16/11/2011
Trusted Computing
Or
How I Learned to Stop Worrying and
Love (or Hate) the MPAA
Trusted Computing
Overview of TCP
How it works
Intel
LaGrande Technology (LT)
AMD’s Secure Execution Mode (SEM)
Microsoft NGSCB (Palladium)
Uses
Issues
1
� 16/11/2011
Trusted Computing – ‘Initial’
Motivation
TC was intended for DRM
Limits the abuse of file sharing over the
network
Prevent making illegal copies without the
authorization from the vendor
Restrict user’s computing actions
Trusted Computing – ‘Current’
Motivation
“For years, Bill Gate has dreamed of
finding a way to make the Chinese pay for
software: TC looks like being the answer
to his prayer.” – Ross Anderson
TC extend way more than DRM: It gives
more authorizations to the computers over
users
2
� 16/11/2011
Trusted Computing
Fundamental Concepts
Software runs and communicates securely
over applications and servers
Use “locked-down” architecture
Hardware level cryptographic keys for
encryption and authentication
Tamper-resistant
Seal secure data within curtained memory
I/O communication path are encrypted
Trusted Computing - Overview
The image cannot be display ed. Your computer may not hav e enough memory to open the image, or the image may hav e been corrupted. Restart y our computer, and then open the file again. If the red x still appears, y ou may hav e to delete the image and then insert it again.
3
� 16/11/2011
Trusted Computing - Overview
Trusted Computing
Should be expected the computing behave
the way we wanted and do what we
wanted securely
Any trusted platform has the following
three fundamental features:
Protected Capabilities
Integrity Capabilities
Integrity Reporting
4
� 16/11/2011
Trusted Computing Group
TCG formed by industry leaders
Open standards for trustworthy computing
Provides hardware and software security
to combat several type of threat
Moving towards PDAs, omnipresence
Features of Trusted Computers
For business
Licensing
DRM
For Users
Anti-hacker
Anti-virus
Backwards compatible
Can be turned off
5
� 16/11/2011
LaGrande
Intel’s hardware implementation
Based on Arbaugh’s secure bootstrap
Runs parallel to normal architecture
Uses hash values for modification
detection
Operates in several different parts of
chipset
LaGrande – Secure Bootstrap
Higher abstraction layers only as secure
as lower
Trusted CPU, chipset, and boot ROM
Each layer verifies hash of next layer
before execution
6
� 16/11/2011
Hardware Option Memory
ROMs
BIOS OS
boot BIOS loader OS Application Network
block
Root of trust in
integrity New OS
measurement Component
TPM
measuring
Root of trust in reporting
integrity reporting
storing values
logging methods
7
� 16/11/2011
LaGrande – Protected Environment
Built on top of secure bootstrap architecture
Instruction set extensions to create protected
processor partition
Extensions to create protected software stack
Trusted platform module (TPM) verifies
conditions
Changes to I/O controller, memory controller,
graphics controller, and CPU
8
� 16/11/2011
LaGrande
Separate execution space
Separate memory space
Secure mouse/keyboard
Secure graphics
NGSCB
Software side of TC
Domain Manager aka Nexus
Sealed Storage
Remote Attestation
9
� 16/11/2011
NGSCB – Architecture
Two primary system components in NGSCB
Nexus
Special kernel (core of the trusted operating)
Goal: Isolate the process of normal mode and trusted
mode differently in memory
Functionality: Authenticate and protect data (entered,
stored, communicated, and displayed) by data
encryption
Nexus Computing Agent (NCA)
NGSCB - Nexus Computing
Agent (NCA)
Trusted software component
Runs in trusted mode that communicates
with Nexus
Open-source for NCA specifications
Developers can make their own agents to
run on the trusted platform
10
� 16/11/2011
NGSCB – Architecture
The image cannot be display ed. Your computer may not hav e enough memory to open the image, or the image may hav e been corrupted. Restart y our computer, and then open the file again. If the red x still appears, y ou may hav e to delete the image and then insert it again.
NGSCB – Nexus
Security kernel, authenticated on boot
Authenticates trusted programs
Application interface to TPM
Does not trust OS
11
� 16/11/2011
NGSCB – Computing
Environment Overview
NSGCB operates two operating systems in ONE system
Two Modes:
Normal Mode vs. Trusted Mode
Normal Mode:
Un-protected environment
Same as our current Windows series
Fully Controlled by the users
Trusted Mode:
Protected environment
Users have no authorities to modify, delete, or copy ANY content.
Implemented TC: Hardware and Software implementation
Fully Controlled by the computers
12
� 16/11/2011
NGSCB – Operating
Environments The image cannot be display ed. Your computer may not hav e enough memory to open the image, or the image may hav e been corrupted. Restart y our computer, and then open the file again. If the red x still appears, y ou may hav e to delete the image
and then insert it again.
NGSCB – Operating
Environments
Microsoft claimed: “Only an NGSCB
trusted application, NCA, can run securely
within the protected operating
environment.”
NCA - Defined by software developers
Policies
Security authentication
Security authorization
13
� 16/11/2011
NGSCB – Features
Strong Process Isolation
Sealed Storage
Attestation
Secured Path to the user
NGSCB – Strong Process
Isolation
Isolate protected and non-protected
operating environment that are stored in
the same memory
Blocks the access of Direct Memory
Access (DMA) devices in term of writing
and reading to secured block of memory
Block access of malicious code
Claimed: “no illegitimate access will
occurring in protected environment”
14
� 16/11/2011
NGSCB – Sealed Storage
Encrypts data on storage device
Key is not stored on storage device
Hash of creating program stored with file
TPM only decrypts for program that
passes modification detection
Decrypted only with same TPM / same
program
NGSCB - Remote Attestation
Communicate hashes of secure programs
for remote verification of modification
detection
Ensures that client software functions as
intended
Kazaa vs. MPAA/RIAA
15
� 16/11/2011
NGSCB – Secured Path to the
User
Ensure the information remains securely
through the input/output of the devices.
Encrypt the input/output, creates a secure
path.
Protects computer from:
Keystroke recorded
NGSCB – Hardware
Need to upgrade current hardware devices:
mouse/keyboard/USB devices/ video
adapter
Input: upgrade to USB devices: Smart
cards, biometrics, others
Output: upgrade to Graphic adapter, which
prevent read/write to video memory
16
� 16/11/2011
Trusted Platform Module (TPM)
Cryptographic operations
Asymmetric key generation
Hashing: SHA-1, HMAC
Random number generator
Signing and encryption
Asymmetric key generation:
Random number generator
RSA (512, 1024, 2048)
Asymmetric encryption/
Hash HMAC
decryption: RSA
Symmetric encryption/
decryption: DES, 3DES
I/O Processor Memory
(AES)
Non-volatile memory Tamper resistant (hash
TPM and key) storage
Uses
Remote banking, business-to-business e-commerce, and online
auctioning
Corporate networking, document sharing
Cheat-proof gaming enforcement
Secure data storage
Personal privacy protection, data management, and record keeping
Shared computing and secure transactions
Secure home computing
Government agencies that require a high level of security and trust
Software license enforcement
Copyright enforcement
17
� 16/11/2011
Issues
GPL
Who is in control – owners, MS, or content
providers?
Assumptions – hardware modifications
possible
Censorship
References
Trusted Computing: Promise and Risk
http://www.eff.org/Infra/trusted_computing/20031001_tc.php
http://www.microsoft.com/resources/ngscb
Ross Anderson’s site http://www.cl.cam.ac.uk/~rja14/
Anderson’s Patent
Arbaugh Paper
Inside Intel's Secretive 'LaGrande' Project
http://www.extremetech.com/print_article/0,3998,a=107418,00.asp
http://www.intel.com/technology/security/
http://www.microsoft.com/whdc/winhec/pres03.mspx
18
