Embedded Trusted Computing on ARM-based systems

Similar documents
Patterns for Secure Boot and Secure Storage in Computer Systems

Technical Brief Distributed Trusted Computing

TCG PC Client Specific Implementation Specification for Conventional BIOS

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken

Acronym Term Description

Software-based TPM Emulator for Linux

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory

Trusted Platform Module

Property Based TPM Virtualization

Penetration Testing Windows Vista TM BitLocker TM

Trustworthy Computing

Index. BIOS rootkit, 119 Broad network access, 107

Secure Data Management in Trusted Computing

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution

vtpm: Virtualizing the Trusted Platform Module

Dell Client BIOS: Signed Firmware Update

Building Blocks Towards a Trustworthy NFV Infrastructure

Hi and welcome to the Microsoft Virtual Academy and

i.mx USB loader A white paper by Tristan Lelong

On the security of Virtual Machine migration and related topics

Using the TPM: Data Protection and Storage

TPM Key Backup and Recovery. For Trusted Platforms

Using the TPM to Solve Today s Most Urgent Cybersecurity Problems

A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing

Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust. Dan Griffin DefCon 2013

Opal SSDs Integrated with TPMs

TNC: Open Standards for Network Security Automation. Copyright 2010 Trusted Computing Group

Secure Boot on i.mx50, i.mx53, and i.mx 6 Series using HABv4

An Improved Trusted Full Disk Encryption Model

Secure Cloud Storage and Computing Using Reconfigurable Hardware

How to Secure Infrastructure Clouds with Trusted Computing Technologies

TECHNISCHE UNIVERSITÄT MÜNCHEN. Lehrstuhl für Datenverarbeitung. Runtime integrity framework based on trusted computing.

Background. TPMs in the real world. Components on TPM chip TPM 101. TCG: Trusted Computing Group. TCG: changes to PC or cell phone

Fastboot Techniques for x86 Architectures. Marcus Bortel Field Application Engineer QNX Software Systems

Secure Boot on i.mx25, i.mx35, and i.mx51 using HABv3

SecureDoc Disk Encryption Cryptographic Engine

Security Policy for FIPS Validation

Hierarchies. Three Persistent Hierarchies. Chapter 9

Enhancing Organizational Security Through the Use of Virtual Smart Cards

That Point of Sale is a PoS

TNC Endpoint Compliance and Network Access Control Profiles

Trusted Platforms for Homeland Security

Lesson 06: Basics of Software Development (W02D2

Trusted Network Connect (TNC)

Certification Report

i.mx Trust Architecture Protects assets of multiple stakeholders Guards against sophisticated attacks Assures software measures TM 2

End User Devices Security Guidance: Apple OS X 10.10

Security Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation

Secure Storage. Lost Laptops

CS 155 Spring TCG: Trusted Computing Architecture

Guidance End User Devices Security Guidance: Apple OS X 10.9

DELL. Unified Server Configurator Security Overview. A Dell Technical White Paper. By Raja Tamilarasan, Wayne Liles, Marshal Savage and Weijia Zhang

Security Security by Separation

Encrypting stored data. Tuomas Aura T Information security technology

Network Access Control (NAC) and Network Security Standards

Analysis of the Linux Audit System 1

Hardware Security for Device Authentication in the Smart Grid

Digital Rights Management Demonstrator

Cautions When Using BitLocker Drive Encryption on PRIMERGY

Creating Security for BYOD Current Approaches

Table Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10

What s New in MySQL 5.7 Security Georgi Joro Kodinov Team Lead MySQL Server General Team

Data At Rest Protection

UNCLASSIFIED Version 1.0 May 2012

Embedded Linux development training 4 days session

Secure mobile business information processing

Session ID: Session Classification:

ios Security Decoded Dave Test Classroom and Lab Computing Penn State ITS Feedback -

IoT Security Concerns and Renesas Synergy Solutions

Cisco Trust Anchor Technologies

TPM 2.0, UEFI and their Impact on Security and Users Freedom

IoT Security Platform

vtpm: Virtualizing the Trusted Platform Module

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

William Hery Research Professor, Computer Science and Engineering NYU-Poly

Mobile Platform Security Architectures A perspective on their evolution

Trusted Virtual Machine Management for Virtualization in Critical Environments

TrustKey Tool User Manual

Linux Embedded devices with PicoDebian Martin Noha

HW (Fat001) TPM. Figure 1. Computing Node

Overview of Windows 10 Requirements for TPM, HVCI and SecureBoot

AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT THREE. Computer Basics and Virtual Machines.

Frontiers in Cyber Security: Beyond the OS

Certification Report

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Transcription:

1 / 26 Embedded Trusted Computing on ARM-based systems Martin Schramm, M.Eng. 10.04.2014

Agenda 2 of 26 martin.schramm@th-deg.de

Embedded computing platforms have become omnipresent intend to alleviate everyday life up and running in a 24/7 manner applications with high requirements for safety, security and privacy industrial automation medical automotive well-defined hardware and software components cost pressure ease of development arising problems regarding system security attacker effort is considerably reduced tremendous financial damage physical injury loss of human lives 3 of 26 martin.schramm@th-deg.de

Trusted Platform Module usually connected via LPC Bus Roots of Trust (RTS, RTR and RTM) CRTM implemented in BIOS Well-defined 4 of 26 martin.schramm@th-deg.de

PCR: PCR usage: 0 CRTM, BIOS and Platform Extensions 1 Platform Configuration 2 Option ROM Code 3 Option ROM Configuration and Data 4 IPL Code (usually the MBR) 5 IPL Configuration and Data (for use by the IPL Code) 6 State Transition and Wake Events 7 Host Platform Manufacturer Control 8-15 Defined for use by the Static Operating System 16 Debug 17-23 Defined for use by the Dynamic Operating System BIOS part often poorly implemented User often has no insight of what is going on 5 of 26 martin.schramm@th-deg.de

TPM connected via embedded interface (e.g. I 2 C) Unique identification possible Lack of BIOS on ARM-based systems Root of Trust for Measurement must be redefined New Core Root of Trust for Measurement concept needed must be guaranteed 6 of 26 martin.schramm@th-deg.de

Freescale High Assurance Boot Implemented in Boot ROM Based on signed code execution Validation of efuses Reset Subsystem Security Bootloader CSF HAB Library i.mx Boot Rom Boot Device Driver Device Driver Boot Stages First Second Third Bootloader TPM Boot Device Driver OS Policy OS 7 of 26 martin.schramm@th-deg.de

Freescale High Assurance Boot Secure Boot capability HAB Library in Boot ROM is CRTM RTM comprised by enhanced Bootloader RTS and RTR located inside of the TPM Manufacturer has to be trusted 8 of 26 martin.schramm@th-deg.de

U-Boot Verified Boot Uses Flattened uimage Tree (FIT) images { kernel@1 { data = <data for kernel1 > signature@1 { algo = " sha1, rsa2048 " ; value = <... k e r n e l s i g n a t u r e 1... > } ; } ; fdt@1 { data = <data for fdt1 >; signature@1 { algo = " sha1, rsa2048 " ; vaue = <... f d t s i g n a t u r e 1... > } ; } ; } ; Sign images in FIT Hash an image in the FIT Sign the hash Store resulting signature in the FIT Verify the images Read the FIT and obtain public key Extract the signature from FIT and hash image Verify the signature 9 of 26 martin.schramm@th-deg.de

U-Boot Verified Boot Public key must be trusted Stored in U-Boot s control Flattened Device Tree (FDT) Secure field-upgrades are possible U-Boot must be loaded from read-only memory (CRTM) Chaining images possible Signed configurations possible c o n f i g u r a t i o n s { default = " conf@1 " ; conf@1 { kernel = " kernel@1 " ; f d t = " fdt@1 " ; signature@1 { algo = " sha1, rsa2048 " ; key name hint = " dev " ; sign images = " f d t ", " k ernel " ; } ; } ; } ; 10 of 26 martin.schramm@th-deg.de

libsboot libsboot, libtlcl and TPM drivers Secure Boot example for pre-os boot environment U-Boot binary loaded by a Second Phase Loader (SPL) EEPROM defining platform indentification and configuration Environment data read from an initial external source Environment variables set via the U-Boot console Flattened Device Tree files Initial Ram Disks An OS kernel Initialization of libsboot occurs from ROM code Initialization of TPM in SPL Verification that PCRs are reset Asserts Physical Presence 11 of 26 martin.schramm@th-deg.de

libsboot Sealed data stored in TPM NVRAM Pre-execution of U-Boot OS kernel System only boots after successfull unseal operation Extend PCRs with random data after measurements/error Trustworthy modifications of U-Boot are difficult Signature based approach possible 12 of 26 martin.schramm@th-deg.de

I HAB + TPM 13 of 26 martin.schramm@th-deg.de

I U-Boot verified Boot 14 of 26 martin.schramm@th-deg.de

libsboot 15 of 26 martin.schramm@th-deg.de

PCR: Possible PCR usage: 0 U-Boot image 1 U-Boot environment variables 2 U-Boot typed in commands 3 Kernel FDT 4 Initial RAM Disk 5 OS kernel image 6 reserved for further use 7 reserved for further use 8-15 Defined for use by the Static Operating System 16 Debug 17-23 Defined for use by the Dynamic Operating System 16 of 26 martin.schramm@th-deg.de

Embedded devices might be uniquely identified Endorsement Key certificate Hash of public Endorsement Key Barcode of public EK Hash Easy exchange of Trustworthy devices 17 of 26 martin.schramm@th-deg.de

What if signed image gets compromised? TPM chip features monotonic counters Can be used to implement rollback counters Rolling back an older signed firmware can be mitigated 18 of 26 martin.schramm@th-deg.de

I requires authentic AIK key I I PrivacyCA (online verification) AIK direct proof (offline verification) 19 of 26 martin.schramm@th-deg.de

via TPM_QUOTE 20 of 26 martin.schramm@th-deg.de

Possibility to certify any key in the TPM key hierarchy 21 of 26 martin.schramm@th-deg.de

Prevent compromise of the hosts that connect to a network Based on extended attributes such as platform authentication, endpoint compliance or software state information Policy for assessment, isolation and remediation needed Common three party model: Access Requester (AR), Policy Decision Point (PDP) and Policy Enforcement Point (PEP) AR might be a VPN Client or IEEE 802.1X Supplicant AR s request processed by PDP which might be a software component or a RADIUS server PDP reports its decision (access granted or denied) to a PEP PEP might be a VPN gateway, switch, firewall or IEEE 802.1X Access Point 22 of 26 martin.schramm@th-deg.de

23 of 26 martin.schramm@th-deg.de

24 of 26 martin.schramm@th-deg.de

Manifold application areas of embedded devices Urgent need for sophisticated security solutions must be guaranteed Unique identification and anti-rollback possible Well-defined policies are of great importance Security versus Usability! 25 of 26 martin.schramm@th-deg.de

Thank you for your attention! 26 of 26 martin.schramm@th-deg.de

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information