1 / 31

The Trusted Computing (TC) and Next Generation Secured Computing Base (NGSCB)

The Trusted Computing (TC) and Next Generation Secured Computing Base (NGSCB). Joseph Yu Jeffrey Khuu CS158B Dr. Stamp. Table of Contents. Introduction TC TCG NGSCB TC NGSCB Architecture Features Analysis of NGSCB Summary. Introduction – TC, TCG, NGSCB.

don
Download Presentation

The Trusted Computing (TC) and Next Generation Secured Computing Base (NGSCB)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Trusted Computing (TC) and Next Generation Secured Computing Base (NGSCB) Joseph Yu Jeffrey Khuu CS158B Dr. Stamp NGSCB

  2. Table of Contents • Introduction • TC • TCG • NGSCB • TC • NGSCB • Architecture • Features • Analysis of NGSCB • Summary NGSCB

  3. Introduction – TC, TCG, NGSCB • TC = Trusted Computing, TCG = Trusted Computing Group, NGSCB = Microsoft’s TC • Original Motivation for TC: • TC was intended for DRM • Limits the abuse of file sharing over the network • Prevent making illegal copies without the authorization from the vendor • Restrict user’s computing actions NGSCB

  4. Introduction - TC • Current Motivation for TC: • “For years, Bill Gate has dreamed of finding a way to make the Chinese pay for software: TC looks like being the answer to his prayer.” – Ross Anderson • TC extend way more than DRM: It gives more authorizations to the computers over users NGSCB

  5. Introduction - TC • Fundamental Concept of TC • Software runs and communicates securely over applications and servers • Use “locked-down” architecture • Hardware level cryptographic keys for encryption and authentication • Tamper-resistant • Seal secure data within curtained memory • Input/Output communication path are encrypted NGSCB

  6. Introduction - TCG • Many vendors provide hardware support for major components of NGSCB • For example, Intel’s LaGrande Technology (LT) and AMD’s Secure Execution Mode (SEM) technology • TCG is an alliance of Microsoft • Manage TC activities for different hardware/software vendors: AMD, HP, IBM, and others NGSCB

  7. Introduction - TCG • Goal: • Claimed: Non-Profit industry standards organization to enhance the security and computing in different platforms • Provide a secured TCB for the system • Activities: • Formed in Spring 2003 and adopted a set of specification made by Trusted Computing Platform Alliance (TCPA) NGSCB

  8. TC • What is Trusted Computing? • Trusted Computing Base (TCB) • TCB • “TCB is everything in operating system that we rely on for security” Dr. Stamp • If TCB is damaged/non-secured, the whole system broken. • If the system is broken, and TCB is ok. We still have system security • Part of the system (combines software and hardware components) • Responsible for regulate information security policies • Consist of Kernel, OS NGSCB

  9. TC -- overview NGSCB

  10. TC • Should be expected the computing behave the way we wanted and do what we wanted securely • Any trusted platform has the following three fundamental features: • Protected Capabilities • Integrity Capabilities • Integrity Reporting NGSCB

  11. NGSCB • Microsoft’s version of TC: NGSCB • Will be implemented in the upcoming version of Windows: as known as Microsoft Windows Longhorn • Architecture • Computing Environments • Four Features of NGSCB NGSCB

  12. NGSCB - architecture NGSCB

  13. NGSCB - architecture • Two primary system components in NGSCB • Nexus • Special kernel (core of the trusted operating) • Goal: Isolate the process of normal mode and trusted mode differently in memory • Functionality: Authenticate and protect data (entered, stored, communicated, and displayed) by data encryption • Nexus Computing Agent (NCA) NGSCB

  14. NGSCB - architecture • Nexus Computing Agent (NCA) • Trusted software component • Runs in trusted mode that communicates with Nexus • Open-source for NCA specifications • Developers can make their own agents to run on the trusted platform NGSCB

  15. NGSCB – Computing Environments Overview • NSGCB operates two operating systems in ONE system • Two Modes: • Normal Mode vs. Trusted Mode • Normal Mode: • Un-protected environment • Same as our current Windows series • Fully Controlled by the users • Trusted Mode: • Protected environment • Users have no authorities to modify, delete, or copy ANY content. • Implemented TC: Hardware and Software implementation • Fully Controlled by the computers NGSCB

  16. NGSCB – operating environments NGSCB

  17. NGSCB – operating environments • Microsoft claimed: “Only an NGSCB trusted application, NCA, can run securely within the protected operating environment.” • NCA • Defined by software developers • Policies • Security authentication • Security authorization NGSCB

  18. NGSCB - Features • Claimed: Four Features • Strong Process Isolation • Sealed Storage • Attestation • Secured Path to the user NGSCB

  19. NGSCB – Four Features • Strong Process Isolation • Isolate protected and non-protected operating environment that are stored in the same memory • Blocks the access of Direct Memory Access (DMA) devices in term of writing and reading to secured block of memory • Block access of malicious code • Claimed: “no illegitimate access will occurring in protected environment” NGSCB

  20. NGSCB – Four Features • Sealed storage • Ensure the privacy of NGSCB data are not being exposed • NGSCB use Security Support Component (SSC) to do this • SSC has own encryption services and can be managed by the Nexus • Use Advance Encryption Standard (AES), pair of public and private keys, and keys derived for trusted application NGSCB

  21. NGSCB – Four Features • Sealed Storage • NCA uses these keys to encrypt data, access file system, and provide storage services. • Claimed: No unauthorized application can read the sealed storage whatsoever (at boot up, or running) NGSCB

  22. NGSCB – Four Features • Cryptographic Attestation • Confirm the recipient that the data was digital signed by the NGSCB and data was cryptographically identifiable • Authenticates software Process • Prove application identity • Useful in networking, prove its identity securely before transmit any data. • Avoid Man in the Middle attack? NGSCB

  23. NGSCB – Four Features • Secure Path to the user • Ensure the information remains securely through the input/output of the devices. • Encrypt the input/output, creates a secure path. • Protects computer from: • Keystroke recorded • Hardware devices • Need to upgrade current hardware devices: mouse/keyboard/USB devices/ video adapter • Input: upgrade to USB devices: Smart cards, biometrics, others • Output: upgrade to Graphic adapter, which prevent read/write to video memory NGSCB

  24. NGSCB Applications • Many applications involved NGSCB: regular computing, networking, DRM, others • Example: Microsoft Word • Restrict user: • View/Copy/Write/Open/Close • Not compatible with other *.doc applications, ie. OpenOffice • Written document is Signed and Encrypted with Microsoft Word --- Only Word has the private key to decrypt it NGSCB

  25. NGSCB Application • Networking application: • Cannot file-sharing via P2P • Cannot open your friend’s packed programs • Presumably Secured with connected in network • Good for networking? • Microsoft Explorer / Outlook • User might be able to see the content but not able to “Copy-and-Paste” to other applications • Users have no right to “do whatever they wanted to do” NGSCB

  26. Analysis of NGSCB • Current Problematic Computing • User can do whatever they wanted to do in computer – taking all responsibility • Unprotected: Virus, worms, keystroke, spywares • Abuse of file-sharing digital contents • As a conclusion, we DO need a better computing protection operating system NGSCB

  27. Analysis of NGSCB • Will NGSCB be the solution? • Human nature to control over things and not to be controlled by others. • “People will not use it if it blocks and restricts them doing what they want to do.” Quote • NGSCB will fails: • Companies will not tolerate attestations on the network and through the firewall every time their employee wants to open a file. • They want open the application FAST! NGSCB

  28. Analysis of NGSCB • NGSCB will fails to work with DRM • There is always WAYS to workaround of things. • Music for example • User still can record what comes out from the speaker, (poor quality but so what, it’s FREE) • Recorded and make MP3 out of it • Copy content for example • Take a screen shot, digital camera? NGSCB

  29. NGSCB • As a summary of our presentation: • NGSCB will fail. • People will use alternative products: • Apple OS • Linux • Stay with Microsoft XP ?? NGSCB

  30. Q/A Q/A NGSCB

  31. References • [1] Mark Stamp's CS166 software presentation slides • http://www.cs.sjsu.edu/~stamp/CS166 • [2] System Management Concepts: Operating system and Devices • http://www.unet.univie.ac.at/aix/aixbman/admnconc/tcb.htm • [3] TCG Specification Architecture Overview • https://www.trustedcomputinggroup.org/downloads/TCG_PCSpecificSpecification_v1_1.pdf • [4] Microsoft’s Next Generation Secured Computing Base Overview • http://www.microsoft.com/resources/ngscb/NGSCB_Overview.mspx • [5] NGSCB Security Model • http://www.microsoft.com/resources/ngscb/documents/NGSCB_Security_Model.doc • [6] Trusted Computing and NGSCB • http://www.cs.bham.ac.uk/~mdr/teaching/TrustedComputing.html • [7] Ross Anderson's Trusted Computing FAQ • http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html • [8] Microsoft’s resource for NGSCB • http://www.microsoft.com/resources/ngscb/productInfo.mspx • [9] Microsoft's NGSCB four features • http://www.microsoft.com/resources/ngscb/four_features.mspx NGSCB

More Related