Securing Applications With Firmware (Going Beyond TCPA Platform Security) Dr. Robert W. Baldwin...

9
Securing Applications With Firmware (Going Beyond TCPA Platform Security) Dr. Robert W. Baldwin [email protected] Chief Scientist

Transcript of Securing Applications With Firmware (Going Beyond TCPA Platform Security) Dr. Robert W. Baldwin...

Page 1: Securing Applications With Firmware (Going Beyond TCPA Platform Security) Dr. Robert W. Baldwin Bob_Baldwin@phoenix.com Chief Scientist.

Securing Applications With

Firmware(Going Beyond TCPA Platform Security)

Dr. Robert W. [email protected]

Chief Scientist

Page 2: Securing Applications With Firmware (Going Beyond TCPA Platform Security) Dr. Robert W. Baldwin Bob_Baldwin@phoenix.com Chief Scientist.

2

Outline

Who is Phoenix Technologies? What is Phoenix doing in Security? Current & Future Partners

Page 3: Securing Applications With Firmware (Going Beyond TCPA Platform Security) Dr. Robert W. Baldwin Bob_Baldwin@phoenix.com Chief Scientist.

3

Phoenix Dominates PC BIOS

BIOS: Initialize & Manage PC Motherboard & Devices

Phoenix is 21 Years Old 80% PC Market Share > 100 Million in 2001 Expanding to

• Set Top Box• Internet Appliance• Wireless Handheld

Prior Success With• Power Management• Plug n Play• USB

Phoenix Other

100 Million PCs in 2001100 Million PCs in 2001

Page 4: Securing Applications With Firmware (Going Beyond TCPA Platform Security) Dr. Robert W. Baldwin Bob_Baldwin@phoenix.com Chief Scientist.

4

Phoenix Partners & Customers

Page 5: Securing Applications With Firmware (Going Beyond TCPA Platform Security) Dr. Robert W. Baldwin Bob_Baldwin@phoenix.com Chief Scientist.

5

Phoenix FirstWare Opportunity

Motherboard Includes Protected Execution Environment

Past:• Power Management• USB, Plug n Play

Now:• Firmware Smart Card

for Each Application• Application Integrity & Access Control• RSA, AES, SHA1-HMAC• World Wide Trust Infrastructure

(PKI Initializes AES Smart Cards)

ApplicationApplication

Win OSWin OS

StrongROMStrongROM

Page 6: Securing Applications With Firmware (Going Beyond TCPA Platform Security) Dr. Robert W. Baldwin Bob_Baldwin@phoenix.com Chief Scientist.

6

Phoenix FirstWare Opportunity

Bind Data (Cryptographic Seal & Unseal):• to Specific Application on Specific Device• App-Device Pair Registered with Enterprise or Merchant

Checks Signature on In-Memory Application Code• Viruses, Tampering, Reverse Engineering

App DataApp Data ApplicationApplication

Page 7: Securing Applications With Firmware (Going Beyond TCPA Platform Security) Dr. Robert W. Baldwin Bob_Baldwin@phoenix.com Chief Scientist.

8

FirstWare Product Areas

Check the Virus Checker & OS Loader One-Time Password Authentication Convenient Two-Factor Challenge-

Response• VPN Client, RAS Dial-Up, SSL Web Access

Protect RSA Private Key & Certificate • VPN Client Certificate, E-Mail, Purchasing Card

Software Licensing & Content DRM Device Asset Control & Tracking

Page 8: Securing Applications With Firmware (Going Beyond TCPA Platform Security) Dr. Robert W. Baldwin Bob_Baldwin@phoenix.com Chief Scientist.

9

Phoenix cryptographic engine

+ security keys

Phoenix StrongROM on motherboard

StrongROM secured

computer

FirstWare Deployment

StrongClient secured

computer

New PC, Handheld, Set Top New PC, Handheld, Set Top

Legacy & Non-Phoenix DevicesLegacy & Non-Phoenix Devices

Application Includes StrongClient WDM

Page 9: Securing Applications With Firmware (Going Beyond TCPA Platform Security) Dr. Robert W. Baldwin Bob_Baldwin@phoenix.com Chief Scientist.

10

Working With Security Partners

Chips Vendors Motherboard & PC

Makers OS Vendors Wireless & Handheld Security App Vendors Financial App Vendors DRM Vendors Trust Infrastructure

Providers

Phoenix FirstAuthority

Device Security Server & SDK

Phoenix FirstAuthority Server Family

Device Authority Service Providers

Phoenix FirstWare

StrongROM & StrongCLIENT

Device Manufacturers &

System OEMs

ISVs & IT Developers