Atomic Bob's Stock Forum - The Golden Thread

Forum Home |

Signup |

My Page

Rules |

FAQ |

Donate |

Boards |

Members |

« WAVX DD Home | Email msg. | Reply to msg. | Post new | Board info.

Previous | Home | Next

Re: TPM architecture and/or Intel's Danbury technology ??

By: SheldonLevine in WAVX DD | Recommend this post (0)
Mon, 03 Mar 08 12:18 AM
Boardmark this board | WAVX DD Longs Board

Msg. 06657 of 06668
(This msg. is a reply to 06650 by awk)
Jump:

Danbury/TXT TPM interface

Andy, my sincere apologies if you are already aware of this information.

>>>
Computer Scientists at Princeton University have shown some very easy and creative methods to hack cryptographic key material with physical access to an encrypted machine. Watch the video embedded below to find out how existing technology is really vulnerable against Cold Boot Attacks on Encryption Keys.

All you need is a Duster spray can, if that, to cool the DRAM and extract the keys. The paper published along with the video clearly outlines techniques for finding keys residing in memory.The really cool part is that this technique doesn't really hack into the encryption directly. Rather, it depends on scanning the encryption keys by accessing the contents of the RAM and then extracting the data either by directly tampering with the RAM or by simply booting the computer from a USB drive. You can also read the industry response and more details on these findings in the news.com article.

It is not all bad news ... Intel is planning on releasing a technology code named “Danbury” which drastically reduces exposure to the Cold boot attacks. Danbury uses dedicated platform hardware to provide full disk encryption and the actual data encryption keys are not kept in the DRAM. Although, Intermediate, or ‘wrapping’, keys used to unlock data encryption keys are stored in DRAM temporarily, when the user is physically present or while remote IT operation has control of the platform. These keys are subsequently deleted once no longer needed, thus reducing the exposure significantly.

I am also very happy to announce that Danbury SDK that can leveraged by software vendors to enhance encryption software will be made on the manageability developer community later this year. If you are interested to find out more about this technology or are interested in developing encryption software using this technology then feel free to leave a comment on this post.
<<<
http://softwareblogs.intel.com/2008/02/28/use-duster-spray-can-to-hack-the-disk-encryption-keys/

I presently believe that the Danbury SDK will sit on top of the TXT Safer Mode Extensions (SMX) which is a low-level interface to the TPM.

<<<
1. Overview

Intel’s technology for safer computing, Intel® Trusted Execution Technology (Intel® TXT), defines platform-level enhancements that provide the building blocks for creating trusted platforms.

Whenever the word trust is used, there must be a definition of who is doing the trusting and what is being trusted. This enhanced platform helps to provide the authenticity of the controlling environment such that those wishing to rely on the platform can make an appropriate trust decision. The enhanced platform determines the identity of the controlling environment by accurately measuring the controlling software (see Section 1.1).

Another aspect of the trust decision is the ability of the platform to resist attempts to change the controlling environment. The enhanced platform will resist attempts by software processes to change the controlling environment or bypass the bounds set by
the controlling environment.

What is the controlling environment for this enhanced platform? The platform is a set of extensions designed to provide a measured and controlled launch of system software that will then establish a protected environment for itself and any additional
software that it may execute.

These extensions enhance two areas:

• The launching of the Measured Launched Environment (MLE)

• The protection of the MLE from potential corruption

The enhanced platform provides these launch and control interfaces using Safer Mode Extensions (SMX).

----

1.8 TPM Usage

Intel® TXT makes extensive use of the Trusted Platform Module (TPM) defined by the Trusted Computing Group (TCG) in the TCG TPM Specification, Version 1.2. The TPM provides a repository for measurements and the mechanisms to make use of the measurements. The system makes use of the measurements to both report the current platform configuration and to provide long-term protection of sensitive information.

The TPM stores measurements in Platform Configuration Registers (PCRs). PCRs provide a storage area that allows an unlimited number of measurements in a fixed amount of space. They provide this feature by an inherent property of cryptographic hashes. Outside entities never write directly to a PCR register, they “extend” PCR contents. The extend operation takes the current value of the PCR, appends the new value, performs a cryptographic hash on the combined value, and the hash result is the new PCR value. One of the properties of cryptographic hashes is that they are order dependent. This means hashing A then B produces a different result from hashing B then A. This ordering property allows the PCR contents to indicate the order of measurements.

Sending measurement values from the measuring agent to the TPM is a critical platform task. The Dynamic Root of Trust for Measurement (DRTM) requires specific messages to flow from the DRTM to the TPM. The Intel® TXT DRTM is the GETSEC[SENTER] instruction and the system ensures GETSEC[SENTER] has special messages to communicate to the TPM. These special messages take advantage of TPM localities 3 and 4 to protect the messages and inform the TPM that GETSEC[SENTER] is sending the messages.
<<<
http://download.intel.com/technology/security/downloads/31516804.pdf

etc.

Regards

- - - - -
View Replies (1) »

» You can also:

Ignore/Hide this poster on all boards (Requires login)
Membermark this member (Requires login)
Email this message to a friend

- - - - -
The above is a reply to the following message:

TPM architecture and/or "Intel's "Danbury" technology ??
By: awk in WAVX DD
Fri, 15 Feb 08 11:40 PM

Msg. 06650 of 06668

TPM architecture and/or Intel's "Danbury" technology…

It appears that "Danbury" adds a whole new dimension to the "interoperability" question. It appear that "Danbury" is a totally separate architectural platform from the TPM architecture that needs its own management tools. And it appears that Waves's EMBASSY tools are the only ones that can handle both architectural platforms..

I am not yet quite clear how this really will function, but it is clear to me now, that a vPro 5.0 with "Danbury" really consist of two distinct platforms to be managed: The "TPM system" and "Danbury"

Wave-Intel press release: Here Steven Sprague talks about two distinct platforms within the same system.

Steven Sprague says:
"As trusted computing solutions evolve, cross-platform interoperability could represent an important opportunity," said Steven Sprague, president and CEO of Wave Systems. "We believe that the addition of hardware security that provides data-at-rest, strong authentication and management capabilities, built into the hardware, is an important step forward in supporting the growing need for security in the PC. We are keenly aware of the requirements for applications to interoperate among multiple secure platforms and are providing proof of concepts today to show how our applications can be adapted to a new generation of platforms from Intel. We are proud to be the first company demonstrating our flexible, interoperable, secure applications on the industry’s leading trusted platforms."

Assumption: In a way, "Danbury" functions similarly to Seagate's "DriveTrust" technology, in the sense that "Danbury" also incorporates some EMBASSY functionality. Also, most likely, the "Danbury" encryption keys are stored within the Intel chipset and never leave the chipset.

Question: Where does this leave Infineon and, moreover, where does it leave the rest of the PC OEMs?

Steven Sprague goes on to say:
We are keenly aware of the requirements for applications to interoperate among multiple secure platforms and are providing proof of concepts today to show how our applications can be adapted to a new generation of platforms from Intel. We are proud to be the first company demonstrating our flexible, interoperable, secure applications on the industry’s leading trusted platforms."

Also check out the highlighted part of a "blog exchange" that I had with Intel's Todd Christ. He says:

http://communities.intel.com/openport/blogs/proexpert/2007/12/14/5-reasons-to-look-forward-to-danbury-technology

Feb 11, 2008 11:36 AM Reply Todd Christ in response to: Andreas Kuhn
Hi Andreas - Danbury won't have interaction with a TPM, but rather utilize an integrated mechanism to control security access.

Danbury will become part of the AMT 5.0 stack and much like other AMT releases - AMT 5.0 will be backward compatible with previous versions of AMT - but the older versions will not be scaleable to the newer platforms.

Uploaded Image

From the Wave-Intel press release:

http://www.wave.com/news/press_archive/07/070918_IDF

Wave to Demonstrate Capabilities for Data Protection and Trusted Platform Module Support for Next-Generation Intel vPro Technology at Intel Developer Forum

Wave highlights new Intel hardware technologies while enhancing Intel® Active Management Technology with Wave’s key management capabilities

Lee, MA and San Francisco, CA (Intel Developer Forum, Booth #415-20) –September 18, 2007 – Wave Systems Corp. (NASDAQ: WAVX; www.wave.com ), a leader in delivering trusted computing applications and services with advanced products, infrastructure and solutions across multiple trusted platforms, today announced it will demonstrate the capabilities of its EMBASSY® technology on a development Intel® vPro™ processor technology platform.

This 2008 platform incorporates a new, integrated chipset and Trusted Platform Module (TPM), along with a new data encryption technology codenamed "Danbury Technology." Wave will show how EMBASSY technology can be adapted for data-at-rest, strong authentication and key management. Wave offers the only interoperable solution based upon the Trusted Computing Group’s specifications for trusted platforms that include TPM secure storage solutions and secure infrastructures as defined by the TCG.

"Protecting stored data is critical for businesses today, and Intel vPro Danbury technology will make encrypting hard drive data more secure and manageable," said Tom Quillin, director of Intel's Digital Office Ecosystem Enabling. "Intel is pleased that Wave is rapidly embracing this secure platform initiative."

"As trusted computing solutions evolve, cross-platform interoperability could represent an important opportunity," said Steven Sprague, president and CEO of Wave Systems. "We believe that the addition of hardware security that provides data-at-rest, strong authentication and management capabilities, built into the hardware, is an important step forward in supporting the growing need for security in the PC. We are keenly aware of the requirements for applications to interoperate among multiple secure platforms and are providing proof of concepts today to show how our applications can be adapted to a new generation of platforms from Intel. We are proud to be the first company demonstrating our flexible, interoperable, secure applications on the industry’s leading trusted platforms."

Wave’s demonstrations will be located in the Intel vPro Zone Pavilion, Wave Booth #415-20 at the Moscone Center North. Customers may make appointments by contacting Brian Berger, Wave’s EVP Marketing & Sales, at bberger@wavesys.com.

« WAVX DD Home | Email msg. | Reply to msg. | Post new | Board info.

Previous | Home | Next