Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
www.teletrust.de
2:00 p.m. Introduction2:10 p.m. Trusted Infrastructures
Steve Lipner, Microsoft, USA2:40 p.m. Embedded TC: Trustworthy Infrastructures in the Mobile World?
Ammar Alkassar, Sirrix AG, Germany3:10 p.m. Securing the Core with an Enterprise Key Management
InfrastructureArshad Noor, StrongAuth, Inc., USAAndreas Philipp, Utimaco AG, Germany
3:40 p.m. TC InfrastructuresMonty Wiseman, Intel Corporation,
4:10 p.m. Smart Card Security for Mobile Data and ApplicationsRon Porcello, certgate GmbH, Germany
4:40 p.m. Discussion5:00 p.m. End of workshop
Round Table Meetingin connection with the RSA-Conference 2008Support for Mobility - Trusted Infrastructures
Steven B. LipnerSenior DirectorSecurity Engineering StrategyTrustworthy ComputingMicrosoft Corporation
SLIDES NOT DISTRIBUTED, Sorry for that: Arno
Sirrix AG security technologies
Round Table – prior RSA Conference7. April 2008 | San Francisco © 2008 Sirrix AG
Sirrix AGsecurity technologies
EmbeddedEmbeddedTrusted ComputingTrusted Computing
Trustworthy Infrastructures in the Mobile World?Ammar Alkassar, Christian Forler, Thomas Quirin
Round Table, San Francisco © 2008 Sirrix AG
Sirrix AGsecurity technologies
Sirrix AG security technologiesSirrix AG security technologiesExcellence in Trusted ComputingExcellence in Trusted Computing
Founded in 2000 as Spin-Off ofGerman Research Center for Artificial IntelligenceFocus: Cutting-Edge Technology in Information Security
Many Key Developments in Trusted ComputingTURAYA™ First Security Kernel with TC-SupportTPM Compliance Test SuiteTrustedGRUB Bootloader, TPM-Manager, …First E1-Interface-Card with TPM supportFirst VPN and IEEE802.1x port authentication with TC-Support
Upcoming Studies in 2008:CC Protection Profile on High-Assurance Security Kernel (HASK)Study on security technologies, alternative and/or supporting TC
Worldwide CustomersInfineon, ST Microelectronics, SAP, NATO, BSI, ND-Satcom Defense, Scotty, Thales Defense, Commissariat à l‘Energie Atomique (CEA), SCA, Bechtle, T-Online, WincorNixdorf, Trusted Computing Group, Inc. …
Embedded Trusted
Computing?
Round Table, San Francisco © 2008 Sirrix AG
Sirrix AGsecurity technologies
Embedded Trusted ComputingEmbedded Trusted ComputingAreas of InterestAreas of Interest
Mobile ComputingMobile ComputingSmart Phones, Mobiles, PDAs
Car ElectronicsCar ElectronicsIncreasing security of access control etc.Online activation of purchased features
Manufacturing Systems Manufacturing Systems Intellectual Property protection of manufacturing systemsCurrently not addressed by TCG, TPM not sufficient
AdhocAdhoc/Mesh/Mesh--NetworksNetworksTrusted Nodes in ubiquitous computing
Home Networks Home Networks Smart home infrastructures
Addressed in „EMSCB“European MultilaterallySecure Computing Base
To be addressed in EU FP7-Project Ubisec&Sens II
Round Table, San Francisco © 2008 Sirrix AG
Sirrix AGsecurity technologies
Embedded Trusted ComputingEmbedded Trusted ComputingAreas of InterestAreas of Interest
Mobile ComputingMobile ComputingSmart Phones, Mobiles, PDAs
Car ElectronicsCar ElectronicsIncreasing security of access control etc.Online activation of purchased features
Manufacturing Systems Manufacturing Systems Intellectual Property protection of manufacturing systemsCurrently not addressed by TCG, TPM not sufficient
AdhocAdhoc/Mesh/Mesh--NetworksNetworksTrusted Nodes in Ubiquitous Computing
Home networks Home networks Smart home infrastructures
Addressed in „EMSCB“European MultilaterallySecure Computing Base
To be addressed in EU FP7-Project Ubisec&Sens II
Don’t we have already
solutions?
Round Table, San Francisco © 2008 Sirrix AG
Sirrix AGsecurity technologies
UICCsUICCs as Deployed Security Anchoras Deployed Security Anchor
Mobile Device
Carrier
Service Provider
UICC cannot provideAny end-to-end securityAuthentication without carrier’s helpUsually available inside cellular networksAny integrity protection of the softwareAny statement on the integrity nor on the configuration of the platform
UICC
UICC can provideEnd-point authentication by mobile carrierPoint-to-point encryption of over-the air communication
What do we expect from Mobile TC
Round Table, San Francisco © 2008 Sirrix AG
Sirrix AGsecurity technologies
Mobile Trusted ComputingMobile Trusted Computing
Mobile Computing: Mobiles, Mobile Computing: Mobiles, SmartphonesSmartphones, , PDAsPDAs
Threats to be addressedThreats to be addressedKnown threats from the computing world (Worms, Trojan H., Viruses)
New threats, e.g. stolen equipment with sensitive key material and data
Round Table, San Francisco © 2008 Sirrix AG
Sirrix AGsecurity technologies
Mobile Trusted ComputingMobile Trusted ComputingUse CasesUse Cases
User Data Protection and PrivacyUser Data Protection and PrivacyEnable the protection of user’s personal information, such as identity and address books, from access or copying by unauthorized parties.
Platform IntegrityPlatform IntegrityEnsure device operation occurs with only authorized operating system(s) and hardware.
Prove Platform/Application Integrity to End Prove Platform/Application Integrity to End UserUser
Provide the ability for the user to verify, either at boot time or on application start up, the trustworthiness of the device and/or application.
Device AuthenticationDevice AuthenticationEnsure that 1) device authentication may be used to assist in end user authentication, and 2) that it may prove the identity of the device itself.
SIMLockSIMLock / Device Personalization / Device Personalization Ensure that subsidized mobile devices remain locked to the appropriate network until unlocked in an authorized manner.
Robust DRM ImplementationRobust DRM ImplementationEnsure any implementation of a DRM specification can be trusted to protect the data that users acquire and the content and service providers require .
Secure Software DownloadSecure Software DownloadEnable the secure download of application software or updates, firmware updates or patches to protect against attacks.
Software UsageSoftware UsageAssure that software applications retain their integrity against attacks, adhere to device user policies, and cannot interfere with other device functions.
Secure channel between device and UICCSecure channel between device and UICCProvide shared functioning for security sensitive applications (e.g., an m-commerce application) that must implemented partly in the UICC and partly in the device.
Mobile TicketingMobile TicketingEnable new services based on a user purchase of an electronic ticket which is downloaded to the mobile device and used for entry to an event or access to a service.
Mobile PaymentsMobile PaymentsEnable the mobile device to serve as a user’s wallet or purse for electronic payments to point of sale devices.
Round Table, San Francisco © 2008 Sirrix AG
Sirrix AGsecurity technologies
Mobile Trusted ComputingMobile Trusted Computing
How can the mobile world benefit from TC? How can the mobile world benefit from TC?
Providing a security anchor with integrity proofProviding a security anchor with integrity proofenabling new business models (carrier support not required)
standardized and interoperable
Increasing trustworthiness forIncreasing trustworthiness forsensitive applications (e.g. legal binding signatures, m-payment)
business applications (protection against Trojan Horses etc.)
Round Table, San Francisco © 2008 Sirrix AG
Sirrix AGsecurity technologies
Mobile Trusted ComputingMobile Trusted Computing
How can the mobile world benefit from TC? How can the mobile world benefit from TC?
Providing a security anchor with integrity proofProviding a security anchor with integrity proofenabling new business models (carrier support not required)
standardized and interoperable
Increasing trustworthinessIncreasing trustworthiness forforsensitive applications (e.g. legal binding signatures, m-payment)
business applications (protection against Trojan Horses etc.)
1. Security Anchor
Round Table, San Francisco © 2008 Sirrix AG
Sirrix AGsecurity technologies
TCG: Mobile Trusted Platform Module (MTM)TCG: Mobile Trusted Platform Module (MTM)
MTM: Specified June 2007MTM: Specified June 2007Goal: Standardized, interoperable, vendorGoal: Standardized, interoperable, vendor--independentindependentMain differences to Trusted Platform Module (TPM) conceptMain differences to Trusted Platform Module (TPM) concept
MTM supports Secure Boot – TPM just measures integrity
MTM is a functionality rather than a physical module
Parallel instances of MTM on the same device possible
Currently, no implementation, but Currently, no implementation, but MTM Emulator by Nokia Research, Helsinki
Soldered TPM on Samsung Smartphone (Samsung/Infineon)
MTM Compliance Test Suite by Sirrix AG
2. Increasing Trustworthines
s
Round Table, San Francisco © 2008 Sirrix AG
Sirrix AGsecurity technologies
TURAYA: HighTURAYA: High--Assurance Security Kernel Assurance Security Kernel
PerseusPerseus: Separation Kernel, developed since 1999: Separation Kernel, developed since 1999Provides strong isolation and mandatory policy enforcement on compartment level
Turaya: TPMTuraya: TPM--support added in EMSCBsupport added in EMSCB--Project (2005Project (2005--2008)2008)Partners: Infineon, SAP, Bosch/Blaupunkt, IFIS, RUB, TUD,…
Currently underlying security core of Currently underlying security core of Projects: OpenTC, TECOM, TRUCOM, VERISOFT, …Products: TrustedVPN, TrustedIEEE802.1x, …
Supports different types of Hypervisors/MicrokernelSupports different types of Hypervisors/MicrokernelL4/TUD, OKL4/Sydney, P4/Sysgo, XEN
Applying to mobile systemsApplying to mobile systems
Round Table, San Francisco © 2008 Sirrix AG
Sirrix AGsecurity technologies
Mobile Trusted Platform Module (MTM)Mobile Trusted Platform Module (MTM)An ExampleAn Example
Security-Enabled Processor (e.g., TI M-Shield, Qualcomm SecureMSM)
Security Kernel
Virtualization
Legacy Mobile OS
Security critical applications
Secure Boot and MRTM set up
secure, signature-based bootsecure on-chip keys/secretslimited access to on-chip keys
Signed firmwaresecure processing environment e.g., ARM TrustZone or Security Kernel
Process isolationMandatory policy enforcementUser MTM with mandatory and discretionary access control
Proprietary Boot
Abort on Failure
Current Activities in
Embedded TC
Round Table, San Francisco © 2008 Sirrix AG
Sirrix AGsecurity technologies
Projects on Mobile/Embedded Trusted Computing Projects on Mobile/Embedded Trusted Computing
TECOMTECOM--Project (EU FPProject (EU FP--7), 01/2008 7), 01/2008 ––Partners: Infineon AG, EADS Defense&Security, SYSGO AG, Sirrix AG, Amtec S.p.a., Trango Virtual Processors, Aonix, Trusted Logic, and more
Focus on mobile phones and carrier/service provider
MoTrustMoTrust--Project (German BSI), 2008/2009Project (German BSI), 2008/2009Focus on mobile devices and sensitive applications
TRUCOMTRUCOM--Project (German National), 2006Project (German National), 2006--20082008Focus on mobile devices and media protection/DRM
Sirrix AGsecurity technologies
© 2008 Sirrix AGRound Table | San Francisco
Contacts:
Liese-Meitner-Allee 444801 BochumTel +49 234 61007-0Fax +49 234 61007-111
Im Stadtwald, Geb. D3 266123 SaarbrückenTel +49 681 936251-0Fax +49 681 936251-500
QuestionsQuestions??
mailto:[email protected]
Arshad Noor, Andreas Philipp
Securing the Core with Enterprise Key Management
2
©S
trong
Aut
h. In
c. ,
Utim
aco
Saf
ewar
e A
G 2
007-
2008
Who we are? StrongAuth, Inc.
7 year-old, private company based in Sunnyvale, CaliforniaFocus on:
• Enterprise Key Management
• PKI-based Identity Management
• Compliance Workflow Management
Arshad Noor, CTO, StrongAuth, Inc.
Utimaco Safeware AG25 year-old, public company based in Oberursel, Germany
Focus on:• Data Security Soultion
Andreas Philipp; Head of HSM Business.
3
©S
trong
Aut
h. In
c. ,
Utim
aco
Saf
ewar
e A
G 2
007-
2008
Business ChallengeRegulatory Compliance
PCI-DSS, HIPAA, FISMA, SB-1386, etc.Impending Massachusetts H213 bill
Avoiding finesChoicePoint $15M, Nationwide Building Society $2M
Avoiding lawsuits – BofA, TJX, HannafordAvoiding negative publicity
Hannaford, VA, IRS, TJX, E&Y, Citibank, BofA, WF, Ralph Lauren, UC, and 300+ others
4
©S
trong
Aut
h. In
c. ,
Utim
aco
Saf
ewar
e A
G 2
007-
2008
•Generate•Encrypt•Decrypt•Escrow•Authorize•Recover•Destroy•Audit
The Encryption Problem
•Generate•Encrypt•Decrypt•Escrow•Authorize•Recover•Destroy•Audit
•Generate•Encrypt•Decrypt•Escrow•Authorize•Recover•Destroy•Audit
•Generate•Encrypt•Decrypt•Escrow•Authorize•Recover•Destroy•Audit
•Generate•Encrypt•Decrypt•Escrow•Authorize•Recover•Destroy•Audit
.........and on and on
5
©S
trong
Aut
h. In
c. ,
Utim
aco
Saf
ewar
e A
G 2
007-
2008
Key Management Silos
DecryptEncryptKey-Handling
DecryptEncryptKey-Handling
DecryptEncryptKey-Handling
DecryptEncryptKey-Handling
DecryptEncryptKey-Handling
6
©S
trong
Aut
h. In
c. ,
Utim
aco
Saf
ewar
e A
G 2
007-
2008
What is an EKMI?An Enterprise Key Management Infrastructure is:“A collection of technology, policies and procedures for managing the life-cycle of all cryptographic keys in the enterprise.”
CharacteristicsA single place to define EKM policyA single place to manage all keysStandard protocols for EKM servicesPlatform and Application-independentScalable to service millions of clientsAvailable even when network failsExtremely secure
7
©S
trong
Aut
h. In
c. ,
Utim
aco
Saf
ewar
e A
G 2
007-
2008
The EKMI Model
DecryptEncrypt
DecryptEncrypt
DecryptEncrypt
DecryptEncrypt
DecryptEncrypt
DecryptEncrypt
Symmetric Key Service (SKS) Server GenerateProtectEscrowAuthorizeRecoverDestroyAudit
PKI Issue and Manage Credentials
8
©S
trong
Aut
h. In
c. ,
Utim
aco
Saf
ewar
e A
G 2
007-
2008
EKMI Components
EKMI
PKI SKMS
PKI (Public Key Infrastructure)
“A collection of technology, policies and procedures for managing the life-cycle of asymmetric cryptographic keys in the enterprise.”
SKMS (Symmetric Key Management System)
“A collection of technology, policies and procedures for managing the life-cycle of symmetric cryptographic keys in the enterprise.”
9
©S
trong
Aut
h. In
c. ,
Utim
aco
Saf
ewar
e A
G 2
007-
2008
SKMS Big-Picture
1.) Client Application makes a request for a symmetric ke2.) SKCL makes a digitally signed request to the SKS3.) SKS verifies SKCL request, generates, encrypts, digitally signs & escrows key in
DB4.) CryptoServer HSM provides security for RSA Signing & Encryption keys of SKS5.) SKS responds to SKCL with signed and encrypted symmetric key6.) SKCL verifies response, decrypts key and hands it to the Client Application7.) Native (non-Java) applications make requests through Java Native Interface
DB ServerApplicationServer
CryptoServer
SKCL
C/C++Application
RPGApplication
JavaApplication
Key Cache
JNIRPGNI
ServerClient
HTTPNet work
1
2
3
4
5
6 7 7
10
©S
trong
Aut
h. In
c. ,
Utim
aco
Saf
ewar
e A
G 2
007-
2008
Conclusion
“Securing the Core” should have been Plan A from the beginning
But its not too late
OASIS Enterprise Key Management Infrastructure Technical Committee is driving new key management standards that cuts across platforms, applications and industries.
Members include Visa, Wells Fargo, Red Hat, US Dept. of Defense plus 25+ other companies/individuals (including the world's largest software company, world's largest database software company, world's two largest security software companies, etc.) SKSML standard anticipated in Summer/Fall 2008
Slide #1Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
Permission grated to distribute to members of INCITS CS1 and ISO/IEC JTC 1/SC 27 for the purpose of standards development
TPM and the TC Infrastructure7 April, 2008
Monty WisemanTrusted Computing Group
Chair: PC Client WG
Slide #2Copyright© 2007-8 Trusted Computing Group - Other names and brands are properties of their respective owners.
Permission grated to distribute to members of INCITS CS1 and ISO/IEC JTC 1/SC 27 for the purpose of standards development
TCG Mission
Develop and promote open, vendor-neutral, industry standard specifications for trusted
computing building blocks and software interfaces across multiple platforms.
Slide #3Copyright© 2007-8 Trusted Computing Group - Other names and brands are properties of their respective owners.
Permission grated to distribute to members of INCITS CS1 and ISO/IEC JTC 1/SC 27 for the purpose of standards development
PromotersAMDHewlett-PackardIBMInfineonIntel CorporationLenovoMicrosoftSun Microsystems, Inc.
TCG Membership140Total Members as of March 24, 2008
8 Promoter, 80 Contributor, 52 AdopterContributorsAmerican Megatrends, Inc.Aruba NetworksAtmelAuthenTec, Inc.Broadcom CorporationCerticom Corp.Citrix Systems, IncDecruDell, Inc.DPHI, Inc.Emulex Design and ManufacturingEnterasys NetworksEricsson Mobile Platforms ABETRIExtreme NetworksFrance Telecom GroupFreescale SemiconductorFujitsu LimitedFujitsu Siemens ComputersGemalto NVGeneral Dynamics C4 SystemsGiesecke & DevrientGreen Hills SoftwareHID GlobalHitachi, Ltd.Huawei Technologies Co., Ltd.Identity Engines
ContributorsInfobloxInsyde Software Corp.InterDigital Communications, LLCITE Tech Inc.Juniper Networks, Inc.Lancope, Inc.Lexar Media, Inc.Lexmark InternationalLockheed MartinLSI LogicMarvell Semiconductor, Inc.Matsushita Electric IndustrialMcAfee, Inc.Mirage NetworksMobile Armor, inc.Motorola Inc.NECNeoscale SystemsNokiaNokia Siemens Networks GmbHNortel NTRU Cryptosystems, Inc.NVIDIANXP SemiconductorsOxford SemiconductorsPhoenixPMC-SierraRenesas Technology Corp.Ricoh Company LTD
ContributorsRSA, The Security Division of EMCSafeNet, Inc.Samsung Electronics Co.SanDisk CorporationSeagate TechnologySECUDE IT Security GmbHSharp Electronics CorporationSiemens AGSMSCSony CorporationSpansion LLCStepNexus, IncStillSecureSTMicroelectronicsSymantecSymbian LtdToshiba CorporationTrapeze NetworksUnisysUPEK, Inc.Utimaco Safeware AGVMware, Inc.Vodafone Group Services LTDWave SystemsWestern Digital
Slide #4Copyright© 2007-8 Trusted Computing Group - Other names and brands are properties of their respective owners.
Permission grated to distribute to members of INCITS CS1 and ISO/IEC JTC 1/SC 27 for the purpose of standards development
TCG Membership 140 Total Members as of March 24, 2008
8 Promoter, 80 Contributor, 52 AdopterAdoptersLink-A-Media DevicesLockdown NetworksMazu NetworksMoSys, Inc.Nanjing Byosoft, LtdnSolutions, Inc.O2 MicroPatchLink CorporationPenza Research Electrotechnical InstituteQ1 LabsSafeBootSafend LTD.Shavlik TechnologiesSignaCert, Inc.Sirrix AG Security TechnologiesSkyRecon SystemsSoftex, Inc.Stonewood ElectronicsTELUSThales CommunicationThe Boeing CompanyTrust DigitalUNETsystemValicore Technologies, Inc.ViaSat, Inc.Vormetric, Inc.Winbond Electronics Corporation
AdoptersApani NetworksAUCONET GmbHAvenda SystemsBioscrypt Inc.Bit9, Inc.BlueCat NetworksBlueRidge NetworksBlueRISC, Inc.Bradford NetworksConSentry NetworksCMS ProductsCPR Tools, Inc.Cranite Systems, Inc.Credant TechnologiesCryptomathic Ltd.CryptoMill TechnologiesDartmouth CollegeFireScope Inc.ForeScout TechnologiesHangzahou Synochip Technology Co. Ltd.High Density DevicesICT Economic Impact, Ltd.IDEX ASAInsight International CorpIntellasys
Slide #5Copyright© 2007-8 Trusted Computing Group - Other names and brands are properties of their respective owners.
Permission grated to distribute to members of INCITS CS1 and ISO/IEC JTC 1/SC 27 for the purpose of standards development
TCG: The “BIG” Picture
Desktops & Notebooks
Hardcopy
Mobile Phones
Networking
Security Hardware
Applications•Software Stack
•Operating Systems•Web Services•Authentication•Data Protection
Storage
Servers
Virtualized Platform
Authentication
Slide #6Copyright© 2007-8 Trusted Computing Group - Other names and brands are properties of their respective owners.
Permission grated to distribute to members of INCITS CS1 and ISO/IEC JTC 1/SC 27 for the purpose of standards development
Platform Authentication
• Applications tend to focus on “user authentication”• But how does the IT infrastructure know which
platform is being used?– Is it authorized to be attached to the network?
?
Slide #7Copyright© 2007-8 Trusted Computing Group - Other names and brands are properties of their respective owners.
Permission grated to distribute to members of INCITS CS1 and ISO/IEC JTC 1/SC 27 for the purpose of standards development
Platform Attestation
• Applications tend to assume they have not been attacked– Especially true of “monitoring” or “defensive” apps
• But how does the IT infrastructure know if the platform is executing the application as authorized?
?
Slide #8Copyright© 2007-8 Trusted Computing Group - Other names and brands are properties of their respective owners.
Permission grated to distribute to members of INCITS CS1 and ISO/IEC JTC 1/SC 27 for the purpose of standards development
Protecting Secrets
• OS and Applications use software to protect keys and secrets– They lack a standardized and isolated place to create, store
and use them
• All software can be attacked– Offline attacks are not difficult
Slide #9Copyright© 2007-8 Trusted Computing Group - Other names and brands are properties of their respective owners.
Permission grated to distribute to members of INCITS CS1 and ISO/IEC JTC 1/SC 27 for the purpose of standards development
Functional TPM Diagram• Root of Trust for Reporting
(RTR)– Provides cryptographic
mechanism to report on TPM shielded locations
– Source of uniqueness of TPM• Root of Trust for Storage (RTS)
– Provides cryptographic mechanism to store shielded information outside of TPM
• TPM has limited internal storage
• Root of Trust for Measurement (RTM)– Platform component that
provides identity of platform state
• Note that any entity outside of the TPM must use a protected capability to access a shielded location
TPM
Protected Capabilities
Shielded Locations
RTR
RTS
RTM
Slide #10Copyright© 2007-8 Trusted Computing Group - Other names and brands are properties of their respective owners.
Permission grated to distribute to members of INCITS CS1 and ISO/IEC JTC 1/SC 27 for the purpose of standards development
One Example of a Virtual Environment
VMM
Virtual Machine
Virtual Machine
Virtual Machine
vTPM
vTPMvTPM
TPM
TPM Manager
Slide #11Copyright© 2007-8 Trusted Computing Group - Other names and brands are properties of their respective owners.
Permission grated to distribute to members of INCITS CS1 and ISO/IEC JTC 1/SC 27 for the purpose of standards development
Domains in a Trusted Mobile Platform
Device Owner’sMandatory Domain
Engine
Engine
Engine
Device Owner’sDiscretionary Domain
Engine
Engine
Engine
Device Manufacturer’sMandatory Domain
Engine
Engine
Engine
Device Manufacturer’s Engine
Slide #12Copyright© 2007-8 Trusted Computing Group - Other names and brands are properties of their respective owners.
Permission grated to distribute to members of INCITS CS1 and ISO/IEC JTC 1/SC 27 for the purpose of standards development
Operating System
MTM Example Platform
RTE
Allocated RoTs
CommsCarrier
Trusted Services
Engine - A
Service Provider
Trusted Services
Engine - B
User
Trusted Services
Engine - C
Slide #13Copyright© 2007-8 Trusted Computing Group - Other names and brands are properties of their respective owners.
Permission grated to distribute to members of INCITS CS1 and ISO/IEC JTC 1/SC 27 for the purpose of standards development
Root and Chain of Trust
• Goal is to gain trust in Entity C
• Must first trust a root– A Root of Trust is an entity that must be trusted as there is no mechanism available to measure the
entity– In TCG we call this the Root of Trust for Measurement (RTM)
• Operational standpoint is that RTM launches A; A launches B and B launches C– To trust C one must trust B– To trust B one must trust A– To trust A one must trust the RTM
• A to B to C to RTM creates a “Chain of Trust”
• Another term in use for this is “Transitive Trust”– Trust is transitive from A to B to C– It does not invert, trusting A does NOT imply that I must trust C– Trusting C REQUIRES me to trust A and B and, of course, the RTM
Entity A Entity B Entity CRTM
Slide #14Copyright© 2007-8 Trusted Computing Group - Other names and brands are properties of their respective owners.
Permission grated to distribute to members of INCITS CS1 and ISO/IEC JTC 1/SC 27 for the purpose of standards development
Broker TransactionUntrusted Platform
2. Accept < $5,000 Xaction from any platform
1. Request Xation < $5,000
3. Acknowledge Xaction
UnTrustedUnTrustedPlatformPlatform
11
33
StockBroker.comStockBroker.com
22
Slide #15Copyright© 2007-8 Trusted Computing Group - Other names and brands are properties of their respective owners.
Permission grated to distribute to members of INCITS CS1 and ISO/IEC JTC 1/SC 27 for the purpose of standards development
Broker TransactionUntrusted Platform
2. Xaction > $5,000 must provide strong proof of user authentication
1. Request Xation > $5,000
3. Request trust state of authentication mechanism
UnTrustedUnTrustedPlatformPlatform
11
33
StockBroker.comStockBroker.com
22
44
55
4. Cannot provide
5. Deny request
Slide #16Copyright© 2007-8 Trusted Computing Group - Other names and brands are properties of their respective owners.
Permission grated to distribute to members of INCITS CS1 and ISO/IEC JTC 1/SC 27 for the purpose of standards development
Broker TransactionTrusted Platform
2. Xaction > $5,000 must provide strong proof of user authentication
1. Request Xation > $5,000
3. Request trust state of authentication mechanism
UnTrustedUnTrustedPlatformPlatform
TPMTPM
AttestationID Key
11
33
StockBroker.comStockBroker.com
22
44
55
4. AIK signs trust state
5. Accept request
Slide #17Copyright© 2007-8 Trusted Computing Group - Other names and brands are properties of their respective owners.
Permission grated to distribute to members of INCITS CS1 and ISO/IEC JTC 1/SC 27 for the purpose of standards development
Multiple AIK UsageTrustedTrustedPlatformPlatform
TPMTPM
Gateway to Gateway to InternetInternet
Mail Mail ServerServer
External External VendorVendor
Internal Internal TTPTTP
External External TTPTTP
AIK 1AIK 1
AIK 2AIK 2
AIK 3AIK 3
someService.comsomeService.com
AIK 4AIK 4
Acme Acme CorporationCorporation
Slide #18Copyright© 2007-8 Trusted Computing Group - Other names and brands are properties of their respective owners.
Permission grated to distribute to members of INCITS CS1 and ISO/IEC JTC 1/SC 27 for the purpose of standards development
TNC Building BlocksAccess Requestor PolicyEnforcement
Point
VerifiersVerifiers
tCollectorCollector
Integrity MeasurementCollectors
Integrity MeasurementVerifiers
Network Access
Requestor
PolicyEnforcement
Point
Network AccessAuthority
TNCServer
Policy DecisionPoint
Supplicant/VPN Client, etc.
Switch/ Firewall/VPN Gateway
TSS
TPM
IntLog.
Platform TrustService (PTS)
TNCClient
AAA Server, Radius,Diameter, IIS, etc.
Peer Relationship
Peer Relationship
Slide #19Copyright© 2007-8 Trusted Computing Group - Other names and brands are properties of their respective owners.
Permission grated to distribute to members of INCITS CS1 and ISO/IEC JTC 1/SC 27 for the purpose of standards development
Questions:Contact: [email protected]
1
microSD Smart Card Solutions
29th of February, 2008
2
Agenda
1. Perceived Mobile Threats2. Mobile Security3. Security made Easy4. Advantages of smart cards5. Uses of Smart Cards6. Putting Smart Cards and Telephones together7. What is certgate8. What we do for the Mobile World9. Mobile Security 2.0
3
Perceived Mobile Threats
4
Mobile Security
E-mail Security
Virtual Private NetworkFirewall
Internet Security
Digital Signature
Banking
Digital Rights ManagementAuthentication
&Device Data
Security
NFC & Payment
http://images.google.de/imgres?imgurl=http://www.geek.com/images/geeknews/2007June/htctouch.jpg&imgrefurl=http://www.geek.com/news/geeknews/2007June/bpd20070605005847.htm&h=821&w=440&sz=56&hl=de&start=1&tbnid=XVt4wJxcJuGeNM:&tbnh=144&tbnw=77&prev=/images%3Fq%3Dhtc%2Bwindows%2Bmobile%26gbv%3D2%26svnum%3D10%26hl%3Dde%26sa%3DG
5
Smart Card Security
****
CHIP + PIN
• Easy AND Secure• Military / Bank level security• Key to Security
+
http://images.google.de/imgres?imgurl=http://www.hsbc.com.br/wcm/neutro/seguranca/img/smartcard.jpg&imgrefurl=http://www.hsbc.com.br/common/seguranca/artigo-seguranca-criptografia-autenticada.shtml&h=173&w=283&sz=18&hl=de&start=1&tbnid=L8lpRSziOwZSaM:&tbnh=70&tbnw=114&prev=/images?q=smartcard&svnum=10&hl=de&lr=&sa=G
6
Smart Card Applications
E-mail Security
Authentication&
Device Data Security
Virtual Private NetworkFirewall
Internet Security
Digital Signature
Payment & Banking
Digital Rights Management
http://images.google.de/imgres?imgurl=http://www.hsbc.com.br/wcm/neutro/seguranca/img/smartcard.jpg&imgrefurl=http://www.hsbc.com.br/common/seguranca/artigo-seguranca-criptografia-autenticada.shtml&h=173&w=283&sz=18&hl=de&start=1&tbnid=L8lpRSziOwZSaM:&tbnh=70&tbnw=114&prev=/images?q=smartcard&svnum=10&hl=de&lr=&sa=G
7
Smart Cards on Mobile Devices?
E-mail Security
Virtual Private NetworkFirewall
Internet Security
Digital Signature
Banking
Digital Rights ManagementAuthentication
&Device Data
Security
NFC & Payment
http://images.google.de/imgres?imgurl=http://www.hsbc.com.br/wcm/neutro/seguranca/img/smartcard.jpg&imgrefurl=http://www.hsbc.com.br/common/seguranca/artigo-seguranca-criptografia-autenticada.shtml&h=173&w=283&sz=18&hl=de&start=1&tbnid=L8lpRSziOwZSaM:&tbnh=70&tbnw=114&prev=/images?q=smartcard&svnum=10&hl=de&lr=&sa=Ghttp://images.google.de/imgres?imgurl=http://www.geek.com/images/geeknews/2007June/htctouch.jpg&imgrefurl=http://www.geek.com/news/geeknews/2007June/bpd20070605005847.htm&h=821&w=440&sz=56&hl=de&start=1&tbnid=XVt4wJxcJuGeNM:&tbnh=144&tbnw=77&prev=/images%3Fq%3Dhtc%2Bwindows%2Bmobile%26gbv%3D2%26svnum%3D10%26hl%3Dde%26sa%3DG
8
Mobile Security Innovation
Where to put the smart card in the phone?
http://images.google.de/imgres?imgurl=http://www.geek.com/images/geeknews/2007June/htctouch.jpg&imgrefurl=http://www.geek.com/news/geeknews/2007June/bpd20070605005847.htm&h=821&w=440&sz=56&hl=de&start=1&tbnid=XVt4wJxcJuGeNM:&tbnh=144&tbnw=77&prev=/images%3Fq%3Dhtc%2Bwindows%2Bmobile%26gbv%3D2%26svnum%3D10%26hl%3Dde%26sa%3DG
9
certgate Smart Card microSD
E-mail Security
Virtual Private NetworkFirewall
Digital Signature
Banking
Digital Rights ManagementAuthentication
&Device Data
Security
Internet Security
NFC & Payment
http://images.google.de/imgres?imgurl=http://www.geek.com/images/geeknews/2007June/htctouch.jpg&imgrefurl=http://www.geek.com/news/geeknews/2007June/bpd20070605005847.htm&h=821&w=440&sz=56&hl=de&start=1&tbnid=XVt4wJxcJuGeNM:&tbnh=144&tbnw=77&prev=/images%3Fq%3Dhtc%2Bwindows%2Bmobile%26gbv%3D2%26svnum%3D10%26hl%3Dde%26sa%3DG
10
Smart Card in microSD Format
11
certgate Smart Card microSD
Smart Card with Memory Function
One card in many form factors!
Mobility
Security
Smart Card
Flash Memory
12
Secure Data & Communication
Server Systemcertgate
Smart Card microSD
InternetGSM, WLAN
Secure remote applications:
• Smart Card Login
• Encrypt data on PDA
• Secure data communication
• Strong Authentication
• Digital Signature
http://images.google.de/imgres?imgurl=http://www.geek.com/images/geeknews/2007June/htctouch.jpg&imgrefurl=http://www.geek.com/news/geeknews/2007June/bpd20070605005847.htm&h=821&w=440&sz=56&hl=de&start=1&tbnid=XVt4wJxcJuGeNM:&tbnh=144&tbnw=77&prev=/images%3Fq%3Dhtc%2Bwindows%2Bmobile%26gbv%3D2%26svnum%3D10%26hl%3Dde%26sa%3DG
13
• Banking & Finance
• Government
• Industry
• Corporate Security (Security Policy)
• Transportation
• Telematics
• NFC – Mobile Payment
• Health
• Telecommunications
• Content providers
Who uses certgate?
http://images.google.de/imgres?imgurl=http://www.geek.com/images/geeknews/2007June/htctouch.jpg&imgrefurl=http://www.geek.com/news/geeknews/2007June/bpd20070605005847.htm&h=821&w=440&sz=56&hl=de&start=1&tbnid=XVt4wJxcJuGeNM:&tbnh=144&tbnw=77&prev=/images%3Fq%3Dhtc%2Bwindows%2Bmobile%26gbv%3D2%26svnum%3D10%26hl%3Dde%26sa%3DG
14
• Banking Services and Software (Savings Banks, Credit Institutions)Secure Access, data encryption, digital signature
• Accounting - Data Processing (DATEV)mobile VPN, PDA Access and data encryption, E-Mail Push, Registry Protector, SD Card Encryption
• Informatics Center (State of Lower Sachsony)mobile VPN, PDA Access and encryption
• Car Manufacturer (Porsche)mobile VPN, PDA Access and data encryption, E-Mail Push
• Government Authorities (Germany, The Netherlands, Singapore)mobile VPN, PDA Access and encryption, E-Mail Push
Exemplary Reference Projects
The certgate Smart Card is in more than 250 customersworldwide in operation and pilot projects!
15
Device / OS Support
Plun-n-play
Plun-n-play
Coming soon…
http://www.thelinuxstore.ca/index.php?main_page=product_info&cPath=41_168&products_id=766&zenid=4667d916bacc3c85d29637e2476077cfhttp://images.google.de/imgres?imgurl=http://www.aculab.com/newsletter/images/cpe20/linuxlogo+penguin.jpg&imgrefurl=http://www.aculab.com/newsletter/cp_issue_020.html&h=316&w=741&sz=36&hl=de&start=14&um=1&tbnid=RX_kEFvovvRHcM:&tbnh=60&tbnw=141&prev=/images?q=linux+logo&svnum=10&um=1&hl=de&sa=Ghttp://images.google.de/imgres?imgurl=http://matthiaspath.de/wiki/_media/apple-logo.jpg&imgrefurl=http://matthiaspath.de/wiki/mac&h=480&w=424&sz=21&hl=de&start=101&tbnid=zR03bdjsf55eAM:&tbnh=129&tbnw=114&prev=/images?q=mac+apple&start=84&gbv=2&ndsp=21&svnum=10&hl=de&sa=Nhttp://images.google.de/imgres?imgurl=http://www.geek.com/images/geeknews/2007June/htctouch.jpg&imgrefurl=http://www.geek.com/news/geeknews/2007June/bpd20070605005847.htm&h=821&w=440&sz=56&hl=de&start=1&tbnid=XVt4wJxcJuGeNM:&tbnh=144&tbnw=77&prev=/images?q=htc+windows+mobile&gbv=2&svnum=10&hl=de&sa=Ghttp://images.google.de/imgres?imgurl=http://www.funambol.com/blog/capo/uploaded_images/nokia-n800-744974.jpg&imgrefurl=http://www.funambol.com/blog/capo/2007_05_01_archive.html&h=380&w=525&sz=48&hl=de&start=4&tbnid=aJz2WJ1Ce5p7HM:&tbnh=96&tbnw=132&prev=/images?q=pocket+linux+tablet+nokia&gbv=2&svnum=10&hl=dehttp://images.google.de/imgres?imgurl=http://www.handy-discount.de/nokia/nokia_9300_c.jpg&imgrefurl=http://www.handy-discount.de/nokia/nokia_9300.htm&h=343&w=285&sz=30&hl=de&start=20&tbnid=_QjEvxYz-WLV5M:&tbnh=120&tbnw=100&prev=/images?q=nokia+communicator&gbv=2&svnum=10&hl=dehttp://images.google.de/imgres?imgurl=http://www.cnet.co.uk/story_media/49277891/htc.jpg&imgrefurl=http://crave.cnet.co.uk/mobiles/0,39029453,49277891,00.htm&h=331&w=350&sz=51&hl=de&start=2&tbnid=l5f2XWbuHk4aaM:&tbnh=113&tbnw=120&prev=/images?q=htc+windows+mobile&gbv=2&svnum=10&hl=de
16
certgate Smart Card microSD PKI (JCOP2.3)
certgate Smart Card microSD SIGN (TCOS3.0)
certgate Smart Card microSD FINANCE for FinTS/HBCI based Banking (RDH, TAN-Generator)
certgate CSP & PKCS#11 Software for Windows Mobile and Windows
certgate API for access to card functions
certgate Smart Card AdminTool for the administration of cards and certificates
certgate Smart Card Registry Protector for the protection of registry settings under Windows Mobile
certgate Smart Card SD Card Encryption for the encryption of SD cards, denies the usage of not encrypted SD cards
certgate Products
17
• Works on any device: Phone and PC
• Comes in many sizes
• Made in Germany
• Patented Technology (pending)
• Security Certifications: Common Criteria (HW EAL 5+)
• Partners: NCP(D), Utimaco(D), Subsembly(D), Microsoft(US)
Features
18
Features
• Works on any device: Phone and PC
• Comes in many sizes
• Made in Germany
• Patented Technology (pending)
• Security Certifications: Common Criteria (HW EAL 5+)
• Partners: NCP(D), Utimaco(D), Subsembly(D), Microsoft(US)
This is not an optional device for Security. This is the basis of security on the telephone.
19
Exchange Security
E‐Mail Signature
E‐Mail Encryption
Pocket Outlook –Email Security
20
Pocket IE – SSL Security
Server and Client Authentication with
Hardware Certificates
welcome to your protected content
21
SafeGuard PDA – Utimaco
User smart card authentication
Data encryption
Single Sign On (SSO) with other applications
central administration of rights and certificates
Device Security & Data Encryption
22
VPN Secure CE Client – NCP
Authorized Remote Access to Virtual Private Network
IPSec
Virtual Private Network
http://images.google.de/imgres?imgurl=http://www.geek.com/images/geeknews/2007June/htctouch.jpg&imgrefurl=http://www.geek.com/news/geeknews/2007June/bpd20070605005847.htm&h=821&w=440&sz=56&hl=de&start=1&tbnid=XVt4wJxcJuGeNM:&tbnh=144&tbnw=77&prev=/images%3Fq%3Dhtc%2Bwindows%2Bmobile%26gbv%3D2%26svnum%3D10%26hl%3Dde%26sa%3DG
23
FinPocket – Subsembly
Mobile Banking for Pocket PCs using HBCI/FinTS security process
FinPhone – Subsembly
Mobile Banking for Smartphones using HBCI/FinTS security process
Secure Mobile Banking
24
PKI-Appliance – ECOS
Loading of certificates to certgate Smart Card
Lifecycle Management for certgate Smart Card
User-Synchronization with any Directory
PKI Appliances
25
certgate Architecture
certgate Smart Card microSD
SD Commands
ISO7816 Commands
Terminal(PC, PDA, Smartphone)
Application
certgate APIcertgate API
SD‐Slot
Device Driver
CSP
CSP
PKCS#11
PKCS#11
Server User
26
• Smart card usage for Windows Mobile, Pocket Linux applications via microSD-, miniSD-, or SD/MMC-Slot (Symbian, BlackBerry in work)
• Smart card usage for MS Windows, Linux for Desktop & Notebook applications via a USB-card-reader OR via ActiveSync / USB / Bluetooth / WLAN directly in the mobile device microSD, miniSD or SD/MMC slot
• Certificate, public and private key upload to smart card (8 general purpose key stores)
• On-card secure key generation (RSA 2048 bit)
• On-card secure signature generation with private key (RSA)
• On-card secure public key encryption / private key decryption (RSA)
• On-card secure random number generator, user accessible
• Speed: RSA 2048 Bit signature < 0,5s;
Functions and Features
27
certgate Smart Card microSD JAVA:
• SD flash memory card standard
• JavaCard 2.2, JavaCard 2.3 and Global Platform 2.1 compliant
• on card secure random number generator FIPS PUB 140-2 and BSI AIS 31 compliant
• RSA 2048 bit on-card security algorithms;
• Smart Card CC EAL5+ compliant
• Smart Card and JavaCard 2.3 CC EAL4+ compliant
• OEM Products available
Card Standards (Java Card)
Compliant to legal requirements for IT security
28
• Identification, authentication, and authorization with Smart Card functionality now alsofor PDA, Smartphone or Handhelds (Hardware-Level Security)
• Mobile financial transactions, mobile VPN, E-Mail, mobile access to internet and personal data in compliance to highest security levels
• Assurance of an increased hardware based security level for mobile phones
• One security token in most different devices: Desktop, Notebook and in the powerful and cost effective mobile devices like PDA or Smartphones
• Usage of cost effective base technologies: GPRS, UMTS, MMC/SD-interface
• Independence from SIM-card-based security (SIM, SAT, SMS)
• Dynamic and Over the Air (OTA) load of new smart card applications and administration
Advantages
Effective Security for all devices with
currently the world’s only smart card in the form factor of microSD
29
Thank you!
certgate GmbHRollnerstr. 142 90408 Nuremberg, Germany
Tel: +49 911 93 52 3 - 0mailto: [email protected]
www.certgate.com
mailto:[email protected]://www.certgate.de/
TTT-Agenda.ppt2:00 p.m.Introduction�2:10 p.m.Trusted Infrastructures�Steve Lipner, Microsoft, USA�2:40 p.m.Embedded TC: Trustworthy Inf
1_Toward Trusted Infrastructure_only_title.ppt2_RSA_RoundTable.April2008.pptEmbedded�Trusted ComputingSirrix AG security technologies�Excellence in Trusted Computing�Embedded Trusted Computing�Areas of InterestEmbedded Trusted Computing�Areas of InterestUICCs as Deployed Security Anchor�Mobile Trusted Computing�Mobile Trusted Computing�Use CasesMobile Trusted Computing�Mobile Trusted Computing�TCG: Mobile Trusted Platform Module (MTM)�TURAYA: High-Assurance Security Kernel �Mobile Trusted Platform Module (MTM)�An ExampleProjects on Mobile/Embedded Trusted Computing �
3_2008-04-key_mng-ekmi-AN-Modified.pptWho we are? Business ChallengeThe Encryption ProblemKey Management SilosWhat is an EKMI?The EKMI ModelEKMI ComponentsSKMS Big-PictureConclusion
4_Monty_Wiseman_080407_FINAL2.pptTPM and the TC Infrastructure�7 April, 2008TCG MissionTCG MembershipTCG Membership TCG: The “BIG” PicturePlatform AuthenticationPlatform AttestationProtecting SecretsFunctional TPM DiagramOne Example of a Virtual EnvironmentDomains in a Trusted Mobile PlatformMTM Example PlatformRoot and Chain of TrustBroker Transaction�Untrusted PlatformBroker Transaction�Untrusted PlatformBroker Transaction�Trusted PlatformMultiple AIK UsageTNC Building Blocks
5_certgate Mobile Device Security Overview.pptmicroSD Smart Card SolutionsAgendaPerceived Mobile ThreatsSmart Card SecuritySmart Card in microSD Format