Trusted Computing: Opportunities and Challenges

Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1

Trusted Computing: Opportunities and Challenges.

David Grawrock

TCG TPM Workgroup Chair


Agenda

• Trusted Computing Overview

• TCG Introduction

• TCG Technologies

• Trusted Applications

• Summary

• Questions and Answers


Risk Management• Most current security efforts

follow a similar progression– Network (intranets, firewalls, VPNs,

etc.)– Servers (load balancers, HSMs,

SSO, web authentication, etc.)– Policies & processes (response

plans, disaster recovery, etc.)– Identity & access (badges, tokens,

digital certificates, etc.)

• Client PC protection is either non-existent or vulnerable– Mobile workers operate both inside and outside the firewall

– Mobile devices (laptops) can easily store business critical information insecurely


Today’s Deployments Often Leave Clients Relatively Unprotected

• Highly regulated SW/HW configuration

• Controlled physical access (24x7)

• Intrusion detection SW• Firewalls• Anti-virus• Network segmentation• Encrypted data• Real-time monitoring• Auditing & analysis

tools• Multi-factor user auth.• Configuration monitors• Patch, Configuration, &

Policy Control

Server

• Encryption (IPSec, SSL)

• VPN

• Layered firewalls

• Intrusion detection SW

• 24x7 monitoring

• Network segmentation

• 802.1x (Radius)

• Multi-factor authentication

• Domain controllers

• Policy management

• Configuration monitors

Network

• Passwords• Anti-virus• User authentication• Patch, Configuration,

& Policy Control • Intrusion detection SW

Client

Mismatch between security measures and the Mismatch between security measures and the financial value of data created & stored on clientsfinancial value of data created & stored on clients

Mismatch between security measures and the Mismatch between security measures and the financial value of data created & stored on clientsfinancial value of data created & stored on clients


Trusted Computing – Bottom to Top

Trusted Hardware

PC Hardware

BIOS Firmware

Operating System

System Services

Applications

User Services Security at any layer can be defeated by accessing the next lower layer

Trusted Computing requires security hardware as the foundation for platform security

Plus security enablement features in each layer


TCG Mission

Develop and promote open, vendor-neutral, industry standard specifications for trusted computing building blocks and software interfaces across multiple platforms


TCG Structure

• TCG is incorporated as a not-for-profit corporation, with international membership– Open membership model

• Offers multiple membership levels: Promoters, Contributors, and Adopters

– Board of Directors • Promoters and member elected Contributors

– Typical not-for-profit bylaws– Industry typical patent policy (Reasonable and

Non Discriminatory) for all published specifications – Working Groups


TCG Organization

Marketing Workgroup Nancy Sumrall, Intel

Board of DirectorsJim Ward, IBM, President and Chairman, Geoffrey Strongin, AMD, Mark Schiller, HP, David Riss, Intel, Steve Heil,

Microsoft, Tom Tahan, Sun, Nicholas Szeto, Sony, Bob Thibadeau, Seagate, Thomas Hardjono, Verisign

Server Specific WGLarry McMahan, HPMarty Nicholes, HP

Position KeyGREEN Box: Elected OfficersBLUE Box: Chairs Appointed by BoardRED Box: Chairs Nominated by WG,

Appointed by BoardBLACK Box: Resources Contracted by TCG

User Auth WGLaszlo Elteto, SafeNet

Mark Nesline, RSA Sec.

TSS Work GroupDavid Challener, IBM

TPM Work GroupDavid Grawrock, Intel

Storage Systems Robert Thibadeau,

Seagate

AdministrationVTM, Inc.

Advisory Council Invited Participants

Best Practices Jeff Austin, Intel

Technical Committee Graeme Proudler, HP

Public Relations

Anne Price, PR Works

EventsMarketingSupportVTM, Inc.

Peripherals WGColin Walters, Comodo

PDA WGJonathan Tourzan, Sony

PC Client WGMonty Wiseman, Intel

Mobile Phone WGPanu Markkanen, Nokia

Infrastructure WGThomas Hardjono, Verisign

Ned Smith, Intel

Conformance WGManny Novoa, HP

Hard Copy WGBrian Volkoff, HP (interim)


TCG Membership86 Total Members as of November 3, 2004 7 Promoter, 64 Contributor, 15 Adopter

PromotersAMDHewlett-PackardIBMIntel CorporationMicrosoftSony CorporationSun Microsystems, Inc.

AdoptersAli Corporation American Megatrends, Inc. Enterasys NetworksFoundry NetworksFoundstone, IncGatewayIndustrial Technology Research Inst.MCINevis Networks, USA Senforce TechnologiesSilicon Integrated Systems Corp. Softex, Inc. Toshiba Corporation ULi Electronics Inc.Winbond Electronics Corporation

ContributorsMotorola Inc. National Semiconductor nCipher Network Associates Nokia NTRU Cryptosystems, Inc. NVIDIA OSA Technologies, Inc Philips Phoenix Pointsec Mobile Technologies Renesas Technology Corp. RSA Security, Inc. SafeNet, Inc. Samsung Electronics Co. SCM Microsystems, Inc. Seagate Technology SignaCert, Inc. Silicon Storage Technology, Inc. Sinosun Technology Co., Ltd. Standard Microsystems Corporation STMicroelectronics Sygate Technologies, Inc. Symantec Symbian Ltd Synaptics Inc. Texas Instruments Transmeta Corporation Trend Micro Utimaco Safeware AG VeriSign, Inc. Vernier Networks VIA Technologies, Inc. Vodafone Group Services LTD Wave Systems Zone Labs, Inc.

ContributorsAgere Systems ARM ATI Technologies Inc. Atmel AuthenTec, Inc. AVAYA Broadcom Corporation Certicom Corp. Comodo Dell, Inc. Endforce, Inc. Ericsson Mobile Platforms AB Extreme Networks France Telecom Group Fujitsu Limited Fujitsu Siemens Computers Funk Software, Inc. Gemplus Giesecke & Devrient Hitachi, Ltd. Infineon InfoExpress, Inc. iPass Juniper Networks Lenovo Holdings Limited Lexmark International M-Systems Flash Disk Pioneers Meetinghouse Data Communications


• Protect user keys (digital identification) and files (data)• Protect secrets (passwords)• Enable a protected computing environment

• Ensuring the user’s control• Protecting user’s privacy

While…

TCG defines mechanisms that

Goals of the TCG Architecture

Design Goal: Delivering robust security with user control and privacy


TPM Abstract Architecture• Module on the motherboard

– Can’t be removed or swapped– Secrets in module can’t be read by HW or SW

attackers

• Stores Private Keys– Perform the private key operation on board so that

private key data never leaves TPM

• Hold Platform Measurements– PC measures software, TPM is repository of

measurements


The Trusted Platform Module• Enhances many aspects of platform security

– Specified by Trusted Computing Group (TCG)

• Major functions include– Protected non-volatile storage of platform secrets– Special purpose protected processing

• Digital signatures• RSA key generation• Data protection

– Spoof-resistant platform authentication capability

TPMTPM


TPM PC Market Projection

152

4

170

35

187

60

202

115

217

175

0

50

100

150

200

WWPCsIn

Millions

2003 2004 2005 2006 2007

Total PCs Shipped TPM-Enabled PCs Shipped

152

4

170

35

187

60

202

115

217

175

0

50

100

150

200

WWPCsIn

Millions

2003 2004 2005 2006 2007

Total PCs Shipped TPM-Enabled PCs Shipped

(Source: IDC)


GoalsGoals

Trusted Computing

• Trusted Computing is a concept to protect and strengthen the computing platform against software-based attacks

Protect business data and communications against current

and future software attacks

Provide opportunities for value-added services

Enable broadly-adoptable security technologies with

immediate utility to business users and IT

Deploy in a responsible manner that maintains user privacy,

choice and control


Security and Trust Services

Applications and ServicesTrusted Device Eco-System

Cell Phones

PC

Peripherals

ConsumerElectronics

Communications

TransactionsIdentity

DeviceAdministration

Control

Content Services

AccessControl

EmbeddedControllers

KeyManagement

Attestation

ConfigurationManagement

PDATrusted

Platform Module


TPM Hardened Applications

Type Description

File/Folder Encryption

• Keys protected by TPM• E.g. Wave *, Softex*, IBM*, HP*, Infineon*, Information Security Corp.*

Client-based Single Logon

• Username/Password auto fill. User only have to remember one password. TPM app lets user register other passwords and automatically fills them in when password dialog is presented.

• E.g. Softex*, Wave*, IBM*, Congizance*

Protected Information Repository

• Use TPM wrapping/sealing capability to protect sensitive information like credit cards, account numbers, or even biometric templates.

• Some with auto form filling capabilities• E.g. Wave*, IBM*, Softex*

E-mail Integration

• Encryption, Signature schemes supporting MS-CAPI or PKCS#11• E.g. Outlook*, Netscape*, Information Security Corp.*

Digital Signature

• Digital signature application to E-mail, Adobe’s PDF files, e-purchasing, etc.• E.g. Microsoft*, Adobe*, Netscape*

Enterprise Logon

• Platform authentication using TPM• E.g. Cognizance*, Wave Trust Server*

Remote Access

• Remote access credentials are protected by the TPM. Can be used for VPN, Wireless 802.1x and similar type authentications.

• E.g. SecurID*, Checkpoint VPN-1 SecureClient*

Hardened PKI • Protect & Manage Certificate Authority issued credentials using TPM• E.g. VeriSign PTA*, Checkpoint*, RSA*


Authentication and Federated Identity

• Problem: Federated identity systems need strong, multifactor authentication for high value web services

– Strength of initial user authentication into networks of federated identity determine the level of trust and non-repudiation for web services

– Authentication contexts are defined and communicated by Liberty Alliance, Web Services – Federation, and SAML protocols

• Solution:– TPM attestation credentials combined with user PIN/passwords are

authenticated through TCG Trusted Third Party server to provide access to Identity Provider servers and then passed to Federation Gateway servers.

– Initial strong authentication of user identity is communicated within ‘trust circles’ to other federated identity partners as basis for determining strength of authentication.


ServiceProvider

A

Service Provider

B

Service Provider

C

LibertyAlliance

WS-F

eder

ation

OASIS - SAML

Identity Federation

Federation Gateway

Strong Authentication and Federated Identity

• Credentials• PIN / PW

IdentityProvider

TCGAttestation

Server

AuthenticationContext

(TCG Strong Authentication)

User Device w/TPM

Logon


TPM Authentication to VPN• Problem: Only allow VPN access from trusted platforms

– Digital certificates used for VPN access are stored in software– Adding hardware level authentication needs to be done with

minimal changes to the existing VPN server systems

• Solution:– PCs with TPMs store VPN credentials in hardware storage – A TCG Trusted Third Party server generates Attestation Identity

Keys which are used to authenticate VPN requests are coming from trusted platforms

– VPN and Certificate Servers can easily add support for authentication using digital certificates and AIKs from trusted platforms to control VPN access


TPM Platforms with a VPN

PCw/ TPM

VPN Server

1. User Request for VPN Access 8. User VPN

Session Established

ActiveDirectory

2. Valid Request?3. Needs

Certificate

TCGAttestation Credential Manager

4. Request AIK key

7. Directory Updated with AIK/Cert

Digital Certificate

Server

5. Request Certificate using AIK credential

6. AIK Checked for Validity


Trusted Computing – Bottom to Top

Trusted Hardware

PC Hardware

BIOS Firmware

Operating System

System Services

Applications

User Services Security at any layer can be defeated by accessing the next lower layer

Trusted Computing requires security hardware as the foundation for platform security

Plus security enablement features in each layer


TCG Information

• For Information on TCG Membership and Programs

TCG Administration

5440 SW Westgate Dr., Suite 217

Portland, OR 9722

PH: 503.291.2562 FX: 503.297.1090

[email protected]

www.trustedcomputinggroup.org

• For Technical Information & Specification Questions

[email protected]


Questions

Documents

Trusted Computing: Opportunities and Challenges