1 / 21

Trusted Computing and the Trusted Platform Module

Trusted Computing and the Trusted Platform Module. Bruce Maggs (with some slides from Bryan Parno). Bryan Parno’s Travel Story. Attestation. How can we know that a system that we would like to use has not been compromised?. Bootstrapping Trust is Hard !. Challenges:. App 1. App 4. App

jerrylane
Download Presentation

Trusted Computing and the Trusted Platform Module

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Trusted Computingand theTrusted Platform Module Bruce Maggs (with some slides from Bryan Parno)

  2. Bryan Parno’s Travel Story

  3. Attestation • How can we know that a system that we would like to use has not been compromised?

  4. Bootstrapping Trust is Hard! Challenges: App 1 App 4 App 5 App 2 App N App 3 • Hardware assurance • Ephemeral software • User Interaction S2( ) S14( ) S1( ) S15( ) S3( ) S11( ) S5( ) S6( ) S13( ) S12( ) S7( ) S8( ) S9( ) S10( ) S4( ) OS Module 1 Module 3 Module 2 Module 4 ^ Safe? H( ) H( ) Yes!

  5. Bootstrapping Trust is Hard! Challenges: Evil App • Hardware assurance • Ephemeral software • User Interaction Evil OS Safe? Yes!

  6. Trusted Platform Module Components https://en.wikipedia.org/wiki/Trusted_Platform_Module#/media/File:TPM.svg

  7. TPM Chip Often found in business-class laptops https://en.wikipedia.org/wiki/Trusted_Platform_Module#/media/File:TPM_Asus.jpg

  8. Caveat • The TPM is not 100% tamper proof! • Safe use requires physical security • In 2010 Christopher Tarnovsky extracted the private key from an Infineon TPM chip by • soaking the chip in acid to remove plastic • removing RF-shield wire mesh • probing with an extremely small needle

  9. Built-In Unique Identifier • “Endorsement Key” permanently embedded in TPM • RSA public-private key pair • Private key never leaves the TPM chip • Public key can be certified (e.g., TPM may include an EKCERT certificate signed by a TPM CA such as the TPM manufacturer) • Master “storage root key” (SRK) created when TPM first used

  10. On-Chip Algorithms • RSA key-pair generation • RSA encryption/decryption • RSA signing • Random number generation • SHA-1 hashing • Keyed-hash message authentication code (HMAC)

  11. Platform Configuration Registers (PCRs) • A TPM contains several 20-byte PCRs • A PCR is initialized to zero at power on. • The only operation allowed on a PCR is to extend it: • val[PCR] = SHA1(val[PCR] . newval) • At boot time, a TPM-enabled PC takes a series of measurements and stores them in PCRs

  12. HMAC • Hash with two inputs: a key and a block of data • Typically key is randomly generated and secret • Key can be used (for example) to guarantee that the hash was freshly created

  13. How HMAC can be used • TPM can hash contents of all storage on computer, or storage in certain places • Disks • Memory • Registers in the CPU • User can choose to execute only from known safe states

  14. Applications • Storing and protecting sensitive information from modification • Trusted boot • Attestation

  15. TPM-Based Attestation Example • [Gasser et al. ‘89], [Arbaugh et al. ‘97], [Sailer et al. ‘04], [Marchesini et al. ‘04] BIOS Bootloader Bootloader BIOS App App App App PCRs App App OS OS Module Module Module Module Module Module KPriv TPM Module Module

  16. Establishing Trust via a TPM • [Gasser et al. ‘89], [Arbaugh et al. ‘97], [Sailer et al. ‘04], [Marchesini et al. ‘04] Guarantees freshness random # Accurate! random # Guarantees real TPM BIOS Bootloader BIOS BIOS Bootloader Bootloader App App App ( ) App App App PCRs App App App OS OS OS Module Module Module Sign Module Module Module Module Module Module Guarantees actual TPM logs random # KPriv TPM Kpriv Module Module Module KPub

  17. Microsoft BitLocker Drive Encryption • Encryption of volume containing Windows OS, user files, e.g., C:\ • Separate unencrypted volume contains files needed to load Windows • TPM protects disk encryption key by encrypting it • TPM releases key only after comparing hash of early (unencrypted) boot files with previous hash • BitLocker can be used without a TPM – user supplies an encryption password • Relies on user having an OS password!

  18. Microsoft Secure Boot (Windows 8+) • Enabled by “UEFI” – Unified Extensible Firmware Interface (replacement for traditional BIOS) • Manufacturer’s and Microsoft public keys stored in firmware (can add other OS vendors) • TPM checks that firmware is signed by the manufacturer • TPM checks that hash of boot loader has been signed with Microsoft public key

  19. Microsoft Trusted Boot • Takes over after Secure Boot • Verifies all OS components, starting with Windows kernel • Windows kernel verifies boot drivers, start-up files

  20. Microsoft Measured Boot • TPM signs measured boot log file • Remote attestation possible by transmitting signed boot log

  21. Intel SGX • Intel Software Guard Extensions – new instructions added to the x64 instruction set • Incorporated directly into CPU, e.g., Intel i7-6700K, Dell Inspiron 11 i3153 • (Not a separate chip like TPM.) • Application can created trusted memory “enclave” • Only trusted functions (stored in enclave) can see or modify enclave https://software.intel.com/en-us/sgx/details

More Related