Enjoy TPM security in your enterprise with the Vista

Report
Trusted Computing
Cooperative Research
ETISS 2008,
Oxford
Hans Brandl, [email protected]
Infineon Technologies AG, Germany
IT Security Research History
1st Generation
Access Control &
Physical Security
(Prevent Intrusions)
Cryptography
Multiple Levels
of Security
Trusted Computing Base
Intrusions will Occur
2nd Generation
(Detect Intrusions, Limit Damage)
Firewalls
Boundary Controllers
Some Attacks will Succeed
3rd Generation
(Operate Through Attacks)
Intrusion
Tolerance
Big Board View of Attacks
Real-Time Situation Awareness
& Response
Graceful
Degradation
18-Jul-15
PKI
Intrusion Detection
Systems
Copyright © Infineon Technologies 2006. All rights reserved.
VPNs
Hardened
Core
Performance
Functionality
Page 2
Trusted Computing Application Fields
Credentials Operating
Applications
Systems
Web Services
Mobile Phones
PDAs
Storage
Trusted Platform Module
TCG
• The TPM is Standards
a HW security engine that stores
secrets and prevents many common software
• The “root of trust” of the system.
attacks.
Authentication
Devices
TP
M
Servers
Input
Devices
18-Jul-15
TPM
Security
Hardware
Notebooks
Desktops
Copyright © Infineon Technologies 2006. All rights reserved.
Page 3
Trusted Computing Research Areas Today:
Supporting and enhancing existing technologies and applications:
 Secure storage of critical data
 New authentication and communication supplements
New (TC based ) field of research:
 Trusted OS:
 Virtualization, Microkernel
 Error tolerant
 New Hardware platform structures:
 Trusted embedded platforms (mobile phones, critical controllers
(automotive), network boxes …
 Infrastructure:
 Public Testing capabilities,
 Remote TC management and network control
 Training: Making TC development much easier, SDK. Application
Examples
18-Jul-15
Copyright © Infineon Technologies 2006. All rights reserved.
Page 4
Existing Trusted Computing R&D projects
OpenTC (EU-FP6) :
2006-2009, 24 partners, Basic TC Interfaces and APIs, Virtualization, Microkernel,
Application examples, Standardization contributions
http://www.OpenTC.net/
TECOM (Trusted Embedded Computing), EU-FP7 :
2008-2010, 8 partners,
Embedded Hardware with integrated TC, Common criteria certification for integrated
chips, Trusted OS for embedded: Virtualization, Microkernel, Security layers,
Applications
http://www.TECOM-project.eu
SECRICOM (Secure Crisis Communication), EU-Security:
2008-2011), 10 partners, first TC supported project ( TC is not anymore the main task,
but is used for supporting the project targets). http://www.secricom.org
NADA (Nanodatacenters), EU-FP7:
2008-2011, 10 partners, distributed media systems with trust and security.
www.nanodatacenters.eu
EVITA Automotive security , EU-FP7:
2008-2011, 14 partner
www.evita.eu
Other national projects: France, USA, Spain, Germany, Japan, Malaysia, Austria
18-Jul-15
Copyright © Infineon Technologies 2006. All rights reserved.
Page 5
Field of research #1: Trusted Hardware
 Next generation TPMs
 Which additional functions are really required?
 TPMs are already to complex, minimalistic TPM
what is hw and what is software
 How many privacy on embedded
 TPM design complexity barrier (Turing-Goedel barrier).
How to verify the correctness of a TPM implementation itself ?
From 128 KB code for TPM 1.1 to about 512 KB in 2010 to
1MB in ?
Guaranteed Error free ?
 TPM and host platform integration. E.g. TPM and ARM
Trustzone on one chip: Advantages , System and interface
requirements, bidirectional support of technologies.
18-Jul-15
Copyright © Infineon Technologies 2006. All rights reserved.
Page 6
Field of research #2: Trusted Operating systems
 Virtualisation for PC like systems
 Virtualization for embedded systems
- Small code
- e.g. real time behaviour
 Microkernel
 Other Trusted operating system concepts ?
Until now, no R&D project delivered an easy to use, just out of the
box TOS!
18-Jul-15
Copyright © Infineon Technologies 2006. All rights reserved.
Page 7
Field of research #3:
Specific TPM use scenarios,
 Integrated Trusted Computing systems for next generations Automotive
products:
SW error resistant platforms, secure integrated authentication and
communication, product copy prevention….
 Secure car to car communication
 Mobile communications
 Separating critical and uncritical parts in the system
 Scalability and usability features
 Industrial plant control
 Critical infrastructures
 Single point of failure
18-Jul-15
Copyright © Infineon Technologies 2006. All rights reserved.
Page 8
Field of research #4:
Making TC development much easier,
 Training examples for the newcomer
 Software Development Kits for special application fields and kernels
 Building blocks for training
 Surrounding Infrastructure missing
18-Jul-15
Copyright © Infineon Technologies 2006. All rights reserved.
Page 9
Field of research #5: TPM platform management
 A TPM may cost some 1 or 2 €.
TPM enterprise total cost of ownership may be in the range of
200-300€ per year (installation, Training, helpdesk, IT visits….)
 Authentication by exiting idm structures(kerberos, X509, PK…)
 TPM management via existing network management
capabilities?
 Silent installation
 Roaming, automatic and remote key migration, extended
certificate store
 TPM migration, backup
 Embedding into existent IT security structures
 Are there more market oriented application scenarios than just
platform security and certificate management ?
18-Jul-15
Copyright © Infineon Technologies 2006. All rights reserved.
Page 10
Field of research #6: Infrastructure
 Public research on advanced Compliance and testability
 Public research on advanced Conformance evaluation
(Security evaluation) ,
Advanced and fast TOE description and testing methods
 Handling TOE changes fast and with low effort
 Complex reduction for software/hardware systems
18-Jul-15
Copyright © Infineon Technologies 2006. All rights reserved.
Page 11
Field of research #7: applications
Specific,
 High level applications
18-Jul-15
Copyright © Infineon Technologies 2006. All rights reserved.
Page 12
Preview EU FP7 Security Research call 2008
 A new Call for Proposals for Security Research (FP7-SEC-2009-1)
under the Seventh Framework Programme for Research and
Technological Development (FP7) is planned to be published on
4 September 2008.
 Security research does not mean IT research !
 Comparable to homeland security
 http://ec.europa.eu/enterprise/security/index_en.htm
18-Jul-15
Copyright © Infineon Technologies 2006. All rights reserved.
Page 13
Preview EU FP7 call 2008
 IST: Future of the Internet
TC as support feature:
Building and managing trustworthy network infrastructures as well
as communication, computing and storage infrastructures in the
context of the development of the Future Internet as
conglomerate of heterogeneous networks and systems. This will
include novel architectures with built-in security, dependability
and privacy; secure interfaces and scalable dynamic security
policies across networks. It will also include the trustworthy
management of billions of networked devices, "things" and
virtual entities connected in the Future Internet.
 http://ec.europa.eu/information_society/activities/foi/index_en.h
tm
 Next full blown Trusted computing call: IST 2009
18-Jul-15
Copyright © Infineon Technologies 2006. All rights reserved.
Page 14
Objective ICT-2009.1.4: Trustworthy ICT
 a) Trustworthy Network Infrastructures
Trustworthy platforms and frameworks for autonomously monitoring and
managing threats, which are typically cross-border, cross-organisational,
scalable, distributed, dynamically evolving and collaborative.
Experimentation and demonstration of trustworthiness of network
infrastructures
Projects should give adequate attention to usability, societal acceptance and
economic and legal viability of the technologies developed
 b) Trustworthy Service Infrastructures
Research projects should include in addition to technology development,
attention to aspects of usability, legislation, human behaviour, privacy and
principles of human rights . This could involve research in other relevant
disciplines or demonstrating trustworthiness properties in the proposed
frameworks.
 c) Technology and Tools for Trustworthy ICT
For user-centric and privacy preserving identity management, including for
management of risks and policy compliance verification.
Management and assurance of security, integrity and availability, also at very
long term, of data and knowledge in business processes and services.
In enabling technologies for trustworthy ICT, this includes cryptography,
biometrics; trustworthy communication; virtualisation; metrics and
certification methodologies.
18-Jul-15
Copyright © Infineon Technologies 2006. All rights reserved.
Page 15
Objective ICT-2009.1.4: Trustworthy ICT
Networking, Coordination and Support
Networks of Excellence could be particularly relevant for the areas of (i), (ii)
and (iii).
d)
 Expected Impact:
For trustworthy network and service infrastructures:
Demonstrable improvement (i) of the trustworthiness of the future European
network infrastructures consisting of various heterogeneous communication
networks and systems and (ii) in handling network threats and attacks and
reduction of security incidents.
Significant contribution to the development of trustworthy European
infrastructures and frameworks for network services; improved
interoperability and standardisation supporting usability and user-centricity
in the handling of information and privacy.
For all IP/STREP projects:
Improving European industrial competitiveness in markets of trustworthy
ICT by offering business opportunities and consumer choice in usable
innovative technologies; increased awareness of the potential and relevance
of trustworthy ICT.
For networking, coordination and support actions (NoE/CSA):
Improved coordination of research and integration of research activities in
areas where that is beneficial for European research and innovation
capacity.
 Indicative budget distribution: 90 M€
18-Jul-15
Copyright © Infineon Technologies 2006. All rights reserved.
Page 16
Artemis program for embedded
platforms: 20.5.2008
 The ARTEMIS Joint Undertaking has launched its first Call for
proposal with a total public funding of 99 Million €. This happen
because of a unique collaboration between industry and public
authorities.
 Please look at: https://www.artemis-ju.eu/call_2008
 Tom Bo CLAUSEN
European Commission
DG Information Society
E-mail: [email protected]
 http://cordis.europa.eu/ist/embedded/
18-Jul-15
Copyright © Infineon Technologies 2006. All rights reserved.
Page 17
18-Jul-15
Copyright © Infineon Technologies 2006. All rights reserved.
Page 18

similar documents