What is TPM?

(Technical explanation) - All, till week 4 (next week) Applications - Examples Dangers/Security - Major issue - Address (why dangerous?) - Comments (is it really dangerous? or just what people say) - Case study Future Trends - How it can be developed further - Any more improvements to be made? (links, videos, diagrams, basically everything..)

Timeline 1. Finish background (this document) by week 5. Must have general idea Teach each other what we know discuss project structure 2. Consult prof on week 6 3. Week 6-9 Revise Outline, Complete report 15 pages, Report to be half done 4. Onwards: Do presentation Links http://researcher.watson.ibm.com/researcher/view_project.php?id=2850 http://habbob.com.br/Cryptographie%20et%20Steganographie/4.pdf http://informatik.uibk.ac.at/teaching/ws2009/esa/crypto_slides.pdf http://people.cs.uchicago.edu/~dinoj/smartcard/security.html http://www.cl.cam.ac.uk/~mkb23/research/Survey.pdf http://www.cl.cam.ac.uk/~mkb23/research/Attacks-on-Crypto-TS.pdf

What is TPM?
A trusted platform module (TPM) is a specialized chip that can be installed on the motherboard of a personal computer for the purpose of hardware authentication . The TPM authenticates the computer in question rather than the user. To do so, TPM stores information specific to the host system, such as encryption keys, digital certificates and passwords. TPM minimizes the risk that data on the computer will be compromised by physical theft or an attack by an external hacker . Hardware protection is inherently less vulnerable to software-based attacks and authentication processes are conducted through a secure subsystem. The device also enhances the security of Web browsers, email programs and other important applications. TPM chips are available from a number of vendors, including Atmel, Broadcom, Infineon, Sinosun, STMicroelectronics and Winbond. TPM could, potentially, be used on any type of computing device. The devices are currently being installed on desktops, laptops and tablet PCs by most major manufacturers. TPM can be used with any major operating system and works best in conjunction with other security technologies such as firewalls, antivirus software , smart card s and biometric verification . The Trusted Computing Group is currently working on specifications for TPM chips for installation in peripheral s and external storage devices. from: http://whatis.techtarget.com/definition/trusted-platform-module-TPM

Some important hardware details of the 9635 are as follows. Claims compliance with TCG TPM Main Specification Family 1.2, Level 2, Errata Level 0 16-bit microprocessor in 0.22 m CMOS technology 24 Platform Configuration Registers (PCRs) 10 key slots 1.5 KB of general-purpose non-volatile memory EEPROM for storing upgradable firmware and user keys/data Cryptographic engine (up to 2048-bit RSA keys supported) Hashing engine (hardware-accelerated SHA-1) True Random Number Generator (TRNG) Tick counter with tamper detection Low Pin Count (LPC) bus interface; operation based on a single 33 MHz clock Support for an external output signal on a General Purpose I/O (GPIO) pin Various security features such as over/under voltage detection, low frequency sensor, high frequency filter, reset filter, and memory encryption

The TPM is not a cryptographic accelerator. It is not meant to aid in bulk encryption. Moreover, the specification does not contain any cryptographic throughput requirements.

Trusted Platform Module (TPM) is both the name of a published specification detailing a secure cryptoprocessor that can store cryptographic keys that protect information, and the general name of implementations of that specification, often called the "TPM chip" or "TPM Security Device". (wikipedia)

So, its a published specification.. That specification details this thing called a cryptoprocessor.. What that cryptoprocessor does, is store cryptographic keys, that can somehow protect information. Okay... that helps. kinda. But we dont really understand. To help us understand, we must first understand these three main points and address these three main questions (MQs). MQ 1. What are cryptographic keys (and how do they protect information)? MQ 2. What is a cryptoprocessor? MQ 3. What are the details of this specification? Sooooo... lets research on these individually. MQ1 What are cryptographic keys? To understand cryptographic keys, we must first understand what cryptography is in the first place. So, MQ1 - SQ(Sub question)1 What is the concept of cryptography? Lets recall what we learn from IST. Cryptography involves changing something from plaintext to ciphertext, ie the information is encrpyted. What is a good ciphertext? It must be one such that looking at the ciphertext, nobody can deduce the plaintext except the person whom the message is intended for. How do people encrypt messages? Using encryption algorithms. One example is the caesar cipher, where with a key of E(4), A becomes E, B becomes F etc. So GEOFFREY becomes KISJJVIC Alright, seems logical. Lets go back to MQ1 What are cryptographic keys?

So in the case of the above example of the caesar cipher, we get KISJJVIC. How do we decrypt this word back to the original? We need to know the key, which is E(4). Only then we will know that the letters must be translated backwards 4 times, to get GEOFFREY. So to summarize, cryptographic keys are what encrypted message recipients need to convert the ciphertext back to plaintext. Ie, if i want to send a message to someone, i must first send the key to the person. Without the key, the person cannot decrypt the message. (Lets assume that the encryption algorithm is something much more cheem than casesar cipher, where the key cant be easily guessed just from looking at the ciphertext). And were done with MQ1!! Wait, are we, really? Something still dosnt seem right. Lets remember the whole point why we encrypt messages in the first place. It is such that we can send these messages over to someone else, such that even if in the middle, someone intercepts and obtains the message, no one can understand what the original message is saying. But now we are saying, okay, we encrypt the message, and then send the key over to the person, before sending the message. Now we can send messages via the internet, an unsecured medium, without caring whether someone else sees the message. See the problem? So what about the key then! How do we ensure the key we send to the person does not get intercepted? We could encrypt the key. Okay, then what about the key used to decrypt the key? Encrypt that as well. Then we need the key to decrypt the key to decrypt the key to decrypt the message. Nah, that wont work. We could send via a secured medium. Maybe physically pass the person a slip of paper with the key, or a thumbdrive, or something. Well, if such a medium exists, that would be great. But would that be practical for large businesses, which sends messages to millions of people daily? Physically pass a key to each person? Nah thats not likely. Also, if such a medium really existed, we could simply send the plaintext messages themselves via this medium, there would be no need for cryptography at all! So how siah? Looks like we have to frame another sub question. MQ1-SQ2 How do we give someone a key, without worrying about the key itself being stolen? The answer: Public key cryptography/Asymetric key cryptography!
Public-key cryptography refers to a cryptographic system requiring two separate keys, one of which is secret and one of which is public. Although different, the two parts of the key pair are mathematically linked. One key locks or encrypts the plaintext, and the other unlocks or decrypts the ciphertext. Neither

key can perform both functions by itself. The public key may be published without compromising security, while the private key must not be revealed to anyone not authorized to read the messages.(Wikipedia)

Okay, so lets analyze this further. Now instead of one key, we need two keys. One key for encryption, One key for decryption. And, neither key can perform functions by itself. That means, The decryption key can only decrypt messages encrypted by the one encryption key it is linked with. Why thats brilliant!!! So now, suppose Jiaying wants to send a message to Jieting. Using this method: Jiaying creates two keys, one public (encrpytion), one private (decryption). Jiaying sends Jieting the public key (encryption). Jieting encrypts her message using the public key. Jieting sends the message to Jiaying. Jiaying decrypts the message using her private key when she receives it, and now she sees the original message. Along the way, Geoffrey and Alvin steals a copy of the message! But, geoffrey and alvin cant read the message cuz they dont have the key. So they stole a copy of the public key too! But wait. The public key can only encrypt, it cant decrypt. Only Jiaying will ever have posession of the private(decryption) key, because she created it in her own PC, and never had to send it out! (Ok, from what i understood, the receiver of the

encrypted message will be the one generating the key and sending the key for encrypting to the sender.) Examples of such public key algorithms: > RSA (found in secure telephones, ethernet network cards and smartcards) http://informatik.uibk.ac.at/teaching/ws2009/esa/crypto_slides.pdf Slide 15 > DSS. This is great. We now know what cryptographic keys are, and how they can effectively protect information. Last words before we close MQ1: Well, this public private key thing is great. But in order for public-private key pairs to only work for each other, they have to be mathematically linked. Since they are linked, it would technically be possible for someone who gets hold of the public key, to deduce the private key. Thats when we have to go into the specifications of RSA and DSS to see how they actually generate such key pairs. And the brilliant thing about these algorithms are as such: While it is not impossible to deduce a private key from a public key,
It is extremely difficult (or effectively impossible) for anyone to derive the private key, based only on their knowledge of the public key. (wikipedia)

Lets leave the actual implementation of RSA and DSS for another day, and go to MQ2. MQ 2. What is a cryptoprocessor? Ok, the only thing we know about them is, they store cryptographic keys. But many things can store keys. My computer can store a key if i generate it using the RSA algorithm. I can also write the key on a piece of paper, that counts as storing cryptographic keys. What then, is so special about a cryptoprocessor? Lets again look at wikipedia.
A secure cryptoprocessor is a dedicated computer on a chip or microprocessor for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance. The purpose of a secure cryptoprocessor is to act as the keystone of a security sub-system, eliminating the need to protect the rest of the sub-system with physical security measures. Smartcards are probably the most widely deployed form of secure cryptoprocessor, although more complex and versatile secure cryptoprocessors are widely deployed in systems such as Automated teller machines, TV set-top boxes, military applications. (wikipedia)

So, lets try to put this in simple words A cryptoprocessor is basically, a computer chip. What does it do? Carry out cryptographic operations (basically encrypt and decrypt i suppose).

It is packaged securely ie no one can grab it out. So like in the case of a smartcard, i suppose this means it is glued in such a way u cant really tamper with the chip in the card. What is it used for? To act as a keystone of a security sub-system. What the heck is a keystone exactly?
A keystone is the wedge-shaped stone piece at the apex of a masonry vault or arch, which is the final piece placed during construction and locks all the stones into position, allowing the arch to bear weight. The term is used figuratively to refer to the central supporting element of a larger structure, such as a theory or an organization, without which the whole structure would collapse.[3] Example: Trade is the keystone of modern civilization.

-.-, seriously. Why cant they use simple english. A keystone is something that supports and puts everything else in place. Lets get back to topic What is it used for? To support and put everything else in a security sub-system in place, such that we only need to protect this thing, and we dont have to protect everything else. Okay... again, that kinda helps but not really. But the one thing we know now - a cryptoprocessor can do many more things than store keys. Looks like the original wikipedia line about TPM was misleading when it said a cryptographic processor just stores keys :/ Lets look at all the parts that dont really make sense: Ok, so a cryptoprocessor is a really great chip, it can store keys, it also has the ability to encrypt and decrypt stuff. We also know that its used in smart cards. In fact, lets just look at the chip to see what it looks like on a smart card:

Ah, that looks familiar. But okay, what has cryptography got to do with smart cards? Why do smart cards need this chip? And in the case of a smart card, how does it act as a keystone the security sub system where it is involved in? Now, suppose we assume that the cryptoprocessor is really that important. How is it secured and tamper-free then?

MQ2-SQ1 - Why do smart cards need cryptoprocessors? MQ2-SQ2 - How and why are cryptoprocessors tamper-free? Lets deal with SQ1 first. Why do smart cards need cryptoprocessors? You know what? Its really hard to find any information from Google on this. But Ive found a site :D. Lets take a look at whats written here: http://people.cs.uchicago.edu/~dinoj/smartcard/ security.html Ah, that makes sense now. Just like earlier on when I talked about cryptography being used for sending encrypted messages, we now realize something. Smartcards send/receive messages too! And who do they send them to? Card readers. And that makes sense. Lets think about our EZ-link card. We all know our EZ-link cards are all tagged to an EZ-link account that store value. This value is somehow incremented when we top up our card, and decremented when we take tap our card at public transport. There has to be some form of information in the form of electrical signals exchanged between our card and the card readers. Let us think about what happens when we tap our EZ-link card when we take public transport. The card reader has to first establish that this card is a valid EZ-link card, and the card has to establish that the reader is a valid reader. Otherwise, someone could just create a malicious reader that sends instructions to the card to increment its amount to 1 million and never have to pay a single cent for transport. Someone could also, from someone elses EZ-link card ID number, make a fake card from someone elses EZ-link card ID. How could this be done? Well if we follow the implementation described in the above site, this can be done by having the card and the reader share a common secret cryptographic key! so how it works is, the cards cryptographic processor could generate a random number/string then send the number/string to the reader the reader would encrypt it using its own cryptographic processor and key, then send it back the card would also have encrypted that random number/string, so now the card just compares if the ciphertext generated is the same as the one that the reader generates if yes there is a match, alright, the card now recognizes the reader as a valid reader. now the process is repeated, but this time, the reader is the one that needs to verify the card, the reader now the one that generates the random number and matches the returned encryption signal. Once the card and reader has verifield each other, they can now begin to send information/ commands to each other.

Now I get what they mean when they were talking about all that cornerstone stuff! You see how important the cryptographic processor is? Someone can intercept the electronic signals such as information and commands sent between the cards and the readers, and think they can create another card that sends the same signals. But, because they do not know the keys encoded in the cards and readers, they will never be able to bypass the mutual verification stage! You get it? Lets say youre trying to create a fake card. When the reader sends the random number to you, you need to encrypt the signal and send it back, and this encrypted signal must be the same as the one the reader produces. You cant do this without the encryption key! So after thinking about smartcards, we now understand why they need cryptoprocessors, and why they are so important. Lets go on to SQ2 MQ2-SQ2 - How and why are cryptoprocessors tamper-free? In fact from SQ1, we now have an idea why it is so important that one cannot tamper with the cryptoprocessor. What is the most important information stored in the cryptoprocessor? Its cryptographic key/keys. We dont want someone to be able to extract out the keys from the cryptoprocessor. So this is in fact, it. What we are exactly trying physically secure in the cryptoprocessor, is the access to the encryption keys it stores. After the key is programmed into the chip, it has to be restricted in its access such that only the chip itself can use the key. We want to make sure that no one can probe the chips OS to extract the key, using some physical means like blowing it up whenever someone tries to probe, etcetc. The below few links really list down the common ways people can extract keys from chips, and the ways chip makers prevent these attacks: http://www.cl.cam.ac.uk/~mkb23/research/Survey.pdf http://www.cl.cam.ac.uk/~mkb23/research/Attacks-on-Crypto-TS.pdf With that, you know what folks! We are now adequately educated about cryptography, cryptographic keys, and cryptoprocessors to finally go on to TPM itself! We can close MQ2, and finally go to the actual gist of our project: MQ3, which involves TPM directly. Let us recall our wiki definition, and MQ3 itself:
Trusted Platform Module (TPM) is both the name of a published specification detailing a secure cryptoprocessor that can store cryptographic keys that protect information, and the general name of implementations of that specification, often called the "TPM chip" or "TPM Security Device". (wikipedia)

MQ3: What are the details of the TPM specification?

TPM Functions:
The TPM is a very interesting and complex piece of hardware with many uses. For example, you could use the TPM from within your own programs to: Create private/public key pairs such that the private key never leaves the TPM in clear form. Therefore, the private key cannot be stolen (nor can you yourself clone it.) Private keys can leave the chip after they have been "wrapped" (encrypted with a TPM-resident key.) Sign data. (Again, without the private key ever leaving the chip.) Encrypt data such that it can only be decrypted on the physical machine (specifically, through the physical TPM) it was encrypted on. Encrypt data such that the process is additionally contingent upon one or more "measurements" (in simple terms, the state of things on the system, as determined by hash values contained in one or more TPM Platform Configuration Registers.) In this case, decryption will only succeed if the said measurements are identical to their values at encryption time. In protocols (such as SSL) that use key exchange, employ the TPM for a much better guarantee regarding the identities involved. Apple: it is important to note that Apple does not use the TPM. If you have a TPM-equipped Macintosh computer, you can use the TPM for its intended purpose, with no side effect on the normal working of Mac OS X. Windows: Windows 7 uses the TPM to create cryptographic keys and to encrypt them so that they can be decrypted only by the TPM that created it. This process is called wrapping or binding. These are the public keys that can be used to unlock secured files. In addition, these keys are tied to specific platform measurements. Windows 7 uses the TPMs public key to unlock data thats been encrypted data into a TC (trusted computing) space, sometimes called the vault. This vault, although often described as physically isolated from the rest of the computer, actually runs on the same hardware. When you use it, however, a separate memory area is set aside for use by the encryption routines and data. Future one common use of TPM technology that we may see in the future in Windows, via add-on programs such as Silverlight, is digital rights management (DRM), better known to its enemies as digital restrictions management. TPM chips are already used in some consumer devices to restrict video playback. Microsoft is already using PlayReady, to encrypt Sliverlight video and audio content on some devices. It would be easy to require its use on Windows PCs in conjunction with TPM hardware. You can look for this expansion in the next few years as TPM software and hardware goes more mainstream. In the meantime though if you really want to secure your data, and you have the right hardware and Windows 7 editions, TPM-enabled BitLocker is the way to go.

from: http://www.osxbook.com/book/bonus/chapter10/tpm/
http://itexpertvoice.com/home/windows-7-security-and-the-trusted-platform-module/

CLICK on this link >>>> http://www-01.ibm.com/support/docview.wss? uid=pos1R1003970&aid=1

Seems like this article is talking about future trends: http://www.computerweekly.com/news/ 2240157874/Analysis-2012-Will-this-be-the-year-TPM-finally-comes-of-age