Transcript NGSCB

The Trusted Computing (TC) and
Next Generation Secured
Computing Base (NGSCB)
Joseph Yu
Jeffrey Khuu
CS158B
Dr. Stamp
NGSCB
1
Table of Contents
 Introduction
TC
TCG
NGSCB
 TC
 NGSCB
Architecture
Features
 Analysis of NGSCB
 Summary
NGSCB
2
Introduction – TC, TCG, NGSCB
TC = Trusted Computing, TCG = Trusted
Computing Group, NGSCB = Microsoft’s
TC
Original Motivation for TC:
TC was intended for DRM
Limits the abuse of file sharing over the network
Prevent making illegal copies without the
authorization from the vendor
Restrict user’s computing actions
NGSCB
3
Introduction - TC
Current Motivation for TC:
“For years, Bill Gate has dreamed of finding a
way to make the Chinese pay for software: TC
looks like being the answer to his prayer.” –
Ross Anderson
TC extend way more than DRM: It gives more
authorizations to the computers over users
NGSCB
4
Introduction - TC
Fundamental Concept of TC
Software runs and communicates securely over
applications and servers
Use “locked-down” architecture
Hardware level cryptographic keys for encryption and
authentication
Tamper-resistant
Seal secure data within curtained memory
Input/Output communication path are encrypted
NGSCB
5
Introduction - TCG
Many vendors provide hardware support
for major components of NGSCB
For example, Intel’s LaGrande Technology (LT)
and AMD’s Secure Execution Mode (SEM)
technology
TCG is an alliance of Microsoft
Manage TC activities for different
hardware/software vendors: AMD, HP, IBM,
and others
NGSCB
6
Introduction - TCG
Goal:
Claimed: Non-Profit industry standards
organization to enhance the security and
computing in different platforms
Provide a secured TCB for the system
Activities:
Formed in Spring 2003 and adopted a set of
specification made by Trusted Computing
Platform Alliance (TCPA)
NGSCB
7
TC
 What is Trusted Computing?
Trusted Computing Base (TCB)
 TCB
“TCB is everything in operating system that we rely on
for security” Dr. Stamp
If TCB is damaged/non-secured, the whole system
broken.
If the system is broken, and TCB is ok. We still have
system security
Part of the system (combines software and hardware
components)
Responsible for regulate information security policies
Consist of Kernel, OS
NGSCB
8
TC -- overview
NGSCB
9
TC
Should be expected the computing behave
the way we wanted and do what we
wanted securely
Any trusted platform has the following
three fundamental features:
Protected Capabilities
Integrity Capabilities
Integrity Reporting
NGSCB
10
NGSCB
Microsoft’s version of TC: NGSCB
Will be implemented in the upcoming
version of Windows: as known as
Microsoft Windows Longhorn
Architecture
Computing Environments
Four Features of NGSCB
NGSCB
11
NGSCB - architecture
NGSCB
12
NGSCB - architecture
Two primary system components in
NGSCB
Nexus
Special kernel (core of the trusted operating)
Goal: Isolate the process of normal mode and
trusted mode differently in memory
Functionality: Authenticate and protect data
(entered, stored, communicated, and displayed)
by data encryption
Nexus Computing Agent (NCA)
NGSCB
13
NGSCB - architecture
Nexus Computing Agent (NCA)
Trusted software component
Runs in trusted mode that communicates with
Nexus
Open-source for NCA specifications
Developers can make their own agents to run
on the trusted platform
NGSCB
14
NGSCB – Computing Environments
Overview
 NSGCB operates two operating systems in ONE system
 Two Modes:
 Normal Mode vs. Trusted Mode
 Normal Mode:
 Un-protected environment
 Same as our current Windows series
 Fully Controlled by the users
 Trusted Mode:
 Protected environment
 Users have no authorities to modify, delete, or copy ANY content.
 Implemented TC: Hardware and Software implementation
 Fully Controlled by the computers
NGSCB
15
NGSCB – operating environments
NGSCB
16
NGSCB – operating environments
Microsoft claimed: “Only an NGSCB
trusted application, NCA, can run securely
within the protected operating
environment.”
NCA
Defined by software developers
Policies
Security authentication
Security authorization
NGSCB
17
NGSCB - Features
Claimed: Four Features
Strong Process Isolation
Sealed Storage
Attestation
Secured Path to the user
NGSCB
18
NGSCB – Four Features
Strong Process Isolation
Isolate protected and non-protected operating
environment that are stored in the same
memory
Blocks the access of Direct Memory Access
(DMA) devices in term of writing and reading to
secured block of memory
Block access of malicious code
Claimed: “no illegitimate access will occurring in
protected environment”
NGSCB
19
NGSCB – Four Features
Sealed storage
Ensure the privacy of NGSCB data are not
being exposed
NGSCB use Security Support Component (SSC)
to do this
SSC has own encryption services and can be
managed by the Nexus
Use Advance Encryption Standard (AES), pair
of public and private keys, and keys derived for
trusted application
NGSCB
20
NGSCB – Four Features
Sealed Storage
NCA uses these keys to encrypt data, access
file system, and provide storage services.
Claimed: No unauthorized application can read
the sealed storage whatsoever (at boot up, or
running)
NGSCB
21
NGSCB – Four Features
Cryptographic Attestation
Confirm the recipient that the data was digital
signed by the NGSCB and data was
cryptographically identifiable
Authenticates software Process
Prove application identity
Useful in networking, prove its identity securely
before transmit any data.
Avoid Man in the Middle attack?
NGSCB
22
NGSCB – Four Features
 Secure Path to the user
Ensure the information remains securely through the
input/output of the devices.
Encrypt the input/output, creates a secure path.
Protects computer from:
 Keystroke recorded
 Hardware devices
Need to upgrade current hardware devices:
mouse/keyboard/USB devices/ video adapter
Input: upgrade to USB devices: Smart cards, biometrics,
others
Output: upgrade to Graphic adapter, which prevent
read/write to video memory
NGSCB
23
NGSCB Applications
 Many applications involved NGSCB: regular
computing, networking, DRM, others
 Example: Microsoft Word
Restrict user:
View/Copy/Write/Open/Close
Not compatible with other *.doc applications, ie.
OpenOffice
Written document is Signed and Encrypted with
Microsoft Word --- Only Word has the private key
to decrypt it
NGSCB
24
NGSCB Application
Networking application:
Cannot file-sharing via P2P
Cannot open your friend’s packed programs
Presumably Secured with connected in network
Good for networking?
Microsoft Explorer / Outlook
User might be able to see the content but not
able to “Copy-and-Paste” to other applications
Users have no right to “do whatever they
wanted to do”
NGSCB
25
Analysis of NGSCB
Current Problematic Computing
User can do whatever they wanted to do in
computer – taking all responsibility
Unprotected: Virus, worms, keystroke,
spywares
Abuse of file-sharing digital contents
As a conclusion, we DO need a better
computing protection operating system
NGSCB
26
Analysis of NGSCB
Will NGSCB be the solution?
Human nature to control over things and not to
be controlled by others.
“People will not use it if it blocks and restricts
them doing what they want to do.” Quote
NGSCB will fails:
Companies will not tolerate attestations on the
network and through the firewall every time their
employee wants to open a file.
They want open the application FAST!
NGSCB
27
Analysis of NGSCB
NGSCB will fails to work with DRM
There is always WAYS to workaround of things.
Music for example
User still can record what comes out from the
speaker, (poor quality but so what, it’s FREE)
Recorded and make MP3 out of it
Copy content for example
Take a screen shot, digital camera?
NGSCB
28
NGSCB
As a summary of our presentation:
NGSCB will fail.
People will use alternative products:
Apple OS
Linux
Stay with Microsoft XP ??
NGSCB
29
Q/A
Q/A
NGSCB
30
References


















[1] Mark Stamp's CS166 software presentation slides
http://www.cs.sjsu.edu/~stamp/CS166
[2] System Management Concepts: Operating system and Devices
http://www.unet.univie.ac.at/aix/aixbman/admnconc/tcb.htm
[3] TCG Specification Architecture Overview
https://www.trustedcomputinggroup.org/downloads/TCG_PCSpecificSpecification_v1_1.pdf
[4] Microsoft’s Next Generation Secured Computing Base Overview
http://www.microsoft.com/resources/ngscb/NGSCB_Overview.mspx
[5] NGSCB Security Model
http://www.microsoft.com/resources/ngscb/documents/NGSCB_Security_Model.doc
[6] Trusted Computing and NGSCB
http://www.cs.bham.ac.uk/~mdr/teaching/TrustedComputing.html
[7] Ross Anderson's Trusted Computing FAQ
http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
[8] Microsoft’s resource for NGSCB
http://www.microsoft.com/resources/ngscb/productInfo.mspx
[9] Microsoft's NGSCB four features
http://www.microsoft.com/resources/ngscb/four_features.mspx
NGSCB
31