Trusted Infrastructure

Trusted Infrastructure

Trusted Infrastructure Xiaolong Wang, Xinming Ou Based on Dr. Andrew Martins slides from TIW 2013 Problem We use different devices (smartphone, laptop, tablet, Xbox, router) and grant them with authority everyday (Gmail/Facebook account, credit card, personal info, etc.)

How it can know if it really did what it said? By using it we have to explicitly or implicitly trust. But shall we trust it? Scenario Install the correct version of gcc package on Linux Verify md5 compare with md5sum on website verifying the package relies on the correct operation of the utility

verifying the verifier relies on the correct operation of the shell ... and the OS verifying the correct operation of the OS relies on ... lower level stuff what am I really relying on? Is this actually making an MD5 of the nominated file?

Am I executing /usr/bin/md5sum ? Is the shell behaving as I expect? What is Trust? According to RFC4949 trusted is A feeling of certainty (sometimes based on

inconclusive evidence) either that the system will not fail or that system meets its specifications (the system does what it claims to do and does not perform unwanted functions). TCG notion: An entity can be trusted if it always behave in the expected manner for the intended purpose. Trust != Secure

Trustworthy System A system that not only is trusted, but also warrants that trust because the systems behavior can be validated in some convincing way, such as through formal analysis or code review. TCB Think of a system you use. What is the extent

of its Trusted Computing Base (TCB)? Large parts of (or most, or all) of the operating system fall within TCB The operating system is inherently trusted it is a great big root of trust. PC Attack Surface

Pre-boot (BIOS, UEFI) Firmware, option ROMs Management functions (SMM, SMI) OS kernel

Kernel-mode drivers Application software and drivers Peripherals Etc. Kinds of Solution Building Trust in a System Roots and Chains

Goal We want to achieve hardware-like trust characteristics in a software programmable system Implement hardware-based roots of trust Control secret keys Control platform identity Building chains of trust which indicate/manage what

software is running Report platform state reliably And/or launch only white-listed software Trusted Computing Group TCG is a non-profit organization (former TCPA) formed to address the concerns about the lack of security of personal computers connected to the Internet.

TCG Approach Building a Record of Platform Remarks This process gives us a measured boot process Any component in the chain can gain confidence about the components below/before it by querying the TPM implies transitive trust in components

Architecture: Roots of Trust Trusted Platform Module TPM is a computer chip that can securely store artifacts used to authenticate the platform. TPM Components TPM is not an active

components, always a responder to a request and never initiates an interrupt TPM Core Functionality

Non-volatile storage: Endorsement key (EK) Storage root key (SRK) Monotonic counters Volatile storage:

Other keys, authentication session, configuration registers Computational functions: Crypto, genuine random, key generation Shielded locations: An area where data is protected against interference from the outside exposure. Protected Capabilities: The set of commands with exclusive permission to access shielded location

Trusted Platform Module TPM is the component at the heart of the vision of Trusted Infrastructure Root of trust for storage Root of trust for reporting Root of trust for measurement* *(with BIOS or other chipset components) Role of TPM in Measurement

Protected Storage TPM is a Root of Trust for Storage Does not store all secrets directly Store one secret used to protect other secrets Protected storage (cont.) TPM Keys Endorsement key (EK)

Unique platform identity Created by manufacture in a secure environment Non-migratable, store inside chip, cannot be remove Storage root key (SRK) 2048 bit RSA key Top level element of TPM hierarchy Created during take ownership Non-migratable, store inside chip cannot be remove

Storage Keys RSA keys used to encrypt other elements in the TPM key hierarchy Created during user initialization Signature Keys RSA keys used for signing operating A leaf in the TPM key hierarchy Endorsement Key EK, an RSA key pair composed of a public key and

private key The key TPM uses in its roles as Root of Trust for Reporting Critical: trust in all keys in the system come down to the trust in EK The EK is used to recognize a genuine TPM The EK is used to decrypt information sent to a TPM in the Privacy CA and DAA protocols, and during the installation of an owner in the TPM

Platform Identity and Endorsement The Endorsement key is held in TPM: Gives the platform a unique identity Asserts the platform credentials Root of Trust for Reporting is intended to substantiate claims Assurance that it contains a correctlyimplemented TPM Evidence that the embedding of that TPM within the platform conforms to an evaluated design

Storage Root Key (SRK) The key that the TPM uses in its role as Root of Trust Storage Used to protect other key and data via encryption Can protect other storage keys: hierarchy or protection SRK generated and held in TPM when take ownership Key blobs can be encrypted for storage in untrusted locations All other key created by the TPM have their private

halves encrypted by the SRK and are stored outside the TPM Loading TPM Keys Load signing key into TPM to use it for signing operation Establish entire key chain up to SRK Decrypt private key of storage key using the private SRK

Require SRK usage secret Attestation Identity Key (AIK) Solution to privacy problem is to allow platform to have arbitrarily many attestation identity keys Process of signing these involves EK so can check platform credential (typically a digital certificate) and a Privacy CA (trusted third party) In use the AIK has no reference to EK Each AIK is bound to platform and protected by

root of trust for storage AIK is certified by a privacy CA Privacy CA Windows 8 Boot Process

Firmware rootkits. These kits overwrite firmware of the PCs basic input/output system or other hardware so the rootkit can start before Windows. Bootkits. These kits replace the operating systems bootloader (the small piece of

software that starts the operating system) so that the PC loads the bootkit before the operating system. Kernel rootkits. These kits replace a portion of the operating system kernel so the rootkit can start automatically when the operating system loads. Driver rootkits. These kits pretend to be one of the trusted drivers that Windows uses to communicate with the PC

hardware. Source: Securing the Windows 8 Boot Process Countermeasures Secure Boot. PC first verifies that the firmware is digital signed, the firmware examines the bootloaders digital signature. Bootloader was signed using a trusted certificate or use has manually approved the bootloaders digital signature

Trusted Boot. The bootloader verifies the digital signature of the windows 8 kernel before loading it. And kernel in turn verifies every other component of windows startup process(boot drivers, startup files and ELAM) ELAM exam non-Microsoft boot drivers and determine whether it is on the list of trusted drivers. Source: Securing the Windows 8 Boot Process Countermeasures (cont.)

Measured Boot 1. PCs UEFI stores in the TPM a hash of the firmware, bootloader, boot drivers, and everything else 2. At the end of the startup process, Widows starts non-Microsoft remote attestation client. 3. TPM uses the servers key to sign the log record

Source: Securing the Windows 8 Boot Process Source: Securing the Windows 8 Boot Process

Recently Viewed Presentations

  • A Tale of Two Cities* Charles Dickens *

    A Tale of Two Cities* Charles Dickens *

    Chapter 18: Nine Days . Morning of Darnay and Manette wedding . Charles and Dr. Manette are behind closed doors (remember the promise from Ch. 10) Mr. Lorry and Miss Pross (who still wishes her brother Solomon was the groom)...
  • Political Parties - images.pcmac.org

    Political Parties - images.pcmac.org

    Parties and What They Do. What is a political party? A group of persons who . seek to control govt. thru the winning of elections and holding of public office
  • Chapter 1: Matter and Measurement - athena.uwindsor.ca

    Chapter 1: Matter and Measurement - athena.uwindsor.ca

    General Chemistry Principles and Modern Applications Petrucci • Harwood • Herring 8th Edition Chapter 5: Introduction to Reactions in Aqueous Solutions
  • PowerPoint-Präsentation - University of Pittsburgh

    PowerPoint-Präsentation - University of Pittsburgh

    Infect. imm. Exhaust. deletion Papill. V perif. self Polio V Infl. TB, HBV, HIV HCV, LDV (HIV, LCMV) Peripheral solid organs Peripheral lymphatic organs Generalized hematogenic spread Imm.
  • Medications & More in ASD - Dr Ramos

    Medications & More in ASD - Dr Ramos

    Anti-Epileptics - Lamotrigine (Lamictal), Oxcarbazepine(Trileptal), Carbamazepine (Tegretol), Topirimate (Topamax), Divalproex Sodium (Depakote) Mood Stabilizers -Lithium, Gabapentin (Neurontin) Virtually every psychotropic medication has been tried for someone with ASD somewhere at sometime - few + studies
  • Social Justice in To Kill a Mockingbird - Sol de Terrace

    Social Justice in To Kill a Mockingbird - Sol de Terrace

    VOCABULARY SPOTLIGHT 15 Minutes Sample Sentences. The precocious toddler carried a smart phone containing his personal calendar with reminder alarms.. I had a . qualm. that I had forgotten to do something for school; when Mrs. Barnett distributed the pop...
  • Level E - Council Rock School District

    Level E - Council Rock School District

    Century Gothic MS Pゴシック Arial Wingdings 2 Calibri Austin 1_Austin 2_Austin 3_Austin Unit 7 Vocabulary abhor amend buffet chaos commodious PowerPoint Presentation corrosive discern extant (extent) implicate inter PowerPoint Presentation martinet obviate renegade reprehensible somber PowerPoint Presentation squalid turbulent Vociferous...
  • Definitive Landmark Study of Highly Important Condition: Another

    Definitive Landmark Study of Highly Important Condition: Another

    Definitive Landmark Study of Highly Important Condition: Another Outstanding Poster by Hopkins Experts Jane Q. Fellow, John Q. Technician, Jeanne T. Collaborator, James M. Senior-Author