By Thomas Rosteck, Infineon Technologies and Paul Waller, CESG
Trust and security in networked computing and communication is a major topic for governmental, commercial and private use of modern information and communication technology. Users, enterprises and governments are using digital processes for everyday and mission critical operations in trading, communication and banking amongst others, and they are assuming that the technology they are using is sufficiently secure.
The availability of information and access to data and systems has fundamentally changed over the last few years while the possibilities to attack systems have substantially increased. Most attacks against encryption for example, no longer focus on the encryption system itself but against the system integrity.
Since 1999 the standardization organization Trusted Computing Group (TCG; formally Trusted Computing Platform Alliance, TCPA) – has been working to define necessary components to improve security levels. The primary target being to establish trust and assurance that a system is working and acting as expected.
The results of this effort, known as Trusted Computing, has already found its way into hundreds of millions of PCs and notebooks, hard disk drives and other appliances (servers and mobile phones). The TCG also defines necessary infrastructure components that will build the basis to solve the aforementioned challenges.
With a broad membership of companies including Microsoft, Intel, AMD, HP, Dell, Infineon and Nokia, the TCG has already direct influence in a huge portion of today’s IT market. Government agencies like UK’s CESG and Germany’s Federal Agency for Information Technology (BSI) are also engaged in the work of TCG and provide valuable input into the specification work.
Core components of TCGs specifications are the “root-of-trusts” (RoT); the secure hardware components inside the devices. Depending on different appliances these RoT’s have different flavors. In this article we will focus on the TPM (Trusted Platform Module) for PCs and notebooks.
A TPM can help to make a PC more secure by providing the following functionalities:
- Support system integrity;
- Secure authentication and attestation;
- Secure storage.
Integrated within the TPM are measures to provide the basis for a system integrity check. During system start-up, the TPM securely collects information about the boot process. This information can be provided to authorized parties or systems to check whether the system is in the expected status. Additionally, it can provide strong authentication, which enables a PC to authenticate itself to a network with hardware-protected information. The secure storage provides additional possibilities to store system, user keys or secrets.
The security features allow the TPM to counter a huge variety of attacks. They have to be resistant against logical attacks of viruses, Trojan horses, or direct attacks over the network. TPM’s have countermeasures against Dictionary Attacks, so pass-phrases used for the authentication to the TPM cannot be broken by brute force attacks. However there are also countermeasures against certain physical attacks that have been implemented.
The TCG is following existing schemes and are standardizing the minimum level of security for a TPM based on the Common Criteria standard. However, there are no absolute guarantees to security – with enough time, effort and equipment, security measures can be broken. Therefore security measures have to be defined specifically for target markets, taking into account which levels of security are most appropriate and affordable. To reflect previously mentioned attack scenarios and to keep the cost sensitivity of the target devices in mind, TCG defined the Common Criteria level ‘EAL 4 moderate’ as appropriate for its mainstream target audience consisting of enterprise, government and consumer users.
The main applications currently utilizing TPM support are:
- Secure Boot: Systems are only providing full capabilities if the booting process was performed in the expected way;
- Hard drive encryption: The main key for the hard drive encryption is protected by the TPM. This especially protects the so-called data-in-rest. In combination with secure boot Microsoft’s Bitlocker it only allows access to the hard drives when the boot is performed in the expected way;
- Authentication to network: Protecting the authentication information necessary to enter corporate networks or WLAN environments;
- Integrity protection of software (e.g. virus scanner): The software can check its own integrity versus the information stored in the TPM.
Since TPM-based platforms have been widely available and have achieved a high threshold in organizations, enterprise system administrators are utilizing these additional protection methods. It is not however only private enterprises that have understood the value of Trusted Computing, governments are also starting to use TCG based products to fulfill the security tasks they are facing, which the following example of CESG shows.
TPM in the UK
CESG is the UK National Technical Authority for Information Assurance, with responsibility for providing technical advice and guidance to UK government departments on protecting their data and networks. Information Assurance is the confidence that information systems will protect the information they handle and will function as they need to, when they need to, under the control of legitimate users.
UK government networks span a huge variety of threat environments, from military deployments through to local authority administrative systems. CESG’s remit covers all of these systems.
In the former case, the perceived threats are from highly motivated and very well resourced adversaries; therefore security critical network components must be extremely resilient to concerted, directed attack. Products designed to meet these demanding security requirements are very expensive, therefore tend not to be suitable for large scale commercial deployment. At the lower threat levels (healthcare, local government etc.), the number of users is much larger and lower cost security solutions are required; there is however still a significant threat to these networks from a variety of potential attackers. CESG therefore has a keen interest in commercially available technologies, which can provide an appropriate level of security to protect these systems.
Modern ways of working and financial pressures are increasing the demand for mobile working. Mobile working requires strongly authenticated remote access to networks and secure storage of data on mobile computing platforms. Potential uses of TCG technologies include helping to meet these requirements. For example, key material for storage encryption can be stored in the TPM when the platform is powered down, requiring an adversary to mount a physical attack on the TPM to retrieve data from a stolen platform. Also, the TPM can store authentication credentials and perform signing operations; it can hence be used to permanently protect those credentials in hardware. In future, measurement and attestation functions cold allow networks to restrict access if a platform is not in a known state. CESG is an active liaison member of the TCG, and works closely with other TCG members to realise the benefits of Trusted Computing technologies.
As well as the industry making this technology available to consumers, a degree of assurance is required that the products being deployed will actually provide the expected level of security. Gaining assurance in a product requires a certain level of independent analysis from design and development to deployment. The TCG Certification Program for TPMs provides a degree of assurance via the Common Criteria process. CESG conducts further assurance work where a higher level of confidence is required in a particular security mechanism.
In the case of the recently completed work on the Infineon TPM’s secure storage capability, CESG worked closely with Infineon to analyse the design in detail and understand the approach to security throughout the development process. This builds confidence in the product and the development process to maintain/improve the level of security as the product evolves. Importantly, the product was assessed as suitable for use at low impact levels. There is a clear requirement in these environments for robust security measures to protect sensitive data (e.g. financial or personal records), however it is not necessary to invest in military-grade equipment designed to withstand highly sophisticated and costly attacks.
The TPM assessment is an example of working closely with key industry partners to gain assurance in key security technologies. Other components of the Trusted Computing ecosystem require similar analysis if they are to be deployed in UK government secure networks. Initiatives such as Trusted Computing offer an opportunity for the IT industry to ‘raise the bar’ in security terms; with appropriate assurance processes it will be possible to increase the level of trust we are able to place in our computing platforms.