Trusted Computing Overview - The digital security industry ...€¦ · Security and Business...

Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1

Industry Leader in Trusted Systems and Services

Trusted ComputingSecurity for the Digital World

TCG Mission

Develop and promote open, vendor-neutral,industry standard specifications for trusted computing building blocks and software interfaces across multiple platforms



Trusted Network Connect – sub wg

TCG Organization

Marketing Workgroup Nancy Sumrall, Intel

Board of DirectorsJim Ward, IBM, President and Chairman, Geoffrey Strongin, AMD, Mark Schiller, HP, David Riss, Intel, Steve Heil,

Microsoft, Tom Tahan, Sun, Nicholas Szeto, Sony, Bob Thibadeau, Seagate, Thomas Hardjono, Verisigin

Server Specific WGLarry McMahan, HP

Position KeyGREEN Box: Elected OfficersBLUE Box: Chairs Appointed by BoardRED Box: Chairs Nominated by WG,

Appointed by BoardBLACK Box: Resources Contracted by TCG

User Auth WGLaszlo Elteto, SafeNet

TSS Work GroupDavid Challener, IBM

TPM Work GroupDavid Grawrock, Intel

Storage Systems Robert Thibadeau,

Seagate

AdministrationVTM, Inc.

Advisory Council Invited Participants

Best Practices Jeff Austin, Intel

Technical Committee Graeme Proudler, HP

Public RelationsAnne Price,PR Works

EventsMarketingSupportVTM, Inc. Peripherals WG

Jim Wendorf, Philips

PC Client WGMonty Wiseman, Intel

Mobile Phone WGPanu Markkanen, Nokia

Infrastructure WGT. Hardjono, Verisign/ N.

Smith, Intel

Conformance WGManny Novoa, HP

Trusted Computing Definition

Trusted Computing:

Hardware and software behave as designed


The Evolution of the Digital Infrastructure

Processing (PC)Time

Connectivity (Internet)

Access (WWW)

Trust/SecurityTrust/SecurityTrust/Security

Web ServicesWeb ServicesWeb ServicesIdentityIdentityIdentity


Today’s Deployments Often Leave Clients Relatively Unprotected

Server

• Encryption (IPSec, SSL)• VPN• Layered firewalls• Intrusion detection SW• 24x7 monitoring• Network segmentation• 802.1x (Radius)• Multi-factor authentication • Domain controllers• Policy management• Configuration monitors

Network

• Passwords• Anti-virus• User authentication• Patch, Configuration,

& Policy Control• Intrusion detection SW

Client

• Highly regulated SW/HW configuration

• Controlled physical access (24x7)

• Intrusion detection SW• Firewalls• Anti-virus• Network segmentation• Encrypted data• Real-time monitoring• Auditing & analysis

tools• Multi-factor user auth.• Configuration monitors• Patch, Configuration, &

Policy Control


Mismatch between security measures and the financial value of data created & stored on clients

Mismatch between security measures and the Mismatch between security measures and the financial value of data created & stored on clientsfinancial value of data created & stored on clients

The Security OpportunityClients lightly protected

relative to servers & network

Ubiquitous connectivity

Financial incentive & readily available means

to attack clients

High value data created & stored on client

Attacks outpacing today’s protection models

Sophisticated attack tools readily available


A hardened client can reduce the risk of serious financial loss and compromised data

A hardened client can reduce the risk of serious A hardened client can reduce the risk of serious financial loss and compromised datafinancial loss and compromised data

Trusted Computing – Bottom to Top


Trusted Hardware

PC Hardware

BIOS Firmware

Operating System

System Services

Applications

User Services Security at any layer can be defeated by accessing the next lower layer

Trusted Computing requires security hardware as the foundation for platform security

Plus security enablement features in each layer

Security Solutions: Client Security

U

U

U

UU

Trusted


Untrusted

T

T

T

TT

Trusted

UU

Trusted devices or components can communicate securely over untrusted networksTrusted devices or components can communicate securely over untrusted networks

Untrusted devices cause the result to become untrustedUntrusted devices cause the result to become untrusted

The Trusted Platform ModuleHardware-based security enhancement

• Enhances many aspects of platform security – Specified by Trusted Computing Group (TCG) Major functions today:– Protected non-volatile storage of platform secrets

(e.g. encryption/signature keys, etc.)– Special purpose protected processing

(e.g. key generation, digital signatures, etc.)– Spoof-resistant platform authentication capability


TPMTPM


TPM PC Market Projection (Source: IDC)

152

4

170

35

187

60

202

115

217

175

0

50

100

150

200

WWPCsIn

Millions

2003 2004 2005 2006 2007

Total PCs Shipped TPM-Enabled PCs Shipped

Trusted Computing Applications

StrongAuthentication

DataProtection

E-CommercePrivacy

Protection

PlatformSecurity

SecureVPNs &

Peer-Peer

AccessControl

DistributedTransactions

Applications

Trusted Software

Trusted Hardware Components

Trust Infrastructure

Key Management


DigitalSignatures

Model 7: Authentication and Web ServicesSe

curit

y


Web Services Value

PasswordPassword

w/SSLPrevious Session

(Cookies)

Smart Card

Smart Card

+Password

Time-Sync Token

+ PasswordSoftware

PKI

Biometrics+

Password

TPM+

Password

Trusted Platform Module

Types of TPM hardened Applications Available from 3rd parties


Type DescriptionFile/Folder Encryption

• Keys protected by TPM• E.g. Wave *, Softex*, IBM*, HP*, Infineon*, Information Security Corp.*

Remote Access

• Remote access credentials are protected by the TPM. Can be used for VPN, Wireless 802.1x and similar type authentications.

• E.g. SecurID*, Checkpoint VPN-1 SecureClient*

Client-based Single Logon

• Username/Password auto fill. User only have to remember one password. TPM app lets user register other passwords and automatically fills them in when password dialog is presented.

• E.g. Softex*, Wave*, IBM*, Congizance*

Protected Information Repository

• Use TPM wrapping/sealing capability to protect sensitive information like credit cards, account numbers, or even biometric templates.

• Some with auto form filling capabilities• E.g. Wave*, IBM*, Softex*

E-mail Integration

• Encryption, Signature schemes supporting MS-CAPI or PKCS#11• E.g. Outlook*, Netscape*, Information Security Corp.*

Digital Signature

• Digital signature application to E-mail, Adobe’s PDF files, e-purchasing, etc.• E.g. Microsoft*, Adobe*, Wave, Netscape*

Enterprise Logon

• Platform authentication using TPM• E.g. Cognizance*, Wave Trust Server*

Hardened PKI • Protect & Manage Certificate Authority issued credentials using TPM• E.g. VeriSign PTA*, Checkpoint*, RSA*

Summary• The Trusted Computing Group has

defined an open security hardware specification

• Trusted computing is a core building block for next generation web services

• Secure hardware is a requirement and available today

• Trusted computing products from multiple vendors are currently shipping



Backup Slides

Problem- Who are you?


TCG Membership• 78 Total Members as of August 12, 2004 (7 Promoter, 57 Contributor, 14 Adopter)


ContributorsAgere Systems ARM ATI Technologies Inc. Atmel AuthenTec, Inc. Broadcom Corporation ComodoDell, Inc. Endforce, Inc.Extreme Networks Fujitsu Limited Fujitsu Siemens Computers Funk Software, Inc. Gemplus Giesecke & Devrient Hitachi, Ltd.Infineon InfoExpress, Inc. iPassJuniper Networks Legend Limited GroupLexmark InternationalM-Systems Flash Disk Pioneers Meetinghouse Data Communications Motorola Inc. National Semiconductor nCipherNetwork AssociatesNokia

ContributorsNTRU Cryptosystems, Inc. NVIDIA Philips Phoenix Renesas Technology Corp. RSA Security, Inc. SafeNet, Inc. Samsung Electronics Co. SCM Microsystems, Inc. Seagate Technology Shang Hai Wellhope Information Silicon Storage Technology, Inc. Standard Microsystems Corporation STMicroelectronicsSygate Technologies, Inc. Symantec Symbian LtdSynaptics Inc. Texas Instruments Transmeta Corporation Trend Micro Utimaco Safeware AG VeriSign, Inc. Vernier NetworksVIA Technologies, Inc. Vodafone Group Services LTD Wave Systems Zone Labs, Inc

PromotersAMDHewlett-PackardIBMIntel CorporationMicrosoftSony CorporationSun Microsystems, Inc.

AdoptersAli Corporation American Megatrends, Inc. Enterasys NetworksFoundry NetworksFoundstone, IncGatewayIndustrial Technology Research Inst. iPassM-Systems Flask Disk PioneersOSA Technologies Silicon Integrated Systems Corp. Softex, Inc. Toshiba Corporation Winbond Electronics Corporation

Analyst predictions


IDC estimates that in 2007, more than 80 percent of

security products will be hardware-based, instead of current software-based

tools like anti-virus and firewall software.

IDC expects worldwide spending on security and business continuity to grow twice as fast as IT spending over the next several years, reaching more than $116 billion by 2007.

Reference: Security and Business Continuity Remain Highest IT Spending Priorities According to IDC Survey25 Sep 2003

Computer safety standard draft on way, By Liu Baijia (China Daily) Updated: 2004-03-06 08:37

Analyst Predictions – Cont.


For the medium term, the pace of business continues to accelerate and the challenge is to adapt the IT infrastructure to cope with the changes. Group vice president Steve Prentice said that, in the medium term, CIOs should plan to build a real-time infrastructure for IT.

This will involve a new model of IT to allow resources to be shared dynamically according to business needs. But it can have a huge impact on data center budgets and is inevitable for the longer term. Instead of maintaining a chaotic infrastructure with separate components, enterprises should be providing a set of services that enable the execution of business processesaccording to service level agreements. It will be a service-oriented architecture.

Reference: Three Challenges for CIOs, Gartner, 17 March 2004


Risk Management for Enterprises

• Most current security efforts follow a similar progression– Network (intranets, firewalls,

VPNs, etc.)– Servers (load balancers, HSMs,

SSO, web authentication, etc.)– Policies & processes (response

plans, disaster recovery, etc.)– Identity & access (badges, tokens,

digital certificates, etc.)• Client PC protection is either

non-existent or vulnerable– Mobile workers operate both

inside and outside the firewall– Mobile devices (laptops) can

easily store business critical information insecurely

Enterprise Client Security Outlook

THE NEED• Client security needs are increasing (more sophisticated

viruses, worms, spam, etc)• Network security and client software security alone have proven

insufficient in protecting data and systems• The increase in laptops puts corporate data further at risk

THE STATUS• PCs are available en masse (IBM, HP, Intel motherboad,

Fujitsu)• Businesses are already purchasing (5M+)• Enterprises have needs today for key management• Businesses can add value and increase security 1 PC at a time


Trusted Computing• Trusted Computing is a concept to protect

and strengthen the computing platform against software-based attacks


GoalsGoalsProtect business data and

communications against current and future software attacks

Provide opportunities for value-added services

Enable broadly-adoptable security technologies with

immediate utility to business users and IT

Deploy in a responsible manner that maintains user privacy,

choice and control

Advancing Platform Security

Increasing Increasing levels of levels of

protectionprotection

SoftwareSoftware-Only

Smart Card

Anti-virus, passwords, VPN, firewall, SSL, etc.

User authentication, portable hardware key storage


Time

Future Security Technologies

CPU & OS Multi-function, hardware-strengthened security with strengthened OS

TPM Platform authentication, Platform authentication, Fixed hardware key storageFixed hardware key storageTodayToday

Requires security rooted in hardwareRequires security rooted in hardwareRequires security rooted in hardware


Security and Trust Services

Applications and ServicesTrusted Device Eco-System

Cell PhonesPC

Peripherals

ConsumerElectronics

CommunicationsTransactionsIdentity

DeviceAdministration

Control

Content Services

AccessControl

EmbeddedControllers

KeyManagement

Attestation

ConfigurationManagement

PDATrusted Platform

Module

TPM Software Enabling StackMicrosoft CAPI


From ISVFrom ISV

CAPI CAPI included in included in Microsoft OS Microsoft OS

From TPM From TPM vendorvendor

Application calls CAPI to Application calls CAPI to perform cryptographic perform cryptographic functions functions

Application (CAPI enabled)Application (CAPI enabled)Application (CAPI enabled)

CAPI looks for available CAPI looks for available sources of crypto services sources of crypto services in the system (hardware & in the system (hardware & software)software)

CAPI InterfaceCAPI InterfaceCAPI Interface

CSP alerts CAPI to the CSP alerts CAPI to the TPM’s presence & routes TPM’s presence & routes appropriate service requests appropriate service requests to the TPM

Cryptographic Service Provider (CSP)Cryptographic Service Provider (CSP)Cryptographic Service Provider (CSP)to the TPM

The service request is The service request is interfaced to the TPM by the interfaced to the TPM by the TSS (i.e. device driver)TSS (i.e. device driver)

TCG Software Stack (TSS)TCG Software Stack (TSS)TCG Software Stack (TSS)

TPM provides the crypto TPM provides the crypto service & returns result TPM HardwareTPM HardwareTPM Hardwareservice & returns result

Trusted Computing – Value!


• Customers will pay for Trusted Systems• Customers will pay for Trusted Systems

$25

$50

$75

$100

$200Privacy and the Internet/Hart Research

84%

71%

57%

49%

34%

Definitely interested in adding security technology to new computerProbably interested in adding security technology

Trusted Computing Overview

TCG Technologies


Goals of the TCG ArchitectureTCG defines mechanisms that

• Protect user keys (digital identification) and files (data)• Protect secrets (passwords)• Enable a protected computing environment

• Ensuring the user’s control• Protecting user’s privacy

While…

Design Goal: Delivering robust security withuser control and privacy


TCG Organization

TCG Policy Positions

Privacy Effect of TCG SpecificationsTCG is committed to ensuring that TCG specifications provide for an increased data capability to secure personally identifiable information

Open Platform Development ModelTCG is committed to preserving the open development model that enables any party to develop hardware, software or systems basedon TCG Specifications. Further, TCG is committed to preserving the freedom of choice that consumers enjoy with respect to hardware,software and platforms


TCG Organization

TCG Policy PositionsPlatform Owner and User ControlTCG is committed to ensuring owners and users of computing platforms remain in full control of their computing platform, and to require platform owners to opt-in to enable TCG features

Backwards CompatibilityTCG commits to make reasonable efforts to ensure backward compatibility in future specifications for currently approved specifications



TCG System Benefits• Benefits for today’s applications

– Hardware protection for keys used by data (files) and communications (email, network traffic)

– Hardware protection for Personally Identifiable Information (Digital IDs)

– Hardware protection for passwords stored on disk– Lowest cost hardware security solution : no token to distribute

or lose, no peripheral to buy or plug in, no limit to number of keys, files or IDs

• Benefits for new applications– Safer remote access through a combination of machine and

user authentication– Enhanced data confidentiality through confirmation of

platform integrity prior to decryption

*Other names and brands may be claimed as the property of others

TPM Overview• TPM= Trusted Platform Module

– a hardware device that is attached to a platform. – Contains Encryption Engine and Protected

Storage• Single, permanent Public / Private key-pair

called the Endorsement Key Pair– The TPM cannot be moved between platforms

• Works for Mobile, Desktop and Server Platforms



TCG Applications


Managing the Trusted PlatformProblem: Security requires the platform

owner/user to set policies, determine how to apply security, and manage the overall operations.

Solution: Platform OEMs and ISVs provide simple to use management software to make it easy for users to turn on the TPM, apply polices, and manage their trusted platforms


Managing the Trusted Platform - Example


Managing the Trusted Platform - Biometrics


Model 1: Know your clients, know your users

Problem: In a corporate network that is open to business partners, how can I be sure that the people connected to the network are people I can trust?

Solution:• Use clients equipped with TPMs to store and protect certificates

used for VPN access – (Check Point VPN-1)

• Provide valid users with Smart cards for token-based authentication to the client/network/servers – (GemPlus readers and cards, IBM TPM-equipped clients, any

certificate-enabled server application),


Model 2: Secure remote network accessProblem: Sales and traveling executives require secure access to

sensitive information resources from insecure locations

Solution:• All traveling clients are equipped with 3Com Embedded Firewall

(EFW) NICs• 3Com EFW NIC binds to client TPM• Company exterior gateway only accepts network connection

from known 3Com EFW NICs• Client TPM requires valid Smart card to authenticate the user• Result: Only known users can authenticate to company clients.

Only known clients can authenticate and connect to company gateway. Connection is hardware-based VPN with firewall built in.


Model 3: Document Security


Problem: Sensitive files must be protected, but still shared

Solution:• Document management using TPMs is

integrated into Windows and MS Office applications

• TPM creates and stores encryption keys• Document vaults can be shared, even

across internet connections

Vault Vault ViewView

RightRightClickClick

MS Office Icons & MenuMS Office Icons & MenuMS Office Icons & Menu

Model 4: Trusted archival of electronic documents:

Problem: Electronic documents must be stored on a long term basis. – The documents include legal status information about citizens. – It must be possible to demonstrate that the documents have not

been altered since the time of archival.

Solution:• Documents archived from a TPM-enabled PC• Documents in Acrobat PDF format• Document is signed by archivist at time of archival

– Acrobat requires archivist authentication to the TPM for each signature– Signature requires archivist’s fingerprint and Smart card to authorize


Model 5: Building access / default PC protection:Problem: Separate security access issues:• Provide a token-based physical access mechanism that can also be

used for network authentication• Provide full hard drive encryption that is transparent to the user, always

operational and provides hardware-based security of the encryption keys

Solution:• GemPlus Smart cards for physical and logical access• TPM-enabled clients using Utimaco’s Safe Guard Easy full hard drive

encryption software, featuring support for the TPM as a key storage / platform binding tool.


Model 6: Client/Server Mutual Authentication


Problem: Highly sensitive, high-value e-Business application that requires – assurance of who the transacting user is and – assurance that the server software has not been changed in any way

by any one

Solution:• Server runs SE Linux modified to use a TPM for attestation of

secure boot and integrity of software configuration• User PC is TPM-equipped

– TPM requires strong authentication of the user, including a Smart card– User transaction will interrogate the server, requiring a status of

“unchanged” before it will allow transaction to proceed

Demonstration of this application performed by IBM Research at Fall ’03 IDF

Model 7: Strong Authentication and Federated Identity


Problem: Federated identity systems need strong, multifactor authentication for high value web services

– Strength of initial user authentication into networks of federated identity determine the level of trust and non-repudiation for web services

– Authentication contexts are defined and communicated by Liberty Alliance, Web Services – Federation, and SAML protocols

Solution:• TPM attestation credentials combined with user PIN/passwords are

authenticated through TCG Trusted Third Party server to provide access to Identity Provider servers and then passed to Federation Gateway servers.

• Initial strong authentication of user identity is communicated within ‘trust circles’ to other federated identity partners as basis for determining strength of authentication.

Model 7: Strong Authentication and Federated Identity

ServiceProvider

A

Service Provider

B

Service Provider

C

LibertyAlliance

WS-Fed

eratio

n

OASIS - SAML

Identity Federation

Federation Gateway

• Credentials• PIN / PW

IdentityProvider

TCGAttestation

Server

AuthenticationContext

(TCG Strong Authentication)

User Device w/TPM

Logon


Model 8: Key Management of Trusted Platforms

Problem: Secure backup, recovery, and migration of keys held in trusted hardware platforms– Management of the ‘secrets’ held in trusted platform hardware

requires security based tools to protect the secrets during lifecycle management systems management tasks

Solution: Key Transfer Manager, Wave Systems– KTM Client: Allows users to locally back up and recover

specified TPM keys to any local storage including disk, USB key,or smartcard

– KTM Server: Enterprise server to securely communicate to TPMs in order to backup, recover, and migrate keys to existing or new TPM platforms


Model 9: Consumer Authentication for Secure Internet Shopping Transactions

Problem: Authentication of user identity by merchant and bank for Internet shopping transactions– Current authentication using ID with password has high rate of

fraud for Internet transactions– Need to transfer transaction liability from merchant to

consumer’s bank

Solution: Caisse d’Epargne French Banking Example• User is issued certified credentials and keys from bank.• Credentials and keys are held in TPM in user device• At checkout, merchant requests authentication of user from bank

utilizing 3-D Secure protocol (VISA / Mastercard). • Bank determines user identity based on TPM based credentials and

TCG Trusted Third Party server.• Bank verifies user identity back to merchant for transaction


Model 9: Caisse d’Epargne Demonstration, Cartes, 2003


ID TRONIC (3D-Secure) with TPM

6- CE back office verifies the signature, verifies that TPM hardware keys are used

CE Web merchant

End user already registered with a TPM, a CE key and a CE certified credential

CE back office

1- Article selection

2- Payment phase

3- Redirection to the CE back office

4- ID Tronic identification process : Challenge sent to the user 5- The user uses his

CE secret key to sign the challenge

7- CE back office informs the web merchant of the success

8- CE back office informs the user of the success

WAVE Attestation Credential Manager

Model 10: Strong Authentication and eSIGN Digital Signatures


Problem: Web Services utilizing eSIGN compliant digital signatures need strong user authentication and non-repudiation– Legally valid digital signatures are enhanced with non-

repudiation of the user identity– Digital signatures applied from trusted platforms minimize

fraud risks

Solution:• User and platform credentials are authenticated using

TPM Digital signatures based on the digital certificate held in the TPM

• Optionally, TPM based time services for time stamping can be provided.

• Currently implemented in eSIGN Transaction Management Suite

Model 11: TPM Hardware Authentication to Standard Microsoft VPNs

Problem: Only allow VPN access from trusted platforms – Digital certificates used for VPN access are stored in software– Adding hardware level authentication needs to be done with minimal

changes to the existing VPN server systems

Solution:• PCs with TPMs store VPN credentials in hardware storage • A TCG Trusted Third Party server generates Attestation Identity

Keys which are used to authenticate VPN requests are coming from trusted platforms

• Microsoft’s Active Directory, VPN, and Certificate Servers can easily add support for authentication using digital certificates and AIKs from trusted platforms to control VPN access


Case 11: TPM Platforms in a Microsoft VPN


PCw/ TPM

MS VPN

Server

1. User Request for VPN Access 8. User VPN

Session Established

MS ActiveDirectory

2. Valid Request?3. Needs

Certificate

TCGAttestation Credential Manager

4. Request AIK key

7. Directory Updated with AIK/Cert

MS Digital Certificate

Server

5. Request Certificate using AIK credential

6. AIK Checked for Validity

Date post:	19-Jun-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times