Trusted Computing Security for the Digital World

1
Trusted ComputingSecurity for the Digital World
Industry Leader in Trusted Systems and Services
Lark M. Allen Wave Systems Corp. lallen_at_wavesys.co
m
2
The Evolution of the Digital Infrastructure
Web Services
Trust/Security
Access (WWW)
Connectivity (Internet)
Processing (PC)
Time
3
Trusted Computing

• Trusted Computing
• Hardware and Software behave as designed

4
Trusted Computing Who Is Trusting?

• Trust is in the eye of the beholder

USER
PARTNERS
ENTERPRISE
Trusted PC ?
SERVICE PROVIDERS
5
Trusted Computing Why Required?
Intuitively Obvious?
etc, etc.
6
Trusted Computing Initiatives
Smart Cards
Microsoft Palladium
Intel LaGrande
Cell Phones
Gaming Platforms
TCPA
Set Top Boxes
FinRead
7
Trust A Political Lightning Rod
Conspiracy Theories
Control
Tracking
TRUST
Opt-In/ Opt-out
Closed
Privacy
Surveillance
8
Trusted Computing Adoption Drivers

• Market Adoption Requires the Gorillas

9
Trusted Systems Hardware Based

• Hardware is a requirement for Trusted Systems

10
Pyramid of Protection
Security Strength
11
Trusted Computing Bottom to Top

• Security at any layer can be defeated by
  accessing the next lower layer

• Trusted Computing requires security hardware as
  the foundation for platform security

• Plus security enablement features in each layer

12
Trusted Computing Technologies
Trusted Applications
Public Key Infrastructure
Digital Certificates
Hidden Processing
Global Unique Identities
Secure Time
Digital Signatures
Secure Storage
Trusted Operating Systems
Tamper Resistant Hardware
Trust Infrastructure
Random Number Generator
Encryption Algorithms
Trusted Computing
13
Example Single Security Chip System
Code
14
Trusted Systems Overview

• E-Commerce Is Complex Trust Relationships

15
Multiparty Trust for E-Commerce
Multi-Party Trust
16
Trusted Computing Open, Shared

• Open, Programmable and Interoperable Trust
• Required for Internet Devices

17
Trusted Computing Models

• Closed, isolated systems
• Single party control
• Proprietary security and trust technology

Cell Phones
Cable Networks
Credit Cards
Satellite Networks
18
Trusted Computing Trust Models
Cell Phone
Multiple
Difficulty
Smart Cards
TCPA
Applications/Services
STB
Drivers License / Passports / Credit Cards
1
1
Multiple
Number of Trustors
19
ROOTS The Genealogy of Trust
TRUST
ROOT KEY
Trust Assurance Network CA(s)
Device Server
Application
Application
Initialization
Authorization
Certification
Agent
Development
Service
CA
Service CA
CA
CA
CA
Trust Assurance Network
IS m
DS m
ADS m
ACA m
AA m
X509V3 Identification Certificates
Key Based Identification
Trusted
Trusted
Trusted
Trusted
Trusted Applications And Services
Device 1
Device x
Device y
Device n
Trusted Devices and Components
20
Open Trust Infrastructures

• Goal Hosts Trust Controllers
• Open, Interoperability Standards
• Critical Infrastructures Protection
• Basis for Digital
• Commerce

21
Trusted Computing Overview

• Trusted Computing is a system solution

22
Systems Design End to End Solutions
U
U

• Untrusted

• Trusted

• Trusted devices or components can communicate
  securely over untrusted networks

• Untrusted devices cause the result to become
  untrusted

23
Trusted Systems Overview

• Every Device and Component Must Be Trusted
• Trusted Input, Processing, Output, Storage,
  Network

24
Trusted Computing System Design
Programs
Kernel
Main Memory
Motherboard
Keyboard
Graphics Card
Video Capture
NIC
SIC
Network

• Trusted Peripherals
• Secure Channels

25
Market Investment

• Trusted Computing market is very large and one of
  the fastest growing IT segments

26
Trusted Computing Services

• Trusted Systems and Then Web Services
• Deployment Will Drive Services

27
Trusted Systems Overview

• Customers will pay for Trusted Systems

28
Trusted Computing Applications
Content Protection
Services Delivery
Strong Authentication
Applications
Trusted Operating System
E-Commerce
Privacy Protection
Trusted Hardware Components
Distributed Transactions
Trust Infrastructure
Platform Security(TCPA)
Key Management
Conditional Access
Secure VPNs Peer-Peer
29
Trusted Computing Smart Credentials
1. USID Number
3. Digital Photo
2. Optical Strip 4MB
4. Smart Card Chip
5. Internal Memory Strip 20 MB
6. 2D Bar Code 2KB
30
Trusted Input Devices - FinRead

• Financial
• Transactions

• Multi-factor Authentication

• EU Finance Industry Spec

• Java Support-Finlets

• Keyboards, smart card readers, cell phones

31
Trusted Systems Authentication

• The Internet Perimeter Must Be Both Trusted
  and Intelligent

Trusted
PC Client
32
Internet Devices Need Flexibility

• Must support more multiple security
  specifications simultaneously
• Must fill the role for hardware security from
  many different locations-every component is
  trusted
• Keyboards
• Motherboards
• Network Adapters
• Peripherals Graphics, Disk, Output Drives
• Must support interim and long term security
  requirements
• Must provide the security strength of hardware
  with the flexibility of software
• Must support multi-party trust, not just first
  party control

33
Trusted Computing Challenges

• Standardization and convergence of trusted
  computing components
• Platform security and peripherals
• Open trust infrastructures
• Web services and identity management
• Content protection
• Privacy and security laws, policies, and
  practices
• Development time for complex eco-systems
• Successful business and technical models for
  trusted services, including Internet content
• Legacy population of untrusted devices

34
Trusted Computing Overview
Thank You!