usc csci599 trusted computing lecture five – key management february 9, 2007
DESCRIPTION
USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007. Dr. Clifford Neuman University of Southern California Information Sciences Institute. Announcements. Assignment due today. Those that didn’t get TVSA paper last week see me. Mid-term in two weeks - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/1.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
USC CSci599Trusted ComputingLecture Five – Key ManagementFebruary 9, 2007
Dr. Clifford Neuman
University of Southern California
Information Sciences Institute
![Page 2: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/2.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Announcements
• Assignment due today.
• Those that didn’t get TVSApaper last week see me.
• Mid-term in two weeks
• For the most relevant of the assignments turned in I will be contacting you about presenting to the class.
![Page 3: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/3.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Cryptography in Use
• Provides foundation for security services– Provides confidentiality– Validates integrity– Provides data origin authentication– If we know the key
• Where does the key come from– Straightforward plan
▪ One side generates key▪ Transmits key to other side▪ But how?
• How is the key protected– This is a key problem in security
![Page 4: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/4.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Key Management
• Key management is where much security weakness lies
– Choosing keys
– Storing keys
– Communicating keys
![Page 5: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/5.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
What to do with keys
• Practical issues– How to carry them
▪ Passwords vs. disks vs. smartcards, vs. hardware.
– Where do they stay, where do they go– How many do you have– How do you get them to begin with.– When can you use them.
![Page 6: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/6.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Key Management and Trusted Computing
• Protecting the keys needed for trusted computing.
– This is the role of the TPM
– We will discuss how this is done.
• Using trusted computing to protect the keys needed for other applications.
– This can be a role for trustedcomputing in general.
– The TPM plays a role, but the rest of the system must extend this protection through the application stack.
![Page 7: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/7.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
What it means to protect a key
• Prevent disclosure– A manageable problem in some
situations.• Prevent use of the key for unauthorized
purposes.– A much harder problem
• How do we preserve or transport keys?
![Page 8: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/8.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Key Distribution
• Conventional cryptography– Single key shared by both parties
• Public Key cryptography– Public key published to the world– Private key known only by owner
• Third party certifies or distributes keys– Certification infrastructure– Authentication
![Page 9: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/9.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
KDC Based Key Distribution
• User sends request to KDC: {s}• KDC generates a random key: Kc,s
– Encrypted twice: {Kc,s}Kc, {Kc,s}Ks
– {Kc,s}Kc called ticket – Ticket plus Kc,s called credentials– Ticket is opaque and forwarded with
application request• No keys ever traverse net in the clear
![Page 10: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/10.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Public Key Distribution
• Public key can be public!
– How does either side know who and what the key is for? Private agreement? (Not scalable.)
• Does this solve key distribution problem?
– No – while confidentiality is not required, integrity is.
• Still need trusted third party
![Page 11: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/11.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Recovery from exposed keys
• Revocation lists (CRL’s)– Long lists– Hard to propogate
• Lifetime / Expiration– Short life allows assurance of validitiy
at time of issue.• Realtime validation
– Online Certificate Status Protocol (OCSP)
• What about existing messages?
![Page 12: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/12.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Key Management Overview
• Who needs strong secrets anyway
– Users?
– Servers?
– The Security System?
– Software?
– End Systems?
• Secret vs. Public
![Page 13: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/13.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Group Key Management
• Group key vs. Individual key
– Identifies member of groups vs. which member of group
– PK slower but allows multiple verification of individuals
![Page 14: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/14.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Trust models for certification
• X.509 Hierarchical
– Single root (original plan)
– Multi-root (better accepted)
– SET has banks as CA’s and common SET root
• PGP Model
– “Friends and Family approach” - S. Kent
• Other representations for certifications
• No certificates at all
– Out of band key distribution
– SSH
![Page 15: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/15.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Certification Infrastructures
• Public keys represented by certificates
• Certificates signed by other certificates
– User delegates trust to trusted certificates
– Certificate chains transfer trust up several links
![Page 16: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/16.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Key in Trusted ComputingSlide by Arun Viswanathan
![Page 17: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/17.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Endorsement Key
• Every TPM has unique Endorsement key
– Semi-root of trust for system
▪ Real root is CA that signs public key associated with Endorsement key
– Generated and installed during manufacture
![Page 18: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/18.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Storage Root Key
• Root of Key Hierarchy for managing keys related to TPM (except EK)
– Root key never leaves TPM
– Can be changed to reinitialize ownership.
![Page 19: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/19.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Storage Keys
• Can protect data
• Can protect other keys
• Some storage keys may be migrated.
![Page 20: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/20.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Binding Key
• Private key to decrypt data perhaps encrypted by others using a public key
![Page 21: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/21.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Using Encryption
• LoadKey
– Generated or imported
• Sign
– Signs Data Presented to TPM
• Unbind
– Decrypt data from elsewhere in a public key
![Page 22: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/22.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Using Encryption
• Seal/Unseal
– Encrypt and subsequent decrypt
– This TPM Only
– PCRs must be correct
• Quote
– Sign current value of PCR
![Page 23: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/23.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Using Encryption
• CreateWrapKey– Creates and encrypts for transfer a new
RSA key• MakeIdentity
– Creates an Attestation Identitykey for a user
• TakeOwnership– Reinitialize TPM, and erases old keys
![Page 24: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/24.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Applications
• Authentication• Login checking• Digital Signatures on document• Email• Disk Encryption• Electronic commerce • Financial transactions• Broadcast access control (e.g. Satellite TV)
![Page 25: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/25.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Authentication
• User key may be needed from multiple machines.
– Either user enters it (vulnerable)
– Stored and used in smartcard (better)
• Transferred between and stored in TPMs.
– But how to validate presence of user
![Page 26: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/26.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Encryption Based Authentication
• Proving knowledge of encryption key– Nonce = Non repeating value
{Nonce or timestamp}KCS
C S
But where does Kc come from?
![Page 27: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/27.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Login Checking
• Traditional crypto-based login checking is to obtain user key and use it to authenticate to the TCB.
– But if the user key is in the TPM, or in a smartcard, it reduces to some kind of secret based authentication (e.g. password), or alternatively a biometric.
![Page 28: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/28.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Digital Signatures
• Key used to “sign” document must be carried and stored where used.
– Can be stored in TPM, or protected so that it can only be accessed by TPM
– TPM applies signature, or yields key used to apply signature in other software.
– Must address issue of when key may be used, and to whom it may be given.
![Page 29: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/29.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
• Digital signature for sending
• Authentication for retrieval
• Unsealing based on binding key for received encrypted email.
![Page 30: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/30.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Disk Encryption
Covered in earlier lecture• Full Disk Encryption
– Key in register in disk– Or key in TPM and data encrypted/decrypted
by TPM• Seagate Drive uses register in Disk
– Key must be loaded– User prompt at BIOS– Or managed by TPM
▪ But OS image maybe on disk, how to get
![Page 31: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/31.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Ecommerce and Financial Transactions
• Some keys and assets may need to be protected against user
– Stored value cards
• Others are protected for the user
– Keys that authenticate requests by user, such as checks or credit card documents.
![Page 32: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/32.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Satellite TV
Captured Content For Channel 1
Video Tape Recorder (VTR)
Video Encoder
Captured Content For Channel n
Video Tape Recorder (VTR)
Video Encoder
Scrambler
Conditional Access System
ModulatorUplink to Satellite
Multiplexer
Slide from Nilesh Maheshwari
![Page 33: USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007](https://reader035.vdocument.in/reader035/viewer/2022070404/56813afd550346895da38f60/html5/thumbnails/33.jpg)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Satellite TVSlide from Nilesh Maheshwari
Paid Channels from Content Provider A
Set-top Box of Content
Provider AVideo Encoder
Paid Channels from Content
Provider B
Set-top Box of Content
Provider B
Video Encoder
Scrambler
Conditional Access System
ModulatorTo Subscribers or End-user’s STB
MultiplexerDownlink from
satellite
Unpaid Channels from Various Content Providers
QPSK TS Converter
Video on Demand System