1 / 31

Trusted Computing

Trusted Computing. Yaron Sheffer Manager, Standards and VPN Technologies Check Point Jan. 2008. Agenda. A few words about Check Point Why Trusted Computing The Trusted Computing Architecture Uses of Trusted Computing Issues with Trusted Computing Trusted Computing in practice

abril
Download Presentation

Trusted Computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Trusted Computing Yaron Sheffer Manager, Standards and VPN Technologies Check Point Jan. 2008

  2. Agenda • A few words about Check Point • Why Trusted Computing • The Trusted Computing Architecture • Uses of Trusted Computing • Issues with Trusted Computing • Trusted Computing in practice • Details: 3rd party attestation • The TC ecosystem: related and competing work, NAC

  3. A Global Security Leader • Global leader in firewall/VPN* and mobile data encryption • More than 100,000 protected businesses • More than 60 million consumers • 100% of Fortune 100 as customers Leader Revenue Net Profit • 100% focus on information security • >1,000 dedicated security experts • Protecting networks and enterprise data 100% security • ~ 2,000 employees • 69 offices, 28 countries • 2,200 partners, 88 countries • HQ in Israel and U.S.A. Global * Frost & Sullivan

  4. Always Anticipating New Security Needs SMART Security Management Architecture • Consistence and scalable security • Validate IT investments- lower TCO • Compliance • Improve operations efficiency • Enforce security policy • Incident response • Security audits • Update security posture, defenses Check Point solution • Unified security management • Real time event analysis • Reporting, policy optimization • One-click security updates Unified Security Architecture Business drivers Firewall VPN Client VPN Anti-Virus UTM Disk Encryption Technology enablers IPS Personal firewall Media Encryption Management Disk Encryption Monitoring Port control Reporting Security issues Data leakage Compliance

  5. Agenda • A few words about Check Point • Why Trusted Computing • The Trusted Computing Architecture • Uses of Trusted Computing • Issues with Trusted Computing • Trusted Computing in practice • Details: 3rd party attestation • The TC ecosystem: related and competing work, NAC

  6. Trusted Computing • Trust (RFC 4949): A feeling of certainty (sometimes based on inconclusive evidence) either (a) that the system will not fail or (b) that the system meets its specifications (i.e., the system does what it claims to do and does not perform unwanted functions) • When approaching a PC, do we have this feeling? • Something is rotten in the state of Denmark

  7. Lack of Trust • Mutability • Data • Applications and libraries • Device drivers • Kernel components • And… the BIOS • “Least privilege” principle is ignored • Administrator privileges • Huge amounts of trusted code • Secure development principles are not applied

  8. Trusted Computing Group • [An] organization formed to develop, define, and promote open standards for hardware-enabled trusted computing and security technologies, including hardware building blocks and software interfaces, across multiple platforms, peripherals, and devices • Implicitly: software alone will not do • Established (as TCPA) 1999 • TPM 1.0 published Feb. 2001 • TNC work started 2004 • Around 200 member companies • www.trustedcomputing.org

  9. Agenda • A few words about Check Point • Why Trusted Computing • The Trusted Computing Architecture • Uses of Trusted Computing • Issues with Trusted Computing • Trusted Computing in practice • Details: 3rd party attestation • The TC ecosystem: related and competing work, NAC

  10. Trusted Computing Architecture TPM (Trusted Platform Module): a tamper-resistant hardware module mounted in a platform. Responsible for: measurement, storage, reporting and policy enforcement App1 App2 App3 Protected Code Operating System Encrypted Files TPM Boot Process

  11. Roots of Trust • A Root of Trust is a component that must behave as expected, because its misbehaviour cannot be detected • A piece of code • Root of Trust for Measurement: the component that can be trusted to reliably measure and report to the Root of Trust for Reporting what software executes at the start of platform boot • Root of Trust for Reporting: the component that can be trusted to report reliable information about the platform • Root of Trust for Storage: the component that can be trusted to securely store any quantity of information

  12. A Chain of Trust • The core idea of the Trusted Computing architecture • Each stage measures and validates the next one • Measurements go into Platform Configuration Registers (PCRs) on the TPM • The chain starts with the hardware TPM • Then software: • RTM, TPM Software Stack, BIOS, kernel • Applications? • At the end, the entire platform is verified to be in a trusted state

  13. TC Cryptographic Capabilities • SHA-1, HMAC • Hashed message authentication code • Physical random number generation • An important feature in itself • Asymmetric key generation • 2048-bit RSA • Asymmetric crypto encryption/decryption and signing • RSA PKCS#1 • Bulk symmetric crypto is performed off-chip • For example, disk encryption • Reasons: price, export considerations • This is no high performance crypto chip!

  14. Agenda • A few words about Check Point • Why Trusted Computing • The Trusted Computing Architecture • Uses of Trusted Computing • Issues with Trusted Computing • Trusted Computing in practice • Details: 3rd party attestation • The TC ecosystem: related and competing work, NAC

  15. Uses of Trusted Computing • Data protection: storage of secrets • TPM unseals storage keys only if the platform is in a trusted state • Detecting unwanted changes to a machine’s configuration • Secure boot • The next three require “3rd party attestation” • Protocol described later • Checking client integrity on a local network • E.g. before the client is allowed into the network • Or by each network server • Verifying the trustworthiness of a “kiosk” • By a remote server • By a local smartcard • Machine authentication for remote access

  16. Authentication and Privacy: A Contradiction? • When you digitally sign a measurement report, you potentially reveal your identity! • The architecture provides for the TPM to have control over “multiple pseudonymous attestation identities” – next slide • TPM attestation identities do not contain any owner/user related information • A platform identity attests to platform properties • No single TPM “identity” is ever used to digitally sign data • Privacy protection • TPM Identity certification is required to attest to the fact that they identify a genuine TC platform • The TPM Identity creation protocol allows for choosing different Certification Authorities (Privacy CA) to certify each TPM identity • Prevent correlation

  17. Multiple Pseudonymous Attestation Identities… Identity CA Trusts… Certified by… Verifier Host Host being verified Name1 Name2

  18. Issues with Trusted Computing • TC is happening very slowly • A mixture of technical, business and perceptual issues • Can a large and not-so-well-designed OS ever become trustworthy? • Intel’s current direction might point to a solution • The distinction between platform owner and data owner • Can Sony prevent you from playing their songs? – DRM is evil! • Can Sony prevent you from reading their confidential financial data? – Enterprise DRM is ??? • But hey, we’ve had DRM long before TPM! • Allowing an “open” software ecosystem • For proprietary software • For open source software • For open source software that refuses to “play by the rules”

  19. Trusted Computing in Practice • TPM exists on a very large percentage of desktops and laptops • On your computer, too • But it is disabled by default • So it is rarely used • Even innocuous functionality like RNG is blocked! • Microsoft was expected to enhance TC functionality in Vista • But only made a small step with BitLocker • Apple used TPM once to ensure its new OS only runs on its own “beta” machines • But this is the wrong way around!

  20. Agenda • A few words about Check Point • Why Trusted Computing • The Trusted Computing Architecture • Uses of Trusted Computing • Issues with Trusted Computing • Trusted Computing in practice • Details: 3rd party attestation • The TC ecosystem: related and competing work, NAC

  21. Remote Attestation Three phases Measurement: machine to be attested must measure its properties locally Attestation: transfer measurements from machine being attested to remote machine Verification: remote machine examines measurements transferred during attestation and decides whether they are valid and acceptable

  22. Linux Integrity Measurement

  23. Linux Attestation

  24. Linux Verification

  25. Agenda • A few words about Check Point • Why Trusted Computing • The Trusted Computing Architecture • Uses of Trusted Computing • Issues with Trusted Computing • Trusted Computing in practice • Details: 3rd party attestation • The TC ecosystem: related and competing work, NAC

  26. Network Access Control (NAC) • Two separate goals: • Ensure computers are “clean”, and running an authorized configuration • Ensure only “good” computers connect to the LAN • We could have done #1 with TC, but TC is not happening • So we just ask the computer nicely, and believe the response… • NAC is important in the marketplace • Being standardized within TCG • Under the name Trusted Network Connect, TNC • It might converge with TC some day

  27. TC: Related and Competing Initiatives • Microsoft Next Generation Secure Computing Base (NGSCB), formerly Palladium • Uses TPM to create a secure OS partition • Was expected to go into Vista • Apparently dead now • Microsoft’s Bitlocker disk encryption survived into Vista • ARM TrustZone • Intel Trusted Execution Technology • Next slide

  28. Intel Trusted Execution Technology • A recent initiative, an extension of the vPro architecture • Relies on TPM • Focused on virtualization: partitioning of virtual machines • Requires an “enabled” OS and applications • Provides: • Protected (partitioned) execution – partitions are full virtual machines, each running its own OS • Sealed storage • Protected input (e.g. from USB devices) • Protected graphics • Software measurement and protected launch of OS components • Consists of: • CPU extensions • Chipset enhancements, e.g. to partition physical memory • TPM

  29. Summary • Trusted Computing tries to solve one of the top problems in today’s computing • It builds a complex and interesting architecture, using innovative hardware components • The in-built conflict between proven security and privacy has not been resolved, and maybe cannot be • TC is making small steps forward, will it ever see widespread use?

  30. Further Reading • https://www.trustedcomputinggroup.org/home • http://en.wikipedia.org/wiki/Trusted_computing • Pearson et al., Trusted Computing Platforms, Hewlett Packard and Prentice Hall 2003 • David Grawrock, The Intel Safer Computing Initiative. Intel Press 2006.

  31. Thank You! yaronf@checkpoint.com

More Related