Security & Trusted Computing

Overview
 Security & Threats
• Security: Cyber security, computer security or IT security is the protection of
computer systems from the theft and damage to their hardware, software or
information, as well as from disruption or misdirection of the services they
provide. Cyber security includes controlling physical access to the hardware, as
well as protecting against harm that may come via network access, data and
code injection
• Threats to security
– Intruder: A person who act in a network or systems for malicious activity or policy
violations.
– Hacker: A security hacker is someone who seeks to breach defenses and exploit
weaknesses in a computer system or network. Hackers may be motivated by a multitude
of reasons, such as profit, protest, information gathering, challenge, recreation, or to
evaluate system weaknesses to assist in formulating defenses against potential hackers.
– Cracker: Cracker, a person who uses software cracking to modify a program. Cracker, a
person who uses password cracking to recover passwords
 Security Parameters / ingredients
• Confidentiality is the property that information is not made available
or disclosed to unauthorized individuals, entities, or processes
• Integrity is the property of safeguarding the accuracy and
completeness of assets
• Accountability ascertains the responsibility of an entity (like a person)
for its actions and decisions . For this purpose, all relevant activities
events and operations on a system, e.g., failed and successful
authentication attempts, are recorded in a log.
• Authentication: provision of assurance that a claimed characteristic of
an entity is correct
– Something the user owns / has (such as a token or smart card) 2. Something
the user knows (a passphrase or PIN) 3. Something only the user can present
(e.g. biometric identification).
 Trusted Computing
The Trusted Computing here presented is however, more focused on the other
definition of trusted computing. The capability of assuring confidence on the
computational system that is being used. With the increase and proliferation of
communication systems, the users privacy and is data coherence is constantly at risk.
Either remotely with the use of programs developed to examine or modify the existing
data and the systems usage (e.g. virus and worms), or locally through the monitoring of
the systems behavior (e.g. printing a document form an unauthorized computer) or
through physical attacks (e.g. observation of the power consumption, reading the data
stored in memory). 
A significant part of these security issues are resolve with use of encryption algorithms.
However these algorithms have significant computational requirements and different
computational characteristics, so even if hardware accelerators exist to speed up these
calculations they can not efficiently improve all the existing algorithms. With this in
mind the major software and hardware manufactures created the Trusted Computing
Alliance Platform in order to normalize and to catalyze the use of security systems in
order to achieve more trustworthy computational systems.
 Trusted Computing Group:
• This Trusted Computing Alliance Platform (TCAP), a consortium
formed by Microsoft, Intel, IBM, AMD, Sun Microsystems,HP
among many other, also designated by Trusted Computing
Group (TCG), have established a set of features that may
eventually be used in future generation of computers
providing new standard for trusted computing. These new
capabilities are to be integrated in the hardware and in the
software application. 
This group developed the Trusted Platform chip (TPM), which
provide the hardware acceleration for the proposed features,
namely: Secure InO; Memory curtaining; Sealed storage; and
Remote attestation.
 Features of Trusted Computing
• Secure input and output: The secure Input and Output (InO) feature consists on the validation of the received
data via using checksums to verify that the software used to do the InO has not been tampered with. For
example a virus trying to snoop the communication between the computer and a credit card reading device.
• Memory curtaining: Memory curtaining consists on allowing access to a memory region only to the
corresponding software application, thus preventing other applications (e.g. virus) of accessing to critical data
that can be miss used, even if the malicious application took control of operating system. Even though the TCG
proposes the implementation of this feature in hardware, it can also be implemented in software, but doing it
in hardware requires less code to be rewritten.
• Sealed storage: Sealed storage consists in storing encrypted data into memory. The key used to encrypt the
data is generated as a combination of the software application and the machines hardware, this means that
only a given combination of software and hardware is capable of correctly accessing the data stored in
memory. This mechanism protects the users information of being read by a different application (or an
adulterated of the original software) or from being read in an unauthorized machine.
• Remote attestation: With remote attestation the software or a combination of software and hardware can be
authenticated, generating a digital signature for the software being used and in which machine. This digital
signature is used to assure a remote recipient that the data was constructed by a non forged, cryptographically
identified trusted application. 
Remote attestation is usually used with public-key encryption, in order to guarantee that only the application
that requested the authentication can read the digital signature, other wise, other applications or users could
be able to identify which applications the user has been using.
 TPM & Bitlocker
• BitLocker is a full disk encryption feature included with
Windows Vista and later. It is designed to protect data by
providing encryption for entire volumes. By default it
uses the AES encryption algorithm in cipher block
chaining (CBC) or XTS mode with a 128-bit or 256-bit key.
• A Trusted Platform Module (TPM) is a specialized chip
on an endpoint device that stores RSA encryption keys
specific to the host system for hardware authentication.
Each TPM chip contains an RSA key pair called the
Endorsement Key (EK).