Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 "Putting Trust Into Computing: Where Does it Fit?" Monday, February 14, 2005 9:00 a.m. ­ 12:00 p.m. Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #2 Agenda 09:00am Introduction Jim Ward, IBM, TCG Board President / Chair 09:05am Trusted Network Connect Overview Thomas Hardjono, VeriSign 9:45am Open Source Solutions Dr. Dave Safford, IBM 10:25am Writing and Using Trusted Applications Ralph Engers, Utimaco Safeware AG; George Kastrinakis, Wave Systems; William Whyte, NTRU Cryptosystems, Inc. 11:15am Customer Case Studies Stacy Cannady, IBM; Manny Novoa, HP 11:50am Q&A Mark Schiller, HP; Jim Ward, IBM; Brian Berger, Wave Systems Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #3 Agenda 09:00am Introduction Jim Ward, IBM, TCG Board President / Chair Jim Ward is a Senior Technical Staff Member and security architect within the IBM software group division. Ward has been a core contributor in the security standards space and currently serves as the President and Board Chair of the Trusted Computing Group. Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #4 TCG Mission Develop and promote open, vendor-neutral, industry standard specifications for trusted computing building blocks and software interfaces across multiple platforms Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #5 TCG Board of Directors Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #6 TCG Organization Marketing Workgroup Brian Berger, Wave Systems Board of Directors Jim Ward, IBM, President and Chairman, Geoffrey Strongin, AMD, Mark Schiller, HP, David Riss, Intel, Steve Heil, Microsoft, Tom Tahan, Sun, Nicholas Szeto, Sony, Bob Thibadeau, Seagate, Thomas Hardjono, VeriSign Server Specific WG Larry McMahan, HP Marty Nicholes, HP Position Key GREEN Box: Elected Officers BLUE Box: Chairs Appointed by Board RED Box: Chairs Nominated by WG, Appointed by Board BLACK Box: Resources Contracted by TCG TSS Work Group David Challener, IBM TPM Work Group David Grawrock, Intel Storage Systems Robert Thibadeau, Seagate Administration VTM, Inc. Advisory Council Invited Participants Technical Committee Graeme Proudler, HP Public Relations Anne Price, PR Works Events Marketing Support VTM, Inc. Peripherals WG Colin Walters, Comodo PC Client WG Monty Wiseman, Intel Mobile Phone WG Janne Uusilehto, Nokia Infrastructure WG Thomas Hardjono, VeriSign Ned Smith, Intel Conformance WG Randy Mummert, Atmel Hard Copy WG Brian Volkoff, HP Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #7 Promoters AMD Hewlett-Packard IBM Intel Corporation Microsoft Sony Corporation Sun Microsystems, Inc. Adopters BigFix, Inc. Citrix Systems, Inc Enterasys Networks Foundry Networks Inc. Foundstone, Inc. Gateway Industrial Technology Research Institute Interdigital Communications Latis Networks, Inc. MCI Nevis Networks, USA PC Guardian Technologies Sana Security Senforce Technologies, Inc Silicon Integrated Systems Corp. Silicon Storage Technology, Inc. Softex, Inc. Telemidic Co. Ltd. Toshiba Corporation TriCipher, Inc. ULi Electronics Inc. TCG Membership 92 Total Members as of January 13, 2005 7 Promoter, 64 Contributor, 21 Adopter Contributors Meetinghouse Data Communications Motorola Inc. National Semiconductor nCipher Network Associates Nokia NTRU Cryptosystems, Inc. NVIDIA OSA Technologies, Inc Philips Phoenix Pointsec Mobile Technologies Renesas Technology Corp. RSA Security, Inc. SafeNet, Inc. Samsung Electronics Co. SCM Microsystems, Inc. Seagate Technology SignaCert, Inc. Sinosun Technology Co., Ltd. Standard Microsystems Corporation STMicroelectronics Sygate Technologies, Inc. Symantec Symbian Ltd Synaptics Inc. Texas Instruments Transmeta Corporation Trend Micro Utimaco Safeware AG VeriSign, Inc. Vernier Networks VIA Technologies, Inc. Vodafone Group Services LTD Wave Systems Zone Labs, Inc. Contributors Agere Systems ARM ATI Technologies Inc. Atmel AuthenTec, Inc. AVAYA Broadcom Corporation Certicom Corp. Comodo Dell, Inc. Endforce, Inc. Ericsson Mobile Platforms AB Extreme Networks France Telecom Group Freescale Semiconductor Fujitsu Limited Fujitsu Siemens Computers Funk Software, Inc. Gemplus Giesecke & Devrient Hitachi, Ltd. Infineon InfoExpress, Inc. iPass Juniper Networks Lenovo Holdings Limited Lexmark International M-Systems Flash Disk Pioneers Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #8 Technical Work Groups · Technical Committee · Work Groups ­ Trusted Platform Module (TPM) ­ TPM Software Stack (TSS) ­ PC Specific Implementation ­ Peripheral Implementation ­ Server Specific Implementation ­ Storage Systems Implementation ­ Mobile Phone Specific Implementation ­ Conformance (Common Criteria) ­ Infrastructure ­ Hard Copy ­ Trusted Network Connect · Marketing Work Group Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #9 Agenda Thomas Hardjono is principal scientist and director within VeriSign. His work includes cryptography, network security, multicast/group security, PKI systems, wireless and 3G networks, digital rights management and trusted computing. He is currently co-chair of the Infrastructure Work Group within the Trusted Computing Group. He also represents VeriSign Inc. on the TCG Board of Directors.. 09:05am Trusted Network Connect Overview Thomas Hardjono, VeriSign Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #10 The TCG Trusted Network Connect (TNC) Architecture: An Overview Trusted Computing Seminar RSA 2005 Conference February 14, 2005 Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #11 Contents · The Challenge of Trusted Computing · Features & Benefits of Trusted Platforms · Trusted Network Connect (TNC) · Summary Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #12 Introduction The Challenge of Trusted Computing Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #13 The Challenge of Trusted Computing · Trusted Computing ­ How to create a safer computing environment that is faced with increasing frequency and sophistication of attacks ­ Protect end-user data ­ Enable trusted eCommerce transactions ­ Hardware-rooted trust · Increase the level of trust in the PC platform ­ Increase consumer confidence in Internet use ­ Reduce business risks, specially for security-conscious sectors · Financial Services, Insurance, Government, Healthcare ­ Increase in transaction volume and value with hardware enforced protections · Increase trust in other platforms ­ Laptops, Desktops, PDA, Servers, Mobile Phones, Network gear, etc. Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #14 Technical Challenge & the TP Solution · Challenge: ­ Allow communicating platforms to dynamically accept and execute code supplied by the network. ­ Allow a platform connect and interact with remote platforms. ­ Protection of data from misuse. · Solution: ­ Turn the entire platform into a trusted environment. ­ Enable a platform to prove that a given software environment is a protected environment. ­ Secrets are protected until the correct software environment exists · Only then are secrets released into that environment. Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #15 Features of Trusted Platforms What distinguishes TPs Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #16 Features of a Trusted Platform 1. Protected Capabilities · The set of commands with exclusive permission to access Shielded Locations (SL). · SL are places (memory, register, etc.) where it is safe to operate on sensitive data. · The TPM implements protected capabilities and shielded-locations. 2. Integrity Measurement and Storage · The Process of obtaining metrics of platform characteristics that affect the integrity (trustworthiness) of a platform. · The storing those metrics and the placement digests of those metrics in Platform Configuration Registers (PCR). Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #17 Features of a Trusted Platform (cont) 3. Integrity Reporting · The process of attesting to the contents of integrity storage (i.e. PCRs). · Philosophy: a platform may be permitted to enter any state possible (including insecure states), but it may not be permitted to lie about states that is was or was not in. · Multiple Roots of Trust in TPM (i.e. keys) 4. Attestations · The process of vouching for the accuracy of information (e.g. in the PCRs). · Attestations by the TPM and Platform · Attestation digitally signed using various TPM- bound and Platform-bound certificates. Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #18 Benefits of using TP Features · Integrity self-protection of a platform ­ Building blocks to turn the platform into a trusted environment. ­ Allow to prove that a given software environment is a protected environment. ­ Secrets encrypted to a given platform configuration · Decipherable only by the platform in that configuration · Platform Authentication (Remote Attestations) ­ Platform Authentication: a platform proves to another that it is in a given configuration ­ In a network authentication scenario, becomes the basis for proving Network End-Point Integrity · The Trusted Network Connect (TNC) approach Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #19 Trusted Network Connect Platform Authentication & Network End-Point Integrity Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #20 Trusted Network Connect (TNC) · TNC: Network end-point integrity using Trusted Platform features ­ A Client seeking connectivity to a network is integrity-evaluated against a given set of policies and (expected) platform configurations. ­ Clients failing integrity-evaluation have the option of being Remediated. · Technological components: ­ Common standardized architecture/framework ­ Platform authentication model using TP features ­ Platform authentication protocol(s) ­ Standardized APIs Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #21 Basic Authentication Model · The 3-party model ­ Requestor seeks services or access to resource from the Relying-Party ­ Verifier performs the evaluation of the Requestor's assertions · Outcome of the Verifier's evaluation can be binary (accept/reject) or a trust score Domain 1 802.1X Supplicant (e.g. Client) 802.1X Authenticator (e.g. 802.11 AP, Sw itch) 802.1X Authentication Server (e.g. Radius) Domain 2 Requestor Relying Party Verifier Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #22 Platform Authentication Features Domain 1 Domain 2 Storage TPM Platform Platform 1 Policy Platform 2 Storage TPM Platform Policy Measurement and Storage Measurement Reporting Credentials (profiles and semantics) Policy Creation Evaluation and Decision Making Enforcement and Response Policy Exchange 1 2 Reporting Format and Transport protocols Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #23 Platform Authentication (3-Party) Storage TPM Platform Requestor A R2 Domain 1 Policy Verifier B Storage TPM Platform Policy Domain 2 Relying Party C Storage TPM Platform R1 Policy Domain 3 Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #24 The TNC Architecture · Trusted Network Connect (TNC) ­ Specifications for End-Point Integrity developed by networking vendors within the TCG. ­ TNC-Subgroup is a working group under the TCG's Infrastructure Working Group developing the specs. · Purpose of the TNC Architecture: ­ Common reference framework for end-point integrity ­ Component specification & functional standardization · APIs, data formats, messages ­ Applicable to as wide use-cases as possible · e.g. 802.1X, VPN, dial-up & other network-access Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #25 The TNC Architecture Access Requestor Policy Enforcement Point Integrity Measurement Verifiers Integrity Measurement Verifiers Integrity Measurement Collector Integrity Measurement Collector Integrity Measurement Collectors Integrity Measurement Verifiers Netw ork Access Requestor Policy Enforcement Point Netw ork Access Authority TNC Server Policy Decision Point Supplicant/ VPN Client, etc. Switch/ Firewall/ VPN Gateway TSS TPM Int. Log Platform Trust Service (PTS) TNC Client AAA Server, Radius, Diameter, IIS, etc. Peer Relationship Peer Relationship Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #26 Architecture Entities · Access Requestor (AR): ­ Integrity Measurement Collector: · Measures aspects of the AR's integrity (e.g. AV, etc). · May use Platform Trust Services (PTS) to obtain integrity information regarding every component on the platform. ­ TNC Client: · Aggregates integrity measurements (from IMCs) · Assists the management of the integrity check handshakes · Assists in the measurement & reporting of platform and IMC integrity. ­ Network Access Requestor: · Network-layer negotiation & access onto a given network. · Network layer transport protocol. · End-to-end secure channel creation & management. Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #27 Architecture Entities (cont) · Policy Decision Point (PDP) ­ Integrity Measurement Verifier: · Verifies AR's integrity based on measurements received from IMCs, against network security policy. ­ TNC Server: · Manages IMV-to-IMC (peer) message flows. · Gathers recommendations from IMVs. · Provides action-recommendation to the NAA. ­ Network Access Authority: · Decides whether a Access Requestor should be granted network access. · Network layer transport protocol. · End-to-end secure channel creation & management. Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #28 Architecture Entities (cont) · Platform Trust Services (PTS) ­ System service that exposes trusted platform capabilities to TNC components that reside on a Trusted Platform containing a TPM. ­ PTS Services include: protected key storage, asymmetric cryptography, random numbers, platform identity, platform configuration reporting and integrity state tracking. · Protocols for integrity reporting: ­ TLS-Attestations: uses Extensions capabilities in TLS to exchange integrity data. ­ TLS/IAP: allows IMCs and IMVs to communicate as peers, regardless of underlying transport. Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #29 Summary · Features of Trusted Platforms as the basis for establishing strong End-Point Integrity. ­ Protected Capabilities, Integrity Measurement & Reporting, and Attestations · Mutual Platform Authentication achieved using building blocks in the TCG ­ 3-Party authentication model, making use of TP features ­ Requestor, Relying Party and Verifier · TNC designed to provide End-Point Integrity based on features of Trusted Platforms ­ Mutual Platform Authentication ­ Trust rooted in Hardware (the TPM) ­ TNC Architecture defines entities, functions and services for network end-point integrity Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #30 Agenda Dr. Dave Safford manages the Global Security Analysis Lab in IBM's T.J Watson Research Center in Hawthorne, New York, where he directs research in security analysis tools, data forensics, security hardware, secure Linux, security engineering, and ethical hacking. His current research includes work on the Distributed Wireless Security Auditor for 802.11 networks and Linux support for the Trusted Computing Trusted Platform Module component. 9:45am Open Source Solutions Dr. Dave Safford, IBM Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #31 Open Source Support for Trusted Computing Dave Safford, IBM Research Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #32 Outline · Threat Trends · Trusted Computing · Open Source Projects · What's Missing · The Future Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #33 The Problem: Client Risk is Dramatically Rising · The number of attacks in the wild, and their lifetimes and impact are growing fast · 450% increase in Windows viruses over last year · 1500% growth in BotNets Jan to Jun 2004 · The myDoom.O virus overloaded networks around the world in August 2004 · Blaster worm attack cause First Energy's Davis Besse Nuclear Reactor to loose digital control for over four hours in January 2003 · Viruses are already deploying attacks against AV software · 80% of clients have spyware infestations · 30% of clients already have back doors (FSTC) · Increase in vulnerability rate is slowing, but the time between the publication of a security vulnerability and the broad exploitation of it is markedly decreasing · Financial losses rapidly increasing: · Phishing attacks: $500M direct losses in first half of 2004 · Identity theft is the fastest growing crime in US * cert.org Nov 2004 **July2004 Information Security Discovery of Vulnerabilties * 100 1000 10000 1995 1996 1997 1998 1999 2000 2001 2002 2003 Days to Broad Exploitation ** 1 10 100 1000 1999 2000 2001 2002 2003 2004 Unique Kinds of Phishing Attacks ** 10 100 1000 Nov-03 Dec-03 Jan-04 Feb-04 Mar-04 Apr-04 Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #34 How can the Trusted Platform Module (TPM) Help? · RSA crypto ­ key generation, signature, encrypt, decrypt · Secure storage ­ private keys ­ master keys (eg loopback) · Integrity measurement ­ Platform Configuration Registers (PCR) ­ compromise detection ­ Tie key use to uncompromised environment · Attestation ­ host based integrity/membership reporting ­ (RSA 2004 Demo) Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #35 Understanding TPM: · Main Specification: ­ Trusted Computing Group (TCG) home page: · http://www.trustedcomputinggroup.org · Problem: ­ Spec is over 320 pages (version 1.1b) ­ very hard to understand · Tutorial/Introduction paper: (4 pages) ­ Linux Journal, August 2003 · White papers, open source code ­ http://www.research.ibm.com/gsal/tcpa ­ device driver/access library/example applications Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #36 Programming View of the TPM Functional Units Non-volatile memory Volatile memory RNG Hash HMAC RSA Key Generation RSA Encrypt/Decrypt Endorsement Key (2048b) Storage Root Key (2048b) Owner Auth Secret (160b) RSA Key Slot-0 . . . RSA Key Slot-9 PCR-0 . . . PCR-15 Key Handles Auth Session Handles Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #37 Open Source TPM Projects · IBM Research ­ Linux Device Driver/library/applications http://www.research.ibm.com/gsal/tcpa ­ TPM Key Migration server ­ Trusted Linux Client · IBM Linux Technology Center ­ http://sourceforge.net/projects/tpmdd ­ http://sourceforge.net/projects/trousers · Rick Wash (umich) BSD port of IBM driver/library/applications ­ http://www.citi.umich.edu/u/rwash/projects/trusted/netbsd.html · Dartmouth enforcer ­ http://sourceforge.net/projects/enforcer · Swiss Federal Institute of Technology ­ TPM emulator ­ http://www.infsec.ethz.ch/people/psevinc/ Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #38 Open Source TPM Projects · IBM Research ­ Linux Device Driver/library/applications http://www.research.ibm.com/gsal/tcpa ­ Linux device driver ­ simple access library ­ basic applications · tpm_demo · takeown · createkey, loadkey, listkeys, evictkey · signfile, verifyfile · bindfile, unbindfile · sealfile, unsealfile Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #39 Open Source TPM Projects · TPM Key Migration server ­ If keys are locked within a TPM, what happens if TPM breaks? · for authentication keys, may be acceptable to create new, and reregister · for storage keys, broken TPM could mean loss of data ­ Current product solution saves copy of root on removable media ­ Need a solution which preserves hardware boundary guarantees ­ Key migration server uses a trusted third party with TPM to · backup/restore TPM keys to server's TPM · broker key migration from one TPM to another TPM · broker migration from one PCR state to another on same TPM · hides complexity of key migration from user Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #40 Open Source TPM Projects · Trusted Linux Client ­ Goals: · protect integrity of system from current attacks · be transparent to user ­ let user get job done ­ block only malicious activity ­ Foundations: · TPM · LSM ­ Functionality · TPM measured and authenticated boot · Authenticated file metadata for storing hashes, labels · Enhanced Lomac style Mandatory Access Control Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #41 Trusted Linux Client LSM Modules: · TPM: driver measures integrity of kernel and initrd, and releases kernel key · EVM: Extended Verification Module ­ authenticates extended attributes, data · SLIM: Simple Linux Integrity Module ­ Mandatory Access Control Sandbox · Implemented as stacked LSM module: EVMTPM Normal checks K SLIM measured kernel, initrd Sealed K TPM Authentication Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #42 TPM Module · TPM measures integrity of boot process through kernel and initrd · In initrd boot, user supplies sealed kernel key and authorization PW · If TPM measurements match, and password matches, TPM releases K. · Master key K is used to generate derived keys for ­ encrypted home directory partition loopback ­ authenticated file attribute checking (EVM) Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #43 Extended Verification Module: EVM · Use extended file attributes to store authenticated file metadata ­ file hash ­ mandatory access control labels ­ version ­ antivirus status · Use tpm based symmetric kernel key to HMAC these attributes · Verify file once at open/execute, and cache verification · "heavy lifting" done at install time, runtime is just file hash and HMAC · Extensible, policy based definition of attributes and actions Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #44 SLIM Sandbox: · Simple Linux Integrity Module (SLIM) ­ Use of LSM framework hooks ­ EVM context information to enable sandbox decision ­ Includes Lomac's low-water mark integrity model for ease of administration ­ With Caernarvon's separation of read and write/execute permissions ­ With Caernarvon's signed guard processes ­ verified trusted programs · Basic Integrity Operation: ­ Low Integrity processes can read and execute up, but not write up ­ High Integrity processes can write down, but are demoted on read/execute down ­ Trusted "guard" processes, verified by EVM, can read down without demotion · rpm · sshd Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #45 SLIM Access Classes All Files are labeled with an Integrity and Secrecy MAC label Integrity Access Classes (IAC) SYSTEM USER UNTRUSTED EXEMPT Secrecy Access Classes (SAC) SENSITIVE USER PUBLIC EXEMPT All Processes have upper and lower Integrity and Secrecy lables: Integrity Write/Execute Access Class (IWXAC) Integrity Read Access Class (IRAC) Secrecy Write Access Class (SWAC) Secrecy Read/Execute Access Class (SRXAC) (Upper and Lower are the same, except for guard processes.) Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #46 EVM and SLIM Extended Attributes EVM Extended Attributes: security.evm.hash - hash of file data (from signed rpm) security.evm.hmac - hmac-sha1 of security.* attributes security.evm.packager ­ signer of package security.evm.version - version of package SLIM Extended Attributes security.slim.level ­ six class values (values are space delimited) IAC - File's Integrity Access Class SAC - File's Secrecy Access Class IRAC - guard process Integrity Read Access Class IWXAC - guard process Integrity Write/Execute Class SWAC - guard process Write Access Class SRXAC - guard process Read/Execute Class Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #47 Open Source TPM Projects · IBM Linux Technology Center ­ Official Device Driver to be included in base Linux kernel · http://sourceforge.net/projects/tpmdd ­ Open source TCG Software Stack (TSS) · http://sourceforge.net/projects/trousers · Full software stack, including ­ synchronization ­ resource control (loaded keys) ­ example applications ­ testing programs Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #48 Open Source TPM Projects · Rick Wash (umich) BSD port of IBM driver/library/applications ­ http://www.citi.umich.edu/u/rwash/projects/trusted/netbsd.html Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #49 Open Source TPM Projects · Dartmouth enforcer ­ http://sourceforge.net/projects/enforcer ­ Similar in goals to TLC · integrity measurement, enforcement · Lilo bootloader support · does not include MAC Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #50 Open Source TPM Projects · Swiss Federal Institute of Technology ­ TPM emulator ­ http://www.infsec.ethz.ch/people/psevinc/ ­ Linux Kernel module which emulates TPM ­ Compatible with IBM device driver and applications ­ Gives backwards compatibility software option Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #51 Open Source TPM projects ­ What's Missing? · OpenSSL and PKCS-11 support ­ Example applications already use OpenSSL key formats ­ Need way to use TPM for client side SSL authentication Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #52 Open Source Trusted Computing ­ The Future · The bigger picture: · linux and windows · cross platform, open architecture · strong defenses, and rapid recovery · leverage linux, TLC for part of the solution · use open hypervisor (Xen) for integration/isolation Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #53 SecureI/O Secur e Servi ce Virtualization & Enforcement Hypervisor technology provides strong isolation and controlled sharing among applications Client Platform Hardware TPM Secure Hypervisor Trusted Linux Client Legacy Windows (on QEMU) Virtual Hosts Application Application Application Application Application Application Application Application Networks Local or Networked Storage Content Inspection Attestation Network I/O Disk I/O Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #54 Agenda Ralf Engers is responsible for research and development in the personal device security line of business of Utimaco Safeware AG. Quality assurance and certification is part of Engers' work. The products of the line of business provide a complete basic security for mobile clients, using bulk (hard disk) encryption, transparent file encryption, container encryption and policy enforcement. 10:25am Writing and Using Trusted Applications Ralph Engers, Utimaco Safeware AG; George Kastrinakis, Wave Systems; William Whyte, NTRU Cryptosystems, Inc. Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #55 Security Solutions in Operation Ralf M. Engers CTO Device Security Utimaco Safeware AG Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #56 Writing Trusted Applications · Pre-Boot-Authentication ­ One way to hack a Windows system is to bypass the GINA authentication. The solution: · Increased protection of credentials (encrypting the SAM) · Implementation of an authentication system, independent from the operating system: Pre-Boot-Authentication · CSP for the TPM ­ Applications which use already CSPs can use those CSPs, which drive TPMs ­ Most security benefits of a smart card, but no additional hardware to be bought/installed · Encryption Müller-4Müller-4 Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #57 Risks in IT - Types of Attacks and Misuse 0 50 100 150 200 250 300 Virus Denial of Service Net abuse Unauthorized Access Theft of proprietary info Financal faud Sabotage Number of respondents Source: CSI/FBI: Computer Crime and Security Survey 2003 http://www.gocsi.com/db_area/pdfs/fbi/FBI2003.pdf Laptop theft Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #58 The Base Protection Issue on Notebooks · In Windows XP the SAM database stores passwords · Microsoft recommends to encrypt the SAM database with ,,syskey" (*). ­ It requests either an additional password entry every time the notebook is booted or the need to carry around a floppy ­ It is not convenient for users ­ All remaining data on the disk is still stored in plain. ­ *: Source: Microsoft Windows Security Inside Out, Ed Scott, Carl Siechert, Microsoft Press Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #59 Use Case Mobile Devices · Power-Off Protection · Bulk Encryption with SafeGuard Easy ­ If an attacker steals the hard drive or the notebook, all data is protected. The SAM, system files, temporary files, page files, Microsoft Office files, the hibernation file, a.s.o., everything is encrypted. · The TPM increases protection ­ Keys are stored in protected hardware or protected through hardware ­ Dictionary attacks become almost impossible Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #60 Use Case Mobile Devices and Desktops · Bulk Encryption with SafeGuard Easy · Power-On Protection ­ Credentials stored in or protected by hardware · Certificates ­ Protection of encrypted Virtual Drives` content ­ Protection of encrypted Collaboration Work data · Passwords / Passphrases · SSO credentials ­ Data are tied to the platform (Machine Binding) · Extraction of the HDD from the desktop and mounting into another platform will not provide access to data. ­ True Random Number Generator (RSA keys) ­ Authentication Client - Server mutually Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #61 Layered Approach to Security · As soon as the Base Protection Issue is solved, more fine granular security structures can be implemented · The highly secure pre-boot authentication can be used to single-sign-on to further applications ­ High level of security, ­ Secrets stored in the TPM ­ SSO using certificates · Encrypted Containers · Encrypted Workgroup Data ­ SSO based on passwords · Legacy applications ­ WebSSO Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #62 Bulk Encryption and TCG in Operation · LBS Nord, Hannover Germany · Building society, 1 million customers · The application: ­ Agents provide their consulting services inside the customers` premises · customers` company site · customers` home ­ LBS proprietary consulting software and company data are stored on notebooks: corporate assets ­ Confidential customer data will be entered, processed and stored on notebooks: liability ­ Agents cannot take care about sophisticated security policies · Costs have to be considered over all notebook lifecycle Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #63 Bulk Encryption and TCG in Operation · The solution: · IBM T40 Thinkpads , equipped with TPMs (Trusted Platform Module) · IBM ThinkVantage Technology: Embedded Security Subsystem: Streamlined client management in conjunction with improved security · Utimaco SafeGuard Easy: Bulk Encryption of all HDD data: High level of protection combined with a very user friendly security policy · The synergy: Proactive increase of client security by key storage in hardware and machine binding · Low cost disposal of notebooks at end of lifecycle Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #64 Bulk Encryption and TCG in Operation · SWIFT is the industry-owned cooperative supplying secure, standardised messaging services and interface software to 7,600 financial institutions in 200 countries. HQ: La Hulpe, Belgium · Business Need: To cope with theft and corruption of notebooks in case of theft or left · Statistics: It is expected that from 5000 laptops 500 will get lost during lifecycle Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #65 Bulk Encryption and TCG in Operation · The Solution: · IBM Thinkvantage ESS · Platform binding · data to the platform · platform to the network · High quality key generation by TPM · All data protection by harddisk encryption · Notebook or HDD disposal at very low cost · TPM built-in at no extra cost · Hardware: 600 TPM equipped IBM Thinkpads (first roll-out) Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #66 Summary · TCG technology leverages existing security technology to the benefit for the customer ­ Increased level of security ­ Decreased costs ­ Improved managability ­ Standardization · Utimaco is committed to integrate TCG technology to continue in providing leading edge security technology to enterprise customers Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #67 Ralf M. Engers CTO Device Security Utimaco Safeware AG Hohemarkstraße 22 61440 Oberursel ralf.engers@utimaco.de You are invited to visit us at Utimaco booth # 1510 or TCG booth # 332 Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #68 Agenda George Kastrinakis is Director of Product Management within Wave Systems. He manages product strategy for Wave, including product requirements definition, collaboration with engineering, partnering with sales, marketing and partners, and maintaining customer relationships. He has worked with security products for the past five years and in the computer software industry for 17 years. 10:25am Writing and Using Trusted Applications Ralph Engers, Utimaco Safeware AG; George Kastrinakis, Wave Systems; William Whyte, NTRU Cryptosystems, Inc. Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #69 Security Solutions Using TCG Technology George Kastrinakis Wave Systems Corp. February 14, 2005 Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #70 Overview · Solution Opportunities · General Security Programming Model · TCG Programming Model · Data Security · Password Management & Security · TPM Management & Security · TPM Key Archive & Restore Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #71 Solution Opportunities Current Problems Need Trusted Solutions 1. Stronger Network Authentication 2. Data Protection 3. Strong Authentication to VPNs 4. Password Protection 5. Secure Information Distribution 6. Secure E-mail RESULT Security and trusted computing represent major new services and integration opportunities RESULT Security and trusted computing represent major new services and integration opportunities Identity Theft Identity Theft Worms, Viruses Worms, Viruses Hackers, Attacks Hackers, Attacks Insecure & Forgotten Passwords Insecure & Forgotten Passwords Insecure Distribution of Data Insecure Distribution of Data Exposed Data Exposed Data PhishingPhishing FraudFraud Laptop Theft Laptop Theft Regulatory Compliance Regulatory Compliance Privacy Issues Privacy Issues Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #72 Security Programming Model (Software Based) · Cryptographic Service Provider (CSP) ­ Supplies crypto, key generation, key management, etc. ­ Supplied with Windows OS · Software based ­ Standard MSCAPI Access · PKCS#11 ­ Alternative to MSCAPI/CSP Application 1 Software CSP MSCAPI Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #73 Security Programming Model (Hardware Token) · CSP + Hardware Token ­ Hardware token has fixed security function, CSP handles the rest ­ 3rd Party, typically supplied as a package · Software & Hardware based ­ Standard MSCAPI Access Hardware Token Smart Card, USB Key, etc.) Application 1 Hardware Aware CSP MSCAPI Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #74 TPMHardware Layer TPM Security Programming Model Application 1 Software CSP TSS TCG Enabled CSP MSCAPI Application 2 TCG Enabled Middleware Application 3 Software Infrastructure Layer Software Application Layer Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #75 Wave's Solution Focus · Intuitive and easy-to-use · Interoperable and validated across all available platforms, TPM vendors, and TSS software implementations · Server solution upgrades enhance the value for enterprises, resellers, & system integrators Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #76 Data Security · Wave's Document Manager ­ Document and data encryption ­ TPM Hardware protected keys ­ Data protected against unauthorized access, theft of PC. Vault View Accessible in Explorer & My Computer Accessible in Explorer & My Computer Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #77 Password Management & Security · Wave's Private Information Manager ­ TPM Secured storage of Web and Application usernames/passwords · Intelligent retrieval ­ automated · Auto capture of new login data ­ Multiple Profiles, Wallet, Favorite, Exclusions and Notes Web and PC Application Credential Storage Web and PC Application Credential Storage Prompted or Auto Login Prompted or Auto Login Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #78 TPM Management & Authentication · Wave's EMBASSY Security Center ­ TPM Management ­ Multifactor Authentication with Biometric, Smart Card, TPM/PKI · Secure Windows Logon · TPM Key Authentication ­ TPM Key Password Management Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #79 TPM Key Archive/Restore · Wave's Key Transfer Manager ­ Automatic or scheduled archive of client keys & certificates ­ Restore to same or different TPM PC ­ One button restore for platform failure ­ Client and Server modes Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #80 Agenda William Whyte is Director of Products and Services for NTRU. At NTRU, his responsibilities include oversight of all aspects of product management and technology development. He has led the development of NTRU's highly successful Core TSS product, which has been licensed to STMicroelectronics and Atmel Corporation, and he has led consultancy projects with blue-chip customers, including Microsoft and Raytheon, to design and review secure trusted systems. 10:25am Writing and Using Trusted Applications Ralph Engers, Utimaco Safeware AG; George Kastrinakis, Wave Systems; William Whyte, NTRU Cryptosystems, Inc. Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #81 Uses of TCG Technology in Applications William Whyte NTRU Cryptosystems February 14th 2005 Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #82 Outline · TSS Architecture · Accessing TPM Functionality Through TSS ­TPM 1.1 ­TPM 1.2 · NTRU's TSS Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #83 What is the TCG Software Stack (TSS)? · The TSS is a software stack that exposes the functionality of the TPM and provides a common interface to access TPM functionality. · The main goals of the TSS are: ­ Supply one entry point for applications to the TPM functionality ­ Provide synchronized access to the TPM ­ Hide building command streams with appropriate byte ordering and alignment from the applications ­ Manage TPM resources ­ Release TPM resources when appropriate Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #84 TSS Block Diagram Application TCG Crypto Service Providers TSS Service Providers TSS Core Service TSS Device Driver Library TPM TPM Interface TDDL Interface TSS Core Service Interface TSS Service Provider Interface TSS Crypto Service Provider Appendix Section 3 Section 4 Section 5 Section 6 Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #85 TSS Device Driver Library (TDDL) · Creates an abstraction layer hiding OS- specific device driver interfaces from the TCS · Single point of compatibility for TSS developers · Allows the TPM vendor to get/set device driver capabilities Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #86 TSS Core Services (TCS) · Parameter Block Generator (PBG) ­ Converts `C' style parameters into TPM format. · Key and Credential Manager (KCM) ­ Allows the user to alias and persistently store a TPM key. ­ Dynamically swaps keys into and out of the TPM · Context Manager ­ Allows multiple TSP modules to access TCS simultaneously ­ Performs memory management on a per context basis · Event Manager ­ Generates, manages and exports "PCR Events" · Audit Manager ­ This has been removed from the 1.1b specification Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #87 TSS Service Provider (TSP) · Exposes TSPI ­ User Friendly API that incorporates object oriented principles ­ Abstracts the underlying protocols and data structures · TSP Context Manager ­ Allows multiple instances of TSP layer ­ Performs memory management at the TSP Layer · Public-key cryptography and hashing/HMAC ­ Not all cryptography requires the TPM ­ Performs public-key, hashing and HMAC algorithms to enhance cryptographic security and authorization for the TPM Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #88 Remote PlatformLocal Application Scenario 1 TCPA Device Driver Library Local Application TCPA Service Provider Scenario 2 TSP CSP RPC Server Cryptographic Infrastructure UserProcesses TSS Core Service Interface TPM Device Driver Library Interface TSPI TSPI TPM Device Driver Trusted Platform Module (TPM) TSS Service Provider Cryptographic Functions TSP Context Manager SystemProcesses UserModeKernelMode TSS Core Services Remote Application TSS Service Provider RPC Client TSPI Cryptographic Infrastructure Interface Key & Credential Manager Audit Manager TPM Parameter Block Generator Context Manager Event Manager TSS Architecture Diagram Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #89 TPM 1.1: Keys · Endorsement key: the master key that the TPM uses to allow people to take ownership and to prove the security of identity keys. · Key hierarchy ­ Each child key is encrypted under its parent. · Parents also known as "Storage keys" · SRK (Storage Root Key): Top of the tree ­ Keys are migratable or non-migratable · Non-migratable includes ­ SRK ­ The parent of any non-migratable key ­ Identity keys: non-migratable signing keys that can be certified by a CA as belonging to a TPM. ­ Other keys: bind keys for binding, signing keys for signing arbitrary data and legacy keys that can both sign and encrypt. Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #90 TSS and Key Management · TSS virtualizes resource use inside the TPM ­ Multiple applications can run simultaneously, each using different keys ­ Applications do not have to manage key load/unload themselves · To take ownership of the TPM, must write directly to the TSS ­ Currently not possible through higher-layer interfaces such as CSP Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #91 TSS/TPM 1.1: Functions (1) · Sealing and unsealing (TPM_Seal) ­ Encrypting data (usually a symmetric key) ­ ...using a non-migratable TPM storage key (an RSA key) ­ ... so that ONLY that specific TPM can unseal the data. ­ Can be linked to sealing secret (password) and PCR state · Binding and unbinding (TPM_Unbind) ­ Encryption for a bind key that a TPM can use (an RSA key that may or may not be migratable). ­ Not linked to a specific platform ­ Does not use a binding secret and it does not use PCRs. Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #92 TSS/TPM 1.1: Functions (2) · Migration ­The owner can select keys that the TPM will migrate keys to. ­Migratable keys can be converted from one "parent" to another. · Quote ­A signature using an identity key that attests to the PCR state of the TPM. Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #93 TSS and TPM Functions · Actions such as Seal are authorized using an authorization secret ­TSS provides means to enter, cache, and expire the secret · Architecture of TSS Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #94 TPM 1.2: Functions · CMK - Certifiable migration key ­TPM can attest they have only been inside the TPM or encrypted for a particular Migration Authority. ­Enables key backup to other TPMs · Transport Sessions ­SSL-like functionality for interaction with the TPM ­Enables remote administration without eavesdropping Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #95 TPM 1.2: Functions (2) · Delegation ­ The ability to give authorization to an entity to do certain things that the owner can do or that a key can do. ­ Enables remote administration by authorized actors ­ Allows IT departments to restrict the damage end-users can do · DAA ­ Direct Anonymous Attestation ­ Allow to prove that a command has come from a TPM, without specifying which TPM · Uses cryptographic technique known as "group signatures" ­ Partially inspired by European regulatory requirements for privacy Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #96 TPM 1.2: Functions (3) · Tick Count ­A time stamp mechanism. · Monotonic Counter ­A non-spoofable, non-resettable counter that can be signed. Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #97 TSS and TPM 1.2 Functions · TSS virtualizes 1.2 resources ­Tickstamps can be synchronized with system clocks Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #98 NTRU TSS · Designed to interoperate with all existing TPMs ­ Testing currently on multiple TPMs · Support for multiple operating systems ­ Windows XP/2000 ­ Linux 2.4 ­ Can be optimized for small size and constrained devices/OS · Incorporates NTRU's crypto-engineering expertise and deep understanding of TPM and security practices · Thread-safe design · Designed for migration to TPM 1.2/NGSCB Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #99 Agenda Stacy Cannady has been in the IT industry for 23 years. For the last six years, he has worked as product manager for electronic commerce and security products and services. His tenure at IBM has been entirely focused on information systems security. Cannady is currently a senior security consultant and product manager for client security at IBM. 11:15am Customer Case Studies Stacy Cannady, IBM; Manny Novoa, HP Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #100 IBM customer use cases for TPM-enabled PCs Stacy Cannady, CISSP Product Manager, Client Security IBM Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #101 Basic Principle of use: Solve the "Who Are You?" Question Answering the question "Who are you?" is one of two basic values of a TPM. There are two derivative values from this basic value: · Protection of digital certificates used to uniquely identify people, programs or devices · Root of trust for protection of confidential data stored on the device These derivative values are the basis of this discussion. Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #102 Using a TPM to protect credentials The credentials are · Digital certificates · Password/userid pairs The basis of protection is use of the TPM to protect keys Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #103 Example: Improve Network Security with TPM-equipped PCs Customer: Asian pharmaceutical company Problem: Who is connecting to the customer network? Objective: Only customer employees have the ability to connect to the company network. Strategy: · Bind a digital certificate to the TPM in an employee PC · That digital certificate is required for VPN client authentication · Use IBM Client Security Software to force multi-factor authentication of the user Result: · Every PC in the network is a company PC · Every person at the keyboard of those PCs is a company employee · No other PCs or people are able to connect Similar story from European Insurance company, USA legal and manufacturing co.s Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #104 Example: How to use a security appliance to reduce administrative costs Customer: Small business in USA Problem: We HATE passwords! We MUST have some other way! Objective: Consolidate end user userid/password pairs into one password Strategy: · Use TPM private key to encrypt a database of userid/password pairs · ID database managed by Password Manager · Password Manager requires a password or fingerprint before it accesses the database Result: · End users have one password to manage for windows logon and access to Web-based applications · Improved user satisfaction · Reduced password reset costs Similar story from many firms in response to integrated fingerprint readers that work with TPMs Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #105 Using a TPM as a Root of Trust The idea is that sensitive operations occur outside of the view of the OS · The TPM private key encrypts other keys used in the system · Once a key is encrypted, it can be stored anywhere Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #106 HIPPA Compliance Customer: USA Hospital Problem: Patient health information is kept on PCs, including laptops. Objective: All patient information must be encrypted. Only authorized persons can access it. Strategy: · Encrypt My Documents. All data that goes into it is encrypted automatically. All data the comes out is unencrypted automatically · Any request to unencrypt data must be authenticated first Mechanism: · Use TPM-enabled PCs for any PC that will contain patient information · Use the TPM to encrypt all data-encryption keys · Use TPM-aware authentication software to force authentication before data is unencrytped Banks have copied this model for Graham-Leech-Bliley compliance Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #107 Confidential data on laptops Customer: European Pharmaceutical firm Problem: Must encrypt confidential data on laptop. Data is very sensitive ­ file encryption not good enough. Strategy: · Use TPM-aware full hard drive encryption software to encrypt all data all the time · Use TPM enabled systems and bind the drive to the system using the encryption software ­ Benefit: drive won't unencrypt unless it is in the system it is bound to and the user authenticates ­ Benefit: at end of life, just separate drive from system, save cost of cleaning ­ Problem: PC must go to hibernate or be shut off when in transit Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #108 Questions? Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #109 Agenda Manny Novoa is a principal member of technical staff at Hewlett-Packard. Novoa is currently working on client security technologies within HP's Personal Systems Group Advanced Technology team. He is the lead architect for HP's Fingerprint Identification Technology (FIT) product and client-focused Trusted Computing efforts. 11:15am Customer Case Studies Stacy Cannady, IBM; Manny Novoa, HP Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #110 Manny Novoa Hewlett-Packard Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #111 TCG Luncheon · The TCG hosted lunch will be held in Esplanade Room #301 from 12:00 p.m. ­ 1:00 p.m. · Guest Speaker Rob Enderle, the Enderle Group, will address the attendees during the lunch session Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #112 TCG Booth & Passport Program · The TCG will be showcasing a number of available member platforms running trusted applications in booth #332. · Visit any five (5) of the Trusted Computing Group member companies participating in the TCG Passport Program and receive a free gift in the TCG Booth #332. Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #113 Questions and Answers