Verification - PowerPoint PPT Presentation

About This Presentation
Title:

Verification

Description:

Verification & Validation – PowerPoint PPT presentation

Number of Views:19
Avg rating:3.0/5.0
Slides: 15
Provided by: HowardC5
Category:

less

Transcript and Presenter's Notes

Title: Verification


1
Verification Validation
2
Verification Validation
  • Validation
  • are we building the right product?
  • Verification
  • are we building the product right?

3
Possible Topics
  • TPM Specifications
  • TPM Protection Profile
  • TPM Compliance Specifications
  • The Compliance of Specific TPMs
  • Platforms
  • Virtual TPMs
  • Systems incorporating TPM platforms

4
Possible Topics
  • TPM Specifications
  • TPM Protection Profile
  • TPM Compliance Specifications
  • Specification Compliance of Specific TPMs
  • Platforms
  • Virtual TPMs
  • Systems incorporating TPM platforms

Functional TCG Issues
At present a requirements/specification rather
than VV problem
5
TPM Specifications
6
Status
  • Knowledgeable design.
  • Limited validation individual protocols (Math
    behind DAA) or limited sub-sets work (BSI)
    started on certified migration protocol.

7
Questions
  • Does the Protection Profile reflect the complete
    security requirement of a TPM?
  • What are the critical security properties or
    concerns?
  • Are there usage modes (combinations of messages,
    unexpected interleaving etc) that break critical
    properties?
  • How much does the scope for different
    implementations vary the strength of security
    mechanisms offered?
  • Should the current scope for product
    differentiation be further constrained by
    security concerns?

8
Security Concerns - Protocols
  • Set PCRs to zero, or chosen value
  • i.e. not from trust root or designated locality
  • Via TPM commands, locality mechanisms, system
    reset.
  • Copy EK or AIKs into different platforms.
  • Reset/Roll back monotonic counters.
  • Fail to fully restore cached state
  • e.g. mix different states.
  • Deadlocks due to caching.
  • Inappropriately give (or fail to give) success
    report.
  • Obtain inappropriate privilege via delegation.

9
Security Concerns - Other
  • Are the underlying crypto algorithms consistent
    with good practice for the relevant crypto
    processes?
  • Are some commands particularly sensitive to
    implementation variations
  • E.g. poor random number generation.
  • Re-ordering of actions within a command (this is
    a property of some implementations).
  • (These concerns may apply equally to specific
    TPMs since implementations will manage memory,
    buffers etc.)

10
Platforms and Systems
11
Platforms
  • A TPM on its own is not a system component
    needs to be composed with minimum platform
    functionality e.g
  • Trust root trusted boot.
  • Virtualisation supported by memory protection.
  • Worry is this already too big for most types of
    analysis?

12
Platforms - Questions
  • What properties do we need of the components to
    make a secure (what does this mean?) platform?
  • Do we need all the TPM, or is there a subset of
    functionality or security that is critical?
  • If the distribution of protection mechanisms
    between hardware software is different, how
    does that change the (flavour) security
    profile/strength of mechanism.

13
Security Concerns
  • Is it possible to modify or export TPM state,
    via
  • The functionality of other devices integrated
    with the TPM (e.g a USB controller) or
  • Vendor specific TPM commands?
  • Are there formats of platform credential that are
    inadequate (e.g. are unlikely to be correctly
    interpreted)?
  • What are the essential process requirements for
    granting a platform credential?
  • Is the integration of the TPM and the platform
    sound
  • A TPM must be bound to a single platform.
  • The Platform must correctly implement the root of
    trust also locality.

14
Systems - Questions
  • How do we describe a platform/TPM at the system
    level what is abstracted what retained?
  • How do we relate these components to risk?
  • Know everything v know nothing models for
    privacy the CA what are the detailed pros
    cons and correct balance in different scenarios?

15
Summary
  • It is unlikely that the TPM protocols will be
    broken by inspection.
  • However
  • There is considerable scope for further analysis,
    and this is likely to inform how such systems are
    used, protected and assembled.
  • What Next
  • Interest group - Email hrchivers_at_iee.org
Write a Comment
User Comments (0)
About PowerShow.com