ITU Workshop on "Future Trust and Knowledge
Infrastructure", Phase 1
Geneva, Switzerland, 24 April 2015
Alec Brusilovsky
Co-chair of TCG TMS WG and
Manager, Security Standardization, Interdigital
[email protected]
•Problem Statement
•Foundation of Trust
•TCG Overview
• Scope, Members, Platforms, Liaisons, Meetings, Work Groups
• TCG Technologies
• TPM, TNC, SED, Mobile
Problem Statement
• Migration of network core functionality to the cloud
introduces new security vulnerabilities due to loss of the
security provided by the physical protection and isolation of
traditional network systems
• When moving functionality to the Cloud, scalable security
controls and tools to provide MNO/enterprise with trust and
assurance that their data and computing will remain private
and uncompromised do not exist
• There is a need for explicit and verifiable ways of protecting
software components (guest OS, applications/library code
and data) that reside in the Cloud (a virtual machine or a
• Trust in computing platform (boot, runtime, crash, and
storage integrity) as well as security automation have to be
defined and standardized to ensure interoperability
Foundation of Trust
Trust is the belief that a person or system will behave predictably,
even under stress
• It is based on experience and/or evidence
• It is based on fundamental properties (identity, integrity)
• It is easy to lose and hard to regain
A trusted system is…
• predictable, even under stress
• trusted based on experience and/or evidence
• based on fundamental properties (identity, integrity)
TCG – Trusted Computing Group
• TCG is one of the principal standards bodies focused on trusted
computing standards and platform integrity
• TPM 1.2 and TPM 2.0 specs are ISO 11889:2009/2015 and are
implemented in more than two billion devices
– Servers, PCs, tablets, smartphones, printers, kiosks, industrial systems, and
many embedded systems
• Trusted Computing includes more than secure boot
Security Automation
Secure Cloud
Secure Storage
Secure Mobile Devices
Secure Legacy Devices
TCG – Trusted Computing Group
• The Trusted Computing Group (TCG) is a not-forprofit organization formed to develop, define and
promote open, vendor-neutral, global industry
standards, supportive of a hardware-based root of
trust, for interoperable trusted computing platforms.
• Members include manufacturers, governments, and
academics – cloud computing, operating systems,
security research, aerospace, automotive, SoC, IoT,
embedded systems, mobile phones, servers, PCs,
laptops, tablets, memory, hard drives, and more
TCG – Members
100+ Members: Chips, Cloud, Embedded, IoT, Mobile, PC
Complete Membership List Available:
TCG – Where trust begins…
• Trusted Computing Technologies
– Trusted Platform Module (TPM) – hardware root-of-trust & key storage
– Trusted Network Connect (TNC) – access control & endpoint compliance
– Self-Encrypting Drive (SED) – hardware encryption & fine-grained locking
– PC Client, Mobile, Automotive – Profiles of TPM 2.0 Library Spec
• Trusted Computing Platforms
– Interfaces across multiple platforms for trusted data, devices, and networks
– Automobiles, Embedded Systems, Internet of Things, Cloud/SDN, Virtual
Machines, Servers, Desktops, Laptops, Tablets, Mobile Phones, and more
• Formal Liaisons
– ETSI, Global Platform, Mobey Forum, ISO, IEEE, IETF, OASIS, and more
• Next TCG Member Meetings
– 15-19 June 2015 in Edinburgh, Scotland
– 19-23 October 2015 in Montreal, Canada
TCG – Work Groups
• Technical Work Groups – Specifications & Guidelines
– Embedded Systems – auto, IoT, financial, industrial, medical, SmartGrid
– Infrastructure – integrating TCG technologies into enterprises & Internet
– Mobile – phones, PDAs, eReaders, etc.
– PC Client – desktop/laptop/tablet interfaces & profiles for security & trust
– Server – server requirements, guidelines, and specifications
– Software Stack – standard APIs for accessing the functions of a TPM
– Storage – standards for security services on dedicated storage systems
– Trusted Network Connect – endpoint integrity and access control
– Trusted Platform Module – hardware root-of-trust, crypto, key management
– Virtualized Platform – virtual TPM, multi-persona, isolation, migration
• Solutions Work Groups – Use Cases & Best Practices
– Trusted Mobility Solutions – end-to-end mobile ecosystems & solutions
– Trusted Multitenant Infrastructure – Cloud trust models & best practices
TCG – Key Technologies
Platform security for NFV
(boot, crash, and runtime)
Trusted Platform Module (TPM)
Trusted Platform Module offers facilities for the secure
generation of cryptographic keys, and limitation of
their use, in addition to a random number generator. It
also includes capabilities such as remote attestation
and sealed storage, as follows:
Remote attestation – creates a nearly unforgeable
hash summary of the hardware and software
configuration. The program hashing the configuration
data determines the extent of the summary of the
software. This allows a third party to verify that the
software has not been changed.
Binding – encrypts data using TPM bind key, a unique
RSA key descended from a storage key.
Sealing – encrypts data in a similar manner to binding,
but in addition specifies a state in which TPM must be
in order for the data to be decrypted (unsealed).
Software can use a Trusted Platform Module to
authenticate hardware devices. Since each TPM chip
has a unique and secret RSA key burned in as it is
produced, it is capable of performing platform
TPM components
(figure by Guillaume Piolle).
TCG – Trusted Platform Module
• TPM 2.0 Library Spec – Revision 01.16 – October 2014
– Part 1: Architecture – concepts, roots-of-trust, features, authorizations
– Part 2: Structures – types, constants, handles, interfaces, structures
– Part 3: Commands – startup, self-test, sessions, objects, crypto, attestation,
signatures, audit, integrity, authorization, key hierarchies, dictionary attack
defense, field upgrade, context mgmt, clocks & timers, capabilities, NVRAM
– Part 4: Supporting Routines – automation, header files, execute, sessions,
attestation, context mgmt, policies, NVRAM, objects, crypto, audit, etc.
• TPM 2.0 Library Errata – Version 1.2 – February 2015
– sessions, authorizations, quotes, signatures, NVRAM, etc.
• TCG Algorithm Registry – Rev 01.22 – February 2015
– RSA, ECC Curves, Hash Algorithms, Symmetric Block Ciphers, etc.
TCG – Trusted Platform Module
• A Practical Guide to TPM 2.0 – February 2015
– Will Arthur (Intel) and David Challener (Johns Hopkins University) with Ken
Goldman (IBM)
– eBook version is FREE for download
– TPM history, basic concepts, quick tutorial, TPM 2.0 Library spec overview
– TPM Software Stack 2.0 (TSS) – high-level and low-level APIs
– TPM entities, hierarchies, keys, NV indices
– Platform configuration registers (PCRs) – for secure and measured boot
– Authorizations, sessions, enhanced authorization (EA) policies
– Key management, auditing, encryption, decryption, context management
– Startup, shutdown, and provisioning, debugging, applications
Trusted Network Connect –
attestation and security automation
• Trusted Network Connect (TNC) network security architecture and
open standards enable intelligent policy decisions, dynamic security
enforcement, and communication between security systems. TNC
provides pervasive security, Network Access Control (NAC) and
interoperability in multi-vendor environments.
• IETF "Posture Attribute (PA) Protocol Compatible with Trusted
Network Connect" (PA-TNC) defined by RFC 5792
• IETF "Posture Broker (PB) Protocol Compatible with Trusted
Network Connect" (PB-TNC) defined by RFC 5793.
• Both RFCs are part of the IETF's "Network Endpoint Assessment"
(NEA) framework defined by RFC 5209.
TCG – Trusted Network Connect
• TNC FAQs, Specifications, Developer Tools, Resources
– admission control, endpoint integrity verification, endpoint compliance
• IF-TNCCS TLV Binding – Version 2.0 – May 2014
– TNC Client/Server – endpoint integrity measurement collection
– Posture Broker – technically aligned with IETF NEA PB-TNC – RFC 5793
• IF-M TLV Binding – Version 1.0 – May 2014
– Posture Attribute – technically aligned with IETF NEA PA-TNC – RFC 5792
• IF-T Tunneled EAP Methods – Version 2.0 – May 2014
– Posture Transport – technically aligned with IETF NEA PT-EAP – RFC 7171
• IT-T TLS Binding – Version 2.0 – February 2013
– Posture Transport – technically aligned with IETF NEA PT-TLS – RFC 6876
Self-Encrypting Storage
‘Data at rest’ solution for data protection
Self-encrypting drives have integrated encryption hardware. The result: Zero performance impact.
All encryption and decryption is done in the protected hardware of the self-encrypting drive
Encryption keys are generated in the controller hardware of the self-encrypting drive, never leave
the drive, and are not accessible outside of the drive
Integrated Authentication
Software full disk encryption/decryption is processor intensive and is performed by the main processor of the
personal computer. During periods of high data usage this can have a major negative performance impact.
For data intensive applications such as scans, backup, and large file operations, self-encrypting drives can
provide more than double the drive performance of software FDE products
User authentication is performed by the self-encrypting drive in order to unlock the drive
Authentication is performed by a protected pre-boot OS which is the only software in the system when
authentication of the user is performed by the drive
Authentication cannot be separated from the drive
Rapid cryptographical data destruction
TCG – Self-Encrypting Drive
• Storage FAQs, Specifications, Developer Tools, Resources
– ATA, SATA, SCSI, FibreChannel, USB, IEEE 1394, NAS, iSCSI
• Storage Security Subsystem Class: Opal v2.0 – Feb 2012
– Core specification for Opal self-encrypting drives (desktops/laptops)
• Storage Security Subsystem Class: Enterprise v1.0 – Jan 2011
– Core specification for enterprise self-encrypting drives (servers)
TCG – Mobile
• Mobile FAQs, Specifications, Developer Tools, Resources
– ATA, SATA, SCSI, FibreChannel, USB, IEEE 1394, NAS, iSCSI
• TPM 2.0 Mobile Reference Architecture – 16 December 2014
– Secure boot, measured boot, protected environment, security requirements,
and implementation examples for all mobile devices
• TPM 2.0 Mobile CRB Interface – 16 December 2014
– TPM 2.0 kernel command/response buffer interface
• TPM 2.0 Mobile Common Profile – 3 February 2015 – DRAFT
– Medium subset of TPM 2.0 – for feature phone or basic phone
Platform integrity can be provided by
standardized solutions for
– Hardware Root of Trust
– Security Automation
– Secure Cloud
– Secure Storage
– Secure Mobile Devices
– Secure Legacy Devices
Much gratitude goes to my colleagues from TCG
TMS, Ira McDonald and Carlin Covey
Thank you
[email protected]