第1页 / 共393页
第2页 / 共393页
第3页 / 共393页
第4页 / 共393页
第5页 / 共393页
第6页 / 共393页
第7页 / 共393页
第8页 / 共393页
Trusted Computing Platforms TPM2.0 in Context.pdf
Preface
Reference
Abbreviations
Contents
Chapter 1: Introduction
1.1 The State of Play
1.2 Objectives
1.3 Trusted Computing Technology
1.4 Benefits of Trusted Computing
1.5 Trust, Instead of Security
1.5.1 Secure Computing
1.5.2 Trusted Computing
1.6 Limitations of Trusted Computing
1.7 Concerns About Trusted Computing
1.8 First Generation Trusted Computing
References
Chapter 2: Futures for Trusted Computing
2.1 Trusted Virtualisation
2.1.1 Privacy Implications of Trusted Virtualisation
2.1.2 Virtualised Trusted Platforms
2.2 Future Trusted Services
2.2.1 Data Deletion
2.2.2 Contracts and Negotiations
2.2.3 Single Sign-On
2.2.4 Trusted Software Agents
2.2.5 What You See Is What You Sign
2.3 Infrastructure Requirements
2.3.1 Public Key Infrastructure
2.3.2 Manufacture
2.3.3 Upgrading TPMs
2.3.4 Upgrading Integrity Metrics
2.3.5 Auditing Trusted Platforms
2.3.6 Discovering Trusted Services
Chapter 3: Basics of Trusted Platforms
3.1 Design Constraints, Requirements, and Motivations
3.1.1 Legacy Platforms, Software and Infrastructure
3.1.2 Out of the Box
3.1.3 Legal
3.1.4 Privacy Constraints
Limitations on Privacy Protection
3.1.5 Disaster Recovery
Physical Presence
Key Recovery
FieldUpgrade
3.2 Conventional Security in Trusted Platforms
3.2.1 High Security
3.2.2 No Global Secrets
3.2.3 Separation of Privilege
3.2.4 Authorisation and Authentication of the Owner and User
3.2.5 Dictionary Attacks
Offline Dictionary Attacks
3.2.6 Cryptographic Algorithms
3.2.7 Isolation of Processes
3.2.8 Certification
TPM Functional Certification
TPM Security Certification
FIPS Certification of TPMs
Common Criteria Certification of TPMs
3.3 Innovations in Trusted Platforms
3.3.1 General Principles
3.3.2 Roots of Trust
3.3.3 Platform Configuration Registers
3.3.4 Authenticated/Measured Boot
3.3.5 Authenticated/Measured Secure Boot
3.3.6 Protected Storage, Data Backup and Recovery
3.3.7 Attestation
3.3.8 Physical Presence and Provisioning Authorisation
Physical Presence for TPMv1.2
Physical Presence for TPM2
3.3.9 Recognising and Identifying a Trusted Platform
Recognising a Trusted Platform
Revocable EKs in TPMv1.2
Revocable EKs in TPM2
Indentifying a Trusted Platform
Direct Anonymous Attestation
3.4 Types of Trusted Platform
3.4.1 Personal Computers
3.4.2 Servers and Data Centres
3.4.3 Mobile Phones
First Generation Trusted Mobile phones
Second Generation Trusted Mobile phones
3.4.4 Appliances
3.5 Trusted Platform Lifecycle
3.5.1 TPM Design
3.5.2 TPM Manufacture
3.5.3 Platform Manufacture
3.5.4 Platform Deployment
On and off
Becoming the TPM´s Owner
Acquiring Trusted Platform Identities
Deployment in Enterprises
3.5.5 Platform Use
3.5.6 Platform Maintenance and Recovery
Data Loss Outside the TPM
TPM Failure
TPMv1.2 Failure During Warranty
TPM2 Failure During Warranty
Human Error
3.5.7 Platform Redeployment
3.5.8 TPM and Platform Revocation
3.5.9 Platform Decommissioning
References
Chapter 4: Trusted Platform Architecture
4.1 Isolation
4.1.1 Isolation Hardware
4.2 Credentials
4.3 Chain of Trust
4.4 Integrity Metrics
4.5 Platform Configuration Registers
4.6 Audit
4.7 Verifying the State of a Trusted Platform
4.8 Trusted Platform Module
4.9 Locality
4.10 Peripherals
4.10.1 Trusted Drives
4.11 TPM Software Interface
4.12 Virtualisation
4.12.1 Hosts of Virtualised Trusted Platforms
4.12.2 Virtualised Trusted Platforms
4.12.3 TPM Virtualisation
References
Chapter 5: TPM2 Requirements
5.1 Controllability and Privacy
5.1.1 Controllability
5.1.2 Privacy
5.2 Protecting the Platform´s Services
5.3 Cryptographic Agility
5.4 The Commercial Environment
5.5 What Works, and What Doesn´t Work
5.6 What´s Unpopular
5.7 Platform Manufacturer Requirements
5.8 Hypervisor and OS Enhancements
5.9 Other Considerations
Reference
Chapter 6: TPM2 Operation
6.1 TPM2 and Its Host Platform
6.2 Using TPM2 Instead of TPMv1.2
Chapter 7: Initialising TPM2
7.1 Manufacture
7.1.1 Providing TPM Endorsement
7.1.2 Providing Platform Credentials
7.1.3 Providing a Trusted Computing Base
7.1.4 TCB Authorisation Requirements
7.1.5 Storing TCB Keys in the TPM
7.1.6 Storing TCB data in the TPM
7.1.7 Provisioning Platform Configuration Registers
7.1.8 Allowing ``Physical Presence´´ Authorisation
7.2 Booting the Platform
7.2.1 Initialising the TPM
7.2.2 Ensuring that the Primary TCB can Manage the TPM
7.2.3 Testing the TPM
7.2.4 Using the TPM to Assist the TCB
7.2.5 Enabling the Customer to Control the TPM via the Primary TCB
7.2.6 Enabling or Disabling Further Access to the TPM
7.3 Recording Platform History in PCRs
7.4 Run-Time Initialisation
7.5 Late Launch Environments
Chapter 8: Managing TPM2
8.1 Obtaining Management Information
8.2 Keeping TPM Data Outside the TPM
8.2.1 Short-Term Cached TPM Data
8.2.2 Long-Term Cached TPM Data
8.3 Dictionary Attacks
8.4 Auditing Commands
8.5 Clock and Timer
8.5.1 Clock Functionality
8.5.2 Timer Functionality
8.6 Platform Shutdown
Chapter 9: Accessing Keys and Data in TPM2
9.1 Names and QualifiedNames
9.2 Session Basics
9.3 HMAC Sessions
9.3.1 Freshness Nonces in HMAC Sessions
9.3.2 Binding and Salting HMAC Sessions
9.3.3 SessionKeys in HMAC Sessions
9.3.4 HMAC Checksums on Commands and Responses
9.3.5 Encrypting Command Parameters and Response Parameters
9.3.6 Auditing HMAC Sessions
9.4 Authorisation Roles
9.5 Authorisation Session Types
9.6 Plain Authorisation
9.6.1 Plain Authorisation Without a Session
9.6.2 Plain Authorisation with HMAC Sessions
9.7 Policy Authorisation
9.7.1 Composing a Policy
9.7.2 Enumerating a Policy
9.7.3 Assigning a Policy
9.7.4 Executing a Policy
Chapter 10: Customer Configuration of TPM2 and Its Host Platform
10.1 Customer Responsibilities
10.2 Provisioning
10.3 Setting up NV Storage
10.4 Assigning Physical Presence Gating to Commands
10.5 Assigning Personal Endorsement Keys
10.6 Assigning Platform Identities
10.6.1 Identities with Some Privacy Risk but Low Complexity
10.6.2 Identities with Intermediate Privacy Risk, but Intermediate Complexity
10.6.3 Identities with No Known Privacy Risk, but Higher Complexity
Reference
Chapter 11: Starting to Use TPM2
11.1 Testing TPM2
11.2 Creating and Obtaining Random Numbers
11.3 Starting a Key Hierarchy
11.4 Populating a Key Hierarchy by Creating Keys
11.5 Populating a Key Hierarchy by Importing Keys
11.6 Making a Key from an External Hierarchy Ready for Use
11.7 Making an External Public Key or Plaintext Key Ready for Use
11.8 Duplicating a Key
11.9 Embedding and Ejecting Keys
11.10 Reading the Public Part of a Loaded Key
11.11 Changing Authorisation Values
11.12 Encrypting and Sealing Data
11.13 Decrypting Data and Unsealing Data
11.14 Signing
11.15 Verifying Signatures
11.16 Obtaining PCR Values
11.17 Certifying Key Creation
11.18 Cross Certification of Keys
11.19 Certifying Sequences of Commands
11.20 Certifying the Usage of Commands
11.21 Certifying TPM Time, Resets, and TPM Firmware Version
11.22 Storing Data in NV Storage
11.23 Certifying NV Storage
11.24 Using TPM2 as an Ordinary Cryptographic Service
Chapter 12: Direct Anonymous Attestation (DAA) in More Depth
12.1 The Concept of General Anonymous Digital Signatures
12.2 The Concept of DAA
12.3 The Setup Algorithm
12.4 The DAA Join Protocol
12.5 The Sign/Verify Protocol
12.6 The Link Algorithm
12.7 Revocation Considerations
12.8 Discussion on DAA Security Levels
References
Chapter 13: Machine Virtualisation, Virtual Machines, and TPMs
13.1 Introduction
13.2 Machine Virtualisation and Security
13.3 Containment and Isolation
13.4 Robust Control and Introspection Point
13.5 Small Code Base
13.6 Examples of Hypervisor-Based Enhanced Security
13.6.1 The TPM and Supporting Machine Virtualisation
13.6.2 Additional Chipset and CPU Hardware Extensions
13.6.3 Machine Virtualisation and Supporting the TPM
13.6.4 Challenges Around TPM and Virtualisation
13.6.5 Summary
References
Index
Graeme�Proudler
Liqun�Chen
Chris�Dalton
Trusted
Computing
Platforms
TPM2.0 in Context
Trusted Computing Platforms
ThiS is a FM Blank Page
Graeme Proudler Liqun Chen Chris Dalton
Trusted Computing Platforms
TPM2.0 in Context
Graeme Proudler
Liqun Chen
Chris Dalton
Hewlett-Packard Laboratories
Bristol
United Kingdom
ISBN 978-3-319-08743-6
DOI 10.1007/978-3-319-08744-3
Springer Cham Heidelberg New York Dordrecht London
ISBN 978-3-319-08744-3 (eBook)
Library of Congress Control Number: 2014957751
© Springer International Publishing Switzerland 2014
This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part
of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations,
recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or
information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar
methodology now known or hereafter developed. Exempted from this legal reservation are brief excerpts
in connection with reviews or scholarly analysis or material supplied specifically for the purpose of being
entered and executed on a computer system, for exclusive use by the purchaser of the work. Duplication
of this publication or parts thereof is permitted only under the provisions of the Copyright Law of the
Publisher’s location, in its current version, and permission for use must always be obtained from
Springer. Permissions for use may be obtained through RightsLink at the Copyright Clearance Center.
Violations are liable to prosecution under the respective Copyright Law.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this
publication does not imply, even in the absence of a specific statement, that such names are exempt
from the relevant protective laws and regulations and therefore free for general use.
While the advice and information in this book are believed to be true and accurate at the date of
publication, neither the authors nor the editors nor the publisher can accept any legal responsibility for
any errors or omissions that may be made. The publisher makes no warranty, express or implied, with
respect to the material contained herein.
Printed on acid-free paper
Springer is part of Springer Science+Business Media (www.springer.com)
Preface
Attacks on computer platforms are unrelenting. Governments, businesses, organi-
sations, and consumers are battle fatigued. They cope the best they can and carry on
regardless.
Successful attacks disclose the secrets and private information stored and
processed by computers. At
the computer industry
responded by starting to design Trusted Computing platforms with built-in security
mechanisms and built-in trust mechanisms. The security mechanisms are reason-
ably conventional but the trust mechanisms are novel.
the turn of the century,
Security mechanisms in computers protect data by isolating data and
constraining access to that isolated data. In principle, Trusted Computing enables
computer users to select a spectrum of isolation and access controls from
non-existent up to the level of the strongest mechanisms implemented in a partic-
ular platform.
The security mechanisms provided by real trusted platforms are anticipated to be
somewhat inferior to those of conventional secure platforms traditionally used in
critical infrastructures, albeit far superior to those provided by ordinary mass-
market platforms.
One doesn’t always need to protect data, however, and there is always a balance
between convenience of access to data and the level of protection afforded to that
data. Sometimes one just doesn’t care; or some information in a platform might not
need any protection, but other information might need a lot of protection; or the
level of protection might vary with time and other circumstances.
The real question for most computer users is whether one trusts a computer
platform enough to perform the current task. In other words, is a given platform
doing what the user expects it to be doing, and is that behaviour adequate for the
user’s current purposes? Trusted Computing addresses this question via trust
mechanisms that help to determine whether a computing service is trustworthy
enough for the current task, instead of just hoping that it is.
Thirteen years on (at time of writing), the greatest difficulty in Trusted Com-
puting has been determining a compromise between incompatible consent, privacy,
v
vi
Preface
protection, and ease-of-use requirements whilst meeting legal, commercial and
manufacturing constraints. The greatest business difficulty has been continually
solving the chicken-and-egg business problem of introducing new technology for
services that don’t exist because the technology doesn’t exist. The next significant
business hurdle may well be avoiding a “race to the bottom”, where trusted
platforms are implemented in the cheapest but weakest possible ways, to reduce
costs to the bare bones.
Speculative criticism of Trusted Computing has probably delayed its adoption,
despite the fact that there is no known technical alternative to Trusted Computing
for protecting customers’ data in mass-market platforms, short of constraining
customers’ choice of software. The reader may decide for themselves whether
this delay has unnecessarily exposed people and organisations to certain types of
attack, or has encouraged development of closed computing ecosystems or plat-
forms that constrain the choice of software.
The computer industry has continued to put components of Trusted Computing in
place, one by one, even though the components couldn’t (and can’t) be used to their
full potential until all the components are in place. Trusted Platform Module (TPM1)
chips have been installed in literally hundreds of millions of computers. To assuage
initial concerns, TPMs were shipped in an “off” state, so that customers had to opt in
in order to use Trusted Computing. Initially, however, the only computer users who
understood what a TPM might be were enthusiasts who feared the technology
because they had read sensationalist speculative descriptions. Ordinary computer
users (whom Trusted Computing is intended to protect) neither knew nor understood,
nor wanted to understand, what Trusted Computing is or does. Eventually corporate
customers came to appreciate that
trusted platforms are safer platforms, but
complained that the technology had to be turned on before it could be used. Then it
transpired that application developers were reluctant for their software to have any
reliance on the TPM, lest the TPM be “off” and hence unavailable. The net effect was
that some TPMs were used to protect “data at rest” (when a platform was turned off),
via Microsoft’s BitLocker™ technology, for example, but the overall level of TPM
usage was very low. This has (so far) eliminated the business case for development of
a Trusted Computing infrastructure.2
Despite everything, Trusted Computing has gained credibility amongst those
who have studied the technology. Universities3 have started teaching and
researching the technology, and it has emerged that governments encourage use
of the technology to help protect government information. The UK government, for
1 It is a coincidence that TPM is also the acronym for Technical Protection Measure, which is a
legal term for a technique used to prevent illegal copying of computer programs.
2 Albeit the USA’s NIST does maintain a National Software Reference Library (NSRL www.nsrl.
nist.gov, visited April 2014), which contains “a collection of digital signatures of known, traceable
software applications”, including applications that may be malicious.
3 Including Birmingham University (UK), Royal Holloway College - University of London (UK),
IAIK (Graz, Austria), Oxford University (UK), Bochum (Germany), Darmstadt (Germany),
Hochschule Hannover (Germany).
Preface
vii
example, has published the recommendation “CESG IA Top Tips – Trusted Plat-
form Modules” [CESG01].
The Trusted Computing Group (the industry organisation that promotes Trusted
Computing) has become a rallying point for manufacturers to build information
protection into their products, and the initiative has expanded to cover other aspects
of computers and computing. Besides the Trusted Platform Module chip, new
platform firmware, new platform chip sets, self-encrypting hard disk drives
(SEDs), trusted networks (Trusted Network Connect, TNC), and more secure
parts of the pre-OS platform have been developed. In fact, SEDs and TNC are
arguably becoming important and successful in their own right.
The first proper trusted platform is arguably a Personal Computer running
Microsoft’s Windows 8™ operating system, which has a Trusted Platform Module
(TPM) in its Trusted Computing Base (TCB). This TCB manages the TPM, uses the
TPM’s functions to help protect the platform, and enables applications to use the
TPM to protect their data. There are as yet no mobile phones that support Trusted
Computing because they are arguably really needed only for compatibility with
services built for trusted platforms, but there are currently no such services. There’s
currently a dearth of trusted hypervisors.
There is no avoiding the fact that mass-market computing needs improved data
protection. It’s indisputable that secrets and private information are increasingly
stored as data in commercial networked computer platforms, which are under
continuous and escalating attack. Improving the level of protection in mass-market
computers and computer networks is an enormous task and (given a choice) the ICT
industry would have started afresh, instead of with computer and network archi-
tectures that were not designed to protect information. The task is complicated by
incompatible stakeholder requirements. Providing protection for computer plat-
forms is much simpler if platforms have less flexibility, users have less control,
and privacy is irrelevant, but these easy options are incompatible with many
existing types of computer platform. Consequently manufacturers have had to
devise a compromise that gives almost everyone almost everything they wanted.
The Trusted Computing initiative has forced everyone involved to think about what
trust means, who and what is trustworthy, and whether they themselves are trustwor-
thy. Some commentators found the conclusions disturbing and were upset by the effect
on the status quo. Some are still upset because, if nothing else, Trusted Computing:
complicates the way that a platform boots and shuts down,
complicates access to data, and can prevent existing tools and services from
working,
can help prevent the platform state from being rolled back,
can be used to implement digital rights management systems, which are anath-
ema to some commentators,
prevents some repurposing of platforms.4
4 At some point, imaginative use of a platform becomes an attack on that platform.
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
