Transcript The Trusted Computing (TC) and Next Generation Secured Computing Base (NGSCB) NGSCB

The Trusted Computing (TC) and
Next Generation Secured
Computing Base (NGSCB)
NGSCB
1
Introduction – TC, TCG, NGSCB
TC = Trusted Computing, TCG = Trusted
Computing Group, NGSCB = Microsoft’s
TC
Original Motivation for TC:
TC was intended for DRM
Limits the abuse of file sharing over the network
Prevent making illegal copies without the
authorization from the vendor
Restrict user’s computing actions
NGSCB
2
Current Motivation for TC
“For years, Bill Gate has dreamed of
finding a way to make the Chinese pay for
software: TC looks like being the answer
to his prayer.” – Ross Anderson
NGSCB
3
Fundamental Concepts of TC
Software runs and communicates securely
over applications and servers
Use “locked-down” architecture
Hardware level cryptographic keys for encryption
and authentication
Tamper-resistant
Seal secure data within curtained memory
Input/Output communication path are
encrypted
NGSCB
4
TCG
Many vendors provide hardware support
for major components of NGSCB
For example, Intel’s LaGrande Technology (LT)
and AMD’s Secure Execution Mode (SEM)
technology
TCG is an alliance of Microsoft
Manages TC activities for different
hardware/software vendors: AMD, HP,
IBM, and others
NGSCB
5
Trusted Computing Base = TCB
 TCB is everything in the operating system that
we rely on for security
 If TCB is damaged/non-secured, the whole
system broken.
 If the system is broken, and TCB is OK, we still
have system security
 Integrated into the system (combines software
and hardware components)
 Responsible for regulating information security
policies
 Consists of Kernel + OS
NGSCB
6
TC -- overview
NGSCB
7
TC
Any trusted platform has the following
three fundamental features:
Protected Capabilities
Integrity Capabilities
Integrity Reporting
NGSCB
8
NGSCB
Microsoft’s version of TC: NGSCB
Will be implemented in the upcoming
version of Windows: as known as
Microsoft Windows Longhorn/Vista
Architecture
Computing Environments
Four Features of NGSCB
NGSCB
9
NGSCB - architecture
NGSCB
10
NGSCB – Computing Environments
Overview
 NSGCB operates two operating systems in ONE system
 Two Modes:
 Normal Mode vs. Trusted Mode
 Normal Mode:
 Un-protected environment
 Same as our current Windows series
 Fully Controlled by the users
 Trusted Mode:
 Protected environment
 Users have no authorities to modify, delete, or copy ANY content.
 Implemented TC: Hardware and Software implementation
 Fully Controlled by the computers
NGSCB
11
NGSCB - architecture
Two primary system components in
NGSCB – Nexus and NCA
Nexus
Special kernel (core of the trusted operating)
Goal: Isolate the process of normal mode and
trusted mode differently in memory
Functionality: Authenticate and protect data
(entered, stored, communicated, and displayed)
by data encryption
NGSCB
12
NGSCB - architecture
Nexus Computing Agent (NCA)
Trusted software component
Runs in trusted mode that communicates with
Nexus
Open-source for NCA specifications
Developers can make their own agents to run
on the trusted platform
NGSCB
13
NGSCB – operating environments
NGSCB
14
NGSCB – operating environments
Microsoft claims: “Only an NGSCB trusted
application, NCA, can run securely within
the protected operating environment.”
NCA
Defined by software developers
Policies
Security authentication
Security authorization
NGSCB
15
NGSCB – Four Features
Strong Process Isolation
Sealed Storage
Attestation
Secured Path to the user
NGSCB
16
NGSCB – Four Features
Strong Process Isolation
Isolate protected and non-protected operating
environment that are stored in the same
memory
Blocks the access of Direct Memory Access
(DMA) devices in term of writing and reading to
secured block of memory
Block access of malicious code
Claim: “no illegitimate access will occurring in
protected environment”
NGSCB
17
NGSCB – Four Features
Sealed storage
Ensures the privacy of NGSCB data are not
being exposed
NGSCB uses Security Support Component
(SSC) to do this
SSC has its own encryption services and can
be managed by the Nexus
Uses Advance Encryption Standard (AES), pair
of public and private keys, and keys derived for
trusted application
NGSCB
18
NGSCB – Four Features
Sealed Storage
NCA uses these keys to encrypt data, access
file system, and provide storage services.
Claim: No unauthorized application can read
the sealed storage whatsoever (at boot up, or
running)
NGSCB
19
NGSCB – Four Features
Cryptographic Attestation
Confirm to the recipient that the data was digital
signed by the NGSCB and data was
cryptographically identifiable
Authenticates software Process
Prove application identity
Useful in networking, prove its identity securely
before transmit any data.
Avoid Man in the Middle attack?
NGSCB
20
NGSCB – Four Features
 Secure Path to the user
Ensure the information remains securely through the
input/output of the devices.
Encrypt the input/output, creates a secure path.
Protects computer from:
 Keystroke recorded
 Hardware devices
Need to upgrade current hardware devices:
mouse/keyboard/USB devices/ video adapter
Input: upgrade to USB devices: Smart cards, biometrics,
others
Output: upgrade to Graphic adapter, which prevent
read/write to video memory
NGSCB
21
NGSCB Applications
 Example: Microsoft Word
Restrict user:
View/Copy/Write/Open/Close
Not compatible with other *.doc applications, ie.
OpenOffice
Written document is Signed and Encrypted with
Microsoft Word --- Only Word has the private key
to decrypt it…
NGSCB
22
NGSCB Application
Example: Network application
Cannot file-sharing via P2P
Cannot open your friend’s packed programs
Presumably Secured with connected in network
Example: Microsoft Explorer / Outlook
User might be able to see the content but not
able to “Copy-and-Paste” to other applications
Users have no longer have the capability to “do
whatever they want to do”
NGSCB
23
Analysis of NGSCB
Will this succeed?
NGSCB
24