Transcript NGSCB
The Trusted Computing (TC) and Next Generation Secured Computing Base (NGSCB) NGSCB 1 Introduction – TC, TCG, NGSCB TC = Trusted Computing, TCG = Trusted Computing Group, NGSCB = Microsoft’s TC Original Motivation for TC: TC was intended for DRM Limits the abuse of file sharing over the network Prevent making illegal copies without the authorization from the vendor Restrict user’s computing actions NGSCB 2 Current Motivation for TC “For years, Bill Gate has dreamed of finding a way to make the Chinese pay for software: TC looks like being the answer to his prayer.” – Ross Anderson NGSCB 3 Fundamental Concepts of TC Software runs and communicates securely over applications and servers Use “locked-down” architecture Hardware level cryptographic keys for encryption and authentication Tamper-resistant Seal secure data within curtained memory Input/Output communication path are encrypted NGSCB 4 TCG Many vendors provide hardware support for major components of NGSCB For example, Intel’s LaGrande Technology (LT) and AMD’s Secure Execution Mode (SEM) technology TCG is an alliance of Microsoft Manages TC activities for different hardware/software vendors: AMD, HP, IBM, and others NGSCB 5 Trusted Computing Base = TCB TCB is everything in the operating system that we rely on for security If TCB is damaged/non-secured, the whole system broken. If the system is broken, and TCB is OK, we still have system security Integrated into the system (combines software and hardware components) Responsible for regulating information security policies Consists of Kernel + OS NGSCB 6 TC -- overview NGSCB 7 TC Any trusted platform has the following three fundamental features: Protected Capabilities Integrity Capabilities Integrity Reporting NGSCB 8 NGSCB Microsoft’s version of TC: NGSCB Will be implemented in the upcoming version of Windows: as known as Microsoft Windows Longhorn/Vista Architecture Computing Environments Four Features of NGSCB NGSCB 9 NGSCB - architecture NGSCB 10 NGSCB – Computing Environments Overview NSGCB operates two operating systems in ONE system Two Modes: Normal Mode vs. Trusted Mode Normal Mode: Un-protected environment Same as our current Windows series Fully Controlled by the users Trusted Mode: Protected environment Users have no authorities to modify, delete, or copy ANY content. Implemented TC: Hardware and Software implementation Fully Controlled by the computers NGSCB 11 NGSCB - architecture Two primary system components in NGSCB – Nexus and NCA Nexus Special kernel (core of the trusted operating) Goal: Isolate the process of normal mode and trusted mode differently in memory Functionality: Authenticate and protect data (entered, stored, communicated, and displayed) by data encryption NGSCB 12 NGSCB - architecture Nexus Computing Agent (NCA) Trusted software component Runs in trusted mode that communicates with Nexus Open-source for NCA specifications Developers can make their own agents to run on the trusted platform NGSCB 13 NGSCB – operating environments NGSCB 14 NGSCB – operating environments Microsoft claims: “Only an NGSCB trusted application, NCA, can run securely within the protected operating environment.” NCA Defined by software developers Policies Security authentication Security authorization NGSCB 15 NGSCB – Four Features Strong Process Isolation Sealed Storage Attestation Secured Path to the user NGSCB 16 NGSCB – Four Features Strong Process Isolation Isolate protected and non-protected operating environment that are stored in the same memory Blocks the access of Direct Memory Access (DMA) devices in term of writing and reading to secured block of memory Block access of malicious code Claim: “no illegitimate access will occurring in protected environment” NGSCB 17 NGSCB – Four Features Sealed storage Ensures the privacy of NGSCB data are not being exposed NGSCB uses Security Support Component (SSC) to do this SSC has its own encryption services and can be managed by the Nexus Uses Advance Encryption Standard (AES), pair of public and private keys, and keys derived for trusted application NGSCB 18 NGSCB – Four Features Sealed Storage NCA uses these keys to encrypt data, access file system, and provide storage services. Claim: No unauthorized application can read the sealed storage whatsoever (at boot up, or running) NGSCB 19 NGSCB – Four Features Cryptographic Attestation Confirm to the recipient that the data was digital signed by the NGSCB and data was cryptographically identifiable Authenticates software Process Prove application identity Useful in networking, prove its identity securely before transmit any data. Avoid Man in the Middle attack? NGSCB 20 NGSCB – Four Features Secure Path to the user Ensure the information remains securely through the input/output of the devices. Encrypt the input/output, creates a secure path. Protects computer from: Keystroke recorded Hardware devices Need to upgrade current hardware devices: mouse/keyboard/USB devices/ video adapter Input: upgrade to USB devices: Smart cards, biometrics, others Output: upgrade to Graphic adapter, which prevent read/write to video memory NGSCB 21 NGSCB Applications Example: Microsoft Word Restrict user: View/Copy/Write/Open/Close Not compatible with other *.doc applications, ie. OpenOffice Written document is Signed and Encrypted with Microsoft Word --- Only Word has the private key to decrypt it… NGSCB 22 NGSCB Application Example: Network application Cannot file-sharing via P2P Cannot open your friend’s packed programs Presumably Secured with connected in network Example: Microsoft Explorer / Outlook User might be able to see the content but not able to “Copy-and-Paste” to other applications Users have no longer have the capability to “do whatever they want to do” NGSCB 23 Analysis of NGSCB Will this succeed? NGSCB 24