Upload
adele-harding
View
27
Download
0
Tags:
Embed Size (px)
DESCRIPTION
The Rise of Standards in Security. Roger L. Kay Founder and President [email protected]. Agenda. Why standards? Arguments against Arguments for Examples of major deployments TPM forecast Conclusions. Why Standards?. Most important is universal agreement - PowerPoint PPT Presentation
Citation preview
Agenda
• Why standards?
• Arguments against
• Arguments for
• Examples of major deployments
• TPM forecast
• Conclusions
Why Standards?• Most important is universal agreement• Trusted Computing Group (TCG): best overall
technical solution with broad backing• Microsoft — BitLocker• Intel — Core logic?• Long list of OEMs and applications
– Acer, ASUS, Dell, Gateway, Fujitsu, Lenovo, HP, Intel, Mitsubishi, Motion, MPC, NEC, Samsung, Sony, Toshiba
– white box, gaming, hard drives, embedded
• Mostly commercial notebooks for now
Two Arguments Against TCG
• System dynamics do not promote development– No user pull; all vendor push
• Shipments ≠ Deployments– Ecosystem doesn’t exist to support broad usage
Natural Selection
• What good is half a wing?– Insects, pterosaurs, birds, bats developed flight– A fin is a limb is a wing– Scales to feathers: warmth, display, protection, stealth– Answer: gliding — squirrel’s tail aids jumping
• How do complex eye structures evolve?– Answer: from simple ones
TPMs are Useful on Their Own
• User authentication
• Password management
• File and folder encryption
Slow Deployment
• Some merit to shipments ≠ deployments• But deployments are rolling out• Education is bringing the value of
TCG to light• Tools are proliferating
Help is on the Way
• Centralized remote deployment and management tools (e.g., Wave Systems’s ERAS)
• TPM is used for platform access, data protection, secure messaging, and network security
• Real time enforcement of employee policy through Active Directory– Ex.: If local TPM is informed of being removed from
AD, user is cut off instantly
• Standardized elements (e.g., MS and TPM) based on root of trust secure identities and access
Real World Examples
• Pharmaceutical company
• Pizza franchise
• Automobile rental
• Health care in Japan
• Government & regulatory
Pharmaceutical Company
• 20,000 seats• Who is connecting?• Vulnerabilities: trade secrets and legal liabilities• With VPN over public network, put TPMs on all
clients• Access dependent on digital certificate• Verifies both user and machine• Hardware and software from Lenovo
Pizza Franchise
• Hundreds of seats• Stores communicate sensitive information to HQ
over public network• TPMs secure passwords and certificates• Email, PIM, bank access, credit cards encrypted• Integrated into MS Office; single icon click• Multifactor for some; single for others• Hardware by Dell; software by Wave Systems
Car Rental Firm
• Tens of thousands of seats• Local caching of sensitive customer data between
transmissions– Limited expertise and language barriers
• Simple deployment scripts to enable TPMs• Three steps:
– Encrypt cached data– Auth. user & system to server with PKI bound to TPM – Flush cached data after synchronization
• HP hardware and software
Japanese Health Care Projects• Obligation to preserve data; METI funded• Public network, home-based patients• Distributed care givers
– Field workers, hospitals, labs, medical databases, nursing records
• Differing levels of access require various auth.• Hitachi’s TPM-based system for home health care• IBM’s Trusted Virtual Domains• Fujitsu’s TNC deployment verifies HW and app
config for session of broadband telemedicine
Government & Regulatory
• National Security Agency– Full drive encryption– TCG for compatibility
• U.S. Army– Network Enterprise Technology Command
now requires TPM 1.2 on new computers
• F.D.I.C.– Promotes TPM usage to member banks
TPM Shipment Forecast
Conclusions
• Vendors are pushing, but users are pulling, too• Real world deployments are taking off• Working with standardized elements is in
everyone’s best interest• Root of trust can anchor larger elements• Once the platforms are in place, more elegant
structures can be erected• Trusted computing is real and it’s here
Questions?