Secure Data Management in Trusted Computing



Similar documents
Property Based TPM Virtualization

Patterns for Secure Boot and Secure Storage in Computer Systems

Acronym Term Description

Using the TPM: Data Protection and Storage

TPM Key Backup and Recovery. For Trusted Platforms

Background. TPMs in the real world. Components on TPM chip TPM 101. TCG: Trusted Computing Group. TCG: changes to PC or cell phone

Technical Brief Distributed Trusted Computing

Embedding Trust into Cars Secure Software Delivery and Installation

How to Secure Infrastructure Clouds with Trusted Computing Technologies

On the security of Virtual Machine migration and related topics

vtpm: Virtualizing the Trusted Platform Module

Trusted Platforms for Homeland Security

vtpm: Virtualizing the Trusted Platform Module

William Hery Research Professor, Computer Science and Engineering NYU-Poly

A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken

Software-based TPM Emulator for Linux

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation

Embedded Trusted Computing on ARM-based systems

Opal SSDs Integrated with TPMs

Encrypted File Systems. Don Porter CSE 506

Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution

Hardware Security for Device Authentication in the Smart Grid

Index. BIOS rootkit, 119 Broad network access, 107

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory

Building Blocks Towards a Trustworthy NFV Infrastructure

CS 155 Spring TCG: Trusted Computing Architecture

Software Execution Protection in the Cloud

Trusted Platform Module

Attestation and Authentication Protocols Using the TPM

Uni-directional Trusted Path: Transaction Confirmation on Just One Device

Hardware Security Modules for Protecting Embedded Systems

SECURITY IN OPEN SOURCE VIRTUALIZATION

Implementation of a Trusted Ticket System

Lecture Overview. INF3510 Information Security Spring Lecture 4 Computer Security. Meaningless transport defences when endpoints are insecure

HW (Fat001) TPM. Figure 1. Computing Node

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

Introduction to the TPM 1.2

Vehicular Security Hardware The Security for Vehicular Security Mechanisms

Mutual Authentication Cloud Computing Platform based on TPM

Penetration Testing Windows Vista TM BitLocker TM

Trustworthy Computing

Digital Rights Management Demonstrator

TNC: Open Standards for Network Security Automation. Copyright 2010 Trusted Computing Group

TCG PC Client Specific Implementation Specification for Conventional BIOS

Overview of Windows 10 Requirements for TPM, HVCI and SecureBoot

A Security Assessment of Trusted Platform Modules Computer Science Technical Report TR

Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust. Dan Griffin DefCon 2013

White Paper How Noah Mobile uses Microsoft Azure Core Services

Cryptography as a service in a cloud computing environment

Factory-Installed, Standards-Based Hardware Security. Steven K. Sprague President & CEO, Wave Systems Corp.

TECHNISCHE UNIVERSITÄT MÜNCHEN. Lehrstuhl für Datenverarbeitung. Runtime integrity framework based on trusted computing.

An Improved Trusted Full Disk Encryption Model

Computer Security. Draft Exam with Answers

Making Bitcoin Exchanges Transparent

A Perspective on the Evolution of Mobile Platform Security Architectures

Trusted Network Connect (TNC)

Data Firewall: A TPM-based Security Framework for Protecting Data in Thick Client Mobile Environment

Threat Model for Software Reconfigurable Communications Systems

A Framework for Secure and Verifiable Logging in Public Communication Networks

Cautions When Using BitLocker Drive Encryption on PRIMERGY

Windows Server on WAAS: Reduce Branch-Office Cost and Complexity with WAN Optimization and Secure, Reliable Local IT Services

Using the TPM to Solve Today s Most Urgent Cybersecurity Problems

Offline HW/SW Authentication for Reconfigurable Platforms

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is

Aircloak Analytics: Anonymized User Data without Data Loss

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES

Security concept for gateway integrity protection within German smart grids

anywhere, anytime expectations Bring Your Own Device goes mainstream enabling mobility critical for success changing security landscape

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

SOFTWARE ASSET MANAGEMENT Continuous Monitoring. September 16, 2013

IBM PowerSC. Security and compliance solution designed to protect virtualized datacenters. Highlights. IBM Systems and Technology Data Sheet

BlackBerry 10.3 Work and Personal Corporate

ESET Endpoint Security 6 ESET Endpoint Antivirus 6 for Windows

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015

Cisco Trust Anchor Technologies

Transcription:

1 Secure Data Management in Trusted Computing Ulrich Kühn Deutsche Telekom Laboratories, TU Berlin Klaus Kursawe (KU Leuven) Stefan Lucks (U Mannheim) Ahmad-Reza Sadeghi (RU Bochum) Christian Stüble (RU Bochum) CHES 2005

2 Roadmap Introduction Problems with Sealed Data Platform Updates Hardware Migration Conclusion

3 TCG s Proposal for Trusted Computing Trusted Computing Group: Industry consortium to devolop specifications to [...] protect and strengthen the computing platform against software-based attacks. Key Idea: Base Trusted Computing Base on small piece of secure hardware. Recent developments: TNC Our Motivation: TCG hardware widely deployed Combine with secure operating systems to increase security Here: Address problems and propose solutions.

4 Trusted Platform Module Main components: Cryptographic engine Non-volatile tamper resistant storage Storage Root Key SRK virtual shielded storage Endorsement Key Platform Configuration Registers PCR write access only via Extend operation Needs support by Trusted Software inside TCB.

5 Main TCG Mechanisms Integrity measurement Establish platform configuration at boot time Attestation Attest platform configuration to remote party (Subset of) PCRs signed with Attestation Identity Key Sealing Exclusive availability of information for certain configurations TPM-enforced Maintenance for hardware migration

6 Integrity & Boot Process Establish Chain of Trust for TCB: Start from the Core Root of Trust Measure: c SHA1(next software chunk) Extend PCR: PCR i SHA1(PCR i, c) Execute software chunk might enter another measure-extend-execute cycle Results: PCRs specific for current platform configuration Link between PCRs and software / security properties? Changed software not blocked but detected

7 Architecture of Trustworthy Platforms Use TCB comprised of hardware and software: App 1 App 2 App 3 App 4 App 5 App 6 OS OS OS Trusted Software Layer Hardware Layer TPM TPM Trusted software OS runs on top

8 Sealing Places data in encrypted blob: Availability of data depends on predefined PCR values TPM delivers data only if those PCRs are present otherwise data remains encrypted Usage Scenarios: Cryptographic keys for accessing networks Documents, Media files, etc. Key question: What happens to sealed data when patching the TCB?

9 Roadmap Introduction Problems with Sealed Data Platform Updates Hardware Migration Platform Updates Hardware Migration Conclusion

10 Sealed Data & Platform Updates Consequences of integrity measurement: Changing software in TCB changes hashes Results in changed PCR values Unseal does not release sealed data Intended for malicious / non-trustworthy TCB What about patches? Typically preserve security properties Should close security holes Cannot distinguish good and bad changes!

11 Sealed Data & Hardware Migration Maintenance procedure: Process is optional To our knowledge not implemented in existing TPMs Works only for TPMs of same vendor Needs interaction with vendor Vendor out of business? Price? Availability of sealed data when HW breaks?

12 Roadmap Introduction Problems with Sealed Data Platform Updates Software-Supported Updates TPM-Supported Updates Property-Based Sealing Hardware Migration Conclusion

13 Platform Updates Requirements for a patched TCB: Security: Remote party wants that new platform configuration still adheres to security policy. Availability: Owner / User wants information available after patch. Our solutions: Software-supported TPM-supported Property-based sealing

14 Software-Supported Updates App 1 App 2 App 3 App 4 App 5 App 6 OS OS OS Trusted Software Layer Hardware Layer TCB component Update Manager : Keep record of sealed data blobs Know new PCR values Ensure adherence to security policy Signature by Trusted Third Party Key management Be fail-safe Pros & Cons: Works with current TCG hardware Handles only data sealed for current configuration Requirements for TCB design Difficult for parallel OS instances, e.g. bootloader updates TPM

15 TPM-Supported Updates App 1 App 2 App 3 App 4 App 5 App 6 OS OS OS Key ideas: New TPM command TPM UpdateSeal: Data sealed for S i is resealed for S j Trusted Software Layer Hardware Layer TPM Delegate decision on equivalence of PCR values S i and S j Trusted Third Party issues update certificate cert update = Sign(S i, S j ) Pros & Cons: New TPM command, but should be easy to implement Avoids problems of software-only solution

16 Property-Based Sealing App 1 App 2 App 3 App 4 App 5 App 6 Key Ideas: Seal data for abstract properties e.g. Strong Process Isolation OS OS OS Trusted Software Layer Hardware Layer Mapping between properties and binary measurements Pros & Cons: Better model for security functionality Resolves problems with handling sealed data Hides concrete binary measurements privacy To do: describe useful properties TPM

17 Implementing Property-Based Sealing Use TPM-support for property-based sealing: Describe properties by abstract configuration Data is sealed for abstract configurations only TPM UpdateSeal translates to binary measurements Update certificate states that configuration implements security properties Pros & Cons: Elegant solution for update problem Avoids discrimination of operating systems

18 Roadmap Introduction Problems with Sealed Data Platform Updates Hardware Migration Requirements Migration Protocol Conclusion

19 Migrating to another Hardware Platform Requirements for TPM migration: Completeness: Move secret state of source TPM to destination TPM; clear source afterwards. Security: Migration only if destination TPM at least as secure as source TPM. Delegate decision to trusted third party. Fairness: openly specified process No need for interaction with vendor

20 Design of Migration Protocol Key ideas: Secure export of non-volatile memory etc. under SRK Delegate decision on equivalent security of TPMs Trusted TPM Migration Authority TMA Migration certificate on TPM identities (endorsement keys) EK s and EK d cert mig = Sign(Hash(EK s ), Hash(EK d )) Special export mode for source TPM that allows only: Extract SRK s encrypted under EK d Clear TPM

21 Summary and Conclusion Update & migration problems with sealed data Proposed solutions for update issue Software-only TPM-supported Property-based sealing Combining TPM-supported with property-based solution Proposed secure & fair migration protocol Improves over currently optional maintenance feature Ongoing work: TC-project at RU Bochum implements property-based sealing and attestation, see www.emscb.org

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information