CSC662 - Computer Security, Short Note

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 9

CHAPTER 1 - INTRODUCTION BASIC COMPONENTS Confidentiality : keep data and resource hidden Integrity : prevent unauthorized modification Availability

: Enabling access to data and resources THREAT Definition: A potential violation of security that can affect the assets & resources associated with computer system. E.g.: Virus Classes of Threat: Disclosure - unauthorized access to information E.g.: snooping, wiretapping (Confidentiality) Deception - acceptance of false data E.g.: spoofing, denial of receipt (Integrity) Disruption - interruption of correct operation E.g.: modification (Integrity) Usurpation - unauthorized control of some systems part E.g.: modification, denial of service (Availability) Areas of Threat: Confidentiality threat - masquerade as recipient and view message. Integrity threat - hacker accesses the bank computer system compromising the integrity of the record. Availability threat - Spamming and causing server to crashed. ATTACK Definition: A threat executed by an attacker that exploits vulnerabilities to cause threat to occur. E.g.: Hacking into the network SECURITY POLICY A statement of what is or isnt allowed Types: Military - primarily protecting confidentiality Commercial - primarily protecting integrity Confidentiality - protecting only confidentiality Integrity - protecting only integrity SECURITY MECHANISMS A method, tool, or procedure for enforcing a security policy. GOAL OF SECURITY Prevention - stop attackers from violate security policy Detection - discover attackers violation of security policy Recovery - prevent attack and repair damage

ASSUMPTION & TRUST - Underlie all aspect of security ASSURANCE Definition : A basis of how much one can trust a system Specification - requirement analysis Design - How system meet specification Implementation - System that carry out design OPERATIONAL ISSUES Cost-benefit Analysis Risk Analysis Laws and Customs ORGANIZATIONAL PROBLEMS - Power & responsibility - NO Financial benefits - Human limitation - Lack of Resource PEOPLE PROBLEM - Outsider & Insider - Social engineering SECURE SYSTEM A system that starts in an authorized state and cannot enter an unauthorized state. BREACH OF SECURITY Occurs when a system enters an unauthorized state. CONFIDENTIALITY POLICY Bell-Lapadula Model (BLP)

INTEGRITY POLICY Biba Integrity Model

Information flow: No Read Down, No Write Up (NRD, NWU) BIBA Attach many integrity levels to subjects and objects. No notion of certification rules, trusted subjects ensure actions obey rules. Un-trusted data examined before being made trusted. CLARK-WILSON 2 levels: Object - CDI / UDI Subjects - TP & others Explicit requirements that actions must meet Trusted entity must certify method to upgrade un-trusted data

O - Object, [_] - Subject Information flow: No Read Up, No Write Down (NRU, NWD)

CHAPTER 2 - AUTHENTICATION & IDENTIFICATION Authorization - The granting of specific rights. Identification - Establishing whether someones identity. IDENTITY MANAGEMENT A set of properties assigned to a given object. - Creation & deletion of identity - Management of properties assigned to identity - Secure storage of identity - Secure handling of queries regarding identity & their property LIGHTWIEGHT DIRECTORY ACCESS PROTOCOL (LDAP) A directory is a specialized database optimized for searching and browsing. LDAP entries are collections of attributes identied by a unique distinguished name (dn). Entries are characterized by types that determine their format and syntax (e.g. ou = Organisational Unit). Entries are stored in a hierarchy. A relative distinguished name denes a search path to an entry. Applications: User account management, Address book (Outlook) USER AUTHENTICATION - Something you know: passwords - Something you have: smart cards - Something you are: biometrics, voice print PASSWORDS Maintenance: - Generation & distribution - Password synchronization - Forgotten passwords; password reset Threats: - Brute force search - Guessing - Keylogging - Shoulder surfing - Identity spoofing / phishing

ACCESS CONTROL Access control is the collection of mechanisms that permits management to specify what users can do, which resources they can access, and what operations they can perform on a system. ACCESS CONTROL MATRIX (ACM) Advantage: - Clarify of definition - Easy to verify Disadvantage: - Poor scalability - Poor handling of changes ACCESS CONTROL LIST (ACL) Advantage: - Easy for administrator to see access rights for given resource. - Relative easiness of management using abstraction. Disadvantage: - Poor overview of access rights per subject - Difficulty of renovation - Difficulty of sharing CAPABILITIES - A piece of data possession which proves authorization to access resource. - Advantage: May be transferred offline between users. Alice : {edit.exe: execute}, {fun.com: execute, read} Bob : {bill.doc: read, write}, {edit.exe: execute}, {fun.com: execute, read, write} Columns of Access Control Matrix file1 Andy rx Betty rwxo Charlie rx

Discretionary Access Control (DAC) A system that uses discretionary access control allows the owner of the resource to specify which subjects can access which resources. Access control is at the discretion of the owner Deployed in a majority of common systems. Advantages: - Simple & efficient access rights management - Scalability Disadvantages: - Intentional abuse of access rights - No control over information flow Mandatory Access Control (MAC) Access control is based on a security labeling system. Users have security clearances and resources have security labels that contain data classifications. This model is used in environments where information classification and confidentiality is very important. Advantages: - Strict control over information flow - Strong exploit containment Disadvantages: - Major usability problems - Cumbersome administration Role Based Access Control (RBAC) RBAC uses a centrally administered set of controls to determine how subjects & objects interact. The best system for an organization that has high turnover. Attempts to handle complexity of access control by extensive used of abstractions (Data types; Procedures; Roles; Hierarchy).

file2 r r rwo

file3 rwo w

Capabilities-Lists (CL) - Subject-centered Andy : { (file1, rx) (file2, r) (file3, rwo) } Betty : { (file1, rwxo) (file2, r) } Charlie : { (file1, rx) (file2, rwo) (file3, w) } Access Control List (ACL) - Object-centered file1 : { (Andy, rx) (Betty, rwxo) (Charlie, rx) } file2 : { (Andy, r) (Betty, r) (Charlie, rwo) } file3 : { (Andy, rwo) (Charlie, w) }

CHAPTER 3 - DIGITAL CERTIFICATES DEFINITION A digital certificate (DC) is a digital file that certifies the identity of an individual or institution, or even a router seeking access to computer- based information. It is issued by a Certification Authority (CA) , and serves the same purpose as a drivers license or a passport. CERTIFICATION AUTHORITIES Certification Authorities are the digital worlds equivalent to passport offices. They issue digital certificates and validate holders identity and authority. TYPES OF DIGITAL CERTIFICATE SERVER CERTIFICATE Allows visitors to exchange personal information, free from the threat of interception or tampering. For building and designing e-commerce sites as confidential information is shared between clients, customers and vendors. PERSONAL CERTIFICATE Allow one to authenticate a visitors identity and restrict access to specified content to particular visitors. For business to business communications such as shipping dates and inventory management. ORGANIZATION & DEVELOPER CERTIFICATE Organization Certificates are used by corporate entities to identify employees for secure e-mail and web-based transaction. Developer Certificates prove authorship and retain integrity of distributed software programs. DIGITAL CERTIFICATE COMPONENT - Name - Serial number - Expiration date - Copy of the certificate holders public key - Digital signature of the certificate-issuing authority. PURPOSE OF DIGITAL CERTIFICATE 1. Proving the Identity of the sender of a transaction 2. Non Repudiation the owner of the certificate cannot deny partaking in the transaction 3. Encryption and checking the integrity of data - provide the receiver with the means to encode a reply. 4. Single Sign-On - It can be used to validate a user and log them into various computer systems without having to use a different password for each system

PUBLIC & PRIVATE KEY Comprises of two related cryptographic keys, mathematically related, and only the corresponding private key can decrypt their corresponding public key. Public Key - made assessable to anyone Private Key - confidential to its respective owner USAGE OF DIGITAL CERTIFICATION 1. Secure Socket Layer (SSL) developed by Netscape Communications Corporation. 2. Secure Multipurpose Internet Mail Extensions (S/MIME) Standard for securing email and electronic data interchange (EDI). 3. Secure Electronic Transactions (SET) protocol for securing electronic payments 4. Internet Protocol Secure Standard (IPSec) for authenticating networking devices ADVANTAGES OF DIGITAL CERTIFICATION Decrease the number of passwords a user has to remember to gain access to different network domains. They create an electronic audit trail that allows companies to track down who executed a transaction or accessed an area.

CHAPTER 4 UNIX SECURITY Security was not a primary design goal of UNIX; dominant goals were modularity, portability and efciency. UNIX provides sufcient security mechanisms that have to be properly congured and administered. The main security strength of UNIX systems comes from open source implementation which helps improve its code base. The main security weakness of UNIX systems comes from open source implementation resulting in a less professional code base. USER ACCOUNT INFORMATION: /etc/passwd Username: used when user logs in, 132 characters long Password: x indicates that encrypted password is stored in /etc/shadow User ID (UID): 0 reserved for root, 1-99 for other predened accounts, 100-999 for system accounts/groups Group ID (GID): the primary group ID User ID Info: a comment eld Home directory: The absolute path to the directory the user will be in when they log in Command/shell: The absolute path of a command or shell (/bin/bash) ROOT PRIVILAGES Almost no security checks: o all access control mechanisms turned off o can become an arbitrary user o can change system clock Some restrictions remain but can be overcome: o cannot write to read-only le system but can remount them as writable o cannot decrypt passwords but can reset them Any user name can be root! SUBJECTS Subjects in UNIX processes identified by a process ID (PID) New process creation: fork: spawns a new child process which is an identical process to the parent except for a new PID vfork: the same as fork except that memory is shared between the two processes exec family: replaces the current process with a new process image Processes are mapped to UID: real UID is always inherited from the parent process effective UID is either inherited from the parent process or from the owner of the le to be executed

OBJECTS Files, directories, memory devices, I/O devices etc. are uniformly treated as resources subject to access control. All resources are organized in tree-structured hierarchy Each resource in a directory is a pointer to the inode data structure that describes essential resource properties.

CHAPTER 5 - MALICIOUS CODE MALWARE A malware is a set of instructions that run on your computer and make your system do something that an attacker wants it to do. VIRUS A program that can infect other programs by modifying them to include a, possibly evolved, version of itself TYPES: Polymorphic - uses a polymorphic engine to mutate while keeping the original algorithm intact (packer) Metamorphic - Change after each infection TROJAN HORSE A Trojan horse describes the class of malware that appears to perform a desirable function but in fact performs undisclosed malicious functions ROOTKIT A Rootkit is a component that uses stealth to maintain a persistent and undetectable presence on the machine WORM A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes and do so without any user intervention. INFECTION METHODS Overwritting, Prepending, Appending, Cavity, Multi-Cavity, and Document-based malware Micro virus - use the built-in script engine PROPAGATION VECTOR Shared Folder, Email Propagation, Fake Antivirus, Browser Hijacked, Fake Page!, P2P Files

CHAPTER 5 - WATERMARKING WATERMARKING A watermark is a secret message that is embedded into a cover (original or host) message. Only the knowledge of a secret key allows us to extract the watermark from the cover message. Effectiveness of a watermarking algorithm is a function of its Resilience to attacks. Capacity. Stealth. MULTIMEDIA WATERMARKS A digital watermark is a secret key dependent signal inserted into digital multimedia data. Watermark can be later detected / extracted in order to make an assertion about the data. A digital watermark can be. Visible (perceptible). Invisible (imperceptible). WATERMARKING APPLICATION Proof of ownership. Copy prevention or control. Content protection (visible watermarks). Authentication. Media Bridging. Broadcast Monitoring. Fingerprinting. Secret Communications. REQUIREMENT Perceptually transparent - must not perceptually degrade original content. Robust - survive accidental or malicious attempts at removal. Oblivious or Non-oblivious - Recoverable with or without access to original. Capacity Number of watermark bits embedded. Efficient encoding and/or decoding.

WINDOW SECURITY KERNEL MODE Security Reference Monitor: ACL verification USER MODE Log-on process (winlogon): user logon Local Security Authority (LSA): password verication and change, access tokens, audit logs (MS04-11 buffer overow: Sasser worm!) Security Accounts Manager (SAM): accounts database, password encryption User Account Control (UAC, Vista): enforcement of limited user privileges WINDOWS REGISTRY A hierarchical database containing critical system information Key-value pairs, subkeys, 11 values types A registry hive is a group of keys, subkeys, and values WINDOWS DOMAIN A domain is a collection of machines sharing user accounts and security policies. Domain authentication is carried out by a domain controller (DC). To avoid a single point of failure, a DC may be replicated ACCESS CONTROL IN WINDOWS Access control is applied to objects: les, registry keys and hives, Active Directory objects. More than just access control on les! Various means exist for expressing security policies SUBJECTS Subjects are active entities in OS primitives. Windows subjects are processes and threads. Security credentials for a subject are stored in a token. Tokens provide a principal/subject mapping and may contain additional security attributes. Tokens are inherited (possibly with restrictions) during creation of new processes.

WATERMARKING ATTACKS Active Attacks: Hacker attempts to remove or destroy the watermark. Watermark detector unable to detect watermark. Key issue in proof of ownership, fingerprinting, copy control. Not serious for authentication or covert communication. Passive Attacks: Hacker tries to find if a watermark is present. Removal of watermark is not an aim. Serious for covert communications. Collusion Attacks: Hacker uses several copies of watermarked data to construct a copy with no watermark. Uses several copies to find the watermark. Serious for fingerprinting applications. Forgery Attacks: Hacker tries to embed a valid watermark. Serious in authentication. If hacker embeds a valid authentication watermark, watermark detector can accept bogus or modified media. WATERMARKING RESEARCH Information Theoretic Issues. Decision Theoretic Issues. Signal Processing Issues. Watermarking protocols and system issues. Steganalysis.

CHAPTER 6 - NETWORK SECURITY CONCEPTS CIRCUIT SWITCHING A methodology of implementing a network in which two nodes establish a dedicated circuit through the network before the nodes may communicate. The circuit guarantees the full bandwidth of the channel and remains connected for the duration of the communication session. PACKET SWITCHING A methodology of implementing a network in which divides the data to be transmitted into packets transmitted through the network independently. Packet switching shares available network bandwidth between multiple communication sessions. TCP/IP ENCAPSULATION When data moves from upper layer to lower level of TCP/IP protocol stack (outgoing transmission) each layer includes a bundle of relevant information called a header along with the actual data. The data package containing the header and the data from the upper layer then becomes the data that is repackaged at the next lower level with lower layer's header. This packing of data at each layer is known as data encapsulation. TCP CONNECTION SYNCHRONIZATION To establish a connection, TCP uses a 3-way handshake. Before a client attempts to connect with a server, the server must first bind to a port to open it up for connections: this is called a passive open. Once the passive open is established, a client may initiate an active open. To establish a connection, the 3-way handshake occurs: a. The active open is performed by sending a SYN to the server. b. In response, the server replies with a SYN-ACK. c. Finally the client sends an ACK back to the server. At this point, both the client and server have received an acknowledgement of the connection. TCP Connection Termination is implemented as follows: One computer sends a FIN packet to the other computer including an ACK for the last data received (N). a. The other computer sends an ACK number of N+1 b. It also sends a FIN with the sequence number of X. c. The originating computer sends a packet with an ACK number of N+1. The connection is closed. Another way to close the connection is for one computer to send a packet with the RST (reset) bit set which will tell the other computer to immediately terminate the connection.

PROBLEMS Sniffing is "listening" to network traffic to collect information. A common usage of sniffing is to listen to network traffic to look for patterns of a worm spreading itself. Spoofing is sending network traffic that's pretending to come from someone else. A common usage for spoofing is sending an email message, but to reformat the header. Man-In-The-Middle is the type of attack where attackers intrude into an existing connection to intercept the exchanged data and inject false information. A denial-of-service (DoS attack) is an attempt to make a computer resource unavailable to its intended users. TCP HIJACKING TCP Hijacking is one of the Man-in-the-Middle attacks in which an attacker can allow normal authentication to proceed between the two hosts, and then seize control of the connection. There are two possible ways to do this: one is during the TCP threeway handshake, and the other is in the middle of an established connection. SYN FLOOD A form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system.

IP LAYER SECURITY: IPSec IPsec is a framework for a set of protocols for security at the network or packet processing layer of network communication. IPsec provides two choices of security service: Authentication Header (AH), which essentially allows authentication of the sender of data, and Encapsulating Security Payload (ESP), which supports both authentication of the sender and encryption of data as well. Objective: - Secure connectivity of branch ofces - Secure remote access Advantages: - Bypass resistence - Transparency to endusers and applications Disadvantages: - Infrastructure support needed - Performance degradation AUTHENTICATION HEADER AH provides data integrity, data origin authentication, and optional anti-replay services to IP. AH does not provide any data confidentiality (encryption), so there is no need for an encryption algorithm. ENCAPSULATED SECURITY PAYLOAD (ESP) ESP protects the IP packet data from third party interference, by encrypting the contents using symmetric cryptography algorithms as Blowfish & 3DES. IPSec MODES Transport mode- The outer header determines the IPsec policy that protects the inner IP packet. Tunnel mode - The inner IP packet determines the IPsec policy that protects its contents. IPSec SECURITY ASSOCIATION (SA) Security Association (SA) forms the basis of Internet Protocol Security (IPSec). A Security Association (SA) is a simplex (one-way channel) and logical connection that provides relationship between two or more systems to build a unique secure connection. A Security Association (SA) can be viewed as an agreement between two devices about how to protect information during transit. The Security Association (SA) is one way (simplex).

One Security Association is used for processing out-bound packets and other Security Association is used for processing inbound packets. A Security Association (SA) consists of three things. 1) A Security Parameter Index (SPI) 2) An IP destination address 3) A IPSec Protocol Identifier. IPSec protocols are Authentication Header (AH) and Encapsulating Security Payload (ESP). TRANSPORT LAYER SECURITY: SSL/TLS SSL/TLS is a cryptographic protocol that provides communication security over the Internet. SSL/TLS encrypt the segments of network connections above the transport layer, using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication code for message integrity. Objectives: o Secure information transmission in Internet applications o Mutual authentication in Internet applications Advantages: o Secure end-to-end communication over TCP Disadvantages: o PKI support needed, o Potential use of weak cryptographic algorithms SSL ARCHITECTURE SSL connection corresponds to TCP connections SSL sessions represent an association between a cliend and a server. Sessions dene parameters that can be share between connections. SSL RECORD PROTOCOL Carries out information transfer Provides condentiality and message integrity services.

APPLICATION LAYER SECURITY: SSH Secure Shell (SSH) is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client (running SSH server and SSH client programs, respectively). The protocol specification distinguishes two major versions that are referred to as SSH-1 and SSH-2. Applications: o Secure remote login o Secure services (e.g.FTP, copy) over an insecure network o Secure port forwarding Advantages: o Various authentication methods o A neat way to circumvent rewalls Disadvantages: o point-to-point only o Some security vulnerabilities SSH PREVENTABLE ATTACKS o Eavesdropping o TCP session hijacking o Man-in-the-midle attacks SSH NON-PREVENTABLE ATTACKS o Password cracking o TCP/IP attacks: SYN ood, desynchronization o Trafc analysis o Covert channels

CHAPTER 6 - IDPS DEFINITION Intrusions: attempts to compromise the confidentiality, integrity, availability, or to bypass the security mechanisms of a computer system or network (illegal access). Intrusion detection: is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible intrusions (incidents). Intrusion Detection System (IDS): is software that automates the intrusion detection process. The primary responsibility of IDS is to detect unwanted and malicious activities. Intrusion Prevention System (IPS): is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents. USAGE OF IDPS Its a dire fact that while every enterprise has a firewall, most still suffer from network security problems. Intrusion Prevention Systems have been promoted as costeffective ways to block malicious traffic. IDPS MAIN FUNCTIONS Recording information related to observed events: Information is usually recorded locally, and might also be sent to separate systems such as centralized logging servers. Notifying security administrators of important observed events: This notification, known as an alert, may take the form of audible signals, e-mails, pager notifications, or log entries. Producing reports: Reports summarize the monitored events or provide details on particular events of interest. PREVENTING ATTACK BY SEVERAL TECHNIQUES The IDPS stops the attack itself: Terminate the network connection or user session that is being used for the attack such as block access to the target. The IDPS changes the security environment: The IDPS could change the configuration of other security controls to disrupt an attack such as reconfiguring a network device (e.g. router or switch).

The IDPS changes the attacks content: Some IDPS technologies can remove or replace malicious portions of an attack to make it benign such as removing an infected file attachment from an e-mail. METHODOLOGY OF DETECTION Signature-Based Detection: This method compares known threat signatures to observed events to identify incidents. This is very effective at detecting known threats but largely ineffective at detecting unknown threats and many variants on known threats. Anomaly-Based Detection: This method samples network activity to compare to traffic that is known to be normal. When measured activity is outside baseline parameters or clipping level, IDPS will trigger an alert. Anomaly-based detection can detect new types of attacks but it requires much more overhead and processing capacity than signature-based. Stateful Protocol Analysis: A key development in IDPS technologies was the use of protocol analyzers. It can decode application-layer network protocols, like HTTP or FTP. Once the protocols are fully decoded, the IPS analysis engine can evaluate different parts of the protocol for anomalous behavior. Problems with this type are it cannot detect attacks that do not violate the characteristics of generally acceptable protocol behavior. FALSE POSITIVE The normal activity is considered as an intrusion. IDPS technologies cannot provide completely accurate detection. FALSE NEGATIVE The system fails to recognize an intrusion. Altering the configuration of an IDPS to improve its detection accuracy is known as tuning.

TYPES OF IDPS NETWORK-BASED It performs packet sniffing and analyzes network traffic to identify and stop suspicious activity. It allows some attacks such as network service worms and viruses with easily recognizable characteristics, to be detected on networks before they reach their intended targets. Network-based products might be able to detect and stop some unknown threats through application protocol analysis. Although poorly written signature triggers false positives, it can block a new malware threat hours before antivirus signatures become available. However, network-based products are generally not capable of stopping malicious mobile code or Trojan horses. Placement of Network-based IDPS Outside / inside firewall Behind remote access server Between business units Between corporate network and partner networks In all switched network segments HOST-BASED Similar to network-based, except that a host-based product monitors the characteristics of a single host and the events occurring within that host such as monitoring network traffic. They often use a combination of attack signatures and knowledge of expected or typical behavior to identify known and unknown attacks on systems. Host-based IDPSs are most commonly deployed on critical hosts such as publicly accessible servers and servers containing sensitive information. Placement of Host-based IDPS Key servers that contain mission-critical and sensitive information, Web servers, FTP and DNS servers, E-commerce database servers,, and Other high value assets. NETWORK BEHAVIOR ANALYSIS (NBA) It examines network traffic to identify threats that generate unusual traffic flows, such as denial of service (DoS) and distributed denial of service (DDoS) attacks. NBA systems are most often deployed to monitor flows on an organizations internal networks, and are also deployed where they can monitor flows between an organizations networks and external networks.

WIRELESS This type monitors wireless network traffic and analyzes its wireless networking protocols to identify suspicious activity involving the protocols themselves. It cannot identify suspicious activity in the application or higherlayer network protocols (e.g., TCP, UDP) that the wireless network traffic is transferring. EVALUATING IDPS o Organizations should consider using multiple types of IDPS technologies to achieve more comprehensive and accurate detection and prevention of malicious activity. o For most environments, a combination of network-based and host-based IDPSs is needed for an effective IDPS solution. o NBA technologies can also be deployed if organizations desire additional detection capabilities for DoS & DDoS attacks, worms, and other threats that NBAs are particularly good at detecting. o Wireless IDPSs may also be needed if the organization determines that its wireless networks need additional monitoring. o Organizations need to understand the characteristics of their system or network environment before a compatible IDPS can be selected. o Organizations should articulate the goals and objectives they wish to attain by using an IDPS such as stopping common attacks or identifying misconfigured wireless network devices, etc. o Organizations should also review their existing security policies, which serve as a specification for many of the features that the IDPS products need to provide. o Organizations also need to define specialized sets of requirements for the following: Security capabilities It is including information gathering, logging, detection, and prevention. Performance It is including maximum capacity and performance features Management It is including design and implementation

CHAPTER 7 - TRUSTED COMPUTING A technology developed and promoted by the Trusted Computing Group (TCG) In TC, the computer will consistently behave in expected ways, and those behaviors will be enforced by hardware and software. Trusted Computing uses cryptography to help enforce a selected behavior TC is controversial because it is technically possible not just to secure the hardware for its owner TC was intended for Digital rights management (DRM), a generic term for access control technologies that can be used by hardware manufacturers, publishers, copyright holders and individuals to impose limitations on the usage of digital content and devices. Limits the abuse of file sharing over the network Prevent making illegal copies without the authorization from the vendor Restrict users computing actions

Operates in several different parts of chipset Higher abstraction layers only as secure as lower Trusted CPU, chipset, and boot ROM Each layer verifies hash of next layer before execution Built on top of secure bootstrap architecture Instruction set extensions to create protected processor partition Extensions to create protected software stack Trusted platform module (TPM) verifies conditions Changes to I/O controller, memory controller, graphics controller, and CPU

TC FUNDAMENTAL CONCEPTS Software runs and communicates securely over applications and servers Use locked-down architecture - Hardware level cryptographic keys for encryption and authentication Seal secure data within curtained memory I/O communication path are encrypted TC should be expected the computing behave the way we wanted and do what we wanted securely Trusted Computing Platform (TCP) has the following three fundamental features: Protected Capabilities Integrity Capabilities Integrity Reporting Trusted Computing encompasses six key technology concepts as required for a fully trusted system: Endorsement key Secure input and output Memory curtaining / protected execution Sealed storage Remote attestation Trusted Third Party (TTP) LaGrande - Intel version of TC Intels hardware implementation Runs parallel to normal architecture Uses hash values for modification detection

NGSCB - Microsoft version of TC Software side of TC Domain Manager aka Nexus Sealed Storage Remote Attestation Two primary system components in NGSCB Nexus o Special kernel (core of the trusted operating) o Goal: Isolate the process of normal mode and trusted mode differently in memory o Functionality: Authenticate and protect data (entered, stored, communicated, and displayed) by data encryption o Nexus Computing Agent (NCA) NSGCB operates two operating systems in ONE system Normal Mode: o Un-protected environment o Same as our current Windows series o Fully Controlled by the users Trusted Mode: o Protected environment o Users have no authorities to modify, delete, or copy ANY content. o Implemented TC: Hardware and Software implementation o Fully Controlled by the computers Isolate protected and non-protected operating environment that are stored in the same memory Blocks the access of Direct Memory Access (DMA) devices in term of writing and reading to secured block of memory Block access of malicious code Claimed: no illegitimate access will occurring in protected environment Encrypts data on storage device Key is not stored on storage device Hash of creating program stored with file TPM only decrypts for program that passes modification detection Decrypted only with same TPM / same program

USES OF TC Remote banking, business-to-business e-commerce, and online auctioning Digital rights management Preventing cheating in online games Securing data storage Personal privacy protection, data management, and record keeping Shared computing and secure transactions Secure home computing Government agencies that require a high level of security and trust Software license enforcement

You might also like