TPM - PowerPoint PPT Presentation

About This Presentation
Title:

TPM

Description:

Randy Fort CS 265 Trusted Platform Modules April 19th, 2005 What is Trusted Computing? In 1999, many industry heavyweights came together to form an industry group. – PowerPoint PPT presentation

Number of Views:170
Avg rating:3.0/5.0
Slides: 18
Provided by: RandyF150
Learn more at: http://www.cs.sjsu.edu
Category:
Tags: tpm | computer | related

less

Transcript and Presenter's Notes

Title: TPM


1
Randy FortCS 265Trusted Platform Modules
April 19th, 2005
2
What is Trusted Computing?
  • In 1999, many industry heavyweights came together
    to form an industry group.

Mission Statement
to create a standard set of system hardware
based functions needed to establish trust on the
platform. 2
3
What is a TPM?
  • A chip integrated into the platform
  • The (alleged) purpose is to provide more security
  • It is a separate trusted co-processor

The TPM represents a separate trusted
coprocessor, whose state cannot be compromised by
potentially malicious host system software. IBM
Research Report 4
4
Why?
  • The theory is that software based key generation
    or storage will always be vulnerable to software
    attack, so private keys should be created,
    stored, and used by dedicated hardware
  • Andy Dornan, Trusted Computing A Matter of Trust

5
The Trusted Computing Group
  • The Trusted Computing Group is a non-profit
    industry consortium, which develops hardware and
    software standards. It is funded by many member
    companies, including IBM, Intel, AMD, Microsoft,
    Sony, Sun, and HP among others.
  • www.trustedcomputinggroup.org

6
Attestation
  • The TPM's most controversial feature is
    attestation, the ability to measure the state of
    a computer and send a signed message certifying
    that particular hardware or software is or isn't
    present. Most TC opponents fear that this will be
    abused by vendors 1.

7
How?
  • PKI private keys could be stored in the chip.
  • PK signatures calculated in the chip itself,
    never visible outside
  • Random number generators
  • SHA-1 encryption
  • Monotonic counters
  • Process isolation (encrypted I/O, prevents
    keystroke loggers, screen scrapers.

8
How?
  • Protection from malware and detection of
    compromised systems. 4 Shows that syslogd has
    been compromised by a root kit.
  • Tick counter, Timestamps are a security critical
    parameter in KERBEROS.
  • Provide stronger 2 factor authentication.

9
Whats new?
  • Conceptually, not much. Most, if not all of the
    security ideas already exist
  • What TPMs bring to the table is a secure sealed
    storage chip for private keys, on-chip crypto,
    and random number generators among others
  • The state of the TPM can not be compromised by
    malicious host software

10
Cons
  • Advanced features will require O/S support.
  • Microsoft's NGSCB (Longhorn Due 2006 ???)
  • Will require rewrites to interface with the
    NEXUS.
  • Potential for abuse by Software vendors.
  • Is trusted computing just DRM on steroids?
  • Is TC a security tool or cash flow weapon?
  • Co-processor or Cop-processor?

11
Pro vs. Con
  • Great for Corporations and Government
  • Prevents unauthorized software
  • Helps prevent malware
  • User privacy not a concern
  • DRM lock-in less of a concern for companies or
    government

12
Pro vs. Con
  • Trusted Computing requires you to surrender
    control of your machine to the vendors of your
    hardware and software, thereby making the
    computer less trustworthy from the users
    perspective 11 Ross Anderson

13
Windows Media Player 9 EULA
  • "Digital Rights Management (Security). You agree
    that in order to protect the integrity of content
    and software protected by digital rights
    management ('Secure Content'), Microsoft may
    provide security related updates to the OS
    Components that will be automatically downloaded
    onto your computer. These security related
    updates may disable your ability to copy and/or
    play Secure Content and use other software on
    your computer. If we provide such a security
    update, we will use reasonable efforts to post
    notices on a web site explaining the update."

14
  • For years Bill Gates has dreamed of finding a
    way to make the Chinese pay for software, TC
    looks like being the answer to his prayer. 11
    Ross Anderson.

15
Conclusion
  • Increased security
  • PKI
  • Malware protection
  • Attestation
  • A very abuseable capability for software vendors

16
Bibliography
  • 1 Andy Doman, Trusted Computing A matter of
    Trust, http//www.networkmagazine.com/shared/arti
    cle/showArticle.jhtml?articleId22102889
  • 2 DigitalIDWorld, "Assuring Networked Data and
    Application Reliability", Digital ID World
    Jan/Feb 2004 https//www.trustedcomputinggroup.o
    rg/press/1-3412425E_SC.pdf
  • 4 Reiner Sailer, et al, , "The Role of TPM in
    Enterprise Security", https//www.trustedcomputin
    ggroup.org/press/news_articles/rc23363.pdf
  • 11 Ross Anderson, http//www.againsttcpa.com/ind
    ex.shtml

17
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com