KEMBAR78
Trusted Computing security _platform.ppt
Uploaded bynaghamallella
PPT, PDF125 views

Trusted Computing security _platform.ppt

Trusted computing aims to increase security by adding a trusted computing module (TCM) hardware component. The TCM establishes a root of trust and measures the integrity of software during boot. It uses platform configuration registers to verify the system is in a trusted state through mechanisms like sealed storage, memory curtaining, and remote attestation which allows a system to prove its configuration to others. The technology is based on standards from the Trusted Computing Group and aims to address weaknesses of relying solely on software for security.

Download to read offline
Trusted Computing Asmaa ALQassab Nagham ALLella Lubna Thanoon Supervised by Dr. Najlaa Badeea
WHO DO I TRUST? • Today a computer trusts one of two entities in a user and hacker model. • The user is trusted and the hacker is not. • But when does a computer know that the user is not doing something harmful? • With TC the user and the hacker are both not trusted. This ensures that nothing is done that can compromise the security of the PC.
WHY TC? “The theory is that software based key generation or storage will always be vulnerable to software attack, so private keys should be created, stored, and used by dedicated hardware”
TRUSTED COMPUTING: BASIC IDEA • Addition of security hardware functionality to a computer system to compensate for insecure software. • Enables external entities to have increased level of trust that the system will perform as expected/specified. • Trusted platform = a computing platform with a secure hardware component that forms a security foundation for software processes. • Trusted Computing = computing on a Trusted Platform .
SO HOW DOES TC WORK? • For TC to work you have to use the Trusted Computing Module TPM which is a hardware system where the core (root) of trust in the platform will reside. • TPM will be implemented using a security microchip that handles security with encryption.
WHAT IS A TPM? • A chip integrated into the platform • The (alleged) purpose is to provide more security • It is a separate trusted co-processor “The TPM represents a separate trusted coprocessor, whose state cannot be compromised by potentially malicious host system software.”
THE TRUSTED COMPUTING GROUP • The Trusted Platform Module TPM is an international standard for a secure crypto- processor. • The TPM technical specification was written by a computer industry consortium called the Trusted Computing Group TCG. • The Trusted Computing Group is a non-profit industry consortium, which develops hardware and software standards. It is funded by many member companies, including IBM, Intel, AMD, Microsoft, Sony, Sun, and HP among others.
TRUSTED COMPUTING ARCHITECTURE TPM (Trusted Platform Module): a tamper-resistant hardware module mounted in a platform. Responsible for: measurement, storage, reporting and policy enforcement. Protected Code TPM Boot Process Operating System App1 App2 App3 Encrypted Files
ROOTS OF TRUST • A Root of Trust is a hardware or software mechanism, that is a component which must behave as expected, because its misbehavior cannot be detected. • Root of Trust for Measurement (RTM): the component that can be trusted to reliably measure and report to the Root of Trust for Reporting what software executes at the start of platform boot. • Uses Platform Configuration Registers (PCR) to record the state of a system. • Static entity like the PC BIOS.
• Root of Trust for Reporting (RTR) : the component that can be trusted to report reliable information about the platform. • trusted to report information accurately and correctly. • Uses PCR and RSA signatures to report the platform state to external parties. • Root of Trust for Storage (RTS) : the component that can be trusted to securely store any quantity of information. • trusted to store information without interference leakage. • Uses PCR and RSA encryption to protect data and ensure that data can only be accessed if platform is in a known state. ROOTS OF TRUST
A CHAIN OF TRUST • The core idea of the Trusted Computing architecture: • Each stage measures and validates the next one. • Measurements go into Platform Configuration Registers (PCRs) on the TPM. • The chain starts with the hardware TPM, • Then software: • RTM, TPM Software Stack, BIOS, kernel • Applications? • At the end, the entire platform is verified to be in a trusted state.
KEY CONCEPTS • Secure input and output • Memory curtaining / protected execution • Sealed storage • Endorsement key • Remote attestation
SECURE INPUT AND OUTPUT • Secure I/O provides a secure hardware path from the keyboard to an application. • From the application back to the screen. • No other software running on the same PC will be able to determine what the user typed, or how the application responded .
MEMORY CURTAINING • Memory curtaining extends common memory protection techniques to provide full isolation of sensitive areas of memory. • Even the operating system does not have full access to curtained memory .
SEALED STORAGE • Sealed storage protects private information by binding it to platform configuration information including the software and hardware being used. • Data can be released only to a particular combination of software and hardware. • Embedding PCR values in blob ensures that only certain apps can decrypt data.
ENDORSEMENT KEY • The endorsement key is a 2048-bit RSA public and private key pair. • Created randomly on the chip at manufacture time. • Non-migratable, store inside the chip, cannot be removed. • It is never used for encryption or signing.
REMOTE ATTESTATION • Prove to a remote party what software/configuration is running on the target system . • Three phases: • Measurement: machine to be attested must measure its properties locally. • Attestation: transfer measurements from machine being attested to remote machine. • Verification: remote machine examines measurements transferred during attestation and decides whether they are valid and acceptable.
FINALLY • ● secure boot allows the system to boot into a defined and trusted configuration. • ● curtained memory will provide strong memory isolation; memory that cannot be read by other processes including operating systems and debuggers. • ● sealed storage allows software to keep cryptographically secure secrets. • ● remote attestation allows a trusted device to present reliable evidence to remote parties about the software it is running. • Low cost technology.

More Related Content

PDF
Bubbles – Virtual Data Objects
byStefan Urbanek
 
PPTX
ARTS-9-Q1-WESTERN-AND-CLASSICAL-GREEK-ARTS.pptx
byRomaDianeAviguetero1
 
PPTX
Securing Your Apache Spark Applications
byCloudera, Inc.
 
PDF
Postgres connections at scale
byMydbops
 
PPT
Dance As An Art
byLeelet1121
 
PDF
Beyond EXPLAIN: Query Optimization From Theory To Code
byYuto Hayamizu
 
PPT
trusted computing for security confe.ppt
bynaghamallella
 
PPTX
Trusted Platform Module (TPM)
byk33a
 
Bubbles – Virtual Data Objects
byStefan Urbanek
 
ARTS-9-Q1-WESTERN-AND-CLASSICAL-GREEK-ARTS.pptx
byRomaDianeAviguetero1
 
Securing Your Apache Spark Applications
byCloudera, Inc.
 
Postgres connections at scale
byMydbops
 
Dance As An Art
byLeelet1121
 
Beyond EXPLAIN: Query Optimization From Theory To Code
byYuto Hayamizu
 
trusted computing for security confe.ppt
bynaghamallella
 
Trusted Platform Module (TPM)
byk33a
 

Similar to Trusted Computing security _platform.ppt

PDF
Introduction to Trusted Computing
byMaksim Djackov
 
PPT
Trusted _Computing _security mobile .ppt
bynaghamallella
 
PPT
Trusted computing introduction and technical overview
bySajid Marwat
 
PPT
Trusted Computing _plate form_ model.ppt
bynaghamallella
 
PPT
Abbie Barbir Tcg Final
byAbbie Barbir
 
PPT
TC and TPM.ppt
byyhaxpsos
 
PPT
trusted computing platform alliancee.ppt
bynaghamallella
 
PDF
Trusted Computing Base
byVasily Sartakov
 
PPTX
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
byDan Griffin
 
PDF
DYNAMIC ROOT OF TRUST AND CHALLENGES
byijsptm
 
ODP
Portakal Teknoloji Otc Lyon Part 1
bybora.gungoren
 
PPTX
Trusted platform module copy
byRishi Kumar
 
PPTX
Reconfigurable trust forembeddedcomputingplatforms
byAbdullah Deeb
 
PDF
EMULATING TRUSTED PLATFORM MODULE 2.0 ON RASPBERRY PI 2
byijsptm
 
PDF
Emulating Trusted Platform Module 2.0 on Raspberry Pi 2
byClaraZara1
 
PPTX
The trusted computing architecture
byPrachi Gulihar
 
PPTX
Why TPM in Automotive?
byAlan Tatourian
 
PDF
Track 5 session 2 - st dev con 2016 - security iot best practices
byST_World
 
PPT
Introduction of Trusted Network Connect (TNC)
byHoucheng Lee
 
PDF
Building Trust Despite Digital Personal Devices
byJavier González
 
Introduction to Trusted Computing
byMaksim Djackov
 
Trusted _Computing _security mobile .ppt
bynaghamallella
 
Trusted computing introduction and technical overview
bySajid Marwat
 
Trusted Computing _plate form_ model.ppt
bynaghamallella
 
Abbie Barbir Tcg Final
byAbbie Barbir
 
TC and TPM.ppt
byyhaxpsos
 
trusted computing platform alliancee.ppt
bynaghamallella
 
Trusted Computing Base
byVasily Sartakov
 
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
byDan Griffin
 
DYNAMIC ROOT OF TRUST AND CHALLENGES
byijsptm
 
Portakal Teknoloji Otc Lyon Part 1
bybora.gungoren
 
Trusted platform module copy
byRishi Kumar
 
Reconfigurable trust forembeddedcomputingplatforms
byAbdullah Deeb
 
EMULATING TRUSTED PLATFORM MODULE 2.0 ON RASPBERRY PI 2
byijsptm
 
Emulating Trusted Platform Module 2.0 on Raspberry Pi 2
byClaraZara1
 
The trusted computing architecture
byPrachi Gulihar
 
Why TPM in Automotive?
byAlan Tatourian
 
Track 5 session 2 - st dev con 2016 - security iot best practices
byST_World
 
Introduction of Trusted Network Connect (TNC)
byHoucheng Lee
 
Building Trust Despite Digital Personal Devices
byJavier González
 

More from naghamallella

PPT
OS-20210426203801 introduction to os.ppt
bynaghamallella
 
PPT
basic logic gate presentation date23.ppt
bynaghamallella
 
PPT
logic gate presentation for and or n.ppt
bynaghamallella
 
PPT
6_2019_04_09!08_59_48_PM logic gate_.ppt
bynaghamallella
 
PPT
bin packing 2 for real time scheduli.ppt
bynaghamallella
 
PPTX
bin packing2 and scheduling for mul.pptx
bynaghamallella
 
PPT
BOOTP computer science for multiproc.ppt
bynaghamallella
 
PPT
bin packing and scheduling multiproc.ppt
bynaghamallella
 
PPT
multiprocessor _system _presentation.ppt
bynaghamallella
 
PPT
image processing for jpeg presentati.ppt
bynaghamallella
 
PPT
introduction to jpeg for image proce.ppt
bynaghamallella
 
PPT
jpg image processing nagham salim_as.ppt
bynaghamallella
 
PPTX
lips _reading_nagham _salim compute.pptx
bynaghamallella
 
PPT
electronic mail security for authent.ppt
bynaghamallella
 
PPT
web _security_ for _confedindality s.ppt
bynaghamallella
 
PPT
lips _reading _in computer_ vision_n.ppt
bynaghamallella
 
PPT
thread_ multiprocessor_ scheduling_a.ppt
bynaghamallella
 
PPT
distributed real time system schedul.ppt
bynaghamallella
 
PPTX
avi _file _formate_ trasport _layer.pptx
bynaghamallella
 
PPTX
Multiprocessor Real-Time Scheduling.pptx
bynaghamallella
 
OS-20210426203801 introduction to os.ppt
bynaghamallella
 
basic logic gate presentation date23.ppt
bynaghamallella
 
logic gate presentation for and or n.ppt
bynaghamallella
 
6_2019_04_09!08_59_48_PM logic gate_.ppt
bynaghamallella
 
bin packing 2 for real time scheduli.ppt
bynaghamallella
 
bin packing2 and scheduling for mul.pptx
bynaghamallella
 
BOOTP computer science for multiproc.ppt
bynaghamallella
 
bin packing and scheduling multiproc.ppt
bynaghamallella
 
multiprocessor _system _presentation.ppt
bynaghamallella
 
image processing for jpeg presentati.ppt
bynaghamallella
 
introduction to jpeg for image proce.ppt
bynaghamallella
 
jpg image processing nagham salim_as.ppt
bynaghamallella
 
lips _reading_nagham _salim compute.pptx
bynaghamallella
 
electronic mail security for authent.ppt
bynaghamallella
 
web _security_ for _confedindality s.ppt
bynaghamallella
 
lips _reading _in computer_ vision_n.ppt
bynaghamallella
 
thread_ multiprocessor_ scheduling_a.ppt
bynaghamallella
 
distributed real time system schedul.ppt
bynaghamallella
 
avi _file _formate_ trasport _layer.pptx
bynaghamallella
 
Multiprocessor Real-Time Scheduling.pptx
bynaghamallella
 

Recently uploaded

PPT
1 BASIC VIROLOGY-1 (2).ppt focusing on virus only
bynyeroinnocent1
 
PPTX
Plant breeding part 3(quantitative characters, polygenic inheritance, heteros...
byRASHMI M G
 
PPTX
ota_Fractures of the Distal Humerus.pptx
bysefidsiyah2020
 
PPTX
tracheostomy .pptx
byNagaMalya
 
PPT
1.2 THE MOLE CONCEPT.PPT relationships with mole concept
bysunitha671758
 
PPTX
MUSCLE TWITCH,TETANY,MUSCLE FATIGUE, RIGOR MORTIS.pptx
bycathalinegeo
 
PPTX
presentationbiotechnologyandgeneticengineering-210822163345.pptx
byduaaalwakeel5
 
PDF
Buoyancy boat experiment by Stephen DeMeo
byStephenDeMeo
 
PDF
Life Sciences-Microorganisms (Bacteria, Fungi, Virus, Protista)
bytshokounathi75
 
PDF
Bioactivity Data : Binding database and DrugBank
bySree
 
PDF
Stereoselective Reactions and Modern Reagents in Chemistry.pdf
byDr. Anand S. Burange
 
PPTX
TOPIC 5 Antibiotics, vaccines and diseases.pptx
byHamzaImran55
 
PPTX
SEED TESTING AND DETECTION METHODS FOR SEED BORNE.pptx
byRASHMI M G
 
PPTX
signal transduction pathway- biochemistry
byAswinMunroe
 
PPTX
Ecology IGCSE biology 0610 presentation .pptx
byduaaalwakeel5
 
PDF
Making an electromagnet by Stephen DeMeo
byStephenDeMeo
 
PDF
Science, Education and Innovations in the Context of Modern Problems.pdf
byRahilNecef
 
PDF
Versatile flexible spatial temporal resolution Modified Rosette Novel PETALUTE
byUzay Emir
 
PDF
Branches of Microbiology: An Overview of Key Fields
byMicrobiology Notes
 
PPTX
Epigenetics cancer therapy detailed.pptx
byokikijesuolooto
 
1 BASIC VIROLOGY-1 (2).ppt focusing on virus only
bynyeroinnocent1
 
Plant breeding part 3(quantitative characters, polygenic inheritance, heteros...
byRASHMI M G
 
ota_Fractures of the Distal Humerus.pptx
bysefidsiyah2020
 
tracheostomy .pptx
byNagaMalya
 
1.2 THE MOLE CONCEPT.PPT relationships with mole concept
bysunitha671758
 
MUSCLE TWITCH,TETANY,MUSCLE FATIGUE, RIGOR MORTIS.pptx
bycathalinegeo
 
presentationbiotechnologyandgeneticengineering-210822163345.pptx
byduaaalwakeel5
 
Buoyancy boat experiment by Stephen DeMeo
byStephenDeMeo
 
Life Sciences-Microorganisms (Bacteria, Fungi, Virus, Protista)
bytshokounathi75
 
Bioactivity Data : Binding database and DrugBank
bySree
 
Stereoselective Reactions and Modern Reagents in Chemistry.pdf
byDr. Anand S. Burange
 
TOPIC 5 Antibiotics, vaccines and diseases.pptx
byHamzaImran55
 
SEED TESTING AND DETECTION METHODS FOR SEED BORNE.pptx
byRASHMI M G
 
signal transduction pathway- biochemistry
byAswinMunroe
 
Ecology IGCSE biology 0610 presentation .pptx
byduaaalwakeel5
 
Making an electromagnet by Stephen DeMeo
byStephenDeMeo
 
Science, Education and Innovations in the Context of Modern Problems.pdf
byRahilNecef
 
Versatile flexible spatial temporal resolution Modified Rosette Novel PETALUTE
byUzay Emir
 
Branches of Microbiology: An Overview of Key Fields
byMicrobiology Notes
 
Epigenetics cancer therapy detailed.pptx
byokikijesuolooto
 

Trusted Computing security _platform.ppt

  • 1.
    Trusted Computing Asmaa ALQassabNagham ALLella Lubna Thanoon Supervised by Dr. Najlaa Badeea
  • 2.
    WHO DO ITRUST? • Today a computer trusts one of two entities in a user and hacker model. • The user is trusted and the hacker is not. • But when does a computer know that the user is not doing something harmful? • With TC the user and the hacker are both not trusted. This ensures that nothing is done that can compromise the security of the PC.
  • 3.
    WHY TC? “The theoryis that software based key generation or storage will always be vulnerable to software attack, so private keys should be created, stored, and used by dedicated hardware”
  • 4.
    TRUSTED COMPUTING: BASICIDEA • Addition of security hardware functionality to a computer system to compensate for insecure software. • Enables external entities to have increased level of trust that the system will perform as expected/specified. • Trusted platform = a computing platform with a secure hardware component that forms a security foundation for software processes. • Trusted Computing = computing on a Trusted Platform .
  • 5.
    SO HOW DOESTC WORK? • For TC to work you have to use the Trusted Computing Module TPM which is a hardware system where the core (root) of trust in the platform will reside. • TPM will be implemented using a security microchip that handles security with encryption.
  • 6.
    WHAT IS ATPM? • A chip integrated into the platform • The (alleged) purpose is to provide more security • It is a separate trusted co-processor “The TPM represents a separate trusted coprocessor, whose state cannot be compromised by potentially malicious host system software.”
  • 7.
    THE TRUSTED COMPUTINGGROUP • The Trusted Platform Module TPM is an international standard for a secure crypto- processor. • The TPM technical specification was written by a computer industry consortium called the Trusted Computing Group TCG. • The Trusted Computing Group is a non-profit industry consortium, which develops hardware and software standards. It is funded by many member companies, including IBM, Intel, AMD, Microsoft, Sony, Sun, and HP among others.
  • 8.
    TRUSTED COMPUTING ARCHITECTURE TPM(Trusted Platform Module): a tamper-resistant hardware module mounted in a platform. Responsible for: measurement, storage, reporting and policy enforcement. Protected Code TPM Boot Process Operating System App1 App2 App3 Encrypted Files
  • 9.
    ROOTS OF TRUST •A Root of Trust is a hardware or software mechanism, that is a component which must behave as expected, because its misbehavior cannot be detected. • Root of Trust for Measurement (RTM): the component that can be trusted to reliably measure and report to the Root of Trust for Reporting what software executes at the start of platform boot. • Uses Platform Configuration Registers (PCR) to record the state of a system. • Static entity like the PC BIOS.
  • 10.
    • Root ofTrust for Reporting (RTR) : the component that can be trusted to report reliable information about the platform. • trusted to report information accurately and correctly. • Uses PCR and RSA signatures to report the platform state to external parties. • Root of Trust for Storage (RTS) : the component that can be trusted to securely store any quantity of information. • trusted to store information without interference leakage. • Uses PCR and RSA encryption to protect data and ensure that data can only be accessed if platform is in a known state. ROOTS OF TRUST
  • 11.
    A CHAIN OFTRUST • The core idea of the Trusted Computing architecture: • Each stage measures and validates the next one. • Measurements go into Platform Configuration Registers (PCRs) on the TPM. • The chain starts with the hardware TPM, • Then software: • RTM, TPM Software Stack, BIOS, kernel • Applications? • At the end, the entire platform is verified to be in a trusted state.
  • 12.
    KEY CONCEPTS • Secureinput and output • Memory curtaining / protected execution • Sealed storage • Endorsement key • Remote attestation
  • 13.
    SECURE INPUT ANDOUTPUT • Secure I/O provides a secure hardware path from the keyboard to an application. • From the application back to the screen. • No other software running on the same PC will be able to determine what the user typed, or how the application responded .
  • 14.
    MEMORY CURTAINING • Memorycurtaining extends common memory protection techniques to provide full isolation of sensitive areas of memory. • Even the operating system does not have full access to curtained memory .
  • 15.
    SEALED STORAGE • Sealedstorage protects private information by binding it to platform configuration information including the software and hardware being used. • Data can be released only to a particular combination of software and hardware. • Embedding PCR values in blob ensures that only certain apps can decrypt data.
  • 16.
    ENDORSEMENT KEY • Theendorsement key is a 2048-bit RSA public and private key pair. • Created randomly on the chip at manufacture time. • Non-migratable, store inside the chip, cannot be removed. • It is never used for encryption or signing.
  • 17.
    REMOTE ATTESTATION • Proveto a remote party what software/configuration is running on the target system . • Three phases: • Measurement: machine to be attested must measure its properties locally. • Attestation: transfer measurements from machine being attested to remote machine. • Verification: remote machine examines measurements transferred during attestation and decides whether they are valid and acceptable.
  • 18.
    FINALLY • ● secureboot allows the system to boot into a defined and trusted configuration. • ● curtained memory will provide strong memory isolation; memory that cannot be read by other processes including operating systems and debuggers. • ● sealed storage allows software to keep cryptographically secure secrets. • ● remote attestation allows a trusted device to present reliable evidence to remote parties about the software it is running. • Low cost technology.