Transcript Document
Trusted Computing Yaron Sheffer Manager, Standards and VPN Technologies Check Point Jan. 2008 ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. puresecurity Agenda A few words about Check Point Why Trusted Computing The Trusted Computing Architecture Uses of Trusted Computing Issues with Trusted Computing Trusted Computing in practice Details: 3rd party attestation The TC ecosystem: related and competing work, NAC puresecurity ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. 2 A Global Security Leader Leader 800000 700000 • Global leader in firewall/VPN* and mobile data encryption • More than 100,000 protected businesses • More than 60 million consumers • 100% of Fortune 100 as customers Revenue Net Profit 600000 500000 100% security 400000 • 100% focus on information security • >1,000 dedicated security experts • Protecting networks and enterprise data 300000 200000 100000 Global 0 1994 puresecurity * Frost & Sullivan • ~ 2,000 employees • 69 offices, 28 countries 1995 1996 1997 1998 1999 2000 2002 2003 2004 • 2,200 partners, 882001countries • HQ in Israel and U.S.A. 2005 2006 ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. 2007E 3 Always Anticipating New Security Needs SMART Business drivers Security Management Architecture • • • • Consistence and scalable security Validate IT investments- lower TCO Compliance Improve operations efficiency Firewall VPN Client VPN Disk Encryption UTM Security issues • • • • Enforce security policy Incident response Security audits Update security posture, defenses Personal firewall IPS Media Encryption Management Disk Encryption Technology Check Pointenablers solution • • • • Unified security management Real time event analysis Reporting, policy optimization One-click security updates puresecurity Anti-Virus Port control Monitoring Reporting Data leakage Compliance Unified Security Architecture ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. 4 Agenda A few words about Check Point Why Trusted Computing The Trusted Computing Architecture Uses of Trusted Computing Issues with Trusted Computing Trusted Computing in practice Details: 3rd party attestation The TC ecosystem: related and competing work, NAC puresecurity ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. 5 Trusted Computing Trust (RFC 4949): A feeling of certainty (sometimes based on inconclusive evidence) either (a) that the system will not fail or (b) that the system meets its specifications (i.e., the system does what it claims to do and does not perform unwanted functions) When approaching a PC, do we have this feeling? Something is rotten in the state of Denmark puresecurity ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. 6 Lack of Trust Mutability – – – – – Data Applications and libraries Device drivers Kernel components And… the BIOS “Least privilege” principle is ignored – Administrator privileges Huge amounts of trusted code Secure development principles are not applied puresecurity ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. 7 Trusted Computing Group [An] organization formed to develop, define, and promote open standards for hardware-enabled trusted computing and security technologies, including hardware building blocks and software interfaces, across multiple platforms, peripherals, and devices Implicitly: software alone will not do Established (as TCPA) 1999 TPM 1.0 published Feb. 2001 TNC work started 2004 Around 200 member companies www.trustedcomputing.org puresecurity ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. 8 Agenda A few words about Check Point Why Trusted Computing The Trusted Computing Architecture Uses of Trusted Computing Issues with Trusted Computing Trusted Computing in practice Details: 3rd party attestation The TC ecosystem: related and competing work, NAC puresecurity ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. 9 Trusted Computing Architecture TPM (Trusted Platform Module): a tamper-resistant hardware module mounted in a platform. Responsible for: measurement, storage, reporting and policy enforcement App1 App2 App3 Operating System Protected Code TPM puresecurity Boot Process Encrypted Files ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. 10 Roots of Trust A Root of Trust is a component that must behave as expected, because its misbehaviour cannot be detected – A piece of code Root of Trust for Measurement: the component that can be trusted to reliably measure and report to the Root of Trust for Reporting what software executes at the start of platform boot Root of Trust for Reporting: the component that can be trusted to report reliable information about the platform Root of Trust for Storage: the component that can be trusted to securely store any quantity of information puresecurity ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. 11 A Chain of Trust The core idea of the Trusted Computing architecture Each stage measures and validates the next one – Measurements go into Platform Configuration Registers (PCRs) on the TPM The chain starts with the hardware TPM Then software: – RTM, TPM Software Stack, BIOS, kernel – Applications? At the end, the entire platform is verified to be in a trusted state puresecurity ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. 12 TC Cryptographic Capabilities SHA-1, HMAC – Hashed message authentication code Physical random number generation – An important feature in itself Asymmetric key generation – 2048-bit RSA Asymmetric crypto encryption/decryption and signing – RSA PKCS#1 Bulk symmetric crypto is performed off-chip – For example, disk encryption Reasons: price, export considerations This is no high performance crypto chip! puresecurity ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. 13 Agenda A few words about Check Point Why Trusted Computing The Trusted Computing Architecture Uses of Trusted Computing Issues with Trusted Computing Trusted Computing in practice Details: 3rd party attestation The TC ecosystem: related and competing work, NAC puresecurity ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. 14 Uses of Trusted Computing Data protection: storage of secrets – TPM unseals storage keys only if the platform is in a trusted state Detecting unwanted changes to a machine’s configuration – Secure boot The next three require “3rd party attestation” – Protocol described later Checking client integrity on a local network – E.g. before the client is allowed into the network – Or by each network server Verifying the trustworthiness of a “kiosk” – By a remote server – By a local smartcard Machine authentication for remote access puresecurity ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. 15 Authentication and Privacy: A Contradiction? When you digitally sign a measurement report, you potentially reveal your identity! The architecture provides for the TPM to have control over “multiple pseudonymous attestation identities” – next slide TPM attestation identities do not contain any owner/user related information – A platform identity attests to platform properties No single TPM “identity” is ever used to digitally sign data – Privacy protection TPM Identity certification is required to attest to the fact that they identify a genuine TC platform The TPM Identity creation protocol allows for choosing different Certification Authorities (Privacy CA) to certify each TPM identity – Prevent correlation puresecurity ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. 16 Multiple Pseudonymous Attestation Identities… Identity CA Trusts… Certified by… Name1 Verifier Host puresecurity Name2 Host being verified ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. 17 Issues with Trusted Computing TC is happening very slowly – A mixture of technical, business and perceptual issues Can a large and not-so-well-designed OS ever become trustworthy? – Intel’s current direction might point to a solution The distinction between platform owner and data owner – Can Sony prevent you from playing their songs? – DRM is evil! – Can Sony prevent you from reading their confidential financial data? – Enterprise DRM is ??? – But hey, we’ve had DRM long before TPM! Allowing an “open” software ecosystem – For proprietary software – For open source software – For open source software that refuses to “play by the rules” puresecurity ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. 18 Trusted Computing in Practice TPM exists on a very large percentage of desktops and laptops – On your computer, too But it is disabled by default So it is rarely used – Even innocuous functionality like RNG is blocked! Microsoft was expected to enhance TC functionality in Vista – But only made a small step with BitLocker Apple used TPM once to ensure its new OS only runs on its own “beta” machines – But this is the wrong way around! puresecurity ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. 19 Agenda A few words about Check Point Why Trusted Computing The Trusted Computing Architecture Uses of Trusted Computing Issues with Trusted Computing Trusted Computing in practice Details: 3rd party attestation The TC ecosystem: related and competing work, NAC puresecurity ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. 20 Remote Attestation Three phases Measurement: machine to be attested must measure its properties locally Attestation: transfer measurements from machine being attested to remote machine Verification: remote machine examines measurements transferred during attestation and decides whether they are valid and acceptable puresecurity ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. 21 Linux Integrity Measurement puresecurity ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. 22 Linux Attestation puresecurity ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. 23 Linux Verification puresecurity ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. 24 Agenda A few words about Check Point Why Trusted Computing The Trusted Computing Architecture Uses of Trusted Computing Issues with Trusted Computing Trusted Computing in practice Details: 3rd party attestation The TC ecosystem: related and competing work, NAC puresecurity ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. 25 Network Access Control (NAC) Two separate goals: – Ensure computers are “clean”, and running an authorized configuration – Ensure only “good” computers connect to the LAN We could have done #1 with TC, but TC is not happening So we just ask the computer nicely, and believe the response… NAC is important in the marketplace Being standardized within TCG – Under the name Trusted Network Connect, TNC It might converge with TC some day puresecurity ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. 26 TC: Related and Competing Initiatives Microsoft Next Generation Secure Computing Base (NGSCB), formerly Palladium – – – – Uses TPM to create a secure OS partition Was expected to go into Vista Apparently dead now Microsoft’s Bitlocker disk encryption survived into Vista ARM TrustZone Intel Trusted Execution Technology – Next slide puresecurity ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. 27 Intel Trusted Execution Technology A recent initiative, an extension of the vPro architecture Relies on TPM Focused on virtualization: partitioning of virtual machines Requires an “enabled” OS and applications Provides: – Protected (partitioned) execution – partitions are full virtual machines, each running its own OS – Sealed storage – Protected input (e.g. from USB devices) – Protected graphics – Software measurement and protected launch of OS components Consists of: – CPU extensions – Chipset enhancements, e.g. to partition physical memory – TPM puresecurity ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. 28 Summary Trusted Computing tries to solve one of the top problems in today’s computing It builds a complex and interesting architecture, using innovative hardware components The in-built conflict between proven security and privacy has not been resolved, and maybe cannot be TC is making small steps forward, will it ever see widespread use? puresecurity ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. 29 Further Reading https://www.trustedcomputinggroup.org/home http://en.wikipedia.org/wiki/Trusted_computing Pearson et al., Trusted Computing Platforms, Hewlett Packard and Prentice Hall 2003 David Grawrock, The Intel Safer Computing Initiative. Intel Press 2006. puresecurity ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. 30 Thank You! [email protected] ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. puresecurity