Opal SSDs Integrated with TPMs

Transcription

1 Opal SSDs Integrated with TPMs August 21, 2012 Robert Thibadeau, Ph.D.

2 U.S. Army SSDs Must be Opal s We also Studied using the TPM (Trusted Platform Module) with an Opal SSD (Self-Encrypting Drive) 2

3 Security Architecture Provisioning and Use Central Distribution Highly trusted, highly secure location where PCs and s are provisioned with security configurations and secrets that will not change over the life of the PC and. Fielding Site Trusted, secure location where certain field provisioning, de-provisioning, and purging operations take place on the s. -- NOT TPMS which are on the motherboards PC Moderately trusted, moderately secure location. At this location all authorities and their credentials are fixed except a user can change his own password. OPAL PRE-BOOT (MBR Shadow) is considered SECURE 3

4 Trusted Computing Group (TCG) Overview Self-Encrypting Drive () Opal 1.0 & 2.0+ Data-At-Rest Protection Trusted Platform Module (TPM) Versions 1.2 & 2.0e Hardware Protected PC Identity Key and Key Storage 4

5 What is an? Secure Data Storage Overview Self-Encrypting Drive () Opal 1.0 & 2.0+ Data-At-Rest Protection Independent of OS and OS- Present Software Motherboard Drive Controller (SATA) Drive I/O Interface (SATA) Drive Electronics w/ Encryption Circuits and Passcode Firmware 100% of Data Written Here is Encrypted 5

6 Overview What is a TPM? TPM Guards Cryptography and Data Trusted Platform Module (TPM) Versions 1.2 & 2.0e Hardware Protected PC Identity Key and Pre-OS-Boot Environment Public-Private Keypairs Hardware Protected Private Key Operations Secured Input - Output Cryptographic Processor Random Number Generator RSA Key Generator SHA-1 Hash Generator Encryption/Decryption Signature Engine TPM Platform Configuration Registers (PCRs) For Guarded PC Health Measurements Onboard Memory Endorsement Key (EK) Storage Root Key (SRK) SRK Memory Platform Configuration Registers (PCR) Attestation Identity Keys (AIK) Other Storage keys 6

7 Overview In Normal Use How do the two work together? Passcode to Unlock TPM Additional Unlock Key 7

8 Overview How do the two work together? In Provisioning Disk Duplicator Passcodes to Unlock and Manage and Use TPM Central Distribution PC Setup TPM_Passcode, Key Pair, and Certificate Creation TPM Additional Unlock Key 8

9 Overview Use Cases TPM 3 TPM 9

10 Opal s support Authority Hierarchy authenticated with 32 Byte Passcodes Security Architecture Admin SP Administrator, or SID, or Drive Owner Creates / Deletes Central Distribution Assigns Roles Initialize Locked 128 MB* *Includes preboot SW and a datastore Locking SP Administrator, or Admin Up to 4 Fielding Site Admin or User Passcode Creates / Deletes Assigns Locking Roles Locking SP User, or User Up to 8 Vehicular PC Unlocks Unlocked 256 GB 10

11 TPMs Create their Own Public Private Keypairs and Protect Private Key Encryption(Signing) or Decryption(Exchange) Created Only Auth Owner (20 Byte Passcode) Once in Central Distribution Creates / Deletes Assigns Roles Can Assign Other Passcodes to Use Private Keys Public Private Keypairs EK (Endorsement Key) Unique to Every TPM Needed to Make AIK (Attestation Identity Key) Unique to Every TPM Needed to Make Needed to Certify SK (Storage Key) E.g., To Store Passwords Non-Spoofable Device Identity 11

12 X.509v3 Certificates Certify Public Keys Public (Puk) - Private (Prk) Keypairs Private Keys held externally in high security Root Certificate with Puk 1 Self-Signed by Prk 1 Signed by Manufacturer Root Certificate with Puk 3 Self-Signed by Prk 3 Signed by org TPM Non- Migratable Keypairs (Private Keys are created and Never Leave the TPM) EK Certificate with Puk 2 Signed by Prk 1 Proves real TPM Created Only Once in Central Distribution AIK Certificate with Puk 4 Signed by Prk 3 Proves Device ID SK Certificate with Puk 5 Signed by Prk 4 Stores Passcode Split 12

13 Operator Drive Unlock Sequence: TPM Bound & Non-TPM TPM Binding Security Architecture Non or Unbound TPM User 1 Passcode User 1 Passcode Pre-Boot Pre-Boot Data store Preboot Auth Code TPM User 2 = TPM Split XOR User 1 SK Passcode TPM SK Blob TPM Split Access Control Preboot Auth Code Access Control Media key Media key Drive Unlock Drive Unlock 13

14 Thanks! Central Distribution Highly trusted, highly secure location where PCs and s are provisioned with security configurations and secrets that will not change over the life of the PC and. Fielding Site Trusted, secure location where certain field provisioning, de-provisioning, and purging operations take place on the s. -- NOT TPMS which are on the motherboards PC Moderately trusted, moderately secure location. At this location all authorities and their credentials are fixed except a user can change his own password. OPAL PRE-BOOT (MBR Shadow) is considered SECURE 14