360 likes | 666 Views
Trusted Computing. Yaron Sheffer Manager, Standards and VPN Technologies Check Point Jan. 2008. Agenda. A few words about Check Point Why Trusted Computing The Trusted Computing Architecture Uses of Trusted Computing Issues with Trusted Computing Trusted Computing in practice
E N D
Trusted Computing Yaron Sheffer Manager, Standards and VPN Technologies Check Point Jan. 2008
Agenda • A few words about Check Point • Why Trusted Computing • The Trusted Computing Architecture • Uses of Trusted Computing • Issues with Trusted Computing • Trusted Computing in practice • Details: 3rd party attestation • The TC ecosystem: related and competing work, NAC
A Global Security Leader • Global leader in firewall/VPN* and mobile data encryption • More than 100,000 protected businesses • More than 60 million consumers • 100% of Fortune 100 as customers Leader Revenue Net Profit • 100% focus on information security • >1,000 dedicated security experts • Protecting networks and enterprise data 100% security • ~ 2,000 employees • 69 offices, 28 countries • 2,200 partners, 88 countries • HQ in Israel and U.S.A. Global * Frost & Sullivan
Always Anticipating New Security Needs SMART Security Management Architecture • Consistence and scalable security • Validate IT investments- lower TCO • Compliance • Improve operations efficiency • Enforce security policy • Incident response • Security audits • Update security posture, defenses Check Point solution • Unified security management • Real time event analysis • Reporting, policy optimization • One-click security updates Unified Security Architecture Business drivers Firewall VPN Client VPN Anti-Virus UTM Disk Encryption Technology enablers IPS Personal firewall Media Encryption Management Disk Encryption Monitoring Port control Reporting Security issues Data leakage Compliance
Agenda • A few words about Check Point • Why Trusted Computing • The Trusted Computing Architecture • Uses of Trusted Computing • Issues with Trusted Computing • Trusted Computing in practice • Details: 3rd party attestation • The TC ecosystem: related and competing work, NAC
Trusted Computing • Trust (RFC 4949): A feeling of certainty (sometimes based on inconclusive evidence) either (a) that the system will not fail or (b) that the system meets its specifications (i.e., the system does what it claims to do and does not perform unwanted functions) • When approaching a PC, do we have this feeling? • Something is rotten in the state of Denmark
Lack of Trust • Mutability • Data • Applications and libraries • Device drivers • Kernel components • And… the BIOS • “Least privilege” principle is ignored • Administrator privileges • Huge amounts of trusted code • Secure development principles are not applied
Trusted Computing Group • [An] organization formed to develop, define, and promote open standards for hardware-enabled trusted computing and security technologies, including hardware building blocks and software interfaces, across multiple platforms, peripherals, and devices • Implicitly: software alone will not do • Established (as TCPA) 1999 • TPM 1.0 published Feb. 2001 • TNC work started 2004 • Around 200 member companies • www.trustedcomputing.org
Agenda • A few words about Check Point • Why Trusted Computing • The Trusted Computing Architecture • Uses of Trusted Computing • Issues with Trusted Computing • Trusted Computing in practice • Details: 3rd party attestation • The TC ecosystem: related and competing work, NAC
Trusted Computing Architecture TPM (Trusted Platform Module): a tamper-resistant hardware module mounted in a platform. Responsible for: measurement, storage, reporting and policy enforcement App1 App2 App3 Protected Code Operating System Encrypted Files TPM Boot Process
Roots of Trust • A Root of Trust is a component that must behave as expected, because its misbehaviour cannot be detected • A piece of code • Root of Trust for Measurement: the component that can be trusted to reliably measure and report to the Root of Trust for Reporting what software executes at the start of platform boot • Root of Trust for Reporting: the component that can be trusted to report reliable information about the platform • Root of Trust for Storage: the component that can be trusted to securely store any quantity of information
A Chain of Trust • The core idea of the Trusted Computing architecture • Each stage measures and validates the next one • Measurements go into Platform Configuration Registers (PCRs) on the TPM • The chain starts with the hardware TPM • Then software: • RTM, TPM Software Stack, BIOS, kernel • Applications? • At the end, the entire platform is verified to be in a trusted state
TC Cryptographic Capabilities • SHA-1, HMAC • Hashed message authentication code • Physical random number generation • An important feature in itself • Asymmetric key generation • 2048-bit RSA • Asymmetric crypto encryption/decryption and signing • RSA PKCS#1 • Bulk symmetric crypto is performed off-chip • For example, disk encryption • Reasons: price, export considerations • This is no high performance crypto chip!
Agenda • A few words about Check Point • Why Trusted Computing • The Trusted Computing Architecture • Uses of Trusted Computing • Issues with Trusted Computing • Trusted Computing in practice • Details: 3rd party attestation • The TC ecosystem: related and competing work, NAC
Uses of Trusted Computing • Data protection: storage of secrets • TPM unseals storage keys only if the platform is in a trusted state • Detecting unwanted changes to a machine’s configuration • Secure boot • The next three require “3rd party attestation” • Protocol described later • Checking client integrity on a local network • E.g. before the client is allowed into the network • Or by each network server • Verifying the trustworthiness of a “kiosk” • By a remote server • By a local smartcard • Machine authentication for remote access
Authentication and Privacy: A Contradiction? • When you digitally sign a measurement report, you potentially reveal your identity! • The architecture provides for the TPM to have control over “multiple pseudonymous attestation identities” – next slide • TPM attestation identities do not contain any owner/user related information • A platform identity attests to platform properties • No single TPM “identity” is ever used to digitally sign data • Privacy protection • TPM Identity certification is required to attest to the fact that they identify a genuine TC platform • The TPM Identity creation protocol allows for choosing different Certification Authorities (Privacy CA) to certify each TPM identity • Prevent correlation
Multiple Pseudonymous Attestation Identities… Identity CA Trusts… Certified by… Verifier Host Host being verified Name1 Name2
Issues with Trusted Computing • TC is happening very slowly • A mixture of technical, business and perceptual issues • Can a large and not-so-well-designed OS ever become trustworthy? • Intel’s current direction might point to a solution • The distinction between platform owner and data owner • Can Sony prevent you from playing their songs? – DRM is evil! • Can Sony prevent you from reading their confidential financial data? – Enterprise DRM is ??? • But hey, we’ve had DRM long before TPM! • Allowing an “open” software ecosystem • For proprietary software • For open source software • For open source software that refuses to “play by the rules”
Trusted Computing in Practice • TPM exists on a very large percentage of desktops and laptops • On your computer, too • But it is disabled by default • So it is rarely used • Even innocuous functionality like RNG is blocked! • Microsoft was expected to enhance TC functionality in Vista • But only made a small step with BitLocker • Apple used TPM once to ensure its new OS only runs on its own “beta” machines • But this is the wrong way around!
Agenda • A few words about Check Point • Why Trusted Computing • The Trusted Computing Architecture • Uses of Trusted Computing • Issues with Trusted Computing • Trusted Computing in practice • Details: 3rd party attestation • The TC ecosystem: related and competing work, NAC
Remote Attestation Three phases Measurement: machine to be attested must measure its properties locally Attestation: transfer measurements from machine being attested to remote machine Verification: remote machine examines measurements transferred during attestation and decides whether they are valid and acceptable
Agenda • A few words about Check Point • Why Trusted Computing • The Trusted Computing Architecture • Uses of Trusted Computing • Issues with Trusted Computing • Trusted Computing in practice • Details: 3rd party attestation • The TC ecosystem: related and competing work, NAC
Network Access Control (NAC) • Two separate goals: • Ensure computers are “clean”, and running an authorized configuration • Ensure only “good” computers connect to the LAN • We could have done #1 with TC, but TC is not happening • So we just ask the computer nicely, and believe the response… • NAC is important in the marketplace • Being standardized within TCG • Under the name Trusted Network Connect, TNC • It might converge with TC some day
TC: Related and Competing Initiatives • Microsoft Next Generation Secure Computing Base (NGSCB), formerly Palladium • Uses TPM to create a secure OS partition • Was expected to go into Vista • Apparently dead now • Microsoft’s Bitlocker disk encryption survived into Vista • ARM TrustZone • Intel Trusted Execution Technology • Next slide
Intel Trusted Execution Technology • A recent initiative, an extension of the vPro architecture • Relies on TPM • Focused on virtualization: partitioning of virtual machines • Requires an “enabled” OS and applications • Provides: • Protected (partitioned) execution – partitions are full virtual machines, each running its own OS • Sealed storage • Protected input (e.g. from USB devices) • Protected graphics • Software measurement and protected launch of OS components • Consists of: • CPU extensions • Chipset enhancements, e.g. to partition physical memory • TPM
Summary • Trusted Computing tries to solve one of the top problems in today’s computing • It builds a complex and interesting architecture, using innovative hardware components • The in-built conflict between proven security and privacy has not been resolved, and maybe cannot be • TC is making small steps forward, will it ever see widespread use?
Further Reading • https://www.trustedcomputinggroup.org/home • http://en.wikipedia.org/wiki/Trusted_computing • Pearson et al., Trusted Computing Platforms, Hewlett Packard and Prentice Hall 2003 • David Grawrock, The Intel Safer Computing Initiative. Intel Press 2006.
Thank You! yaronf@checkpoint.com