USC CSci599 Trusted Computing Lecture Three – Software Basis for TC January 26, 2007

Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE

USC CSci599Trusted ComputingLecture Three – Software Basis for TCJanuary 26, 2007

Dr. Clifford Neuman

University of Southern California

Information Sciences Institute


Prelim Project 1A

• Pick an application that could benefit from the use of trusted computing.

– Prepare 5-15 slides explaining the benefits for the application to use trusted computing and describing how trusted computing provides those benefits.

OR


Prelim Project 1B

OR• Pick an function critical for trusted

computing.– Prepare 5-15 slides explaining the

purpose of the function and how it is implemented or would be implemented within an operating system or hardware platform.

OR


Prelim Project 1B

OR

• Pick an OS that has support for Trusted Computing.

– Prepare 5-15 slides explaining how the OS provides important TC functions. What is the underlying basis for the trust, and how do applications use the functionality.


Software Basis for Trusted Computing

• Last week we discussed the hardware base – the TPM.

• This week we look at the requirements within an operating system for Trusted Computing.


OS Concepts

• Trusted computing base

• Trusted path

• Separation of processes


The Trusted Computing Bases (TCB)

• That part of the system which is critical for security.

– Vulnerability of the TCB affects the core security of the system.

– Trusted Computing Extends the TCB across physical system boundaries.

▪ Allows remote components to be part of the TCB for a particular function.


Trusted Path

• Provides attestation of the system to the user.

– Requires confidence in the hardware by the user.

– Requires training of the user on how to invoke trusted path.


Separation of Processes

• Allows process that are trusted to run without interference from other processes.

– Requires isolation that is provided by lower level trusted modules.

– Include hardware support, much of which is already standard in chips, but some which is not.


Vista Security Technologies

• Summary of some of the support for trusted computing in Vista

(on the following slides)


Trusted Platform Module (TPM)?

Smartcard-like module

on the motherboard that:• Performs cryptographic functions

– RSA, SHA-1, RNG– Meets encryption export requirements

• Can create, store and manage keys– Provides a unique Endorsement Key (EK)– Provides a unique Storage Root Key (SRK)

• Performs digital signature operations

• Holds Platform Measurements (hashes)

• Anchors chain of trust for keys and credentials

• Protects itself against attacks

TPM 1.2 spec: TPM 1.2 spec: www.trustedcomputinggroup.orgwww.trustedcomputinggroup.org

Slide From Steve Lamb at Microsoft


Why Use A TPM?

• Trusted Platforms use Roots-of-Trust– A TPM is an implementation of a Root-of-Trust

• A hardware Root-of-Trust has distinct advantages– Software can be hacked by Software

▪ Difficult to root trust in software that has to validate itself– Hardware can be made to be robust against attacks

▪ Certified to be tamper resistant– Hardware and software combined can protect root secrets

better than software alone• A TPM can ensure that keys and secrets are only available for

use when the environment is appropriate– Security can be tied to specific hardware and software

configurations Slide From Steve Lamb at Microsoft


BootBoot

Windows Partition ContainsWindows Partition Contains Encrypted OSEncrypted OS Encrypted Page FileEncrypted Page File Encrypted Temp FilesEncrypted Temp Files Encrypted DataEncrypted Data Encrypted Hibernation FileEncrypted Hibernation File

Boot PartitionBoot Partition Contains: MBR, Loader, Contains: MBR, Loader, Boot Utilities (Unencrypted, small)Boot Utilities (Unencrypted, small)

Where’s the Encryption Key?Where’s the Encryption Key?

1.1. SRKSRK (Storage Root Key) contained in (Storage Root Key) contained in TPMTPM

2.2. SRKSRK encrypts encrypts VEKVEK (Volume (Volume Encryption Key) protected by Encryption Key) protected by TPM/PIN/DongleTPM/PIN/Dongle

3.3. VEKVEK stored (encrypted by stored (encrypted by SRKSRK) on ) on hard drive in Boot Partitionhard drive in Boot Partition

VEKVEK22

33

WindowsWindows

SRKSRK

1

Disk Layout & Key Storage



Volume Blob of Target OS unlocked

All Boot Blobs unlocked

Static OS

BootSector

BootManager

Start OS

OS Loader

BootBlock

PreOS

BIOS

MBR

TPM Init

BitLocker™ ArchitectureStatic Root of Trust Measurement of early boot components



Vista co-existence

• BitLocker encrypts Windows partition only

• You won’t be able to dual-boot another OS on the same partition

• OSes on other partitions will work fine

• Attempts to modify the protected Windows partition will render it unbootable

– Replacing MBR

– Modifying even a single bit



More on Vista signatures

• Don’t confuse hash validation with signatures

x64

• All kernel mode code must be signed or it won’t load

• Third-party drivers must be WHQL-certified or contain a certificate from a Microsoft CA

– No exceptions, period

• User mode binaries need no signature unless they—Implement cryptographic functions

Load into the software licensing service

x32

• Signing applies only to drivers shipped with Windows

• Can control by policy what to do with third-party

• Unsigned kernel mode code will load

• User mode binaries—same as x64



Code integrity non-goals

• Protecting from attackers with physical access

• Verifying the integrity of NTLDR

– Requires secure startup on TPM-enabled machines

– Requires read-only fixed media otherwise

• Supporting rebinding or hotpatching

– These change the on-disk image

– CI will work if patch includes updated hash

• Boot-time checks for revocation lists



More on Vista Loading

• New Super-Secret feature in 64 bit version of Vista (not TC related, but useful to know)

– System files load at random locations in memory.

– Uses no-execute feature in 64 bit chipsets.


Linux and Trusted Computing

• An IBM research project based

– Foundations are TPM and Linux Security Modules

• Provides

– TPM based trusted boot

– Authenticated File Metadata

– Also supports mandatory access controls


Linux and Trusted Computing

• Future plans include

– Integration with SELinux

– Integration with Xen

– Integration with encrypted file systems.

Documents

USC CSci599 Trusted Computing Lecture Three – Software Basis for TC January 26, 2007