Professional Documents
Culture Documents
16 - Trusted Computing
16 - Trusted Computing
Trusted Computing
Or
Trusted Computing
Overview of TCP
How it works
Intel
LaGrande Technology (LT)
AMD’s Secure Execution Mode (SEM)
Microsoft NGSCB (Palladium)
Uses
Issues
1
16/11/2011
2
16/11/2011
Trusted Computing
Fundamental Concepts
Software runs and communicates securely
over applications and servers
Use “locked-down” architecture
Hardware level cryptographic keys for
encryption and authentication
Tamper-resistant
Seal secure data within curtained memory
I/O communication path are encrypted
3
16/11/2011
Trusted Computing
Should be expected the computing behave
the way we wanted and do what we
wanted securely
Any trusted platform has the following
three fundamental features:
Protected Capabilities
Integrity Capabilities
Integrity Reporting
4
16/11/2011
5
16/11/2011
LaGrande
Intel’s hardware implementation
Based on Arbaugh’s secure bootstrap
Runs parallel to normal architecture
Uses hash values for modification
detection
Operates in several different parts of
chipset
6
16/11/2011
BIOS OS
boot BIOS loader OS Application Network
block
Root of trust in
integrity New OS
measurement Component
TPM
measuring
Root of trust in reporting
integrity reporting
storing values
logging methods
7
16/11/2011
8
16/11/2011
LaGrande
Separate execution space
Separate memory space
Secure mouse/keyboard
Secure graphics
NGSCB
Software side of TC
Domain Manager aka Nexus
Sealed Storage
Remote Attestation
9
16/11/2011
NGSCB – Architecture
Two primary system components in NGSCB
Nexus
Special kernel (core of the trusted operating)
Goal: Isolate the process of normal mode and trusted
mode differently in memory
Functionality: Authenticate and protect data (entered,
stored, communicated, and displayed) by data
encryption
Nexus Computing Agent (NCA)
10
16/11/2011
NGSCB – Architecture
The image cannot be display ed. Your computer may not hav e enough memory to open the image, or the image may hav e been corrupted. Restart y our computer, and then open the file again. If the red x still appears, y ou may hav e to delete the image and then insert it again.
NGSCB – Nexus
Security kernel, authenticated on boot
Authenticates trusted programs
Application interface to TPM
Does not trust OS
11
16/11/2011
NGSCB – Computing
Environment Overview
NSGCB operates two operating systems in ONE system
Two Modes:
Normal Mode vs. Trusted Mode
Normal Mode:
Un-protected environment
Same as our current Windows series
Fully Controlled by the users
Trusted Mode:
Protected environment
Users have no authorities to modify, delete, or copy ANY content.
Implemented TC: Hardware and Software implementation
Fully Controlled by the computers
12
16/11/2011
NGSCB – Operating
Environments The image cannot be display ed. Your computer may not hav e enough memory to open the image, or the image may hav e been corrupted. Restart y our computer, and then open the file again. If the red x still appears, y ou may hav e to delete the image
and then insert it again.
NGSCB – Operating
Environments
Microsoft claimed: “Only an NGSCB
trusted application, NCA, can run securely
within the protected operating
environment.”
NCA - Defined by software developers
Policies
Security authentication
Security authorization
13
16/11/2011
NGSCB – Features
Strong Process Isolation
Sealed Storage
Attestation
Secured Path to the user
14
16/11/2011
15
16/11/2011
NGSCB – Hardware
Need to upgrade current hardware devices:
mouse/keyboard/USB devices/ video
adapter
Input: upgrade to USB devices: Smart
cards, biometrics, others
Output: upgrade to Graphic adapter, which
prevent read/write to video memory
16
16/11/2011
Uses
Remote banking, business-to-business e-commerce, and online
auctioning
Corporate networking, document sharing
Cheat-proof gaming enforcement
Secure data storage
Personal privacy protection, data management, and record keeping
Shared computing and secure transactions
Secure home computing
Government agencies that require a high level of security and trust
Software license enforcement
Copyright enforcement
17
16/11/2011
Issues
GPL
Who is in control – owners, MS, or content
providers?
Assumptions – hardware modifications
possible
Censorship
References
Trusted Computing: Promise and Risk
http://www.eff.org/Infra/trusted_computing/20031001_tc.php
http://www.microsoft.com/resources/ngscb
Ross Anderson’s site http://www.cl.cam.ac.uk/~rja14/
Anderson’s Patent
Arbaugh Paper
Inside Intel's Secretive 'LaGrande' Project
http://www.extremetech.com/print_article/0,3998,a=107418,00.asp
http://www.intel.com/technology/security/
http://www.microsoft.com/whdc/winhec/pres03.mspx
18