cosc 4765 trusted platform module. what is tpm the tpm hardware along with its supporting software...
TRANSCRIPT
Cosc 4765
Trusted Platform Module
What is TPM
• The TPM hardware along with its supporting software and firmware provides the platform root of trust. – It is able to extend its trust to other parts of the
platform by building a chain of trust, where each link extends its trust to the next one.
Hardware Crypto Capabilities
• RSA Accelerator– contains a hardware engine to perform up to 2048
bit RSA encryption/decryption.– uses its built-in RSA engine during digital signing
and key wrapping operations.• Engine for SHA-1 hash algorithm
– uses its built-in hash engine to compute hash values of small pieces of data.
– Large pieces of data (such as an email message) may be hashed outside of the TPM, for performance reasons.
Hardware Crypto Capabilities
• Random Number Generator– used to generate keys for various purposes
Allows
• Remote attestation – creates a hash key for summary of the
hardware and software. • Depends on the encryption software
– This allows a third party to verify that the software has not been changed.
Allows (2)
• Sealing • encrypts data in such a way that it may be decrypted
only if the TPM releases the right decryption key,– which it only does if the exact same software is present as
when it encrypted the data.
– Binding • encrypts data using the TPM's endorsement key, a
unique RSA key burned into the chip during its production, or another trusted key.
Allows (3)
• Authentication of hardware devices. – Since each TPM chip has a unique and secret
RSA key burned in during the production, it is capable of performing platform authentication.
– For example• it can be used to verify that the system seeking the
access is the expected system.
• So we can verify the correct computer is attempting to access “something”.
Vista
• With Ultimate and Enterprise editions– Includes BitLocker software.
• Encrypts the boot volume.– Provides integrity authentication for trusted
boot pathway (from BIOS to boot sector to start up)
Example with MS Outlook
Example with MS Outlook (2)
File Encryption
• A file can be encrypted using a standard RSA key pair, stored by the TPM.
• And again The file can be encrypted using the TPM chip’s unique and secret RSA key.
• Now the file can only be decrypted by the system that encrypted it. Bonded to that system.
Problems?
• Issues with the File Encryption?
• Issues with Updates?
• General issues of privicy?
References
• http://en.wikipedia.org/wiki/Trusted_Platform_Module
• http://buytough.com/tb_pdf/TPM_WP.pdf• http://www.techworld.com/storage/features/
index.cfm?featureid=1777• https://www.trustedcomputinggroup.org/faq/
TPMFAQ/• http://www.microsoft.com/whdc/system/platform/
hwsecurity/default.mspx• http://www.msnbc.msn.com/ID/10441443/
QA&