ITU Workshop on "Future Trust and Knowledge Infrastructure", Phase 1 Geneva, Switzerland, 24 April 2015 PLATFORM INTEGRITY TRUST and STANDARDIZATION Alec Brusilovsky Co-chair of TCG TMS WG and Manager, Security Standardization, Interdigital alec.brusilovsky@interdigital.com Agenda •Problem Statement •Foundation of Trust •TCG Overview • Scope, Members, Platforms, Liaisons, Meetings, Work Groups • TCG Technologies • TPM, TNC, SED, Mobile •Summary •Acknowledgements 2 Problem Statement • Migration of network core functionality to the cloud introduces new security vulnerabilities due to loss of the security provided by the physical protection and isolation of traditional network systems • When moving functionality to the Cloud, scalable security controls and tools to provide MNO/enterprise with trust and assurance that their data and computing will remain private and uncompromised do not exist • There is a need for explicit and verifiable ways of protecting software components (guest OS, applications/library code and data) that reside in the Cloud (a virtual machine or a container) • Trust in computing platform (boot, runtime, crash, and storage integrity) as well as security automation have to be defined and standardized to ensure interoperability Foundation of Trust Trust is the belief that a person or system will behave predictably, even under stress • It is based on experience and/or evidence • It is based on fundamental properties (identity, integrity) • It is easy to lose and hard to regain A trusted system is… • predictable, even under stress • trusted based on experience and/or evidence • based on fundamental properties (identity, integrity) TCG – Trusted Computing Group • TCG is one of the principal standards bodies focused on trusted computing standards and platform integrity • TPM 1.2 and TPM 2.0 specs are ISO 11889:2009/2015 and are implemented in more than two billion devices – Servers, PCs, tablets, smartphones, printers, kiosks, industrial systems, and many embedded systems • Trusted Computing includes more than secure boot – – – – – Security Automation Secure Cloud Secure Storage Secure Mobile Devices Secure Legacy Devices 5 TCG – Trusted Computing Group • The Trusted Computing Group (TCG) is a not-forprofit organization formed to develop, define and promote open, vendor-neutral, global industry standards, supportive of a hardware-based root of trust, for interoperable trusted computing platforms. • Members include manufacturers, governments, and academics – cloud computing, operating systems, security research, aerospace, automotive, SoC, IoT, embedded systems, mobile phones, servers, PCs, laptops, tablets, memory, hard drives, and more 6 TCG – Members 100+ Members: Chips, Cloud, Embedded, IoT, Mobile, PC Complete Membership List Available: http://www.trustedcomputinggroup.org/about_tcg/tcg_members 7 TCG – Where trust begins… • Trusted Computing Technologies – Trusted Platform Module (TPM) – hardware root-of-trust & key storage – Trusted Network Connect (TNC) – access control & endpoint compliance – Self-Encrypting Drive (SED) – hardware encryption & fine-grained locking – PC Client, Mobile, Automotive – Profiles of TPM 2.0 Library Spec • Trusted Computing Platforms – Interfaces across multiple platforms for trusted data, devices, and networks – Automobiles, Embedded Systems, Internet of Things, Cloud/SDN, Virtual Machines, Servers, Desktops, Laptops, Tablets, Mobile Phones, and more • Formal Liaisons – ETSI, Global Platform, Mobey Forum, ISO, IEEE, IETF, OASIS, and more • Next TCG Member Meetings – 15-19 June 2015 in Edinburgh, Scotland – 19-23 October 2015 in Montreal, Canada 8 TCG – Work Groups • Technical Work Groups – Specifications & Guidelines – Embedded Systems – auto, IoT, financial, industrial, medical, SmartGrid – Infrastructure – integrating TCG technologies into enterprises & Internet – Mobile – phones, PDAs, eReaders, etc. – PC Client – desktop/laptop/tablet interfaces & profiles for security & trust – Server – server requirements, guidelines, and specifications – Software Stack – standard APIs for accessing the functions of a TPM – Storage – standards for security services on dedicated storage systems – Trusted Network Connect – endpoint integrity and access control – Trusted Platform Module – hardware root-of-trust, crypto, key management – Virtualized Platform – virtual TPM, multi-persona, isolation, migration • Solutions Work Groups – Use Cases & Best Practices – Trusted Mobility Solutions – end-to-end mobile ecosystems & solutions – Trusted Multitenant Infrastructure – Cloud trust models & best practices 9 TCG – Key Technologies Platform security for NFV (boot, crash, and runtime) Trusted Platform Module (TPM) • • • • • Trusted Platform Module offers facilities for the secure generation of cryptographic keys, and limitation of their use, in addition to a random number generator. It also includes capabilities such as remote attestation and sealed storage, as follows: Remote attestation – creates a nearly unforgeable hash summary of the hardware and software configuration. The program hashing the configuration data determines the extent of the summary of the software. This allows a third party to verify that the software has not been changed. Binding – encrypts data using TPM bind key, a unique RSA key descended from a storage key. Sealing – encrypts data in a similar manner to binding, but in addition specifies a state in which TPM must be in order for the data to be decrypted (unsealed). Software can use a Trusted Platform Module to authenticate hardware devices. Since each TPM chip has a unique and secret RSA key burned in as it is produced, it is capable of performing platform authentication. TPM components (figure by Guillaume Piolle). TCG – Trusted Platform Module • TPM 2.0 Library Spec – Revision 01.16 – October 2014 http://www.trustedcomputinggroup.org/resources/tpm_library_specification – Part 1: Architecture – concepts, roots-of-trust, features, authorizations – Part 2: Structures – types, constants, handles, interfaces, structures – Part 3: Commands – startup, self-test, sessions, objects, crypto, attestation, signatures, audit, integrity, authorization, key hierarchies, dictionary attack defense, field upgrade, context mgmt, clocks & timers, capabilities, NVRAM – Part 4: Supporting Routines – automation, header files, execute, sessions, attestation, context mgmt, policies, NVRAM, objects, crypto, audit, etc. • TPM 2.0 Library Errata – Version 1.2 – February 2015 – sessions, authorizations, quotes, signatures, NVRAM, etc. • TCG Algorithm Registry – Rev 01.22 – February 2015 http://www.trustedcomputinggroup.org/resources/tcg_algorithm_registry – RSA, ECC Curves, Hash Algorithms, Symmetric Block Ciphers, etc. 12 TCG – Trusted Platform Module • A Practical Guide to TPM 2.0 – February 2015 http://www.trustedcomputinggroup.org/resources/a_practical_guide_to_tpm_20 http://www.apress.com/9781430265832 – Will Arthur (Intel) and David Challener (Johns Hopkins University) with Ken Goldman (IBM) – eBook version is FREE for download – TPM history, basic concepts, quick tutorial, TPM 2.0 Library spec overview – TPM Software Stack 2.0 (TSS) – high-level and low-level APIs – TPM entities, hierarchies, keys, NV indices – Platform configuration registers (PCRs) – for secure and measured boot – Authorizations, sessions, enhanced authorization (EA) policies – Key management, auditing, encryption, decryption, context management – Startup, shutdown, and provisioning, debugging, applications 13 Trusted Network Connect – attestation and security automation • Trusted Network Connect (TNC) network security architecture and open standards enable intelligent policy decisions, dynamic security enforcement, and communication between security systems. TNC provides pervasive security, Network Access Control (NAC) and interoperability in multi-vendor environments. • IETF "Posture Attribute (PA) Protocol Compatible with Trusted Network Connect" (PA-TNC) defined by RFC 5792 • IETF "Posture Broker (PB) Protocol Compatible with Trusted Network Connect" (PB-TNC) defined by RFC 5793. • Both RFCs are part of the IETF's "Network Endpoint Assessment" (NEA) framework defined by RFC 5209. TCG – Trusted Network Connect • TNC FAQs, Specifications, Developer Tools, Resources http://www.trustedcomputinggroup.org/developers/trusted_network_connect – admission control, endpoint integrity verification, endpoint compliance • IF-TNCCS TLV Binding – Version 2.0 – May 2014 http://www.trustedcomputinggroup.org/resources/tnc_iftnccs_specification – TNC Client/Server – endpoint integrity measurement collection – Posture Broker – technically aligned with IETF NEA PB-TNC – RFC 5793 • IF-M TLV Binding – Version 1.0 – May 2014 http://www.trustedcomputinggroup.org/resources/tnc_ifm_tlv_binding_specification – Posture Attribute – technically aligned with IETF NEA PA-TNC – RFC 5792 • IF-T Tunneled EAP Methods – Version 2.0 – May 2014 http://www.trustedcomputinggroup.org/resources/tnc_ift_protocol_bindings_for_tunneled_eap_method s_specification – Posture Transport – technically aligned with IETF NEA PT-EAP – RFC 7171 • IT-T TLS Binding – Version 2.0 – February 2013 http://www.trustedcomputinggroup.org/resources/tnc_ift_binding_to_tls – Posture Transport – technically aligned with IETF NEA PT-TLS – RFC 6876 15 Self-Encrypting Storage ‘Data at rest’ solution for data protection • Self-encrypting drives have integrated encryption hardware. The result: Zero performance impact. – – • • • All encryption and decryption is done in the protected hardware of the self-encrypting drive Encryption keys are generated in the controller hardware of the self-encrypting drive, never leave the drive, and are not accessible outside of the drive Integrated Authentication – – – • Software full disk encryption/decryption is processor intensive and is performed by the main processor of the personal computer. During periods of high data usage this can have a major negative performance impact. For data intensive applications such as scans, backup, and large file operations, self-encrypting drives can provide more than double the drive performance of software FDE products User authentication is performed by the self-encrypting drive in order to unlock the drive Authentication is performed by a protected pre-boot OS which is the only software in the system when authentication of the user is performed by the drive Authentication cannot be separated from the drive Rapid cryptographical data destruction TCG – Self-Encrypting Drive • Storage FAQs, Specifications, Developer Tools, Resources http://www.trustedcomputinggroup.org/developers/storage – ATA, SATA, SCSI, FibreChannel, USB, IEEE 1394, NAS, iSCSI • Storage Security Subsystem Class: Opal v2.0 – Feb 2012 http://www.trustedcomputinggroup.org/resources/storage_work_group_storage _security_subsystem_class_opal – Core specification for Opal self-encrypting drives (desktops/laptops) • Storage Security Subsystem Class: Enterprise v1.0 – Jan 2011 http://www.trustedcomputinggroup.org/resources/storage_work_group_storage _security_subsystem_class_enterprise_specification – Core specification for enterprise self-encrypting drives (servers) 17 TCG – Mobile • Mobile FAQs, Specifications, Developer Tools, Resources http://www.trustedcomputinggroup.org/developers/mobile – ATA, SATA, SCSI, FibreChannel, USB, IEEE 1394, NAS, iSCSI • TPM 2.0 Mobile Reference Architecture – 16 December 2014 http://www.trustedcomputinggroup.org/resources/tpm_20_mobile_reference_ar chitecture_specification – Secure boot, measured boot, protected environment, security requirements, and implementation examples for all mobile devices • TPM 2.0 Mobile CRB Interface – 16 December 2014 http://www.trustedcomputinggroup.org/resources/tpm_20_mobile_command_re sponse_buffer_interface_specification – TPM 2.0 kernel command/response buffer interface • TPM 2.0 Mobile Common Profile – 3 February 2015 – DRAFT http://www.trustedcomputinggroup.org/resources/tcg_tpm_20_mobile_common _profile – Medium subset of TPM 2.0 – for feature phone or basic phone 18 Summary Platform integrity can be provided by standardized solutions for – Hardware Root of Trust – Security Automation – Secure Cloud – Secure Storage – Secure Mobile Devices – Secure Legacy Devices Acknowledgements Much gratitude goes to my colleagues from TCG TMS, Ira McDonald and Carlin Covey Thank you alec.brusilovsky@interdigital.com