• No results found

Secure Data Management in Trusted Computing

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Secure Data Management in Trusted Computing"

Copied!
21
0
0

Loading.... (view fulltext now)

Download now ( 21 Page )

Full text

(1)

Secure Data Management in

Trusted Computing

Ulrich K¨uhn

Deutsche Telekom Laboratories, TU Berlin Klaus Kursawe (KU Leuven)

Stefan Lucks (U Mannheim) Ahmad-Reza Sadeghi (RU Bochum)

Christian St¨uble (RU Bochum) CHES 2005

(2)

Roadmap

Introduction

Problems with Sealed Data Platform Updates

Hardware Migration Conclusion

(3)

TCG’s Proposal for Trusted Computing

Trusted Computing Group: Industry consortium to devolop specifications to

[...] protect and strengthen the computing platform against software-based attacks.

Key Idea: Base Trusted Computing Base on small piece of secure hardware.

Recent developments: TNC

Our Motivation: TCG hardware widely deployed

→ Combine with secure operating systems to increase security Here: Address problems and propose solutions.

(4)

Trusted Platform Module

Main components: I Cryptographic engine

I Non-volatile tamper resistant storage

I Storage Root KeySRK → virtual shielded storage I Endorsement Key

I Platform Configuration RegistersPCR

I write access only viaExtend operation

(5)

Main TCG Mechanisms

I Integrity measurement

I Establish platform configuration at boot time I Attestation

I Attest platform configuration to remote party

I (Subset of) PCRs signed with Attestation Identity Key I Sealing

I Exclusive availability of information for certain configurations

I TPM-enforced

(6)

Integrity & Boot Process

Establish Chain of Trust for TCB: I Start from the Core Root of Trust

I Measure: c ← SHA1(next software chunk) I ExtendPCR: PCRi ← SHA1(PCRi, c) I Execute software chunk

I might enter another measure-extend-execute cycle Results:

I PCRs specific for current platform configuration

I Link between PCRs and software / security properties? I Changed softwarenot blocked but detected

(7)

Architecture of Trustworthy Platforms

Use TCB comprised of hardware and software:

OS OS OS Trusted Software Layer Hardware Layer

App 1 App 2 App 3 App 4 App 5 App 6

TPM

I TPM

I Trusted software I OS runs on top

(8)

Sealing

Places data in encrypted blob:

I Availability of datadepends on predefined PCR values I TPM delivers data only if those PCRs are present I otherwise data remains encrypted

Usage Scenarios:

I Cryptographic keys for accessing networks I Documents, Media files, etc.

Key question:

(9)

Roadmap

Introduction

Problems with Sealed Data Platform Updates

Hardware Migration Platform Updates Hardware Migration Conclusion

(10)

Sealed Data & Platform Updates

Consequences of integrity measurement: I Changing software in TCB changes hashes I Results in changed PCR values

I Unseal does not release sealed data

I Intendedfor malicious / non-trustworthy “TCB” I What aboutpatches?

I Typicallypreserve security properties

I Shouldclosesecurity holes

(11)

Sealed Data & Hardware Migration

Maintenance procedure: I Process is optional

I To our knowledgenot implemented in existing TPMs I Works only for TPMs ofsame vendor

I Needs interaction with vendor

I Vendor out of business?

I Price?

(12)

Roadmap

Introduction

Problems with Sealed Data

Platform Updates Software-Supported Updates TPM-Supported Updates Property-Based Sealing Hardware Migration Conclusion

(13)

Platform Updates

Requirements for a patched TCB:

I Security: Remote party wants that new platform configuration still adheres to security policy.

I Availability: Owner / User wants information available after patch.

Our solutions:

I Software-supported I TPM-supported I Property-based sealing

(14)

Software-Supported Updates

TCB component “Update Manager”:

OS OS OS Trusted Software Layer Hardware Layer

App 1 App 2 App 3 App 4 App 5 App 6

TPM

I Keep record of sealed data blobs I Know new PCR values

I Ensure adherence to security policy

I Signature by Trusted Third Party → Key management I Be fail-safe

Pros & Cons:

I Works withcurrent TCG hardware

I Handles only data sealed for current configuration I Requirements for TCB design

(15)

TPM-Supported Updates

Key ideas:

OS OS OS Trusted Software Layer Hardware Layer

App 1 App 2 App 3 App 4 App 5 App 6

TPM

I New TPM command TPM UpdateSeal:

I Data sealed for Si is resealed for Sj

I Delegate decisionon equivalence of PCR values Si and Sj I Trusted Third Party issuesupdate certificate

certupdate = Sign(Si, Sj)

Pros & Cons:

I New TPM command, but should be easy to implement I Avoids problemsof software-only solution

(16)

Property-Based Sealing

Key Ideas:

OS OS OS Trusted Software Layer Hardware Layer

App 1 App 2 App 3 App 4 App 5 App 6

TPM

I Seal data forabstract properties

I e.g. “Strong Process Isolation”

I Mapping between properties and binary measurements Pros & Cons:

I Bettermodel for security functionality I Resolves problems with handling sealed data I Hides concrete binary measurements →privacy I To do: describe useful properties

(17)

Implementing Property-Based Sealing

Use TPM-support for property-based sealing: I Describe properties by abstract configuration I Data is sealed for abstract configurations only I TPM UpdateSealtranslates to binary measurements I Update certificate states that configurationimplements

security properties Pros & Cons:

I Elegant solutionfor update problem I Avoids discriminationof operating systems

(18)

Roadmap

Introduction

Problems with Sealed Data Platform Updates

Hardware Migration Requirements Migration Protocol Conclusion

(19)

Migrating to another Hardware Platform

Requirements for TPM migration:

I Completeness: Move secret state of source TPM to destination TPM; clear source afterwards.

I Security: Migration only if destination TPM at least as secure as source TPM.

→Delegate decision to trusted third party. I Fairness: openly specified process

(20)

Design of Migration Protocol

Key ideas:

I Secure exportof non-volatile memory etc. under SRK I Delegate decisionon equivalent security of TPMs

I Trusted TPM Migration Authority TMA

I Migration certificateon TPM identities (endorsement

keys) EKs and EKd

certmig = Sign(Hash(EKs), Hash(EKd)) I Specialexport modefor source TPM that allows only:

I Extract SRKs encrypted under EKd

(21)

Summary and Conclusion

I Update & migration problems with sealed data I Proposed solutions for update issue

I Software-only

I TPM-supported

I Property-based sealing

I Combining TPM-supported with property-based solution I Proposed secure & fair migration protocol

I Improves over currently optional maintenance feature

I Ongoing work: TC-project at RU Bochum implements property-based sealing and attestation, see

References

Download now ( PDF - 21 Page - 144.99 KB )

Related documents

The crowd psychology of the Hajj

In previous chapters I described pilot studies necessary to plan for the main research addressing the aims of the thesis: (1) to document and understand the perspective

OWNER'S MANUAL FLEET POWER INVERTER/BATTERY CHARGERS

Charging Rate Bulk Charge Voltage Float Charge Voltage Equalizing Charge Voltage Battery Cables Hardwire Status Panel Weight Dimensions FP 2500-12 12 VDC 10.0 - 15.5 VDC 10 VDC

Katabasis e Psyche em Platão

É uma palavra que engloba várias possibilidades de histórias de um passado remoto, “objet non de témoignange direct ou indirect mais de tradition” (Brisson 1982: 29).

tinyavr Microcontrollers White Paper is the registered trademark of Atmel Corporation, 2325 Orchard Parkway, San Jose, CA Rev.

Atmel’s family of tinyAVR microcontrollers comprise a reduced instruction set (RISC) machine, employing a true Harvard architecture with separate busses and address spaces for

CONTENTS. The model number, serial number and electrical rating of this set-top are on a label on its base.

You can take advantage of the digital audio output from your set-top by connecting a suitable cable between your home theater receiver and the OPTICAL AUDIO OUT connector (as shown

Selection of candidates for the job

Najvažniji elementi profesionalne selekcije su analiza posla i njezina uloga u selekciji, kriterij radne uspješnosti i opće psihometrijske karakteristike koje

The relationship between occupational culture dimensions and reward preferences : A structural equation modelling approach

Therefore, a positive relationship was found between the Environment occupational culture dimension and a number of the reward preferences, namely, Performance and

CRB California Research Bureau, California State Library FRAUD AND ABUSE IN THE HEALTH CARE MARKET OF CALIFORNIA. Elias S. Lopez, Ph.D.

Unlike most other states where the Department of Insurance regulates both disability health insurers and health plans, California is the only state where the Department of