Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation
description
Transcript of Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation
![Page 1: Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation](https://reader035.fdocuments.in/reader035/viewer/2022062411/56816860550346895ddeae11/html5/thumbnails/1.jpg)
Trusted Platform Modules: Building a Trusted Software Stack and Remote AttestationDane Brandon, Hardeep UppalCSE551University of Washington
![Page 2: Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation](https://reader035.fdocuments.in/reader035/viewer/2022062411/56816860550346895ddeae11/html5/thumbnails/2.jpg)
OverviewMotivationTrusted Computing and Trusted
Platform Modules (TPM)Trusted Software StacksAttestationMeasurementsFuture Work and Conclusion
![Page 3: Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation](https://reader035.fdocuments.in/reader035/viewer/2022062411/56816860550346895ddeae11/html5/thumbnails/3.jpg)
MotivationAn End to the Middle
◦Our ongoing research.◦Networked computers and trust.◦How can we validate a computer?◦Even with a password, can we trust
they are who they say they are?
Hardware offers a potential solution…
![Page 4: Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation](https://reader035.fdocuments.in/reader035/viewer/2022062411/56816860550346895ddeae11/html5/thumbnails/4.jpg)
Trusted Computing and TPMsTrusted Computing Group
◦Spec for TPM and trusted software stack.
TPM - Hardware chip on most new business laptops and some other PCs.◦Dell Latitude, Lenovo ThinkPad, etc…
Offers some help that software can’t.
NOT protection against physical attacks.
![Page 5: Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation](https://reader035.fdocuments.in/reader035/viewer/2022062411/56816860550346895ddeae11/html5/thumbnails/5.jpg)
TPM Functionality
![Page 6: Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation](https://reader035.fdocuments.in/reader035/viewer/2022062411/56816860550346895ddeae11/html5/thumbnails/6.jpg)
TPM FunctionalityPersistent memory
◦Endorsement key (EK) Permanent private unique key
◦Storage Root Key (SRK) Encrypts other keys, data with pub key out
to disk.Volatile memory
◦Platform Configuration Registers (PCR)◦Attestation identity keys◦Storage keys
![Page 7: Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation](https://reader035.fdocuments.in/reader035/viewer/2022062411/56816860550346895ddeae11/html5/thumbnails/7.jpg)
TPM FunctionalityCrypto-processor
◦RSA key generator◦Random number generator◦Encryption / decryption◦SHA-1 hash and append
PCRs are append only. PCR[i] = SHA-1(PCR[i] | new value)
![Page 8: Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation](https://reader035.fdocuments.in/reader035/viewer/2022062411/56816860550346895ddeae11/html5/thumbnails/8.jpg)
Trusted Software StacksCore root of trust for
measurement (CRTM).◦Boot block in BIOS. Never changes.
Chain of trust.◦Each software component measures
the next.◦Append measurements to PCRs.
TrustedGRUBTrouSerS (TSS API)
![Page 9: Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation](https://reader035.fdocuments.in/reader035/viewer/2022062411/56816860550346895ddeae11/html5/thumbnails/9.jpg)
Trusted Software Stacks
![Page 10: Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation](https://reader035.fdocuments.in/reader035/viewer/2022062411/56816860550346895ddeae11/html5/thumbnails/10.jpg)
AttestationWe have a snapshot of state
which can be signed.How do we deliver it?We can’t just send it over…
◦Replay attacks
![Page 11: Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation](https://reader035.fdocuments.in/reader035/viewer/2022062411/56816860550346895ddeae11/html5/thumbnails/11.jpg)
AttestationWe have a snapshot of state
which can be signed.How do we deliver it?We can’t just send it over…
◦Replay attacks
![Page 12: Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation](https://reader035.fdocuments.in/reader035/viewer/2022062411/56816860550346895ddeae11/html5/thumbnails/12.jpg)
AttestationUse a nonce
◦When request to join comes, challenge with a random number.
◦Append to PCRs and sign. Funky fresh.Note: Measurements only represent
state immediately after boot.◦No guarantees of events after boot!
Still need to prove that the TPM is a TPMCertificate Authority
◦Validate TPM
![Page 13: Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation](https://reader035.fdocuments.in/reader035/viewer/2022062411/56816860550346895ddeae11/html5/thumbnails/13.jpg)
Attestation
AIKAIKEKEK
EK AIK
Privacy CA
Trusted Nodes
New Node
Manf.Cert.
PCA Cert.
![Page 14: Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation](https://reader035.fdocuments.in/reader035/viewer/2022062411/56816860550346895ddeae11/html5/thumbnails/14.jpg)
Attestation
AIKAIKEKEK
EK AIK
Privacy CA
Trusted Nodes
New Node
Manf.Cert.
PCA Cert.
![Page 15: Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation](https://reader035.fdocuments.in/reader035/viewer/2022062411/56816860550346895ddeae11/html5/thumbnails/15.jpg)
Attestation
AIKAIKEKEK
EK AIK
Privacy CA
Trusted Nodes
New Node
Manf.Cert.
PCA Cert.
![Page 16: Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation](https://reader035.fdocuments.in/reader035/viewer/2022062411/56816860550346895ddeae11/html5/thumbnails/16.jpg)
Attestation
AIKAIKEKEK
AIK
Privacy CA
Trusted Nodes
New Node
Manf.Cert.
PCA Cert.
![Page 17: Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation](https://reader035.fdocuments.in/reader035/viewer/2022062411/56816860550346895ddeae11/html5/thumbnails/17.jpg)
Attestation
AIKAIKEKEK
AIK
Privacy CA
Trusted Nodes
New Node
Manf.Cert.
PCA Cert.
![Page 18: Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation](https://reader035.fdocuments.in/reader035/viewer/2022062411/56816860550346895ddeae11/html5/thumbnails/18.jpg)
Attestation
?AIKAIKEKEK
Challenge!AIK
Privacy CA
Trusted Nodes
New Node
Manf.Cert.
PCA Cert.
![Page 19: Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation](https://reader035.fdocuments.in/reader035/viewer/2022062411/56816860550346895ddeae11/html5/thumbnails/19.jpg)
Attestation
02895…
AIKAIKEKEK
AIK
Privacy CA
Trusted Nodes
New Node
Manf.Cert.
PCA Cert.
![Page 20: Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation](https://reader035.fdocuments.in/reader035/viewer/2022062411/56816860550346895ddeae11/html5/thumbnails/20.jpg)
Attestation
10110…
AIKAIKEKEK
AIK
Append nonce and sign PCRs with priv_AIK
Privacy CA
Trusted Nodes
New Node
Manf.Cert.
PCA Cert.
![Page 21: Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation](https://reader035.fdocuments.in/reader035/viewer/2022062411/56816860550346895ddeae11/html5/thumbnails/21.jpg)
Attestation
10110…
AIKAIKEKEK
AIKAIK
Privacy CA
Trusted Nodes
New Node
Manf.Cert.
PCA Cert.
![Page 22: Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation](https://reader035.fdocuments.in/reader035/viewer/2022062411/56816860550346895ddeae11/html5/thumbnails/22.jpg)
Attestation
AIKAIKEKEK
AIK
10110…
AIK
Privacy CA
Trusted Nodes
New Node
Manf.Cert.
PCA Cert.
![Page 23: Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation](https://reader035.fdocuments.in/reader035/viewer/2022062411/56816860550346895ddeae11/html5/thumbnails/23.jpg)
Attestation
AIKAIKEKEK
AIK
10110…
AIK
Privacy CA
Trusted Nodes
New Node
Manf.Cert.
PCA Cert.
![Page 24: Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation](https://reader035.fdocuments.in/reader035/viewer/2022062411/56816860550346895ddeae11/html5/thumbnails/24.jpg)
Attestation
AIKAIKEKEK
AIK
10110…
AIK
Verify bits match:SHA-1(expected PCRs |
nonce)SUCCESS!Privacy CA
Trusted Nodes
New Node
Manf.Cert.
PCA Cert.
![Page 25: Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation](https://reader035.fdocuments.in/reader035/viewer/2022062411/56816860550346895ddeae11/html5/thumbnails/25.jpg)
MeasurementsVerify
PCRvalues change
![Page 26: Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation](https://reader035.fdocuments.in/reader035/viewer/2022062411/56816860550346895ddeae11/html5/thumbnails/26.jpg)
Measurements
Time in seconds
Extends are fastCreating keys is very slowLoad and sign, not too bad…
![Page 27: Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation](https://reader035.fdocuments.in/reader035/viewer/2022062411/56816860550346895ddeae11/html5/thumbnails/27.jpg)
Future WorkCreate a privacy CA.Implement complete attestation
process and benchmark major components.
Put Xen in the middle of the chain of trust.
Add trusted software stack to ETTM project.
![Page 28: Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation](https://reader035.fdocuments.in/reader035/viewer/2022062411/56816860550346895ddeae11/html5/thumbnails/28.jpg)
ConclusionTPMs show promise.Building a trusted software stack
is possible with open-source software.
Time cost not negligible, but reasonable.
Hardware should get better.Need more software support.
![Page 29: Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation](https://reader035.fdocuments.in/reader035/viewer/2022062411/56816860550346895ddeae11/html5/thumbnails/29.jpg)
Other ThoughtsLots of laptops have TPMs, no
one uses them.TrustedGRUB has 5400+ extra
lines of code. We didn’t write them.
The Dell Latitude e5400 is garbage.◦Two thumbs down!