CeBIT 2012: IBM Secure Enterprise Desktop

© 2012 IBM CorporationIBM Secure Enterprise Desktop

IBM Secure Enterprise Desktop –An enterprise application of the IBM ZTIC

Dr. Michael Baentsch, Dr. Paolo Scotton, IBM Research – Zurich

IBM Secure Enterprise Desktop

All Internet connected devices are (and will remain) under attack …

– Attack vectors (selection)• Spam (mail): “Click-and-be-doomed”• Some “free helper tools”• “popular” websites (porn, warez, etc.): “Drive-by infection”

• Google-found websites

– Sample attack method (beyond traditional vulnerability + standard API exploits)• APEG (Automatic Patch-based exploit generation)

– Attack goals (selection)• Get at company secrets (SpearPhishing, Advanced Persistent Threats and beyond)• Log company communication in real-time• Find out about customer’s customers

– Attack professionalism• Very high and rising (task “outsourcing”, physical “enforcement” the norm)• To some accounts, e-crime is already more profitable than drug trafficking

Secure Enterprise Desktop: Core problem addressed


Authentication: Main Attack classes

Fakeserver

ServerServer

login:

Fake server

Malicioussoftware (MSW)

Spoofed email (phishing)

LinkCredentials

Trojan horse virus

Credentials

Man-in-the-middle (MITM)

Impersonation at any time

Impersonation whilegenuine client connects

Impersonatio

n at any tim

e /

During genuine tra

nsaction

Fakeclient

Man-in-the-browser (MITB)


You cannot trust the PC (tablet, smart phone, etc.) display – nor any SW.

You need separate protection – crypto & I/O HW outside the PC.

Based on some “trust anchor” – ideally a mobile one.

Secure Enterprise Desktop: So what?


classicZTIC concept: How it works (high-level)

1: User approaches any appliance with USB port and inserts ZTIC

TLS Proxy

2: ZTIC initiates connection to server (automatically via auto-run or after user clicks on ZTIC icon)

TLS Server Connection

3: ZTIC establishes TLS connection to server

(incl. automatic certificate check and possibly, using client authentication)

4: Server validates authenticity

(using existing authentication protocols like EMV CAP or via PKI/SSL client authentication)


Approaches to Desktop Security

� Corporate-issue PCs: Machines are custom-installed and centrally managed.

Challenges: limited choice of machines; cost for dedicated hardware; zero-day exploits; mobility

� Trusted Platform Modules, Smart Cards, etc: Security hardware protecting system software

Challenges: Without I/O, user cannot ascertain what’s happening; mobility

� Secure Execution Environments: Software controlling applications executing

Challenges: Size & origin of software; can software be protected by software?

� Secure boot stick: user carries a secure OS to boot from on a USB stick

Challenges: maintenance of OS; no central control; no user credential control

� Virtualization: adding an access & security control layer for all resources

Challenges: host-OS security; installation; performance/scalability


IBM Secure Enterprise Desktop: Design Goals

� Protect against “State of the Art” Attacks (esp. Malware & Man-in-the-Middle)– Do not rely on PC or smart phone for input or output of critical data

� Do not require the installation of additional software– No device drivers (no new user/support center hassles)– Work on as many platforms as possible

� Do not interfere with existing protection technologies– VPNs, Firewalls, Virus scanners, etc.

� Be easy-to-use– Do not create performance penalties– Use “familiar” device/interaction pattern � mobility

� Be easy-to-administrate & integrate– Require minimal server changes

• Re-use existing authentication protocols, e.g., CAP, PKI/SSL client-authentication

– Allow for “fool-proof” device maintenance


Secure Enterprise Desktop: Goal


Secure Enterprise Desktop: Basic Concept ‘Bring-Your-Own’


Secure Enterprise Desktop: Core technologies

Secure Enterprise Desktop

ZTICImage Management

Provisioning

• Image backup• Image composition• Image maintenance

• Security• Authentication• Key storage

• Streaming technology• Significant OS experience


Secure Enterprise Desktop: Architecture

Hypervisor allows SED…� …to be hardware agnostic: hardware support delegated to the hypervisor� …to implement specialized drivers without changing the user image� …run multiple images on the same client


Secure Enterprise Desktop: Usage view


Secure Enterprise Desktop: Key Differentiators

� VM + OS provisioning is server-controlled via trusted channel– ZTIC establishes basic trust level and pulls disk-keys & software via SSL– Future extension: Build VPN support into low-level drivers + ZTIC

� No need for or reliance on pre-installed software– ZTIC possession is sufficient to get started � boot off empty/’bare metal’ machines– All OS & user data is streamed as needed � Fast start-up time on empty machines– Local machine used as ‘cache’ � scalability from overall system perspective

� Constant ‘backup’ when online– Offline operation also possible (e.g., when traveling)– All local data encrypted via ZTIC and mirrored back when online again

� User credentials handled outside of PC– Protection even against hacked BIOS’– Smart card support without need for drivers


Secure Enterprise Desktop: Next steps for 2012

� IBM internal pilot operation

� Introduction of standard/’out-of-the-box’ usage scenarios

� Pilot deployment at lead customers

� Integration with IBM standard offerings


Questions?

� http://www.zurich.ibm.com/secure-ed

� [email protected]

� YouTube: http://www.youtube.com/watch?v=mPZrkeHMDJ8

� Michael Baentsch ([email protected]; +41 44 724 8620)

� Paolo Scotton ([email protected]; +41 44 724 8948)

Technology

CeBIT 2012: IBM Secure Enterprise Desktop