Trusted Computing Platforms: Design and Applications This page intentionally left blank TRUSTED COMPUTING PLATFORMS: DESIGN AND APPLICATIONS SEAN W. SMITH Department of Computer Science Dartmouth College Hanover, New Hampshire USA Springer eBookISBN: 0-387-23917-0 Print ISBN: 0-387-23916-2 ©2005 Springer Science + Business Media, Inc. Print ©2005 Springer Science + Business Media, Inc. Boston All rights reserved No part of this eBook maybe reproducedor transmitted inanyform or byanymeans,electronic, mechanical, recording, or otherwise, without written consent from the Publisher Created in the United States of America Visit Springer's eBookstore at: http://ebooks.springerlink.com and the Springer Global Website Online at: http://www.springeronline.com Contents List of Figures xiii List of Tables xv Preface xvii Acknowledgments xix 1. INTRODUCTION 1 1.1 Trust and Computing 2 1.2 Instantiations 2 1.3 Design and Applications 5 1.4 Progression 7 2. MOTIVATING SCENARIOS 9 2.1 Properties 9 2.2 Basic Usage 10 2.3 Examples of Basic Usage 12 2.4 Position and Interests 14 2.5 Examples of Positioning 15 2.6 The Idealogical Debate 18 2.7 Further Reading 18 3. ATTACKS 19 3.1 Physical Attack 21 3.1.1 No Armor 22 3.1.2 Single Chip Devices 23 3.1.3 Multi-chip Devices 23 3.2 Software Attacks 24 3.2.1 Buffer Overflow 25 vi TRUSTED COMPUTING PLATFORMS 3.2.2 Unexpected Input 25 3.2.3 Interpretation Mismatches 26 3.2.4 Time-of-check vs Time-of-use 27 3.2.5 Atomicity 28 3.2.6 Design Flaws 29 3.3 Side-channel Analysis 30 3.3.1 Timing Attacks 30 3.3.2 Power Attacks 33 3.3.3 Other Avenues 34 3.4 Undocumented Functionality 35 3.4.1 Example: Microcontroller Memory 36 3.4.2 Example: FLASH Memory 37 3.4.3 Example: CPU Privileges 38 3.5 Erasing Data 38 3.6 System Context 39 3.7 Defensive Strategy 41 3.7.1 Tamper Evidence 41 3.7.2 Tamper Resistance 41 3.7.3 Tamper Detection 41 3.7.4 Tamper Response 42 3.7.5 Operating Envelope 42 3.8 Further Reading 42 4. FOUNDATIONS 43 4.1 Applications and Integration 43 4.1.1 Kent 44 4.1.2 Abyss 44 4.1.3 Citadel 45 4.1.4 Dyad 46 4.2 Architectures 48 4.2.1 Physical Security 48 4.2.2 Hardware and Software 49 4.3 Booting 50 4.4 The Defense Community 52 4.5 Further Reading 52 Contents vii 5. DESIGN CHALLENGES 55 5.1 Context 55 5.1.1 Personal 55 5.1.2 Commercial 56 5.2 Obstacles 57 5.2.1 Hardware 57 5.2.2 Software 59 5.3 Requirements 63 5.3.1 Commercial Requirements 63 5.3.2 Security Requirements 64 5.3.3 Authenticated Execution 66 5.4 Technology Decisions 67 5.5 Further Reading 71 6. PLATFORM ARCHITECTURE 73 6.1 Overview 73 6.1.1 Security Architecture 74 6.2 Erasing Secrets 75 6.2.1 Penetration Resistance and Detection 76 6.2.2 Tamper Response 76 6.2.3 Other Physical Attacks 77 6.3 The Source of Secrets 78 6.3.1 FactoryInitialization 78 6.3.2 Field Operations 79 6.3.3 Trusting the Manufacturer 81 6.4 Software Threats 81 6.4.1 Software Threat Model 82 6.4.2 Hardware Access Locks 82 6.4.3 Privacy and Integrity of Secrets 85 6.5 Code Integrity 85 6.5.1 Loading and Cryptography 86 6.5.2 Protection against Malice 86 6.5.3 Protection against Reburn Failure 87 6.5.4 Protection against Storage Errors 88 6.5.5 Secure Bootstrapping 89 6.6 Code Loading 90 6.6.1 Authorities 91 6.6.2 Authenticating the Authorities 92 viii TRUSTED COMPUTING PLATFORMS 6.6.3 Ownership 92 6.6.4 Ordinary Loading 93 6.6.5 Emergency Loading 96 6.7 Putting it All Together 97 6.8 What’s Next 99 6.9 Further Reading 99 7. OUTBOUND AUTHENTICATION 101 7.1 Problem 101 7.1.1 The Basic Problem 102 7.1.2 Authentication Approach 102 7.1.3 User and Developer Scenarios 103 7.1.4 On-Platform Entities 104 7.1.5 Secret Retention 104 7.1.6 Authentication Scenarios 105 7.1.7 Internal Certification 107 7.2 Theory 108 7.2.1 What the Entity Says 109 7.2.2 What the Relying Party Concludes 109 7.2.3 Dependency 110 7.2.4 Soundness 111 7.2.5 Completeness 112 7.2.6 Achieving Both Soundness and Completeness 112 7.2.7 Design Implications 113 7.3 Design and Implementation 114 7.3.1 Layer Separation 115 7.3.2 The Code-Loading Code 115 7.3.3 The OA Manager 116 7.3.4 Naming 119 7.3.5 Summary 119 7.3.6 Implementation 120 7.4 Further Reading 121 8. VALIDATION 123 8.1 The Validation Process 124 8.1.1 Evolution 124 8.1.2 FIPS 140-1 125 8.1.3 The Process 126 8.2 Validation Strategy 126 Contents ix 8.3 Formalizing Security Properties 129 8.3.1 Building Blocks 130 8.3.2 Easy Invariants 131 8.3.3 Controlling Code 131 8.3.4 Keeping Secrets 132 8.4 Formal Verification 134 8.5 Other Validation Tasks 136 8.6 Reflection 138 8.7 Further Reading 139 9. APPLICATION CASE STUDIES 141 9.1 Basic Building Blocks 141 9.2 Hardened Web Servers 142 9.2.1 The Problem 142 9.2.2 Using a TCP 144 9.2.3 Implementation Experience 149 9.3 Rights Management for Big Brother’s Computer 152 9.3.1 The Problem 152 9.3.2 Using a TCP 153 9.3.3 Implementation Experience 154 9.4 Private Information 155 9.4.1 The Problem 155 9.4.2 Using a TCP: Initial View 157 9.4.3 Implementation Experience 158 9.4.4 Using Oblivious Circuits 160 9.4.5 Reducing TCP Memory Requirements 163 9.4.6 Adding the Ability to Update 165 9.5 Other Projects 167 9.5.1 Postal Meters 167 9.5.2 Kerberos KDC 167 9.5.3 Mobile Agents 167 9.5.4 Auctions 167 9.5.5 Marianas 168 9.5.6 Trusted S/MIME Gateways 169 9.5.7 Grid Tools 169 9.6 Lessons Learned 170 9.7 Further Reading 171