1 Trusted Computing Technology and Government Implants TrustyCon 2014! Steve Weis
2 Warning: This talk contains leaked US government classified material. Be aware of your employers policy.
3 Intro Me: Cryptographer, Co-founder & CTO PrivateCore, Google 2-factor, Keyczar, Today s talk: Snapshot of NSA ANT hardware, firmware, & software implants Trusted Computing : What is it? Can it help? Can we trust it? Defensive technologies on the horizon
4 Can you spot the implants?
5 NSA ANT NSA Observer https://nsa-observer.laquadrature.net/
9 Why attack BIOS and High Memory SMM? CPU with the SMRR Figure 11-1.SMRR Mapping with a Typical Memory Layout SMRAM + IEDRAM is PCI Memory Hole Basic I/O System (BIOS): MPersistent firmware that runs first before G the R OS. System Management Mode (SMM): Special mode of operation that S runs E M with R highest privileges, which is installed by BIOS and invisible to OS. SMRAM + IEDRAM is mapped by the CS as TSEG and in the G E S T Top of Memory (ToM) Figure 11-1.SMRR Mapping with a Typical Memory Layout mapped by the CS as TSEG and in the CPU with the SMRR R S Figure 11-1.SMRR Mapping with a Typical Memory Layout SMRAM + IEDRAM is mapped SMRAM by + the IEDRAM CS is as TSEG mapped and by in the the CS CPU as with TSEG the and SMRR in the CPU with the SMRR E S T G E T R M S G S T SMRAM + IEDRAM is mapped by the CS as TSEG and in the CPU with the SMRR R S R M S G E S T R M S High Memory IEDRAM PCI Memory Hole High High Memory (4MB Minimum) IEDRAM SMRAM PCI Memory Hole PCI Memory Hole (4MB Minimum) PCI Memory Hole SMRAM IEDRAM IEDRAM (4MB Minimum) IEDRAM (4MB Minimum) (4MB Minimum) Low Memory SMRAM SMRAM SMRAM Low Memory Low Memory Low Memory Low Memory Conventional Memory Conventional Memory Conventional Memory Conventional Memory Conventional Memory 4 GB Top of Memory (ToM) Top of of Memory Low Memor (ToM) 4 GB Top of Memory (ToM) Top of Low Memory ( IEDBASE = SMRR (MUST 4 GB GB be aligned 4 GB IEDBASE = SMRR_PH Top of Low Memory (ToLM) (MUST SMRR_PHYSBASE Top of Low be aligned Memory on (To Top of Low Memory (ToL (MUST be aligned IEDBASE = SMRR_PHYSBAS SMRR_PHYSBASE (MUST be aligned on 4MB = bo IEDBASE = SMRR_PHY (MUST IEDBASE be = aligned SMRR_PHYS on 4 (MUST be aligned on 4M (MUST be aligned on SMRR_PHYSBASE = ToLM (MUST be aligned on 8MB bo SMRR_PHYSBASE = To SMRR_PHYSBASE = ToL (MUST be aligned on 8 (MUST be aligned on 8M 1 MB 1 MB 0 1 MB 0
15 Do-it-Yourself Implants
16 Can you spot the implant? PCI attack device Implemented with off-the-shelf hardware Boots independently of host Exfiltrates data over the network
17 Can you spot the implant? Non-volatile RAM (NV-RAM) RAM contents are saved to flash memory on power loss. Attackers can capture crypto keys from preserved memory contents Several non-volatile memory technologies are in the pipeline
18 Trusted Computing! Ensure s software is running on s computer.
19 Trusted Computing for DRM! Ensure a content owner s software is running on your computer.
20 Trusted Computing for You! Ensure your software is running on your computer.
21 Trusted Platform Module The Coming Civil War on General Purpose Computing: A TPM is a nub of stable certainty: If it's there, it can reliably inform you about the code on your computer. - Cory Doctorow Public-key encryption and signatures Random number generation Persistent key storage Special Platform Configuration Registers (PCRs)
22 Trusted Execution Technology BIOS Option ROMs Firmware and software needed to boot Platform Config SINIT Kernel OS Config Remote Attest Measure TPM CPU
23 Suspension of Disbelief What about physical attacks and hardware implants? Why do we trust the TPM? Where did it come from? Why do we trust the CPU for that matter?
24 Attack Vectors Provenance BIOS Option ROMs Forge? Platform Config SINIT Overflow Kernel OS Config Hash Collision? Remote Attest Measure Spoof CPU Extract Keys TPM Spoof CPU Past Bus Paperclip Hypothetical Current
25 Where does this leave us? State-sponsored actors can circumvent trusted computing. Trusted computing still offers protection, although we ultimately have to trust the CPU and TPM. In the next 1-3 years: New hardware and platform security features Beyond: Practical applications of cryptographic protocols for security computation, e.g. fully homomorphic encryption.
26 Upcoming Technologies
27 SGX Programmin Software Guard Extensions (SGX) Protected execution envi Secure enclaves protected from other code. Enclaves are attested and won t run if modified. OS Enclave Enclave (DLL) Enclave Code Enclave Data W P P W Enclaves are backed by fully-encrypted memory. App Data TCS (*n) S Potentially could make DRM hard to circumvent. App Code W User Process Enclave 6
28 Enhanced Privacy ID (EPID) Provides ability for CPU to anonymously sign data. Could authenticate CPUs as real, without leaking identity. Caveat: Rooted in globally unique key material in CPU hardware.
29 Trusted Platform Module 2.0 TPM 1.2 is deprecated and banned in several countries. TPM 2.0 More algorithms and functionality Support for alternate cryptographic suites Better management Easier on-boarding
30 Summary NSA ANT implants target software, firmware, and hardware. Trusted computing helps against firmware and software attacks, but not against state sponsors. New technologies like SGX and EPID can work for us or against us.
TCG PC Client Specific Implementation Specification for Conventional BIOS Specification Version 1.21 Errata Revision 1.00 February 24 th, 2012 For TPM Family 1.2; Level 2 Contact: email@example.com
Trusted VM Snapshots in Untrusted Cloud Infrastructures Abhinav Srivastava 1, Himanshu Raj 2, Jonathon Giffin 3, Paul England 2 1 AT&T Labs Research 2 Microsoft Research 3 School of Computer Science, Georgia
TPM Key Backup and Recovery For Trusted Platforms White paper for understanding and support proper use of backup and recovery procedures for Trusted Computing Platforms. 2006-09-21 V0.95 Page 1 / 17 Contents
Institute of Parallel and Distributed Systems University of Stuttgart Universitätsstraße 38 D 70569 Stuttgart Diplomarbeit Nr. 3242 Data security in multi-tenant environments in the cloud Tim Waizenegger
Technical Whitepaper SimplySecure TM Architecture & Security Specifications, compliance and certification considerations for the IT Professional Rob Weber November 2014 Foreward First-in-class web-managed
Addressing NIST and DOD Requirements for Mobile Device Management Whitepaper 2013 ForeScout Technologies, Inc. All rights reserved. Call Toll-Free: 1.866.377.8771 www.forescout.com Contents 1. OVERVIEW
WHITE PAPER Intel Trusted Execution Technology Intel Xeon Processor Secure Cloud Computing Building Trust and Compliance in the Cloud with Intel Trusted Execution Technology The Taiwan Stock Exchange Corporation
The Critical Security Controls for Effective Cyber Defense Version 5.0 1 Introduction... 3 CSC 1: Inventory of Authorized and Unauthorized Devices... 8 CSC 2: Inventory of Authorized and Unauthorized Software...
EINDHOVEN UNIVERSITY OF TECHNOLOGY Department of Mathematics and Computing Science MASTER S THESIS Cryptography as a service in a cloud computing environment Hugo a.w. Ideler Eindhoven, December 2012 Supervisors:
VMware vsphere 5 Licensing, Pricing and Packaging W H I T E P A P E R Table of Contents Executive Summary................................................... 3 VMware vsphere Licensing Overview...................................
Parallels Cloud Server 6.0 Installation Guide November 11, 2014 Copyright 1999-2014 Parallels IP Holdings GmbH and its affiliates. All rights reserved. Parallels IP Holdings GmbH Vordergasse 59 8200 Schaffhausen
MOBILE DEVICE SECURITY FOR ENTERPRISES V.2 Final Draft September 12, 2014 firstname.lastname@example.org This revision incorporates comments from the public. Page Building Block 1 Comments 14 Certain commercial
Proven Infrastructure Guide EMC VSPEX PRIVATE CLOUD VMware vsphere 5.5 for up to 1,000 Virtual Machines Enabled by Microsoft Windows Server 2012 R2, EMC VNX Series, and EMC Powered Backup EMC VSPEX Abstract
http:// ARM 7 BASED MULTI LEVEL SECURITY FOR ATM ACCESS USING FINGER PRINT AND GSM TECHNOLOGY M.S.Umamaheswari 1, Mr.G.Rama krishan 2 1 M.Tech II Yr (Embedded systems), 2 Professor, Dept of ECE, SVCET,
Regular Paper Journal of Computing Science and Engineering, Vol. 5, No. 4, December 2011, pp. 331-337 Data Firewall: A TPM-based Security Framework for Protecting Data in Thick Client Mobile Environment
Digital signature in insecure environments Janne Varjus Helsinki University of Technology email@example.com Abstract Due to current legislation the digital signatures can be as valid as the hand written
Server Virtualization Products And Information Security William J. Sparks Daniel G. James ICTN 6883 Semester Project 4/8/2008 Author Bio s Daniel G. James is a fulltime employee/fulltime graduate student
EVALUATIVE STANDARD THAT ADDRESS CLOUD-SPECIFIC VIRTUALIZATION SECURITY CONCERNS MAKANGA, VICTOR WESONGA Research thesis submitted in partial fulfillment of the requirements for the degree of Master of
VirtuousIT Ltd 1 Table of Contents 1 Introduction 3 The Data Explosion 3 The Importance of Rapid System Recovery 3 2 The VirtuousIT Solution 4 3 RecoveryShield - Solutions 5 Large Business 5 Small Medium
A Survey on Virtual Machine Security Jenni Susan Reuben Helsinki University of Technology firstname.lastname@example.org Abstract Virtualization plays a major role in helping the organizations to reduce the operational
KTH Information and Communication Technology Strong Authentication Protocol using PIV Card with Mobile Devices Kunning Mao KTH Royal Institute of Technology School of Information and Communication Technology
Mediatrix 4400 Digital Gateway VoIP Trunking with a Legacy PBX June 21, 2011 Proprietary 2011 Media5 Corporation Table of Contents Table of Contents... 2 Introduction... 3 Mediatrix 4400 Digital Gateway