Trusted Platforms for Homeland Security

Size: px
Start display at page:

Download "Trusted Platforms for Homeland Security"

Transcription

1 Trusted Platforms for Homeland Security By Kevin Schutz, Product Manager Secure Products Summary Ongoing threats from hackers, viruses, and worms continue to make security a top priority for IT and business professionals in both the private and government sectors. Critical homeland infrastructures depend on IT for operations command and control. The emerging Trusted Platform Module (TPM), as driven by the industry consortium Trusted Computing Group (TCG), is a standard that allows affordable authentication, encryption, and network access to be accomplished on a variety of computing platforms, most notably today's PCs. In this paper we will examine the hardware and software applications available for immediate implementation and discuss how the TPM chip can be adapted to address many homeland security issues and applications. Atmel Corporation 2325 Orchard Parkway San Jose, CA TEL (408) FAX (408) Web Site:

2 The Trusted Computing Group The TCG is an industry standards body formed in 1999 by several PC industry leaders. Originally called the Trusted Computing Platform Alliance (TCPA), the primary goal of the group is to promote the concept of trusted computing by establishing an open industry standard, enabling devices and transactions to be trusted, private, protected, safe, and reliable across a wide array of platforms. The TCG establishes specifications for trusted computing across a variety of computing platforms. The foundation for trusted computing relies on the concept of providing a hardware-based "root of trust." Once this root of trust is established, the boundary of trust can be extended to include software at various levels within the computing environment. Hardware-based roots of trust can be quantifiably measured against specific protection profiles, enabling one to begin to accurately measure risk. Once risk can be measured, methods of risk mitigation can be developed, including crafting appropriate policies, underwriting risk, and possibly improving or hardening the computing environment more thoroughly. Trusted Platform Modules Within the concept of trusted computing, a silicon chip defined as a Trusted Platform Module (TPM) provides the hardware-based root of trust. The TPM can be thought of as a secure key generator and key cache management device, supporting industry-standard cryptographic APIs such as MS CAPI and PKSC#11. The TPM contains sufficient cryptographic functionality to generate, store, and manage cryptographic keys in hardware while leveraging the resources of the rest of the system platform. This allows for costeffective "hardening" of many of today's commonly deployed applications that previously relied solely upon software encryption algorithms with keys hidden on a hard disk drive (HDD). A TPM includes a true random number generator (RNG) used in the creation of RSA key pairs internal to the TPM. The source of the "root of trust" lies in the generation of the first key pair a TPM creates: the Storage Root Key (SRK). The SRK is never exported from the TPM. Each SRK is unique, making each TPM unique. Each subsequent RSA key pair that the TPM is requested to generate is bound to the original SRK. The private keys are either securely stored in the TPM or encrypted and then exported from the TPM and stored on a mass storage device such as an HDD. Whenever a key that is not stored on the TPM is required for a particular operation, the encrypted key blob is imported onto the TPM, where it is securely decrypted internally on the TPM. In properly architected systems, unencrypted private keys are never stored outside the TPM for any significant amount of time. The Trusted Computing Group standard version 1.1b specifies that TPM ICs perform five major functions: 1. public key functions for on-chip key pair generation using a hardware RNG; 2. public key signature, encryption, and decryption to enable secure storage of data and digital secrets; A TPM 02/04

3 3. storage of hashes (unique numbers calculated from pre-runtime configuration information) that enable verifiable attestation of the machine configuration when booted; 4. an endorsement key that can be used to anonymously establish that an identity key was generated in a TPM; and 5. initialization and management functions that allow the owner to turn TPM functionality on and off, reset the chip, and take ownership of its functions. Atmel's TPMs meet the TCG standard and also provide additional features for extended security. They integrate a high-performance processor, a cryptographic engine, a random number generator, a secure internal memory, a real-time clock, and tamper prevention circuitry on a single integrated circuit. The TPM processor controls the functions and sequencing of the entire TPM, including its internal functional blocks and its interface to the rest of the system resources, such as the primary system processor and the mass storage available on the system. It moves data between the system processor and the internal TPM memory and sequences the cryptographic engine. The TPM's RNG generates the seed numbers for the cryptographic processor's encryption, decryption, and key generation functions. By off-loading the RSA calculation from the general-purpose system processor, Atmel TPMs improve both system and encryption performance. The TPM's non-volatile memory securely stores encryption keys, including the SRK, endorsement key (EK), and other sensitive data. The TPM processor and the tamper circuits control access to the protected memory. Atmel TPMs also include an unalterable real-time clock (not required by TCG standard 1.1b) that provides tamper-proof, unique date stamping for the authentication and attestation processes. Any alteration of the system clock (e.g., changing the date) signals a possible attempt to extract information out of the TPM. In addition, proprietary, tamper-proof circuits in Atmel TPMs monitor the voltage, clock frequency, and other aspects of the TPM's operating environment for signs of tampering. If the environment moves out of a prescribed range, the tamper prevention circuits will take action to prevent access to sensitive information stored within the TPM. For example, if the TPM's supply voltage drops below a prescribed level, internal memory reads would not be allowed. Lowering the voltage can be a means of accessing sensitive information. The tamper circuits are designed to thwart these attacks. TPMs contain secure non-volatile storage space that is intended to contain measurements of system hardware and software status. Measurement consists primarily of submitting all system software and hardware to a hash algorithm in a predetermined sequence. If this measurement is performed when the system is in a known trusted state, then the resulting hash can be stored in the TPM and compared to the result of a subsequent measurement. Any changes will be detected by the comparison, and appropriate actions can be taken to prevent execution of modified software or hardware. This measurement capability can be used to provide detection of any remote system modifications resulting from malicious viruses or worms. At this point, it is important to note that TPMs do not control any events. They only serve to observe and track system activity. TPMs communicate with system CPUs on a non-system bus, and only act under the control of the system CPU and the policies codified in the A TPM 02/04

4 Utilization of RSA Creating Safe Storage operating system and other application software. If the TPM does detect any suspicious activity, it can only report said activity when requested. Whether to query TPMs for such activity is a policy decision. Furthermore, it is a policy decision to decide to act in a specific manner if the TPM does report back a suspicious result. Finally, as originally defined, TPMs were not intended to serve as stream encryption engines. This is not a matter of technological capability, but rather one of cost. TPMs typically will be deployed in systems containing CPUs that are high-performance relative to TPMs, so the TPM will hand off the stream encryption tasks to the CPU. Since stream encryption capabilities are already present in the CPU, it should be most effective at performing this task. TPMs do not control the encryption process; they only provide capabilities to monitor system processes. The CPU controls any actions the TPM takes; the CPU makes a request to the TPM, and the TPM will take an action. It is generally acknowledged in cryptographic circles that algorithms must be open for public scrutiny before they can be widely accepted and can claim to have withstood critical evaluation by skilled cryptographers. RSA has a proven track record worldwide and is widely deployed in a variety of applications. By employing RSA encryption, TPMs can be used by many of today's popular applications without modification, providing immediate value to the market. Traditional open systems such as PCs do not have a safe place to store confidential information. Now that affordable TPMs are available, a TPM can provide a small safe or depository on the motherboard in which to store such information. Even other computing platforms that employ architectures that are not as open as a PC, such a servers, can benefit from using TPMs, which provide certifiable secure hardware. In many of today's non-tpm systems that employ only software encryption of data and files, the keys are usually stored somewhere on the hard drive. If someone stumbles across encrypted files, all they see is a blob of data. However, given enough time, a diligent hacker - even one who is working at a remote location - will locate the keys hidden on the hard drive. If the keys can be found, the data may as well not be encrypted! With TPMs as part of the system, the keys need not be hidden on the disk drive but can still be protected. The keys can also be stored off the hard drive on a removable token such as a smart card or USB dongle. But removable tokens are much easier to misplace or lose, and they tend to cost much more than TPMs. TPMs provide an affordable improvement in security over existing software-only solutions. With the advent of TPMs, OEMs now have the ability to provide affordable, certifiable hardware security in open system architectures based on industry standards A TPM 02/04

5 Usage Models TPM usage models can range from simple data and file encryption to authentication of entire computing platforms and environments. Several examples of different models follow. Secure Access This model is intended to address the concern of unauthorized local or remote user access to computing resources. The solution is to permit access through automated login and secure auto-logon to applications. TPMs are used to protect and store the encryption keys used to encrypt/decrypt passwords. The benefits include single sign-on; assurance that only the rightful owner has access to the client and related data and capabilities; possible multiple-user authentication methods (compatible with smart cards, biometrics, etc.); and credential/password management via the TPM. Data Protection This model is intended to address the concern of compromised integrity of data stored on a HDD. The solution is to permit access to protected data only by lawful owners of the data. TPMs apply by protecting and storing the encryption keys used to encrypt/decrypt data stored on the HDD, and digital certificates to authenticate the user. The benefits include the transparent encryption of files and folders and access to encrypted files by the OS in the same manner as standard files. Protected Communications This model is intended to address the concern of compromised communications, such as . The solution is to encrypt the communication during transmission through insecure networks and provide digital signatures for proof of content integrity and authorship, using a secure plug-in that integrates seamlessly into popular applications. TPMs can protect and store the encryption keys used to decrypt the communication session key and digital certificates to authenticate the user. The benefits of this model include proof of authorship, integrity of content, and non-repudiation. Secure Network Access This model addresses the concern of restricted access by unauthorized systems to the network. The solution is to manage and control access to resources via the Web or the Internet and to secure the transmission of data over TCP/IP networks. TPMs can protect and store the primary signing key used to authenticate the client. This authentication of the client facilitates the exchange of keys with integrity, enabling the protected communications over integrated network by only allowing network access to known clients. Similarly, for two-way authentication, the network can authenticate the client. This model gives remote employees secure access to corporate LANs and high-speed Internet from any dial-up, cable/dsl, and wireless access point; enables IT staff to verify that the client is known and to secure internal networks and portions of the network; and provides fast hardware solutions for VPN-gateways and Peerless software-only solutions for clients A TPM 02/04

6 Example Using a TPM, the client is able to boot up in a controlled, protected manner. The executive may need to authenticate herself or himself to the client in order to gain access to the client's resources. Once the executive has authenticated herself or himself to the TPM, the client can authenticate with the access point. Both the client and the access point have the ability challenge each other before allowing any further transactions to occur. (See Figures 1 and 2.) Once both the client and the access point have mutually authenticated each other, the next step is to repeat the mutual authentication process between the access point and the disk array (including any intervening nodes). (See Figure 3.) Once each segment of the network has been mutually authenticated, each node pair can then securely perform key exchanges that can be used to protect the communications channels in the form of a VPN from the disk array to the client. In each step of the process, the TPM provides the hardware protection of the keys required to authenticate and harden the communication channel. Intermediate stages of the network may utilize open and shared network segment, allowing transmission over the Internet. Figure 1. Client Authenticates To Access Point Figure 2. Access Point Authenticates To Client A TPM 02/04

7 Figure 3. Network Access Conclusion Trusted platforms enable new usage models for protecting confidential information, securing access, and hardening communication channels based on a measurable hardware root of trust in the form of a TPM. These trusted platforms then become foundations for ensuring trust in what has traditionally been an untrusted and unprotected computing environment. Trusted platforms are commercially available today and can be readily adopted to address homeland security issues. About TCG The Trusted Computing Group (TCG) is an open, industry standards organization formed to develop, define, and promote open standards or hardware-enabled trusted computing and security technologies, including hardware building blocks and software interfaces, across multiple platforms, peripherals, and devices. TCG specifications enable more secure computing environments without compromising functional integrity, privacy, or individual rights. The primary goal is to help users protect their information assets (data, passwords, keys, etc.) from compromise due to external software attack and physical theft. For more information, go to Kevin Schutz, a product manager for Atmel Corporation, is currently focusing on Application Specific Standard Products (ASSPs) for the embedded security market. He has over 20 years of experience in a variety of engineering and business roles within the semiconductor market. He received his B.S.E.E. degree from Colorado State University A TPM 02/04

8 Editor's Notes and his M.B.A. and M.S.E.E. degrees from the University of Colorado. Kevin is a member of the IEEE and is active in a number of TCG working groups. About Atmel Corporation Founded in 1984, Atmel Corporation is headquartered in San Jose, California with manufacturing facilities in North America and Europe. Atmel designs, manufactures and markets worldwide, advanced logic, mixed-signal, nonvolatile memory and RF semiconductors. Atmel is also a leading provider of system-level integration semiconductor solutions using CMOS, BiCMOS, SiGe, and high-voltage BCDMOS process technologies. Further information can be obtained from Atmel s Web site at Contact: Author s Name, Author s Title, Location, Country, Tel: (+33) (0) , Atmel Corporation All rights reserved. Atmel and combinations thereof are the registered trademarks of Atmel Corporation. Other terms and product names may be the trademarks of others A TPM 02/04

Securing Host Operations with a Dedicated Cryptographic IC - CryptoCompanion

Securing Host Operations with a Dedicated Cryptographic IC - CryptoCompanion Securing Host Operations with a Dedicated Cryptographic IC - CryptoCompanion By Kerry Maletsky, Business Unit Director Crypto Products Summary There is a growing need for strong hardware security devices

More information

TPM Key Backup and Recovery. For Trusted Platforms

TPM Key Backup and Recovery. For Trusted Platforms TPM Key Backup and Recovery For Trusted Platforms White paper for understanding and support proper use of backup and recovery procedures for Trusted Computing Platforms. 2006-09-21 V0.95 Page 1 / 17 Contents

More information

Atmel s Self-Programming Flash Microcontrollers

Atmel s Self-Programming Flash Microcontrollers Atmel s Self-Programming Flash Microcontrollers By Odd Jostein Svendsli, Marketing Manager Summary The third-generation Flash microcontrollers from Atmel are now available. These microcontrollers offer

More information

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Enhancing Organizational Security Through the Use of Virtual Smart Cards Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company

More information

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation BitLocker Drive Encryption Hardware Enhanced Data Protection Shon Eizenhoefer, Program Manager Microsoft Corporation Agenda Security Background BitLocker Drive Encryption TPM Overview Building a BitLocker

More information

Using RFID Technology to Stop Counterfeiting

Using RFID Technology to Stop Counterfeiting Using RFID Technology to Stop Counterfeiting By Eustace Asanghanwa, Crypto & RF Memory Applications Summary RFID technology is well known for providing labeling solutions to automate inventory control.

More information

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles

More information

Secure Data Exchange Solution

Secure Data Exchange Solution Secure Data Exchange Solution I. CONTENTS I. CONTENTS... 1 II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE DOCUMENT EXCHANGE SOLUTIONS... 3 INTRODUCTION... 3 Certificates

More information

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory Tom Olzak October 2007 If your business is like mine, laptops regularly disappear. Until recently, centrally managed

More information

Hardware Security Modules for Protecting Embedded Systems

Hardware Security Modules for Protecting Embedded Systems Hardware Security Modules for Protecting Embedded Systems Marko Wolf, ESCRYPT GmbH Embedded Security, Munich, Germany André Weimerskirch, ESCRYPT Inc. Embedded Security, Ann Arbor, USA 1 Introduction &

More information

Patterns for Secure Boot and Secure Storage in Computer Systems

Patterns for Secure Boot and Secure Storage in Computer Systems Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de

More information

Opal SSDs Integrated with TPMs

Opal SSDs Integrated with TPMs Opal SSDs Integrated with TPMs August 21, 2012 Robert Thibadeau, Ph.D. U.S. Army SSDs Must be Opal s We also Studied using the TPM (Trusted Platform Module) with an Opal SSD (Self-Encrypting Drive) 2 Security

More information

Chapter 1: Introduction

Chapter 1: Introduction Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure

More information

Secure Data Management in Trusted Computing

Secure Data Management in Trusted Computing 1 Secure Data Management in Trusted Computing Ulrich Kühn Deutsche Telekom Laboratories, TU Berlin Klaus Kursawe (KU Leuven) Stefan Lucks (U Mannheim) Ahmad-Reza Sadeghi (RU Bochum) Christian Stüble (RU

More information

BroadSAFE Enhanced IP Phone Networks

BroadSAFE Enhanced IP Phone Networks White Paper BroadSAFE Enhanced IP Phone Networks Secure VoIP Using the Broadcom BCM11xx IP Phone Technology September 2005 Executive Summary Voice over Internet Protocol (VoIP) enables telephone calls

More information

M-Shield mobile security technology

M-Shield mobile security technology Technology for Innovators TM M-Shield mobile security technology making wireless secure Overview As 3G networks are successfully deployed worldwide, opportunities are arising to deliver to end-users a

More information

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:

More information

Confidentio. Integrated security processing unit. Including key management module, encryption engine and random number generator

Confidentio. Integrated security processing unit. Including key management module, encryption engine and random number generator Confidentio Integrated security processing unit Including key management module, encryption engine and random number generator Secure your digital life Confidentio : An integrated security processing unit

More information

Acronym Term Description

Acronym Term Description This glossary contains definitions of terms created by TCG, or terms that have a particular meaning in trusted computing, or terms that cause particular confusion in trusted computing. Acronym Term Description

More information

Cisco Trust Anchor Technologies

Cisco Trust Anchor Technologies Data Sheet Cisco Trust Anchor Technologies Overview Cisco Trust Anchor Technologies provide the foundation for trustworthy systems across Cisco. The Cisco Trust Anchor and a Secure Boot check of signed

More information

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES Contents Introduction... 3 DRM Threat Model... 3 DRM Flow... 4 DRM Assets... 5 Threat Model... 5 Protection of

More information

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015 Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure Addressing the Concerns of the IT Professional Rob Weber February 2015 Page 2 Table of Contents What is BitLocker?... 3 What is

More information

Using AES 256 bit Encryption

Using AES 256 bit Encryption Using AES 256 bit Encryption April 16 2014 There are many questions on How To Support AES256 bit encryption in an Industrial, Medical or Military Computer System. Programmable Encryption for Solid State

More information

Longmai Mobile PKI Solution

Longmai Mobile PKI Solution Longmai Mobile PKI Solution A quick Solution to External and Internal fraud in Insurance Industry Putting the client at the center of modernization Contents 1. INTRODUCTION... 3 1.1 Challenges... 3 1.2

More information

ACER ProShield. Table of Contents

ACER ProShield. Table of Contents ACER ProShield Table of Contents Revision History... 3 Legal Notices... 4 Executive Summary... 5 Introduction... 5 Protection against unauthorized access... 6 Why ACER ProShield... 7 ACER ProShield...

More information

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

More information

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards January 2007 Developed by: Smart Card Alliance Identity Council RF-Enabled Applications and Technology:

More information

EMBASSY Remote Administration Server (ERAS) BitLocker Deployment Guide

EMBASSY Remote Administration Server (ERAS) BitLocker Deployment Guide EMBASSY Remote Administration Server (ERAS) BitLocker Deployment Guide BitLocker Deployment Guide Document Version 0.0.0.5 http://www.wave.com ERAS v 2.8 Wave Systems Corp. 2010 Contents Contents... 2

More information

IoT Security Platform

IoT Security Platform IoT Security Platform 2 Introduction Wars begin when the costs of attack are low, the benefits for a victor are high, and there is an inability to enforce law. The same is true in cyberwars. Today there

More information

How Drive Encryption Works

How Drive Encryption Works WHITE PAPER: HOW DRIVE ENCRYPTION WORKS........................................ How Drive Encryption Works Who should read this paper Security and IT administrators Content Introduction to Drive Encryption.........................................................................................

More information

Application Note. Atmel CryptoAuthentication Product Uses. Atmel ATSHA204. Abstract. Overview

Application Note. Atmel CryptoAuthentication Product Uses. Atmel ATSHA204. Abstract. Overview Application Note Atmel CryptoAuthentication Product Uses Atmel Abstract Companies are continuously searching for ways to protect property using various security implementations; however, the cost of security

More information

SecureD Technical Overview

SecureD Technical Overview WHITEPAPER: SecureD Technical Overview WHITEPAPER: SecureD Technical Overview CONTENTS section page 1 The Challenge to Protect Data at Rest 3 2 Hardware Data Encryption Provides Maximum Security 3 3 SecureD

More information

Innovative Secure Boot System (SBS) with a smartcard.

Innovative Secure Boot System (SBS) with a smartcard. Managed Security Services Desktop Security Services Secure Notebook Desktop Security Services. Secure Notebook. Today s business environment demands mobility, and the notebook computer has become an indispensable

More information

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006 Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark

More information

HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper

HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper Rev 1.0 HIPAA Security Considerations for Broadband Fixed Wireless Access Systems This white paper will investigate

More information

DESIGNING SECURE USB-BASED DONGLES

DESIGNING SECURE USB-BASED DONGLES DESIGNING SECURE USB-BASED DONGLES By Dhanraj Rajput, Applications Engineer Senior, Cypress Semiconductor Corp. The many advantages of USB Flash drives have led to their widespread use for data storage

More information

Hardware RAID vs. Software RAID: Which Implementation is Best for my Application?

Hardware RAID vs. Software RAID: Which Implementation is Best for my Application? STORAGE SOLUTIONS WHITE PAPER Hardware vs. Software : Which Implementation is Best for my Application? Contents Introduction...1 What is?...1 Software...1 Software Implementations...1 Hardware...2 Hardware

More information

Solution Recipe: Improve Networked PC Security with Intel vpro Technology

Solution Recipe: Improve Networked PC Security with Intel vpro Technology Solution Recipe: Improve Networked PC Security with Intel vpro Technology Preface Intel has developed a series of unique Solution Recipes designed for channel members interested in providing complete solutions

More information

HP ProtectTools Security Manager - v2.0

HP ProtectTools Security Manager - v2.0 HP ProtectTools Security Manager - v2.0 Introduction...2 The security dilemma...2 HP ProtectTools Security Manager...3 Security Software Modules for HP ProtectTools...4 Embedded Security for HP ProtectTools...5

More information

Penetration Testing Windows Vista TM BitLocker TM

Penetration Testing Windows Vista TM BitLocker TM Penetration Testing BitLocker TM Drive Encryption Douglas MacIver Penetration Engineer System Integrity Group, Corporation Hack In The Box 2006/09/21 2006 Corporation. All rights reserved. Trustworthy

More information

Full Drive Encryption Security Problem Definition - Encryption Engine

Full Drive Encryption Security Problem Definition - Encryption Engine 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 Full Drive Encryption Security Problem Definition - Encryption Engine Introduction for the FDE Collaborative Protection Profiles

More information

Enova X-Wall XO Frequently Asked Questions--FAQs

Enova X-Wall XO Frequently Asked Questions--FAQs Enova X-Wall XO Frequently Asked Questions--FAQs Q: What is X-Wall XO? A: X-Wall XO is the fourth generation product that encrypts and decrypts the entire volume of the hard drive. The entire volume includes

More information

Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere

Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere White Paper 7KH#&KDOOHQJH Virtual Private Networks (VPNs) provides a powerful means of protecting the privacy and integrity

More information

TPM. (Trusted Platform Module) Installation Guide V3.3.0. for Windows Vista

TPM. (Trusted Platform Module) Installation Guide V3.3.0. for Windows Vista TPM (Trusted Platform Module) Installation Guide V3.3.0 for Windows Vista Table of contents 1 Introduction 1.1 Convention... 4 1.2 TPM - An Overview... 5 2 Using TPM for the first time 2.1 Enabling TPM...

More information

Aircloak Analytics: Anonymized User Data without Data Loss

Aircloak Analytics: Anonymized User Data without Data Loss Aircloak Analytics: Anonymized User Data without Data Loss An Aircloak White Paper Companies need to protect the user data they store for business analytics. Traditional data protection, however, is costly

More information

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is 1 2 This slide shows the areas where TCG is developing standards. Each image corresponds to a TCG work group. In order to understand Trusted Network Connect, it s best to look at it in context with the

More information

SecureAge SecureDs Data Breach Prevention Solution

SecureAge SecureDs Data Breach Prevention Solution SecureAge SecureDs Data Breach Prevention Solution In recent years, major cases of data loss and data leaks are reported almost every week. These include high profile cases like US government losing personal

More information

Atmel Crypto Products Portfolio. Family of Secure Authentication Solutions

Atmel Crypto Products Portfolio. Family of Secure Authentication Solutions Atmel Crypto Products Portfolio Family of Secure Authentication Solutions Atmel Crypto Products Portfolio The Atmel Crypto Products Portfolio offers full system security solution options for a wide variety

More information

TPM. (Trusted Platform Module) Installation Guide V2.1

TPM. (Trusted Platform Module) Installation Guide V2.1 TPM (Trusted Platform Module) Installation Guide V2.1 Table of contents 1 Introduction 1.1 Convention... 4 1.2 TPM - An Overview... 5 2 Using TPM for the first time 2.1 Enabling TPM... 6 2.2 Installing

More information

A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions

A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions AMD DAS (DASH, AMD Virtualization (AMD-V ) Technology, and Security) 1.0 is a term used to describe the various

More information

Dell ControlPoint Security Manager

Dell ControlPoint Security Manager Dell ControlPoint Security Manager www.dell.com support.dell.com Notes NOTE: A NOTE indicates important information that helps you make better use of your computer. Information in this document is subject

More information

RSA Authentication Agents Security Best Practices Guide. Version 3

RSA Authentication Agents Security Best Practices Guide. Version 3 RSA Authentication Agents Security Best Practices Guide Version 3 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks RSA,

More information

Trusted Platform Module

Trusted Platform Module Trusted Platform Module TPM Fundamental APTISS, August 2008 Raymond Ng Infineon Technologies Asia Pacific Pte Ltd Raymond.ng@infineon.com TPM Fundamental Introduction to TPM Functional Component of TPM

More information

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken Bypassing Local Windows Authentication to Defeat Full Disk Encryption Ian Haken Who Am I? Currently a security researcher at Synopsys, working on application security tools and Coverity s static analysis

More information

Trusted Network Connect (TNC)

Trusted Network Connect (TNC) Trusted Network Connect (TNC) Open Standards for Integrity-based Network Access Control and Coordinated Network Security April 2011 Trusted Computing Group 3855 SW 153rd Drive, Beaverton, OR 97006 Tel

More information

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶 Network Security 網 路 安 全 Lecture 1 February 20, 2012 洪 國 寶 1 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 2 Course

More information

Disk & File Encryption Solutions. Information Security Protecting Privacy, Confidentiality, Integrity

Disk & File Encryption Solutions. Information Security Protecting Privacy, Confidentiality, Integrity SafeNet Information Security Government Solutions Disk & File Encryption Database & Application Encryption Network & WAN Encryption Identity & Access Management Application & Transaction Security Information

More information

Improving End-user Security and Trustworthiness of TCG-Platforms

Improving End-user Security and Trustworthiness of TCG-Platforms Improving End-user Security and Trustworthiness of TCG-Platforms Klaus Kursawe, kursawe@acm.org Christian Stüble Saarland University, Germany stueble@acm.org September 29, 2003 Abstract Over the last two

More information

Start building a trusted environment now... (before it s too late) IT Decision Makers

Start building a trusted environment now... (before it s too late) IT Decision Makers YOU CAN T got HAP Start building a trusted environment now... IT Decision Makers (before it s too late) HAP reference implementations and commercial solutions are available now in the HAP Developer Kit.

More information

A Total Cost of Ownership

A Total Cost of Ownership A Total Cost of Ownership Analysis of Wave Virtual Smart Card 2.0 Executive Summary Existing authentication schemes such as passwords, tokens, and smart cards have failed to prevent the unabated rise in

More information

A Security Survey of Strong Authentication Technologies

A Security Survey of Strong Authentication Technologies A Security Survey of Strong Authentication Technologies WHITEPAPER Contents Introduction... 1 Authentication Methods... 2 Classes of Attacks on Authentication Mechanisms... 5 Security Analysis of Authentication

More information

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Executive Summary...3 Background...4 Internet Growth in the Pharmaceutical Industries...4 The Need for Security...4

More information

William Hery (whery@poly.edu) Research Professor, Computer Science and Engineering NYU-Poly

William Hery (whery@poly.edu) Research Professor, Computer Science and Engineering NYU-Poly William Hery (whery@poly.edu) Research Professor, Computer Science and Engineering NYU-Poly Ramesh Karri (rkarri@poly.edu) Associate Professor, Electrical and Computer Engineering NYU-Poly Why is cyber

More information

Firmware security features in HP Compaq business notebooks

Firmware security features in HP Compaq business notebooks HP ProtectTools Firmware security features in HP Compaq business notebooks Embedded security overview... 2 Basics of protection... 2 Protecting against unauthorized access user authentication... 3 Pre-boot

More information

Protecting Your Business from Costly Data Theft: Why Hardware-Based Encryption Is the Answer

Protecting Your Business from Costly Data Theft: Why Hardware-Based Encryption Is the Answer Protecting Your Business from Costly Data Theft: Why Hardware-Based Encryption Is the Answer The Data Breach Epidemic Continues.. 1 Data Encryption Choices for Businesses................... 2 The Hardware

More information

HP ProtectTools Embedded Security Guide

HP ProtectTools Embedded Security Guide HP ProtectTools Embedded Security Guide Document Part Number: 364876-001 May 2004 This guide provides instructions for using the software that allows you to configure settings for the HP ProtectTools Embedded

More information

SecureDoc Disk Encryption Cryptographic Engine

SecureDoc Disk Encryption Cryptographic Engine SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the

More information

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75 Plain English Guide To Common Criteria Requirements In The Field Device Protection Profile Version 0.75 Prepared For: Process Control Security Requirements Forum (PCSRF) Prepared By: Digital Bond, Inc.

More information

Cautions When Using BitLocker Drive Encryption on PRIMERGY

Cautions When Using BitLocker Drive Encryption on PRIMERGY Cautions When Using BitLocker Drive Encryption on PRIMERGY July 2008 Fujitsu Limited Table of Contents Preface...3 1 Recovery mode...4 2 Changes in hardware configurations...5 3 Prior to hardware maintenance

More information

Customer Whitepaper. Motion Tablet PC Security Basics. Table of Contents. Whitepaper Goals and Intended Audience...2

Customer Whitepaper. Motion Tablet PC Security Basics. Table of Contents. Whitepaper Goals and Intended Audience...2 Customer Whitepaper Motion Tablet PC Security Basics Table of Contents Whitepaper Goals and Intended Audience...2 Security for your Motion Tablet PC...2 Thinking about Security...2 Areas of Vulnerability...3

More information

Software Hardware Binding with Quiddikey

Software Hardware Binding with Quiddikey Software Hardware Binding with Quiddikey Mass scale solution against software piracy Secure your digital life Software-Hardware Binding solutions are typically required for Flash-based systems in which

More information

End User Devices Security Guidance: Apple OS X 10.10

End User Devices Security Guidance: Apple OS X 10.10 GOV.UK Guidance End User Devices Security Guidance: Apple OS X 10.10 Published Contents 1. Changes since previous guidance 2. Usage scenario 3. Summary of platform security 4. How the platform can best

More information

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency logo The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency Understanding the Multiple Levels of Security Built Into the Panoptix Solution Published: October 2011

More information

Content Teaching Academy at James Madison University

Content Teaching Academy at James Madison University Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect

More information

SSL VPN vs. IPSec VPN

SSL VPN vs. IPSec VPN SSL VPN vs. IPSec VPN White Paper 254 E. Hacienda Avenue Campbell, CA 95008 www.arraynetworks.net (408) 378-6800 1 SSL VPN vs. IPSec VPN Copyright 2002 Array Networks, Inc. SSL VPN vs. IPSec VPN White

More information

Ensuring the security of your mobile business intelligence

Ensuring the security of your mobile business intelligence IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive

More information

Working Together Managing and Securing Enterprise Mobility WHITE PAPER. Larry Klimczyk Digital Defence P: 222.333.4444

Working Together Managing and Securing Enterprise Mobility WHITE PAPER. Larry Klimczyk Digital Defence P: 222.333.4444 Working Together Managing and Securing Enterprise Mobility WHITE PAPER Larry Klimczyk Digital Defence P: 222.333.4444 Contents Executive Summary... 3 Introduction... 4 Security Requirements... 5 Authentication...

More information

USB Portable Storage Device: Security Problem Definition Summary

USB Portable Storage Device: Security Problem Definition Summary USB Portable Storage Device: Security Problem Definition Summary Introduction The USB Portable Storage Device (hereafter referred to as the device or the TOE ) is a portable storage device that provides

More information

Alliance Key Manager Solution Brief

Alliance Key Manager Solution Brief Alliance Key Manager Solution Brief KEY MANAGEMENT Enterprise Encryption Key Management On the road to protecting sensitive data assets, data encryption remains one of the most difficult goals. A major

More information

Guidance End User Devices Security Guidance: Apple OS X 10.9

Guidance End User Devices Security Guidance: Apple OS X 10.9 GOV.UK Guidance End User Devices Security Guidance: Apple OS X 10.9 Published 23 January 2014 Contents 1. Changes since previous guidance 2. Usage Scenario 3. Summary of Platform Security 4. How the Platform

More information

CryptoFirewall Technology Introduction

CryptoFirewall Technology Introduction CryptoFirewall Technology Introduction Cryptography Research, Inc. www.cryptography.com 575 Market St., 21 st Floor, San Francisco, CA 94105 1998-2007 Cryptography Research, Inc. Protected under issued

More information

Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology

Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology 20140115 Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology TABLE OF CONTENTS What s at risk for your organization? 2 Is your business

More information

Excerpt of Cyber Security Policy/Standard S05-001. Information Security Standards

Excerpt of Cyber Security Policy/Standard S05-001. Information Security Standards Excerpt of Cyber Security Policy/Standard S05-001 Information Security Standards Issue Date: April 4, 2005 Publication Date: April 4, 2005 Revision Date: March 30, 2007 William F. Pelgrin Director New

More information

OMAP platform security features

OMAP platform security features SWPT008 - July 2003 White Paper OMAP platform security features By Harini Sundaresan Applications Engineer, OMAP Security Texas Instruments, Wireless Terminal Business Unit This white paper introduces

More information

Background. TPMs in the real world. Components on TPM chip TPM 101. TCG: Trusted Computing Group. TCG: changes to PC or cell phone

Background. TPMs in the real world. Components on TPM chip TPM 101. TCG: Trusted Computing Group. TCG: changes to PC or cell phone CS 155 Spring 2006 Background TCG: Trusted Computing Group Dan Boneh TCG consortium. Founded in 1999 as TCPA. Main players (promotors): (>200 members) AMD, HP, IBM, Infineon, Intel, Lenovo, Microsoft,

More information

Secure Wireless Application Platform

Secure Wireless Application Platform Texas Instruments SW@P Secure Wireless Application Platform New Challenges for Wireless Handsets Open Environment Multi-application, Interoperability Multiple Access Data Paths GSM/GPRS, EDGE, 802.11,

More information

Self-Encrypting Drives

Self-Encrypting Drives Jon Tanguy Senior SSD Technical Marketing Engineer Micron Technology, Inc. February 14, 2014 What is Encryption? In its simplest form, encryption is a mechanism used to obscure data from any unintended

More information

Index. BIOS rootkit, 119 Broad network access, 107

Index. BIOS rootkit, 119 Broad network access, 107 Index A Administrative components, 81, 83 Anti-malware, 125 ANY policy, 47 Asset tag, 114 Asymmetric encryption, 24 Attestation commercial market, 85 facts, 79 Intel TXT conceptual architecture, 85 models,

More information

Managed Portable Security Devices

Managed Portable Security Devices Managed Portable Security Devices www.mxisecurity.com MXI Security leads the way in providing superior managed portable security solutions designed to meet the highest security and privacy standards of

More information

A Strategic Approach to Enterprise Key Management

A Strategic Approach to Enterprise Key Management Ingrian - Enterprise Key Management. A Strategic Approach to Enterprise Key Management Executive Summary: In response to security threats and regulatory mandates, enterprises have adopted a range of encryption

More information

Pulse Secure, LLC. January 9, 2015

Pulse Secure, LLC. January 9, 2015 Pulse Secure Network Connect Cryptographic Module Version 2.0 Non-Proprietary Security Policy Document Version 1.1 Pulse Secure, LLC. January 9, 2015 2015 by Pulse Secure, LLC. All rights reserved. May

More information

Enova X-Wall LX Frequently Asked Questions

Enova X-Wall LX Frequently Asked Questions Enova X-Wall LX Frequently Asked Questions Q: What is X-Wall LX? A: X-Wall LX is the third generation of Enova real-time hard drive cryptographic gateway ASIC (Application Specific Integrated Circuit)

More information

The Key to Secure Online Financial Transactions

The Key to Secure Online Financial Transactions Transaction Security The Key to Secure Online Financial Transactions Transferring money, shopping, or paying debts online is no longer a novelty. These days, it s just one of many daily occurrences on

More information

Preemptive security solutions for healthcare

Preemptive security solutions for healthcare Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare

More information

M-Shield Mobile Security Technology: making wireless secure

M-Shield Mobile Security Technology: making wireless secure WHITE PAPER Jerome Azema Distinquished Member of Technical Staff WTBU Chief Technology Office - Security Texas Instruments Gilles Fayad Worldwide Strategic Marketing Manager, Mobile Platform Security and

More information

PUF Physical Unclonable Functions

PUF Physical Unclonable Functions Physical Unclonable Functions Protecting next-generation Smart Card ICs with SRAM-based s The use of Smart Card ICs has become more widespread, having expanded from historical banking and telecommunication

More information

Certification Report

Certification Report Certification Report EAL 4 Evaluation of SecureDoc Disk Encryption Version 4.3C Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification

More information

EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions

EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions Security and Encryption Overview... 2 1. What is encryption?... 2 2. What is the AES encryption standard?... 2 3. What is key management?...

More information

Certifying Program Execution with Secure Processors

Certifying Program Execution with Secure Processors Certifying Program Execution with Secure Processors Benjie Chen Robert Morris MIT Laboratory for Computer Science {benjie,rtm}@lcs.mit.edu Abstract Cerium is a trusted computing architecture that protects

More information