Upload
dan-griffin
View
208
Download
2
Embed Size (px)
Citation preview
Secure Endpoints, Secure
Network
BIOS Integrity Measurements
Heuristics Tool for CFT
Dan Griffin
JW Secure, Inc.
WWNSAD?
• NSA and NIST have been public about:
– Inevitability of mobile computing
– Need to support cloud-based services
– Even for use with secret data in the field
• What works for them can work for you
Introduction
• What is a TPM?
• What is “measured boot”?
• What is “remote attestation”?
Measured Boot + Remote
Attestation
What is measured boot?
TPM
BIOS
Boot
Loader
Kernel
Early
Drivers
Hash of next item(s)
Boot Log
[PCR data]
[AIK pub]
[Signature]
What is remote attestation?
Client Device
TPM
Signed
Boot
Log Attestation
Server
some token…
Weaknesses
• Provisioning
– Secure supply chain?
– TPM EK database
– Patching delay & whitelist maintenance
• Integrity of the TPM hardware
– Capping; electron microscopes
– Trend of migration from hardware to firmware
• Hibernate file is unprotected
Post-CFT
• Measurement-Bound Keys
– “Trusted Tamperproof Time on Mobile
Devices”
– See http://www.jwsecure.com/dan
• Commercialization
– JW Secure StrongNet
– RSA 2013
Questions?
206-683-6551
@JWSdan
JW Secure provides custom security
software development services.