Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
USC CSci599Trusted ComputingLecture notesSpring 2007
Dr. Clifford Neuman
University of Southern California
Information Sciences Institute
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Administration
• Class home pagehttp://ccss.usc.edu/599tc– Preliminary Syllabus– Assigned Readings– Lecture notes– Assignments
• See me for D Clearance
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Administration
• Class e-mail: [email protected]
• Instructor
– Dr. Clifford Neuman
– Office hours Friday 10:45-11:45 SAL 212
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
USC CSci599Trusted ComputingLecture Two – Trusted HardwareJanuary 19, 2007 - PRELIMINARY
Dr. Clifford Neuman
University of Southern California
Information Sciences Institute
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
NOTE
• These are place holders for the topics we will discuss today.
• There will be more slides by lecture.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
The Hardware Basis
• Trusted computing is proof by induction
– Each attestation stage says something about the next level
– Just like PKI Certification hierarchy
• One needs a basis step
– On which one relies
– Hardware is that step
▪ (well, second step anyway)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Hardware Topics
• Trusted Platform Module
• Discussion of Secure Storage
• Boot process
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Trusted Platform Module
• Basically a Key Storage and Generation Device
• Capabilities:
–Generation of new keys
–Storage and management of keys
▪ Uses keys without releasing
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Endorsement Key
• Every TPM has unique Endorsement key
–Semi-root of trust for system
–Generated and installed during manufacture
▪ Issues
–Real root is CA that signs public key associated with Endorsement key
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Identity Key
• Key associated with certificate from a CA attesting to identity of the TPM and version / security attributes.
(I’m not sure of the relationship with the EK)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Storage Root Key
• Root of Key Hierarchy for managing keys related to TPM (except EK)
–Root key never leaves TPM
–Can be changed to reinitialize ownership.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Storage Keys
• Can protect data
• Can protect other keys
• Some storage keys may be migrated.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Binding Key
• Private key to decrypt data perhaps encrypted by others using a public key
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Using Encryption
• LoadKey
–Generated or imported
• Sign
–Signs Data Presented to TPM
• Unbind
–Decrypt data from elsewhere in a public key
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Using Encryption
• Seal/Unseal– Encrypt and subsequent decrypt– This TPM Only– PCRs must be correct
• Platform Configuration Register (PCR)– 20 by storage inside TPM is digest of
accumulated data.– Contains information about the programs and
other state of the processor.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Using Encryption
• Extend
–Add data to a PCR
– 20 byte hash hashed into current PCR
–As each module loaded its hash extends the PCR
• Quote
–Sign current value of PCR
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Using Encryption
• CreateWrapKey–Creates and encrypts for transfer a new
RSA key• MakeIdentity–Creates an Attestation Identity key for a
user• TakeOwnership–Reinitialize TPM, and erases old keys
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Using Encryption
• Other Functions
–OIAP/OSAP
–GetCapability
–GetRandom
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
How to Use it For Atestation
• As modules loaded, their hashes extend the PCR.
• When attestation needed, remote entity can ask the TPM to sign PCR.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Peripheral Authenication
• TPM’s can be embedded in peripherals too, so a system knows it is dealing with an authentic biometric scanner or other kinds of devices.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Exercise - Secure Storage
• Full Disk Encryption– Key in register in disk– Or key in TPM and data
encrypted/decrypted by TPM• Seagate Drive uses register in Disk– Key must be loaded– User prompt at BIOS– Or managed by TPM▪ But OS image maybe on disk, how to get
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
The Boot Process
–Work and example using the functions described already.