In the past few years, increasing volumes of computer
|
|
- Helena Wade
- 8 years ago
- Views:
Transcription
1 Enhancing PC Security with a A boot system that uses a can help ensure the integrity of fairly static PC components. Moreover, the associated two-factor authentication makes a mobile computer s theft less likely because a thief can t use it. PENG SHUANGHE AND HAN ZHEN Beijing Jiaotong University In the past few years, increasing volumes of computer viruses and corresponding attacks have emerged, and they re likely to get worse. Cryptography and other technical security measures such as firewalls and intrusion detection systems (IDS) can solve a variety of security-related problems, but they work properly only if the underlying computing platform specifically, the operating system is secure. Unfortunately, most computing platforms suffer from various security problems owing to their architectural weaknesses and complexity. To address these issues, the computing industry has invested in trusted computing, a new generation of computing platforms based on improved hardware and software architectures. In particular, two well-known initiatives from the Trusted Computing Group (TCG; an alliance of leading IT enterprises, and Microsoft have emerged. No technical specifications for Microsoft s Next Generation Secure Computing Base (NGSCB; com/resources/ngscb/default.mspx) are available yet, but the TCG has published hardware specifications for its Trusted Platform Module (TPM; computinggroup.org/faq/tpmfaq/). Essentially, the TCG advocates using a secure hardware device to both verify the boot sequence and authenticate this verification. The TPM is a special chip embedded in a smart card soldered to the motherboard. Basically, the TPM is a microcontroller that stores keys, passwords, and digital certificates. Security processes, such as digital signatures and data decryption, are protected through the secure TPM subsystem. Today, TPM is available in some computers but not all of them, which underscores the need for an additional way to provide two-factor authentication prior to booting the operating system. In our lab, we ve explored using a for trusted computing, both as a general design and as a real prototype. The user controls the (which is a smart card with a USB interface), and because it s external to the TPM or any other integrity system, more than one can be used on the same platform (thus different users can have different loader, operating system, and application software configurations). The approach gives platforms that don t have an installed TPM some of the benefits of TPM-like integrity checks. The approach Our use of the approach is designed both to provide boot integrity and to enforce access control. The basic idea is that the host computer actually boots from a USB disk loaded with the operating system and the loader. Figure 1 shows how we use a with a modified Grand Unified Bootloader (Grub; software/grub/) to get a trusted boot process; in our scheme, the is an extended smart card device with a USB interface. Due to its size, Grub boots in stages. Stage 1 is the main boot record (MBR), which merely loads the next stage. Stage 1.5 is also quite small, but it can understand file systems. Depending on what file system holds the Stage 2 loader, Grub uses a different Stage 1.5 it s even optional in some circumstances. Stage 2 is the meat of the loader and contains many features and options. Booting from the USB disk works as follows: Grub generates Stage 1, Stage 1.5, and Stage 2 first, and then command dd writes Stage 1 to the first sector of the USB 34 PUBLISHED BY THE IEEE COMPUTER SOCIETY /06/$ IEEE IEEE SECURITY & PRIVACY
2 Related work in secure bootstrapping Implementing trusted computing requires a secure and reliable bootstrap architecture, as other research has proposed. 1,2 In AEGIS, William Arbaugh and his colleagues implement secure booting by changing the BIOS. 1 Starting from the basic layer, which is in the ROM and assumed to be trusted, the ROM hashes all the other layers and verifies them against a stored signature. The trust in this system thus depends on the basic layer s integrity. saegis is an extension of AEGIS that implements secure booting in the absence of a trusted system administrator. 2 It uses a smart card to store certificates and trusted system hashes, and it lets the user decide whether a system component is trusted. However, saegis has some limitations: it doesn t have random number generators, verification doesn t use a hash in the smart card, the smart card holds only one hash, and the kernel hash, m, isn t included in the message the smart card sends to the workstation. Both of these projects are based on a modified BIOS, which prevents wider usage of them. The approach we describe in the main text is much more flexible than either AEGIS or saegis because it s multiboot-compatible and doesn t require BIOS modification. References 1. W.A. Arbaugh, D.J. Farber, and J.M. Smith, A Secure and Reliable Bootstrap Architecture, Proc. IEEE Symp. Security and Privacy, IEEE CS Press, 1997, pp N. Itoi et al., Personal Secure Booting, Proc. 6th Australasian Conf. Information Security and Privacy, Springer-Verlag, 2001, pp disk. Grub s root command and setup command tell Stage 1.5 where Stage 2 is located. Finally, the CMOS sets the BIOS to boot from the Universal Serial Bus- Hard Disk Device (USB-HDD). When the PC is turned on, BIOS then loads the MBR from the USB disk. In Figure 1, the BIOS loads the MBR (which is Grub s Stage 1) from the boot device. Next, Stage 1 loads the first sector of Stage 1.5, which is called Start, and Start then loads the rest of Stage 1.5 and passes control to it. Stage 1.5 loads Stage 2 from a list of sectors (Stage 2 provides a menu interface to select which kernel or multiboot modules to load). Stage 2 then gives control to the kernel. Grub also uses the for verification. During system startup, the bootstrap process must perform two authentications before Grub Stage 1.5 can load Stage 2 into memory. The host and the have a mutual authentication, and the user is authenticated to the via a personal identification number (PIN). After both of these authentications, Grub s Stage 1.5 reads Stage 2 information from the USB disk, computes a hash value of Stage 2, and compares this value with the one stored in the. If they match, Stage 1.5 loads Stage 2 into memory and then transfers control to Stage 2, which checks the operating system kernel s integrity. If everything s okay, the bootstrap process continues; if not, it halts. Assuming everything is fine, the PC operates as normal when the PC is booted with our, it knows that it has a legitimate user and that the operating system was verified in the boot stage. hardware A smart card is a secure way to store certificates and keys. Along with hardware tokens, smart cards deliver user benefits in four major areas: easy portability of user credentials and secrets between several computing platforms, Grub Stage 1.5 modified OS kernel Grub Stage 2 Grub Stage 1.5 Boot user authentification Mutual authentification between and host Start.s Grub Stage 1 (MBR) BIOS U-key Figure 1. Trusted boot process. Our approach combines a with a modified Grand Unified Bootloader (Grub) to boot the operating system. The modified Stage 1.5 performs three authentication processes. It also verifies Stage 2 s integrity before it s loaded. Before the operation system kernel is loaded, its integrity is verified in Stage 2. drastic simplification of platform and user management, better protection of personal credentials and secrets, and a higher level of personal privacy. MACs of Stage 2, kernel Boot Check MAC Refer However, smart cards need a special reader, which often prevents their wider usage. A has a wider application because of its portability without a special reader. Figwww.computer.org/security/ IEEE SECURITY & PRIVACY 35
3 +5V D+ D GND USB connector Serial interface engine 32 bits GPIO VCC RST D GND Figure 2. architecture. Its main functional part is the smart card. User interface Function layer Driver layer hardware USB transceiver Authentication Authentication module in Grub Secure boot module in Grub Real-mode driver Mask ROM 16-bit RISC prosessor RAM Data Data Functions Secure boot application trusted function call Manage module Setup and maintain module U-key function interface BIOS function call interface USB host controller driver Smart card Function call interface driver USB Protocol stack OS kernel Smart card Software at host side Figure 3. s software layers. It s composed of three layers the driver layer, the function layer, and the user interface layer. ure 2 illustrates the s hardware components. U- Keys are common, but we designed this one ourselves. hardware has five components 1 a USB connector, a USB transceiver, a serial interface engineer (SIE), a microcontroller unit (MCU), and a standard smart card that both provide authentication and protect important data. software In our approach, we used a as a token for secure authentication and storage. Accordingly, we categorize the related software into two parts depending on function authentication and secure boot functions appear in the boot phase, and the application s trusted function call resides in the operating system s user mode (see Figure 3). The application s trusted function call interface gives applications in the user mode access to the s functions. If the user application needs an integrity check on its configuration files, for example, it can use this interface to achieve that goal. The application s trusted function call interface is composed of three parts: the setup and maintain module, the manage module, and the function call interface. To provide computer boot integrity and enforce access control, the must be initialized and loaded with configuration information for each of these parts. The setup and maintain module initializes the and provides cryptographic hashes to the file system s storage. Although the smart card file system is defined in ISO ( it s officially specified as a low-level hierarchy-based file system that s organized into a collection of three elementary file types master file (MF), dedicated file (DF), and elementary file (EF). The manage module sets the s access control information, such as who can read information from the s memory. Grub s authentication and secure boot modules provide the authentication and secure boot functions. After configuration, the user can employ the at boot time, before the operating system is loaded (when only the BIOS is running). A real-mode driver gives access to the at boot time. Real-mode driver From our earlier description, we know that to access the in Stage 1.5, we should communicate with the through a USB port before the operating system is loaded. This means we need a real-mode driver. At the time of our research, such a driver didn t exist, so we created one. Applications rely on the operating system s USB driver (USBD) to access the USB device; the USBD layer relies on a common interface to the hardware, which is called the host controller interface (HCI). Before the operating system is loaded we can t access the USBD, so to access the USB device during the booting phase, we need to get to the HCI directly. To date, two interfaces are de- 36 IEEE SECURITY & PRIVACY SEPTEMBER/OCTOBER 2006
4 fined between the host and the HCI layer: Intel s Universal HCI (UHCI) Specification 2 and the Open HCI Specification. 3 We used the UHCI because most motherboards use Intel chips. The UHCI consists of two parts, the host controller driver (HCD) and the host controller (HC). The HCD interprets requests from the USBD and builds data structures such as the frame list, transfer descriptor (TD), queue head (QH), and data buffer for the HC. The HCD builds these data structures in system memory, and they contain all the necessary information to provide end-toend communication between client software in the host and peripheral devices on the USB. The HC resides as function number two inside the peripheral component interconnect (PCI) South Bridge chip. 4 This location turns the USB controller into a member of the PCI-to- ISA Bridge family of devices, together with the proper ISA Bridge and the Integrated Drive Electronics (IDE) controller inside the Intel PIIX4 device. Figure 4 shows the relationship between the PCI South Bridge chip and the. The HC is accessible through the PCI configuration space; the real-mode driver s task is to drive the through the HC in the PCI Bridge chip. Figure 5 shows how a frame list (of up to 1,024 entries) handles scheduling with the UHCI. Each entry is a pointer to the first structure to process in a given frame. The 4- Kbyte frame list table is aligned on a 4-Kbyte boundary. The HC accesses the frame list from the frame list base address register and the frame number. The register provides the location of the frame list table in system memory, and the frame number provides the index into the list. The HC moves data between system memory and devices on the USB by executing the HCD-generated schedule lists; the HC also reports the status of transactions on the USB to the HCD. The HC walks the schedule list one entry at a time as it generates the next 1-ms frame. With the, control and interrupt transfers shift commands and data between host and device. First, the HCD creates the transfer descriptions (TDs), which express the characteristics of the host-requested USB transaction. Then the HCD creates queue heads (QHs), which support the control and interrupt transfers basic requirements. After this step, the HCD links the TDs to the QH, and the QH to the frame list. When these steps complete, the run bit in the command register schedules the data transfers. The HC fetches the TDs and generates the proper transaction on the USB. When it finishes, the transaction s status is stored in the TDs. USB bus PCI bus PCI South Bridge/USB controller ISA bus IDE bus Figure 4. The relationship between the peripheral component interconnect (PCI) South Bridge chip and the. The is driven through the USB host controller (HC) via the PCI South Bridge chip. 31 Frame list base address register Base Frame pointer Frame list, up to 1,024 entries Frame pointer Frame pointer Q Q Q Index 00 configuration The s configuration entails loading the cryptographic hashes for Grub Stage 2 and the operating system kernel onto the itself. File integrity information is also loaded into the at this time (for the integrity check after the operating system has run). To perform authentication at boot time, the administrator can also load the key for internal authentication (K I ), the key for external authentication (K E ), and the user PIN. T T T Frame pointer Q T Frame number register Queue heads (QHs) interrupt QH Hard disk device T Terminate Q Transfer description or queue head Figure 5. Data transfer schedule. To make the host controller (HC) control the, we need a data transfer schedule between the HC and the. TD TD TD Link pointer Element link pointer null IEEE SECURITY & PRIVACY 37
5 is authenticated to host Host is authenticated to PIN verify Figure 6. Grub authentication. It s composed of user private identification number (PIN) authentication and mutual authentication between the and the host. Our modified Grub Once our was functional, the next step was to integrate it into the boot process. Naturally, the first step in this chain is the BIOS; the next step is to modify the boot loader. In our current prototype, we used Grub instead of the Linux loader (LILO) as the boot loader for two reasons: Our operating system, Kylin, is based on a microkernel that needs a boot loader that can support the multiboot standard. LILO doesn t, but Grub can boot myriad operating systems, including DOS, Windows, FreeBSD, and Linux. The Grub boot loader has a more flexible architecture. When LILO boots a Linux kernel, for example, it reads it directly from the disk by using a map file that holds previously stored kernel location information. When we move the kernel or the disk geometry changes, we have to run LILO to generate a new map file. Grub was designed to overcome this problem: because it understands partitions and file systems, it can load a kernel that it wasn t told about previously. No map file is necessary, and Grub doesn t need to be re-run after installing a new kernel. For more information about Grub s specifications, see Authentications added in Grub During system start up, the bootstrap process must perform three authentications to complete the boot sequence, as Figure 6 shows: First, the authenticates to the host. To do this, the must make available a secret shared with the R 1 {R 1 } K I Get random R 2 {R 2 } KE Success/failure {PIN} K Success/failure Host host (in this case, the K I ). The ISO7816 standards for smart cards provide basic functionality for authentication, so the ISO7816 internal authenticate command returns a keyed hash of a short message (the challenge) to authenticate the card to the outside world. Next, the host is authenticated to the. To do this, the host must make available a secret shared with the U- Key (in this case, the K E ). The external authenticate command conditionally updates the security status by using the card s computation result (yes or no) based on a challenge the card previously issued (such as a get challenge command). Mutual authentication is reached in this step. Finally, the user is authenticated to the via a PIN. The verify command compares the card with the verification data sent from the HCD, with the reference data stored in the card. Only after PIN authentication success can the user communicate with the rest of the application. As a security feature, the U- Key administrator can set a maximum number of PIN retries. Once the count reaches zero, the will permanently block access to the card s contents. Once both the user and the mutual authentication between the and the host are successful, the lets the PC read information from the s memory and the boot sequence continues; otherwise, the boot process stops. Integrity check function Because the boot sequence precedes the application program s execution and even that of the operating system itself antiviral software is ineffective at preventing bootsector viruses. Thus for software defenses to be effective, we need a clean boot. Figure 1 shows the integrity check process. We modified Grub s Stage 1.5 slightly: prior to loading Stage 2 into the main memory, Stage 1.5 computes and verifies a cryptographic hash of Stage 2 against a stored value for it in the. If the value is valid, control is passed to Stage 2. We then modified Stage 2 slightly: prior to loading the operating system kernel into the main memory, Stage 2 computes and verifies a cryptographic hash of the operating system kernel against a stored value for it in the U- Key. If the value is valid, control is passed to the operating system kernel. At this point, the now sees that this particular kernel was booted in a trusted fashion. Any integrity failures identified in this process will cause the boot process stop, and if everything is fine, the system proceeds normally. At configuration time, the system executable s cryptographic hash can also be loaded into the. After the operating system boots, the comparison of executable hashes with those stored on the provides a virus detection mechanism that s difficult to defeat. This approach is consistent with a recent trend to validate file 38 IEEE SECURITY & PRIVACY SEPTEMBER/OCTOBER 2006
6 Peripheral Devices integrity rather than scan for known virus signatures. Although our approach isn t a virus checker, it s possible to detect modified versions of those files whose hashes are stored on the. The user can quickly learn if an executable is suspect before it runs. s attacks that modify the operating system itself become more common, we ll see a stronger demand for secure bootstrapping. Although our scheme isn t a full TPM, it s a good alternative for improving computer security. Unfortunately, the approach s main limitation is that the integrity of both the MBR and Stage 1.5 isn t verified during the bootstrap process. As we ve shown here, we can boot a PC from the USB, but the place where the MBR is stored is much more secure than the hard disk. Our approach s limitation is that it requires two USB ports and two USB devices to achieve a trusted boot process. In fact, we can integrate these two devices into one, which can function both as a smartcard and as a USB disk. We ve designed such a device in the Windows environment, but how to make its real-mode driver is the next step of our work. We ve done some research into this material, but so far, we have yet to implement it. A References 1. P. Shuanghe, T. Weimin, and M. Yali, The Implementation of T=0 Protocol for a Smartcard Based on a USB Control Chip, J. Computer Applications, vol. 24, Oct. 2004, pp Universal Host Controller Interface Design Guide, v. 1.1, Mar. 1996; 3. Open Host Controller Interface Specification for USB, v. 1.0a, Sept. 1999; 4. Intel 82801DB I/O Controller Hub 4 (ICH4) data sheet, Intel, May 2002; datashts/ htm. Peng Shuanghe is a lecturer in the Research Center of Information Security Architecture at Beijing Jiaotong University. Her research interests include information security and embedded systems. Shuanghe has a PhD in computer application technology from the School of Computer and Information Technology at Beijing Jiaotong University. Contact her at shhpeng@ sohu.com. Han Zhen is a professor in the Research Center of Information Security Architecture at Beijing Jiaotong University. His research interests include graphics and information security. Zhen has a PhD in application mathematics from the Institute of Computing Technology in the Chinese Academy of Sciences. Contact him at hz@computer.njtu.edu.cn. F E AT U R I N G IN 2007 IEEE Pervasive Computing delivers the latest peer-reviewed developments in pervasive, mobile, and ubiquitous computing to developers, researchers, and educators who want to keep abreast of rapid technology change. With content that s accessible and useful today, this publication acts as a catalyst for progress in this emerging field, bringing together the leading experts in such areas as Hardware technologies Software infrastructure Sensing and interaction with the physical world Graceful integration of human users Systems considerations, including scalability, security, and privacy Healthcare Building a SensorRich World Urban Computing Security & Privacy Subscribe Now! V I S I T IEEE SECURITY & PRIVACY 39
Patterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de
More informationBypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken
Bypassing Local Windows Authentication to Defeat Full Disk Encryption Ian Haken Who Am I? Currently a security researcher at Synopsys, working on application security tools and Coverity s static analysis
More informationEmbedded Trusted Computing on ARM-based systems
1 / 26 Embedded Trusted Computing on ARM-based systems Martin Schramm, M.Eng. 10.04.2014 Agenda 2 of 26 martin.schramm@th-deg.de Embedded computing platforms have become omnipresent intend to alleviate
More informationBitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation
BitLocker Drive Encryption Hardware Enhanced Data Protection Shon Eizenhoefer, Program Manager Microsoft Corporation Agenda Security Background BitLocker Drive Encryption TPM Overview Building a BitLocker
More informationCautions When Using BitLocker Drive Encryption on PRIMERGY
Cautions When Using BitLocker Drive Encryption on PRIMERGY July 2008 Fujitsu Limited Table of Contents Preface...3 1 Recovery mode...4 2 Changes in hardware configurations...5 3 Prior to hardware maintenance
More informationUsing BitLocker As Part Of A Customer Data Protection Program: Part 1
Using BitLocker As Part Of A Customer Data Protection Program: Part 1 Tech Tip by Philip Cox Source: searchsecuritychannel.com As an information security consultant, one of my jobs is to help my clients
More informationFastboot Techniques for x86 Architectures. Marcus Bortel Field Application Engineer QNX Software Systems
Fastboot Techniques for x86 Architectures Marcus Bortel Field Application Engineer QNX Software Systems Agenda Introduction BIOS and BIOS boot time Fastboot versus BIOS? Fastboot time Customizing the boot
More informationFirmware security features in HP Compaq business notebooks
HP ProtectTools Firmware security features in HP Compaq business notebooks Embedded security overview... 2 Basics of protection... 2 Protecting against unauthorized access user authentication... 3 Pre-boot
More informationOperating System Fundamentals Robert Power & Robert Ford
Operating System Fundamentals Robert Power & Robert Ford School of Information Technology College of the North Atlantic-Qatar 2009 Table of Contents Introduction 5 Unit 1: Computer Architecture Review
More informationThe PC Boot Process - Windows XP.
The PC Boot Process - Windows XP. Power supply switched on. The power supply performs a selftest. When all voltages and current levels are acceptable, the supply indicates that the power is stable and
More informationACER ProShield. Table of Contents
ACER ProShield Table of Contents Revision History... 3 Legal Notices... 4 Executive Summary... 5 Introduction... 5 Protection against unauthorized access... 6 Why ACER ProShield... 7 ACER ProShield...
More informationIntroducing etoken. What is etoken?
Introducing etoken Nirit Bear September 2002 What is etoken? Small & portable reader-less Smartcard Standard USB connectivity Logical and physical protection Tamper evident (vs. tamper proof) Water resistant
More informationTechnical Brief Distributed Trusted Computing
Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,
More informationSecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the
More informationNavigating Endpoint Encryption Technologies
Navigating Endpoint Encryption Technologies Whitepaper November 2010 THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS
More informationIntroduction to Routing and Packet Forwarding. Routing Protocols and Concepts Chapter 1
Introduction to Routing and Packet Forwarding Routing Protocols and Concepts Chapter 1 1 1 Objectives Identify a router as a computer with an OS and hardware designed for the routing process. Demonstrate
More informationTNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is
1 2 This slide shows the areas where TCG is developing standards. Each image corresponds to a TCG work group. In order to understand Trusted Network Connect, it s best to look at it in context with the
More informationChapter 8: Installing Linux The Complete Guide To Linux System Administration Modified by M. L. Malone, 11/05
Chapter 8: Installing Linux The Complete Guide To Linux System Administration Modified by M. L. Malone, 11/05 At the end of this chapter the successful student will be able to Describe the main hardware
More informationTPM Key Backup and Recovery. For Trusted Platforms
TPM Key Backup and Recovery For Trusted Platforms White paper for understanding and support proper use of backup and recovery procedures for Trusted Computing Platforms. 2006-09-21 V0.95 Page 1 / 17 Contents
More informationCheck Point FDE integration with Digipass Key devices
INTEGRATION GUIDE Check Point FDE integration with Digipass Key devices 1 VASCO Data Security Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document
More informationRecipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory
Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory Tom Olzak October 2007 If your business is like mine, laptops regularly disappear. Until recently, centrally managed
More informationOperating System Security
Operating System Security Klaus Schütz Windows OS Security Microsoft Redmond Before I start My VP love(d) me A frustrated friend 1 Agenda Evolution of Threats Client vs. Server Security Operating System
More informationChapter 1: Introduction
Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure
More informationFall 2009. Lecture 1. Operating Systems: Configuration & Use CIS345. Introduction to Operating Systems. Mostafa Z. Ali. mzali@just.edu.
Fall 2009 Lecture 1 Operating Systems: Configuration & Use CIS345 Introduction to Operating Systems Mostafa Z. Ali mzali@just.edu.jo 1-1 Chapter 1 Introduction to Operating Systems An Overview of Microcomputers
More informationYubiKey Integration for Full Disk Encryption
YubiKey Integration for Full Disk Encryption Pre-Boot Authentication Version 1.2 May 7, 2012 Introduction Disclaimer yubico Yubico is the leading provider of simple, open online identity protection. The
More informationUseful USB Gadgets on Linux
Useful USB Gadgets on Linux February, 2012 Gary Bisson Adeneo Embedded Embedded Linux Conference 2012 1 Agenda Introduction to USB USB Gadget API Existing Gadgets Design your own Gadget Demo Conclusion
More informationCustomizing Boot Media for Linux* Direct Boot
White Paper Bruce Liao Platform Application Engineer Intel Corporation Customizing Boot Media for Linux* Direct Boot October 2013 329747-001 Executive Summary This white paper introduces the traditional
More informationRepublic Polytechnic School of Information and Communications Technology C226 Operating System Concepts. Module Curriculum
Republic Polytechnic School of Information and Communications Technology C6 Operating System Concepts Module Curriculum Module Description: This module examines the fundamental components of single computer
More informationH ARDWARE C ONSIDERATIONS
H ARDWARE C ONSIDERATIONS for Sidewinder 5 firewall software Dell Precision 530 This document provides information on specific system hardware required for running Sidewinder firewall software on a Dell
More informationUEFI on Dell BizClient Platforms
UEFI on Dell BizClient Platforms Authors: Anand Joshi Kurt Gillespie This document is for informational purposes only and may contain typographical errors and technical inaccuracies. The content is provided
More informationExample of Standard API
16 Example of Standard API System Call Implementation Typically, a number associated with each system call System call interface maintains a table indexed according to these numbers The system call interface
More informationUnit 4 Objectives. System Software. Component 4: Introduction to Information and Computer Science. Unit 4: Application and System Software Lecture 2
Component 4: Introduction to Information and Computer Science Unit 4: Application and System Software Lecture 2 This material was developed by Oregon Health & Science University, funded by the Department
More informationios Security Decoded Dave Test Classroom and Lab Computing Penn State ITS Feedback - http://j.mp/psumac33
ios Security Decoded Dave Test Classroom and Lab Computing Penn State ITS Feedback - http://j.mp/psumac33 Why care about ios Security? 800M 800 million ios devices activated 130 million in last year 98%
More informationWhitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015
Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure Addressing the Concerns of the IT Professional Rob Weber February 2015 Page 2 Table of Contents What is BitLocker?... 3 What is
More informationHow Drive Encryption Works
WHITE PAPER: HOW DRIVE ENCRYPTION WORKS........................................ How Drive Encryption Works Who should read this paper Security and IT administrators Content Introduction to Drive Encryption.........................................................................................
More informationSmart Card Technology Capabilities
Smart Card Technology Capabilities Won J. Jun Giesecke & Devrient (G&D) July 8, 2003 Smart Card Technology Capabilities 1 Table of Contents Smart Card Basics Current Technology Requirements and Standards
More informationKaspersky Lab s Full Disk Encryption Technology
Kaspersky Lab s Full Disk Encryption Technology In the US alone, an estimated 12,000 laptops are lost or stolen each week. According to the Ponemon Institute, a laptop is stolen every 53 seconds; more
More informationComputer Systems Structure Input/Output
Computer Systems Structure Input/Output Peripherals Computer Central Processing Unit Main Memory Computer Systems Interconnection Communication lines Input Output Ward 1 Ward 2 Examples of I/O Devices
More informationHardware Security Modules for Protecting Embedded Systems
Hardware Security Modules for Protecting Embedded Systems Marko Wolf, ESCRYPT GmbH Embedded Security, Munich, Germany André Weimerskirch, ESCRYPT Inc. Embedded Security, Ann Arbor, USA 1 Introduction &
More informationTechnical Note. Installing Micron SEDs in Windows 8 and 10. Introduction. TN-FD-28: Installing Micron SEDs in Windows 8 and 10.
Technical Note Installing Micron SEDs in Windows 8 and 10 TN-FD-28: Installing Micron SEDs in Windows 8 and 10 Introduction Introduction Self-encrypting drives (SEDs) can provide an effective way of protecting
More informationInformation and Digital Technology
2014 HIGHER SCHOOL CERTIFICATE EXAMINATION Information and Digital Technology Networking and Hardware Total marks 80 Section I Pages 2 7 General Instructions Reading time 5 minutes Working time 2 hours
More informationHP ProtectTools User Guide
HP ProtectTools User Guide Copyright 2007 Hewlett-Packard Development Company, L.P. Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation. Intel is a trademark or registered trademark
More informationHow Endpoint Encryption Works
WHITE PAPER: HOW ENDPOINT ENCRYPTION WORKS........................................ How Endpoint Encryption Works Who should read this paper Security and IT administrators Content Introduction to Endpoint
More informationWhite Paper: Whole Disk Encryption
How Whole Disk Encryption Works White Paper: Whole Disk Encryption How Whole Disk Encryption Works Contents Introduction to Whole Disk Encryption.....................................................................
More informationTable of Contents. TPM Configuration Procedure... 2. 1. Configuring the System BIOS... 2
Table of Contents TPM Configuration Procedure... 2 1. Configuring the System BIOS... 2 2. Installing the Infineon TPM Driver and the GIGABYTE Ultra TPM Utility... 3 3. Initializing the TPM Chip... 4 3.1.
More informationLSN 10 Linux Overview
LSN 10 Linux Overview ECT362 Operating Systems Department of Engineering Technology LSN 10 Linux Overview Linux Contemporary open source implementation of UNIX available for free on the Internet Introduced
More informationII. Installing Debian Linux:
Debian Linux Installation Lab Spring 2013 In this lab you will be installing Debian Linux in a KVM (Kernel Virtual Machine). You will be guided through a series of steps to setup the network (IP addresses,
More informationWindows Server 2008 R2 Boot Manager Security Policy For FIPS 140-2 Validation
Boot Manager Security Policy Windows Server 2008 R2 Boot Manager Security Policy For FIPS 140-2 Validation v 1.3 6/8/11 1 INTRODUCTION... 1 1.1 Cryptographic Boundary for BOOTMGR... 1 2 SECURITY POLICY...
More informationChapter 4. System Software. What You Will Learn... Computers Are Your Future. System Software. What You Will Learn... Starting the Computer
What You Will Learn... Computers Are Your Future Chapter 4 The two major components of operating system software Why a computer isn t useful without an operating system The five basic functions of an operating
More informationUSB 3.0 4-Port PCI Express Card
USB 3.0 4-Port PCI Express Card User Manual Ver. 2.00 All brand names and trademarks are properties of their respective owners. Contents: Chapter 1: Introduction... 3 1.1 Product Introduction... 3 1.2
More informationE-CERT C ONTROL M ANAGER
E-CERT C ONTROL M ANAGER for e-cert on Smart ID Card I NSTALLATION G UIDE Version v1.7 Copyright 2003 Hongkong Post CONTENTS Introduction About e-cert Control Manager... 3 Features... 3 System requirements...
More informationUsing iscsi with BackupAssist. User Guide
User Guide Contents 1. Introduction... 2 Documentation... 2 Terminology... 2 Advantages of iscsi... 2 Supported environments... 2 2. Overview... 3 About iscsi... 3 iscsi best practices with BackupAssist...
More informationChapter 02: Computer Organization. Lesson 04: Functional units and components in a computer organization Part 3 Bus Structures
Chapter 02: Computer Organization Lesson 04: Functional units and components in a computer organization Part 3 Bus Structures Objective: Understand the IO Subsystem and Understand Bus Structures Understand
More informationTrusted Platforms for Homeland Security
Trusted Platforms for Homeland Security By Kevin Schutz, Product Manager Secure Products Summary Ongoing threats from hackers, viruses, and worms continue to make security a top priority for IT and business
More informationHow to Encrypt your Windows 7 SDS Machine with Bitlocker
How to Encrypt your Windows 7 SDS Machine with Bitlocker ************************************ IMPORTANT ******************************************* Before encrypting your SDS Windows 7 Machine it is highly
More informationLecture Embedded System Security Dynamic Root of Trust and Trusted Execution
1 Lecture Embedded System Security Dynamic Root of Trust and Execution Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Summer Term 2014 Dynamic Root
More informationSecure Storage. Lost Laptops
Secure Storage 1 Lost Laptops Lost and stolen laptops are a common occurrence Estimated occurrences in US airports every week: 12,000 Average cost of a lost laptop for a corporation is $50K Costs include
More informationSecurity Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation
Security Overview for Windows Vista Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation Agenda User and group changes Encryption changes Audit changes User rights New and modified
More informationLinux Driver Devices. Why, When, Which, How?
Bertrand Mermet Sylvain Ract Linux Driver Devices. Why, When, Which, How? Since its creation in the early 1990 s Linux has been installed on millions of computers or embedded systems. These systems may
More informationST19NP18-TPM-I2C. Trusted Platform Module (TPM) with I²C Interface. Features
Trusted Platform Module (TPM) with I²C Interface Data brief Features Single-chip Trusted Platform Module (TPM) Embedded TPM 1.2 firmware I²C communication interface (Slave mode) Architecture based on ST19N
More informationSmart TPM. User's Manual. Rev. 1001 12MD-STPM-1001R
Smart TPM User's Manual Rev. 1001 12MD-STPM-1001R We recommend that you download the latest version of the Smart TPM utility from GIGABYTE's website. If you have installed Ultra TPM earlier, you can install
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 24 Windows and Windows Vista Security First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Windows and Windows Vista Security
More informationAn Implementation Of Multiprocessor Linux
An Implementation Of Multiprocessor Linux This document describes the implementation of a simple SMP Linux kernel extension and how to use this to develop SMP Linux kernels for architectures other than
More informationChapter 8 Objectives. Chapter 8 Operating Systems and Utility Programs. Operating Systems. Operating Systems. Operating Systems.
Chapter 8 Objectives Chapter 8 s and Utility Programs Describe the two types of software Understand the startup process for a personal computer Describe the term user interface Explain features common
More informationTrustKey Tool User Manual
TrustKey Tool User Manual 1 Table of Contents 1 Introduction... 5 2 TrustKey Product...6 2.1 TrustKey Tool... 6 2.2 TrustKey function modules...7 2.3 TrustKey using environment...7 3 TrustKey Tool Installation...
More informationIn-System Programmer USER MANUAL RN-ISP-UM RN-WIFLYCR-UM-.01. www.rovingnetworks.com 1
RN-WIFLYCR-UM-.01 RN-ISP-UM In-System Programmer 2012 Roving Networks. All rights reserved. Version 1.1 1/19/2012 USER MANUAL www.rovingnetworks.com 1 OVERVIEW You use Roving Networks In-System-Programmer
More informationEncrypted File Systems. Don Porter CSE 506
Encrypted File Systems Don Porter CSE 506 Goals Protect confidentiality of data at rest (i.e., on disk) Even if the media is lost or stolen Protecting confidentiality of in-memory data much harder Continue
More informationIntroduction to BitLocker FVE
Introduction to BitLocker FVE (Understanding the Steps Required to enable BitLocker) Exploration of Windows 7 Advanced Forensic Topics Day 3 What is BitLocker? BitLocker Drive Encryption is a full disk
More informationTPM. (Trusted Platform Module) Installation Guide V3.3.0. for Windows Vista
TPM (Trusted Platform Module) Installation Guide V3.3.0 for Windows Vista Table of contents 1 Introduction 1.1 Convention... 4 1.2 TPM - An Overview... 5 2 Using TPM for the first time 2.1 Enabling TPM...
More informationSecurity Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2
BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution
More informationStrategies for Firmware Support of Self-Encrypting Drives
presented by Strategies for Firmware Support of Self-Encrypting Drives UEFI Winter Plugfest February 21-23, 2011 Presented by Jeff Bobzin (Insyde Software, Inc.) Updated 2011-06-01 UEFI Plugfest February
More informationCycurHSM An Automotive-qualified Software Stack for Hardware Security Modules
CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules Dr. Frederic Stumpf, ESCRYPT GmbH Embedded Security, Stuttgart, Germany 1 Introduction Electronic Control Units (ECU) are embedded
More informationPenetration Testing Windows Vista TM BitLocker TM
Penetration Testing BitLocker TM Drive Encryption Douglas MacIver Penetration Engineer System Integrity Group, Corporation Hack In The Box 2006/09/21 2006 Corporation. All rights reserved. Trustworthy
More informationChapter 3: Operating-System Structures. Common System Components
Chapter 3: Operating-System Structures System Components Operating System Services System Calls System Programs System Structure Virtual Machines System Design and Implementation System Generation 3.1
More informationStrengthen RFID Tags Security Using New Data Structure
International Journal of Control and Automation 51 Strengthen RFID Tags Security Using New Data Structure Yan Liang and Chunming Rong Department of Electrical Engineering and Computer Science, University
More informationI/O. Input/Output. Types of devices. Interface. Computer hardware
I/O Input/Output One of the functions of the OS, controlling the I/O devices Wide range in type and speed The OS is concerned with how the interface between the hardware and the user is made The goal in
More informationLecture 6: Operating Systems and Utility Programs
Lecture 6: Operating Systems and Utility Programs Chapter 8 Objectives Identify the types of system software Summarize the startup process on a personal computer Summarize the features of several stand-alone
More informationEnhancing Organizational Security Through the Use of Virtual Smart Cards
Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company
More informationClick to view Web Link, click Chapter 8, Click Web Link from left navigation, then click BIOS below Chapter 8 p. 395 Fig. 8-4.
Chapter 8 Objectives Chapter 8 Operating Systems and Utility Programs Identify the the types types of of system software Summarize the the startup process on on a a personal computer Describe the the functions
More informationLesson 06: Basics of Software Development (W02D2
Lesson 06: Basics of Software Development (W02D2) Balboa High School Michael Ferraro Lesson 06: Basics of Software Development (W02D2 Do Now 1. What is the main reason why flash
More informationPC computer configurations & Windows optimizations (Updated November 2012)
PC computer configurations & Windows optimizations (Updated November 2012) A fast processor and a good amount of memory are important, but do not necessarily guarantee that a computer will perform well
More informationIT Networking and Security
elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software www.medallionlearning.com Fundamentals of Computer
More informationinformation security and its Describe what drives the need for information security.
Computer Information Systems (Forensics Classes) Objectives for Course Challenges CIS 200 Intro to Info Security: Includes managerial and Describe information security and its critical role in business.
More informationThe Motherboard Chapter #5
The Motherboard Chapter #5 Amy Hissom Key Terms Advanced Transfer Cache (ATC) A type of L2 cache contained within the Pentium processor housing that is embedded on the same core processor die as the CPU
More informationPC Boot Considerations for Devices >8GB
X3T10 95-321 Rev 1 PC Boot Considerations for Devices >8GB Overview This is a draft of a document proposed in the System Issues Study Group meeting held on 7/12/95 in Colorado Springs. It is intended to
More informationRace to bare metal: UEFI and hypervisors
Race to bare metal: UEFI and hypervisors Agenda 1. Race to bare metal 2. Overview UEFI 3. UEFI in practice 4. Advantages of UEFI for anti/malware hypervisors 5. Some practical considerations 1. Race to
More informationProtected Cash Withdrawal in Atm Using Mobile Phone
www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 2 Issue 4 April, 2013 Page No. 1346-1350 Protected Cash Withdrawal in Atm Using Mobile Phone M.R.Dineshkumar
More informationIndex. BIOS rootkit, 119 Broad network access, 107
Index A Administrative components, 81, 83 Anti-malware, 125 ANY policy, 47 Asset tag, 114 Asymmetric encryption, 24 Attestation commercial market, 85 facts, 79 Intel TXT conceptual architecture, 85 models,
More informationA+ Guide to Managing and Maintaining Your PC, 7e. Chapter 16 Fixing Windows Problems
A+ Guide to Managing and Maintaining Your PC, 7e Chapter 16 Fixing Windows Problems Objectives Learn what to do when a hardware device, application, or Windows component gives a problem Learn what to do
More informationSupply Chain (In-) Security
Supply Chain (In-) Security Graeme Neilson & Enno Rey Contact us: graeme@aurasoftwaresecurity.co.nz, erey@ernw.de Graeme & Enno Graeme Neilson Security Consultant & Researcher Networking, Reverse engineering,
More informationBoard also Supports MicroBridge
This product is ATmega2560 based Freeduino-Mega with USB Host Interface to Communicate with Android Powered Devices* like Android Phone or Tab using Android Open Accessory API and Development Kit (ADK)
More informationESATA PCI CARD. User s Manual
ESATA PCI CARD User s Manual Introduction... 3 System Requirements... 3 RAID Introduction... 3 BIOS Configuration Utility... 5 Configuring Arrays... 5 RAID Mode Definitions... 5 BIOS Configuration Utility...
More informationNetwork connectivity controllers
Network connectivity controllers High performance connectivity solutions Factory Automation The hostile environment of many factories can have a significant impact on the life expectancy of PCs, and industrially
More informationOpal SSDs Integrated with TPMs
Opal SSDs Integrated with TPMs August 21, 2012 Robert Thibadeau, Ph.D. U.S. Army SSDs Must be Opal s We also Studied using the TPM (Trusted Platform Module) with an Opal SSD (Self-Encrypting Drive) 2 Security
More informationUSB 3.0 4-Port PCI Express Card
USB 3.0 4-Port PCI Express Card User Manual Model: UGT-PC341 All brand names and trademarks are properties of their respective owners www.vantecusa.com Contents: Chapter 1: Introduction... 3 1.1 Product
More informationUSB Flash Drive User s Manual
USB Flash Drive User s Manual V4.01 Introduction Thank you for your purchasing the USB Drive. This manual will guide you through the usages of the USB Drive and of all management tools coming with it.
More informationSoftware-based TPM Emulator for Linux
Software-based TPM Emulator for Linux Semester Thesis Mario Strasser Department of Computer Science Swiss Federal Institute of Technology Zurich Summer Semester 2004 Mario Strasser: Software-based TPM
More informationTPM. (Trusted Platform Module) Installation Guide V2.1
TPM (Trusted Platform Module) Installation Guide V2.1 Table of contents 1 Introduction 1.1 Convention... 4 1.2 TPM - An Overview... 5 2 Using TPM for the first time 2.1 Enabling TPM... 6 2.2 Installing
More informationImproving End-user Security and Trustworthiness of TCG-Platforms
Improving End-user Security and Trustworthiness of TCG-Platforms Klaus Kursawe, kursawe@acm.org Christian Stüble Saarland University, Germany stueble@acm.org September 29, 2003 Abstract Over the last two
More informationINTRODUCTION INSTALLING THE SCSI CARD 2940UW PRO
2940UWPro-ig.qxd 12/21/98 9:55 AM Page 1 INTRODUCTION With the SCSI Card 2940UW Pro, you can connect up to 15 SCSI devices to any IBM-compatible computer with PCI expansion slots. This installation guide
More information