240 likes | 453 Views
Trusted Computing Platform Alliance. David Grawrock Security Architect Desktop Architecture Labs Intel Corporation 22 August 2014. Trusted Computing Platform Alliance. Agenda. Background Attestation Specification What Is Next. Background. TCPA History. Established in spring 1999
E N D
Trusted Computing Platform Alliance David Grawrock Security Architect Desktop Architecture Labs Intel Corporation 22 August 2014
Trusted Computing Platform Alliance Agenda • Background • Attestation • Specification • What Is Next
Background TCPA History • Established in spring 1999 • Promoters are: • Compaq, IBM, Intel, HP and Microsoft • Membership over 160 companies • Web site • http://www.trustedpc.org/
Background TCPA Technical Challenge To maintain the privacy of the platform owner while providing a ubiquitous interoperable mechanism to validate the identity and integrity of a computing platform TCPA provides the base for reporting identity and integrity
On the Internet no one knows you are a dog On the Internet no one knows if you have a proper configuration Attestation Are You A Dog?
“To affirm to be true, correct or genuine”1 Cryptographic proof of information regarding the platform Information that could be attested to includes: HW on platform BIOS Configuration options And much more Attestation Attestation Definition 1 American Heritage Dictionary
Attestation Attestation Promise • TCPA never lies about the state of measured information • This requires • Accurate measurement • Protected storage • Provable reporting of measurement TCPA defines an attestation device
Main specification defines Trusted Platform Module (TPM) Definition is platform neutral All command to TPM are defined PC Specific specification defines how to implement on a PC platform These specs are available on the web site TPM Specification Specifications Available
Specification TPM Components TPM • Generate and use RSA keys • Provide long-term protected storage of RSA root key • Store measurements in PCR • Use anonymous identities to report PCR status Non-Volatile Storage Key Generation Anonymous Identities RNG PCR RSA Opt-In TPM definition is complete
Trusted Computing Platform Alliance Summary • TCPA provides the base for reporting identity and integrity • TCPA defines an attestation device • TPM definition is complete
Trusted Computing Platform Alliance What Next? • Design platforms and applications for TPM use • Extend the trust and integrity of platforms
Trusted Computing Platform Alliance Questions?
Trusted Computing Platform Alliance Backup Material
The storage is to hold secure the endorsement key (EK) Each TPM has a unique EK The endorsement key must be protected from both exposure and improper use In addition to the EK there are some flags that are kept in non-volatile storage TPM Non-Volatile Storage Key Generation Anonymous Identities RNG PCR RSA Opt-In Functionality Non-volatile Storage
The TPM can generate RSA keys Default size 2048 bits Other algorithms possible The keys can be used for signing / verification or encryption / decryption Use of key must be specified at creation time There is no speed requirement on how long or how short a time generation will take Functionality Key Generation TPM Non-Volatile Storage Key Generation Anonymous Identities RNG PCR RSA Opt-In
All operations attesting to the TPM use an anonymous identity rather than the EK An anonymous identity certifies that the key came from A TPM not WHICH TPM Devil is in the details see the main spec Functionality Anonymous Identities TPM Non-Volatile Storage Key Generation Anonymous Identities RNG PCR RSA Opt-In
All TPM’s must have a RNG Implementation is manufacturer specific The specification asks for, but does not require, FIPS evaluation of the RNG The RNG output is used both internally by the TPM and is offered to outside consumers of randomness Functionality Random Number Generator TPM Non-Volatile Storage Key Generation Anonymous Identities RNG PCR RSA Opt-In
The TPM has a minimum of 16 Platform Configuration Registers (PCR) The PCR registers uses the EXTEND operation to store measurements regarding the platform PCR value = SHA(new value, old value) Functionality PCR Registers TPM Non-Volatile Storage Key Generation Anonymous Identities RNG PCR RSA Opt-In
The TPM can encrypt and decrypt using RSA keys The use of keys is segregated into signing or encryption uses The TPM must handle RSA keys of 2048 bits in size Functionality RSA Engine TPM Non-Volatile Storage Key Generation Anonymous Identities RNG PCR RSA Opt-In
The TPM has mechanisms that make the use of the TPM a complete Opt-In system The Opt-in selections are maintained across power cycles and the TPM can be deactivated Functionality Opt-In TPM Non-Volatile Storage Key Generation Anonymous Identities RNG PCR RSA Opt-In
Requests TPS TPM Version 1.0TCPA Functional Layout • TPS – Trusted Platform Subsystem • BIOS • Drivers • ALL operations come through TPS • TPM – Trusted Platform Module • Hardware • Microcode • Protected functionality • Shielded locations
Application OS / Driver OS Present TPS Security API Ring 0 Library Middleware OS Present Ring 3 Library TCPA Security Driver BIOS OS Absent OS Absent TPS Security API OS Absent Library Hard-ware TPM Hardware and Microcode Version 1.0TCPA System Architecture
Application Application Application Application Applications CDSA Existing Infrastructure CSSM CAPI Other API Modified Infrastructure CSP DL CSP CSP TPS TPS Interface TPM TPM Interface Version 1.0TCPA Software Architecture
CPU System Memory MCH System Flash ICH LPC TPM Version 1.0Possible TPM Placement • TPM connecting on LPC bus • TPM has low transaction volume so speed of bus not issue • Connection of TPM is vendor specific and not specified in specification Specification provides robust set of features