2. Agenda
Why Trusted Computing
The Trusted Computing Architecture
Uses of Trusted Computing
Issues with Trusted Computing
Trusted Computing in practice
Details: 3rd party attestation
3. Agenda
Why Trusted Computing
The Trusted Computing Architecture
Uses of Trusted Computing
Issues with Trusted Computing
Trusted Computing in practice
Details: 3rd party attestation
4. Trusted Computing
Trust (RFC 4949):A feeling of certainty (sometimes
based on inconclusive evidence) either (a) that the
system will not fail or (b) that the system meets its
specifications (i.e., the system does what it claims to do
and does not perform unwanted functions)
When approaching a PC, do we have this feeling?
5. Lack of Trust
Mutability
– Data
– Applications and libraries
– Device drivers
– Kernel components
– And… the BIOS
“Least privilege” principle is ignored
– Administrator privileges
Huge amounts of trusted code
Secure development principles are not applied
6. Trusted Computing Group
[An] organization formed to develop, define, and
promote open standards for hardware-enabled
trusted computing and security technologies, including
hardware building blocks and software interfaces, across
multiple platforms, peripherals, and devices
Implicitly: software alone will not do
Established (as TCPA) 1999
TPM 1.0 published Feb. 2001
TNC work started 2004
Around 200 member companies
www.trustedcomputing.org
7. Agenda
Why Trusted Computing
The Trusted Computing Architecture
Uses of Trusted Computing
Issues with Trusted Computing
Trusted Computing in practice
Details: 3rd party attestation
8. Trusted Computing Architecture
TPM (Trusted Platform Module): a tamper-resistant hardware module
mounted in a platform.
Responsible for: measurement, storage, reporting and policy enforcement
Protected
Code
TPM
Boot Process
Operating System
App1 App2 App3
Encrypted
Files
9. Roots of Trust
A Root ofTrust is a component that must behave as
expected, because its misbehavior cannot be detected
– A piece of code
Root ofTrust for Measurement: the component that can
be trusted to reliably measure and report to the Root of Trust
for Reporting what software executes at the start of platform
boot
Root ofTrust for Reporting: the component that can be
trusted to report reliable information about the platform
Root ofTrust for Storage: the component that can be
trusted to securely store any quantity of information
10. A Chain of Trust (Illustrate with Possible
Attack Scenarios)
The core idea of the Trusted Computing architecture
Each stage measures and validates the next one
– Measurements go into Platform Configuration Registers
(PCRs) on theTPM
The chain starts with the hardwareTPM
Then software:
– RTM,TPM Software Stack, BIOS, kernel
– Applications?
At the end, the entire platform is verified to be in a
trusted state
11. TC Cryptographic Capabilities
SHA-1, HMAC
– Hashed message authentication code
Physical random number generation
– An important feature in itself
Asymmetric key generation
– 2048-bit RSA
Asymmetric crypto encryption/decryption and signing
– RSA PKCS#1
Bulk symmetric crypto is performed off-chip
– For example, disk encryption
Reasons: price, export considerations
This is no high performance crypto chip!
12. Agenda
Why Trusted Computing
The Trusted Computing Architecture
Uses of Trusted Computing
Issues with Trusted Computing
Trusted Computing in practice
Details: 3rd party attestation
13. Uses of Trusted Computing
Data protection: storage of secrets
– TPM unseals storage keys only if the platform is in a trusted state
Detecting unwanted changes to a machine’s configuration
– Secure boot
The next three require “3rd party attestation”
– Protocol described later
Checking client integrity on a local network
– E.g. before the client is allowed into the network
– Or by each network server
Verifying the trustworthiness of a “kiosk”
– By a remote server
– By a local smartcard
Machine authentication for remote access
14. Trusted Computing in Practice
TPM exists on a very large percentage of desktops and
laptops
– On your computer, too
But it is disabled by default
So it is rarely used
– Even innocuous functionality like RNG is blocked!
Microsoft was expected to enhance TC functionality inVista
– But only made a small step with BitLocker
– Better with Windows 7 and 8
Apple used TPM once to ensure its new OS only runs on its
own “beta” machines
– But this is the wrong way around!
15. Agenda
Why Trusted Computing
The Trusted Computing Architecture
Uses of Trusted Computing
Issues with Trusted Computing
Trusted Computing in practice
Details: 3rd party attestation
16. Remote Attestation
Three phases
Measurement: machine to be attested must measure its
properties locally
Attestation: transfer measurements from machine being
attested to remote machine
Verification: remote machine examines measurements
transferred during attestation and decides whether they
are valid and acceptable
20. Dynamic Root of Trust (During
Runtime)
Special CPU instruction
Reset PCRs
First measurement made by hardware
Check if correct and proceed in further measurements
Otherwise DRT was modified and not safe to use
Used for run trustedVirtual Machine, since measuring
all of software during startup is impossible and the same
software can be attacked later
21. Summary
Trusted Computing tries to solve one of the top
problems in today’s computing
It builds a complex and interesting architecture, using
innovative hardware components
The in-built conflict between proven security and privacy
has not been resolved, and maybe cannot be
TC is making small steps forward, will it ever see
widespread use?