1

CSCS-- 6910: Advanced Computer and 6910: Advanced Computer and

Information Security (ACIS)Information Security (ACIS)

Trusted Computing GroupTrusted Computing Group

ByBy

SubhashiniSubhashini PulimamidiPulimamidi

Department of Computer ScienceDepartment of Computer Science

Western Michigan UniversityWestern Michigan University

Instructor: Prof. Instructor: Prof. LeszekLeszek T. T. LilienLilien

2

What is TCG ?What is TCG ?

�� Trusted Computing Group (TCG) is an industry Trusted Computing Group (TCG) is an industry standards organization with the aim of standards organization with the aim of enhancing the security and trustworthiness of enhancing the security and trustworthiness of the computing environment in disparate the computing environment in disparate computer platforms.computer platforms.

�� The main component of the TCG proposal is The main component of the TCG proposal is the Trusted Platform Module (TPM) which the Trusted Platform Module (TPM) which provides cryptographic functions.provides cryptographic functions.

3

GoalGoal

� The Trusted Computing Group (TCG) publishes specifications defining architectures, functions and interfaces that provide a baseline for a wide variety of computing platform implementations.

� Additionally, the TCG publishes specifications describing specific platform implementations such as the Personal Computer, Personal Digital Assistants (PDA), Cellular telephones and other computing equipment.

4

ContdContd……

� Platforms based on the TCG specifications are expected to meet functional and reliability standards that allow increased assurance of trust.

� The TCG will publish evaluation criteria and platform specific profiles that may be used as a common yard stick for evaluating devices incorporating TCG technology.

5

TCG ArchitectureTCG Architecture

6

Trusted Platform FeaturesTrusted Platform Features

Trust is the expectation that a device will Trust is the expectation that a device will

behave in a particular manner for a specific behave in a particular manner for a specific

purpose.purpose.

A trusted platform should provide at least A trusted platform should provide at least

three basic features.three basic features.

1.1. Protected CapabilitiesProtected Capabilities

2.2. Integrity MeasurementIntegrity Measurement

3.3. Integrity ReportingIntegrity Reporting

7

Protected CapabilitiesProtected Capabilities

�� Protected capabilities are a set of commands Protected capabilities are a set of commands

with exclusive permission to access shielded with exclusive permission to access shielded

locations.locations.

�� The TPM (Trusted Platform Module) The TPM (Trusted Platform Module)

implements protected capabilities and shielded implements protected capabilities and shielded

locations used to protect and report integrity locations used to protect and report integrity

measurements.measurements.

�� The TPM also stores cryptographic keys used to The TPM also stores cryptographic keys used to

authenticate reported measurements.authenticate reported measurements.

8

AttestationAttestation

� Attestation is the process of vouching for the accuracy of information. External entities can attest to shielded locations, protected capabilities, and Roots of Trust.

� A platform can attest to its description of platform characteristics that affect the integrity (trustworthiness) of a platform.

� All forms of attestation require reliable evidence of the attesting entity.

9

Integrity Measurement, Storage and Integrity Measurement, Storage and

ReportingReporting

� Integrity Measurement is the process of

obtaining metrics of platform characteristics that

affect the integrity (trustworthiness) of a

platform , storing those metrics; and putting

digests of those metrics in PCRs (Platform

Configuration Registers).

� The starting point of measurement is called the

root of trust for measurement.

10

ContdContd……

�� An intermediate step between integrity An intermediate step between integrity

measurement and integrity reporting is called measurement and integrity reporting is called

integrity storageintegrity storage..

�� In this step integrity metrics are stored in a log In this step integrity metrics are stored in a log

and digests of those metrics are stored in and digests of those metrics are stored in PCRPCR’’ss

(Platform Configuration Registers).(Platform Configuration Registers).

�� Integrity ReportingIntegrity Reporting is the process of attesting to is the process of attesting to

the contents of integrity storage.the contents of integrity storage.

11

TPM ArchitectureTPM Architecture

12

TPM ComponentsTPM Components

�� Input/outputInput/output (I/O) (I/O) manages information flow

over the communications bus.

� It performs protocol encoding/decoding

suitable for communication over external and

internal buses.

� It routes messages to appropriate components.

13

ContdContd……

� Non-volatile storage is used to store Endorsement Key (EK), Storage Root Key (SRK), owner authorization data and persistent flags.

� Attestation Identity Keys must be persistent, but it is recommended that AIK keys be stored as Blobs in persistent external storage (outside the TPM), rather than stored permanently inside TPM non-volatile storage.

14

ContdContd……

� Program code contains firmware for measuring

platform devices.

� Logically, this is the Core Root of Trust for

Measurement (CRTM). Ideally, the CRTM is

contained in the TPM, but implementation

decisions may require it be located in other

firmware.

15

ContdContd……

� The TPM contains a true random-bit generator

used to seed random number generation. The

RNG is used for key generation.

� A Sha-1 message digest engine is used for

computing signatures.

16

ContdContd……

� The RSA engine is used for signing with signing keys, encryption/decryption with storage keys, and decryption with the EK.

� The Opt-In component implements TCG policy requiring TPM modules are shipped in the state the customer desires.

� This ranges from disabled and deactivated to fully enabled; ready for an owner to take possession.

� The Execution engine runs program code. It performs TPM initialization and measurement taking.

17

Trusted PlatformTrusted Platform

�� Roots of trust are the components which have Roots of trust are the components which have

at least the minimum functionality to describe at least the minimum functionality to describe

the platform characteristics the effect the the platform characteristics the effect the

trustworthiness of the platform.trustworthiness of the platform.

�� There are three roots of trust in a trusted There are three roots of trust in a trusted

platform which are RTM, RTS and RTR.platform which are RTM, RTS and RTR.

18

ContdContd……

�� Root of trust for measurement (RTM) Root of trust for measurement (RTM) is a computing engine capable of making inherently reliable integrity measurements.

� Root of trust for storage (RTS) is a computing engine capable of maintaining an accurate summary of values of integrity digests and the sequence of digests.

� Root of trust for reporting (RTR) is a computing engine capable of reliably reporting information held by the RTS.

19

Integrity Reporting ProtocolIntegrity Reporting Protocol

20

ContdContd……

Attestation protocol consists of several steps:

1. A Challenger requests one or more PCR values

from a platform.

2. An agent on the platform containing a TPM,

collects SML entries.

3. The Platform Agent receives PCR values from

the TPM.

21

ContdContd……

4. The TPM signs PCR values using an AIK.

5. The Platform Agent collects credentials that vouch for the TPM. The signed PCR value, SML entries and Credentials are returned to the Challenger.

6. The Challenger verifies the request. The measurement digest is computed and compared with PCR value. The platform credentials are evaluated and signatures checked.

22

TCG Usage ScenariosTCG Usage Scenarios

�� Risk ManagementRisk Management

�� Asset ManagementAsset Management

�� EE--commercecommerce

�� Security Monitoring and Emergency ResponseSecurity Monitoring and Emergency Response

23

Conclusions for Conclusions for OPPNetsOPPNets

�� If the nodes of If the nodes of oppnetsoppnets are TCG compliant are TCG compliant

then the trustworthiness of those platforms then the trustworthiness of those platforms

increases.increases.

24

ReferencesReferences

�� TCG specification architecture overviewTCG specification architecture overview

� Ahmad-Reza Sadeghi, Marcel Selhorst, Christian St ¨uble, Christian

Wachsmann, and Marcel Winandy. TCG inside?- A note on TPM

specification compliance.

http://delivery.acm.org.libproxy.library.wmich.edu/10.1145/1180000/11794

87/p47sadeghi.pdf?key1=1179487&key2=6009363611&coll=portal&dl=AC

M&CFID=6237415&CFTOKEN=27623902