Transcript Defending Critical Infrastructure

Introduction of Trusted
Network Connect
Houcheng Lee
[email protected]
May 9, 2007
What is Trusted Computing?
Trusted Computing Group
(TCG)
Trusted Computing Group (TCG) Membership
170 Total Members as of January, 2007
Contributors
Contributors
Adopters
Funk Software, Inc.
Seagate Technology
ConSentry Networks
Promoters
General Dynamics C4 Systems
Siemens AG
CPR Tools, Inc.
AMD
Giesecke & Devrient
SignaCert, Inc.
Credant Technologies
Hewlett-Packard
Hitachi, Ltd.
Silicon Integrated Systems Corp.
Fiberlink Communications
IBM
Infineon
Sinosun Technology Co., Ltd.
Foundstone, Inc.
Intel Corporation
InfoExpress, Inc.
SMSC
GuardianEdge
Microsoft
InterDigital Communications
Sony Corporation
ICT Economic Impact
Sun Microsystems, Inc.
iPass
STMicroelectronics
Industrial Technology Research Institute
Lenovo Holdings Limited
Symantec
Infosec Corporation
Contributors
Lexmark International
Symbian Ltd
Integrated Technology Express Inc.
Adaptec, Inc.
Lockheed Martin
Synaptics Inc.
LANDesk
Agere Systems
M-Systems Flash Disk Pioneers
Texas Instruments
Lockdown Networks
American Megatrends, Inc.
Maxtor Corporation
Toshiba Corporation
Marvell Semiconductor, Inc.
ARM
Meetinghouse Data
TriCipher, Inc.
MCI
Atmel
Communications
Unisys
Meganet Corporation
AuthenTec, Inc.
Mirage Networks
UPEK, Inc.
Roving Planet
AVAYA
Motorola Inc.
Utimaco Safeware AG
SafeBoot
Broadcom Corporation
National Semiconductor
VeriSign, Inc.
Safend
Certicom Corp.
nCipher
Vernier Networks
Sana Security
Check Point Software, Inc.
NEC
Vodafone Group Services LTD
Secure Elements
Citrix Systems, Inc.
Nevis Networks, USA
Wave Systems
Senforce Technologies, Inc
Comodo
Nokia
Winbond Electronics Corporation
SII Network Systems, Inc.
Dell, Inc.
NTRU Cryptosystems, Inc.
Silicon Storage Technology, Inc.
Endforce, Inc.
NVIDIA
Adopters
Softex, Inc.
Ericsson Mobile Platforms AB
OSA Technologies, Inc
Advanced Network Technology
StillSecure
France Telecom Group
Philips
Labs
Swan Island Networks, Inc.
Freescale Semiconductor
Phoenix
Apani Networks
Symwave
Fujitsu Limited
Pointsec Mobile Technologies
Apere, Inc.
Telemidic Co. Ltd.
Fujitsu Siemens Computers
Renesas Technology Corp.
ATI Technologies Inc.
Toppan Printing Co., Ltd.
Ricoh Company LTD
BigFix, Inc.
Trusted Network Technologies
RSA
Security,
Inc.
BlueRISC,
Inc.
ULiowners.
Electronics Inc.
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective
Samsung Electronics Co.
Bradford Networks
Valicore Technologies, Inc.
SanDisk Corporation
Caymas Systems
Websense
SCM Microsystems, Inc.
Cirond
TCG Key Players
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
Trusted Platform Module
(TPM)
Trusted Platform Module (TPM)
Introduction

What is a TPM?


A Hardware
What it does?
V1.2 functions, including:
•stores OS status information
•generates/stores a private key
•creates digital signatures
•anchors chain of trust for keys,
digital certificates, and other
credentials
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
TPM – TCG Definition

Asymmetric Key Module



Trusted Boot Configuration


Storage of software digests during boot process
Anonymous Attestation


Generate, store & backup public/private key pairs
Generate digital signatures, encrypt/decrypt data
Endorsement key used to establish properties of
multiple identity keys
TPM Management

Turn it on/off, ownership / configure functions, etc.
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
TPM – Abstract Definition

Root of Trust in a PC



Operations or actions based on the TPM have measurable
trust.
Flexible usage model permits a wide range of actions to be
defined.
Doesn’t Control PC (About DRM)


User still has complete control over platform. It’s OK to turn
the TPM off (it ships disabled).
User is free to install any software he/she pleases.
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
Why Not Software?

Software is hard to secure.


Soft data can be copied.


Ultimately, it is usually based on something stored in a
relatively insecure location (like the hard drive).
Lets an attacker take more time or apply more
equipment to the attack procedure.
Security can’t be measured.

Two users running same software operation may see
radically different risks.
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
TPM Measurement flow
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
Trusted Network Connection
(TNC)
What is TNC?



Open Architecture for Network Access
Control
Suite of Standards
Developed by Trusted Computing Group
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
Network Endpoint Problem

Sophisticated Attacks





Exponential Growth




Viruses, Worms, Spyware, Rootkits, Botnets
Zero-Day Exploits
Targeted Attacks
Rapid Infection Speed
> 40,000,000 Infected Machines
> 35,000 Malware Varieties
Motivated Attackers (Bank Crackers)
Any vulnerable computer is a stepping stone
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
Key Computing Trends Drive the Need
for TNC

TREND
Increasing network span to
mobile workers, customers,
partners, suppliers


Network clients moving to
wireless access


Malware increasingly targeting
network via valid client
infection



New malware threats
emerging at an increasing rate
IMPLICATION
Less reliance on physical
access identity verification (i.e.
guards & badges)
Remote access sequences
easily monitored, cloned
Clients ‘innocently” infect
entire networks
Client scanning demands
move from once/week to
once/login
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
Network Integrity Architectures





Several Initiatives are pursuing Network Integrity
Architectures
All provide the ability to check integrity of objects
accessing the network
[Cisco] Network Admission Control (NAC)
[Microsoft] Network Access Protocol (NAP)
[TCG] Trusted Network Connect (TNC)



Support multi-vendor interoperability
Leverage existing standards
Empower enterprises with choice
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
Trusted Network Connect Advantages
Open standards





Open standards process
multi-vendor compatibility
Enable customer choice
open technical review
Integrates with established protocols like EAP,
TLS, 802.1X, and IPsec
Incorporates Trusted Computing Concepts
- guarding the guard
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
Controlling Integrity of What is on
the Network

Moving from “who” is allowed on the
network


User authentication
To “who” and “what” is allowed on the
network

Adding Platform Integrity verification
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
Check at connect time
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
Can I connect?
- Who are you
- What is on your computer
Enterprise Net
User DB
+
Integrity DB
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
Access control dialog
Quarantine and Remediation
Remediation
Server
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
Quarantine
Net
Enterprise Net
Can I connect?
No I am quarantining you
Try again when you’re fixed up
User DB
+
Integrity DB
Access control dialog
data
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
TNC Architecture
Policy
Enforcement
Point
(PEP)
Access
Requestor
(AR)
wireless
wired
Network
perimeter
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
Policy
Decision
Point
(PDP)
TNC Architecture
Access Requestor
t
Integrity Measurement
Collector
Collector
Collectors (IMC)
Policy Enforcement
Point
(IF-M)
Integrity Measurement
Verifiers
Verifiers
Verifiers (IMV)
Peer Relationship
(IF-IMC)
TNC Client
(TNCC)
Policy Decision
Point
(IF-IMV)
(IF-TNCCS)
TNC Server
(TNCS)
Peer Relationship
(IF-PTS)
(IF-T)
Platform Trust
Service (PTS)
TSS
Network
Access
Requestor
Policy
Enforcement
Point (PEP)
(IF-PEP)
Network Access
Authority
TPM
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
Endpoint Integrity Policy

Machine Health






Anti-Virus software running and properly
configured
Recent scan shows no malware
Personal Firewall running and properly configured
Patches up-to-date
No authorized software
Machine Behavior

No porting scanning, sending spam, etc.
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
Examples of Integrity Checks

Virus scan



Spyware checking





Is virus scanner present/ which version
Has it run “recently” / what is the result
Is Spyware checker running/ what version
Have programs been deleted/isolated
What is your OS patch level
Is unauthorized software present?
Other - IDS logs, evidence of port scanning
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
Network Operator Access Policy

Define policy for what must be checked


e.g. Virus, Spyware and OS Patch level
and
results of checks
e.g. Must run



VirusC- version 3.2 or higher, clean result
SPYX- version 1.5 or higher
Patchchk - version 6.2 or higher, patchlevel-3 or newer
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
TNC Scenario (Anti-Virus)
AV
AV
AV
configuration engine definitions
3 Measured
1
2
Baseline
Measurements
Policies
Embedded
Anti-Virus
Services
4
Integrity
Measurements
AV-IMC
Other IMCs
Sequence
1) Harvesting
5
AV-IMV
Other IMVs
Policy
Decision
2) Policy authoring
3) Collection
TNC
Client
4) Reporting
TNC
Server
Control
Request
5) Evaluation
6) Enforcement
Network Access
Requestor
6
Network Access
Authority
7) Remediation
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
AR
PDP
TNC Model for Exchanging Integrity Data
Anti-virus
Collector
Anti-virus
Verifier
firewall
Collector
firewall
Verifier
TNC Client
IF-T
TNC Server
Patch mgt
Collector
Patch mgt
Verifier
Platform trust
Collector
Platform trust
Verifier
- Messages are batched by TNCC/ TNCS
- Either side can start batched exchange
- IMC/IMV may subscribe to multiple message types
- Exchanges of TNC batches called handshake
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
Authorized Access Only
Access Requestor
Hacker_Cindi
Policy Enforcement
Point
Policy Decision
Point
Access
Denied
LynnP
Guest
Access
Denied
JoeK
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
Authorized Users
JoeK
NoelC
KathyR
LynnP
Corporate SW Requirements
Access Requestor
Policy Enforcement
Point
Policy Decision
Point
Non-compliant System
Windows XP
SP2
xOSHotFix 2499
xOSHotFix 9288
AV - McAfee Virus Scan 8.0
Firewall
Corporate Network
Client Rules
Compliant System
Windows XP
SP2
OSHotFix 2499
OSHotFix 9288
AV - Symantec AV 10.1
Firewall
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
Windows XP
•SP2
•OSHotFix 2499
•OSHotFix 9288
•AV (one of)
•Symantec AV 10.1
•McAfee Virus Scan 8.0
•Firewall
Customized Network Access
Access Requestor
Policy Enforcement
Point
Policy Decision
Point
Guest User
Ken – R&D
Linda – Finance
Windows XP
OS Hotfix 9345
OS Hotfix 8834
AV - Symantec AV 10.1
Firewall
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
Access Policies
•Authorized Users
•Client Rules
Platform Trust Services PTS




IF-PTS evaluates the integrity of TNC
components and makes integrity reports
available to the TNCC and TNCS
The PTS establishes the integrity state of the
TNC framework and binds this state to the
platform transitive-trust chain
PTS IMC collects integrity information about
TNC elements and sends to PTS IMV
PTS IMV has information (probably from
vendors) on expected values for IMCs and other
TNC and verifies received values
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
TPM Integrity Check
Access Requestor
Policy Enforcement
Point
Policy Decision
Point
TPM – Trusted Platform Module
• HW module built into most of
today’s PCs
• Enables a HW Root of Trust
• Measures critical components
during trusted boot
• PTS-IMC interface allows
PDP to verify configuration
and remediate as necessary
Corp LAN
Compliant System
TPM verified
BIOS
OS
Drivers
Anti-Virus SW
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
Client Rules
TPM enabled
•BIOS
•OS
•Drivers
•Anti-Virus SW
TNC Architecture – Existing Support
Access Requestor
Endpoint
Supplicant/VPN Client, etc.
Policy Enforcement
Point
Network Device
FW, Switch, Router, Gateway
Policy Decision
Point
AAA Server, Radius,
Diameter, IIS, etc
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
TPM Use Cases - Government &
Regulatory

National Security Agency



U.S. Army


Full drive encryption
TCG for compatibility
Network Enterprise Technology Command now
requires TPM 1.2 on new computers
F.D.I.C.

Promotes TPM usage to member banks
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
TPM Use Cases – Realistic Projects

Pharmacy Company





Japanese Health Care Projects





With VPN over public network, put TPMs on all clients
Access dependent on digital certificate
Verifies both user and machine
Hardware and software from Lenovo
Obligation to preserve data; METI funded
Fujitsu’s TNC deployment verifies HW and app config for
session of broadband telemedicine
Hitachi’s TPM-based system for home health care
IBM’s Trusted Virtual Domains
MicroSoft Vista BitLocker
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
Thank you
Question?
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.
Reference


Trusted Computing Group (TCG) https://www.trustedcomputinggroup.org/home
Trusted Network Connection (TNC) https://www.trustedcomputinggroup.org/group
s/network/
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.