Embed Size (px)
Citation preview
1
Trusted Computing & Trusted Computing Group
January 15 2008Claire Vishik, Intel
2
Agenda
• Technology Introduction– Premises for Trusted Computing
• TCG and Trusted Computing Technology– Trusted Computing Group (TCG)– TPM: technology, main uses– Usage scenarios
3
Technology Introduction
Premises for Trusted Computing
4
Platform Authentication
?
• Applications tend to focus on “user authentication”– But how does the IT infrastructure know which
platform (computer) is being used?– Is it authorized to be attached to the internal
network?
5
Platform Attestation
?
• Applications tend to assume they have not been attacked– Especially true of “monitoring” or “defensive” apps,
e.g. anti-virus– But how does the IT infrastructure know if the
platform is executing the application as authorized?
6
Protecting Secrets
• OS (Operating System) and applications typically use software to protect keys and secrets– There is no standardized and isolated
place to create and store secrets– All software can be attacked
7
Trusted Computing: Today’s Positioning• Helps create a safer computing environment
– Different paradigm from prevailing exclusionary models in other security technologies
• The technology is reasonably common– TPM (Trusted Platform Module) is a common
component on most business PCs and desktops (100 million shipped in 2007)
• Supports scenarios useful for everyday operations in diverse environments (citizen-to-government, e-commerce, etc.)
• Ecosystem needs to be better developed for full support of TC technologies
8
Trusted Computing Group (TCG)
Structure, membership, specifications
9
Who is TCG?• The Trusted Computing Group (TCG) is an international
industry standards group• TCG Mission: Develop and promote open, vendor-
neutral, industry standard specifications for trusted computing building blocks and software interfaces across multiple platforms– Upon completion, the TCG publishes the specifications– Anyone may download the specifications once they are
published– TPM 1.2 specification was submitted to ISO (Dec 2007)
• The TCG is organized into a work group model whereby experts from each technology category can work together to develop the specifications– An environment where competitors and collaborators can
develop industry best capabilities that are vendor neutral and interoperable.
10
TCG Organization
Marketing Work Group Brian Berger, Wave Systems
Board of Directors (as of Dec 2007)Scott Rotondo, Sun, President and Chairman; Boris Belacheff, HP; Garth Hillman, AMD; Seigo Kotani, Fujtisu Ltd., Ron
Perez, IBM; Thomas Rosteck, Infineon; Claire Vishik, Intel; David Challener, Lenovo; David Wooten, Microsoft; Scott Rotondo, Sun; Bob Thibadeau, Seagate; Brian Berger, Wave Systems
Server Specific WGCarey Huscroft, HP
Florian Samson, BSI
Position KeyGREEN Box: Elected OfficersBLUE Box: Chairs Appointed by BoardRED Box: Chairs Nominated by WG,
Appointed by BoardBLACK Box: Resources Contracted by TCG
TSS Work GroupDavid Challener, Lenovo
TPM Work GroupDavid Grawrock, Intel
Storage WGRobert Thibadeau, Seagate
AdministrationVTM, Inc.
Advisory Council Invited Participants
Technical Committee Graeme Proudler, HP
Public RelationsAnne Price,PR Works
EventsMarketingSupportVTM, Inc.
Peripherals WGSuspended
PC Client WGMonty Wiseman, Intel
Mobile Phone WGJanne Uusilehto, Nokia
Infrastructure WGThomas Hardjono, Wave
Ned Smith, Intel
Conformance WGSimon Johnson, Intel
Hard Copy WGBrian Volkoff, HP
Authentication WGJesus Molina, Fujitsu
Gerald Maunier, Gemalto
Certification Program Committee
Boris Balacheff, HPHans Brandl, Infineon
TNCSteve Hanna, Juniper
Paul Sangster, Symantec
Compliance WGGeorg Rankl, InfineonSteve Hanna, Juniper
Virtualized Platform WGStefan Berger, IBM
Robert Malek, Unisys
11
TCG MembershipBoard Member Companies
Early access to specs.
Create specs.Chair WGs
Create specs.
No Spec. access.
Classes of Participants 144 Members as of Dec 2007
8 Promoters80 Contributors11 Adopters45 Small Adopters
12
Liaison Program• Program is available to Academic Institutions, other
Standards Bodies, Government Agencies, and Special Interest Groups with a stake in trusted computing.
• Invitation only. Non-voting participation in workgroups. No fee. Representative approved prior to joining.
• Some Liaison Program Members – Government Related
• Australian IT Security Forum• New Zealand Government• BSI (Germany)• U.K. Government Communications Headquarters (GCHQ)
Communications-Electronics Security Group (CESG)• United States National Security Agency (NSA)• CESI (PRC)• Other Government Agencies & groups
– Universities• Notre Dame, Oxford, Politecnico di Torino, Fachhochschule Hannover,
Belfast, San Diego, Macquarie, many other schools
13
TCG: The “BIG” Picture
TCG Standards
TCG Standards
Applications•Software Stack
•Operating Systems•Web Services•Authentication•Data Protection
Storage
Servers
Desktops & Notebooks
Security Hardware
Networking
Printers & Hardcopy
Mobile Phones
14
TPM (Trusted Platform Module) Market Status Update
• TPM PCs – ~70 Million shipped through ‘06, > 100M estimated for 2007.
– Most branded commercial notebook and desktop PCs have TPMs
• TPM servers available • TPM providers –increasing, with multiple solutions and integration
levels• Trusted Network Connect (TNC) products shipping• Use cases released for mobile & storage capabilities
– Storage proof of concept demonstration available– Draft specification for Mobile Trust Module
• Applications available and shipping with PCs & Servers• Virtualization WG created in 2007
15
Product ImplementationsTPM Vendors:AtmelBroadcomInfineonSinosunSTMicroelectronicsWinbond
Drive MakersSeagate
TCG Solutions:Infineon Professional PackageM-SystemsNTRUSoftex (Omni Pass and Theft Guard)Utimaco (SafeGuard)VeriSign (Personal Trust Agent)Wave Systems (Embassy Trust Suites)
TNC SuppliersJuniperHPWave Systems
Solutions for:Data Protection
ID Management
Network Security
802.1X Security
VPN Security
SSO
TCG Enabled Computer Systems:Dell (Latitude Notebook and Optiplex Desktop Series)Fujitsu (LifeBook Notebook & Desktop systems)HP (HP Protect Tools)Sun MicrosystemsIBM (Embedded Systems Solution)Intel (Intel® Desktop Board’s – 12X) Lenovo (T-Series)Toshiba
16
TCG PC Client H/W Design
MCH
Family 1.2 TPM
• TPM Functions defined in TPM Functional Spec– What TPM does and
commands it uses
• Interfaces defined in the TPM Interface Spec– How to communicate
with TPM
ICH
AGP
NetworkPort
LPC
RemoteAgentnetwork
TPM
CPU
RAM
BIOS
TPM attached to motherboard
17
Basic TPM Block Diagram
RNGRNGRSARSA
EngineEngine
NonNon--VolatileVolatile
StorageStorage
Key Key
GenerationGeneration
PlatformPlatform
ConfigurationConfiguration
Register (PCR)Register (PCR)
OptOpt--InIn
SHASHA--11
Trusted Platform Module (TPM)Trusted Platform Module (TPM)
PackagingPackaging
I/OI/O
Exec EngineExec Engine Program CodeProgram Code
Volatile Volatile
StorageStorage
AIKAIK
18
TPM – Key Features•Authenticate a platform (machine or device)•Store integrity status of a platform•Anchor roots of trust on the platform•Securely create/store/manage encryption keys•Protect itself against software attacks•Fully controlled by the owner
– Privacy positive implementation
Note: Contains no bulk encryption engine
19
TPM Capabilities
What a TPM IS:– Secure key store– Secure unique identity used for
platform authentication• Hardware, Software, Firmware
– Used for digital signing and verification
– Can strengthen user authentication
– Can strengthen auditing & reporting
What a TPM IS-NOT– Bulk encryption
engine– ID management
system– DRM system
20
Thank you.
• Questions?
