the end, the entire platform is verified to be in a
trusted state

11. TC Cryptographic Capabilities
 SHA-1, HMAC
– Hashed message authentication code
 Physical random number generation
– An important feature in itself
 Asymmetric key generation
– 2048-bit RSA
 Asymmetric crypto encryption/decryption and signing
– RSA PKCS#1
 Bulk symmetric crypto is performed off-chip
– For example, disk encryption
 Reasons: price, export considerations
 This is no high performance crypto chip!

12. Agenda
 Why Trusted Computing
 The Trusted Computing Architecture
 Uses of Trusted Computing
 Issues with Trusted Computing
 Trusted Computing in practice
 Details: 3rd party attestation

13. Uses of Trusted Computing
 Data protection: storage of secrets
– TPM unseals storage keys only if the platform is in a trusted state
 Detecting unwanted changes to a machine’s configuration
– Secure boot
 The next three require “3rd party attestation”
– Protocol described later
 Checking client integrity on a local network
– E.g. before the client is allowed into the network
– Or by each network server
 Verifying the trustworthiness of a “kiosk”
– By a remote server
– By a local smartcard
 Machine authentication for remote access

14. Trusted Computing in Practice
 TPM exists on a very large percentage of desktops and
laptops
– On your computer, too
 But it is disabled by default
 So it is rarely used
– Even innocuous functionality like RNG is blocked!
 Microsoft was expected to enhance TC functionality inVista
– But only made a small step with BitLocker
– Better with Windows 7 and 8
 Apple used TPM once to ensure its new OS only runs on its
own “beta” machines
– But this is the wrong way around!

15. Agenda
 Why Trusted Computing
 The Trusted Computing Architecture
 Uses of Trusted Computing
 Issues with Trusted Computing
 Trusted Computing in practice
 Details: 3rd party attestation

16. Remote Attestation
 Three phases
 Measurement: machine to be attested must measure its
properties locally
 Attestation: transfer measurements from machine being
attested to remote machine
 Verification: remote machine examines measurements
transferred during attestation and decides whether they
are valid and acceptable

17. Linux Integrity Measurement

18. What is the Purpos of Nonce? (Important)

19. Linux Verification

20. Dynamic Root of Trust (During
Runtime)
 Special CPU instruction
 Reset PCRs
 First measurement made by hardware
 Check if correct and proceed in further measurements
 Otherwise DRT was modified and not safe to use
Used for run trustedVirtual Machine, since measuring
all of software during startup is impossible and the same
software can be attacked later

21. Summary
 Trusted Computing tries to solve one of the top
problems in today’s computing
 It builds a complex and interesting architecture, using
innovative hardware components
 The in-built conflict between proven security and privacy
has not been resolved, and maybe cannot be
 TC is making small steps forward, will it ever see
widespread use?