12.00.012.08.9 7.18 9.20 8.60 6.40 5.00 6.40 6.80 6.20 Trusted Computing Cooperative Research ETISS...

Trusted Computing Cooperative Research

ETISS 2008, Oxford

Hans Brandl, [email protected] Technologies AG, Germany

Apr 18, 2023 Copyright © Infineon Technologies 2006. All rights reserved.

IT Security Research History

1st Generation1st Generation(Prevent Intrusions)(Prevent Intrusions)

Intrusions will Occur

Some Attacks will Succeed

Cryptography

Trusted Computing Base

Access Control & Physical Security

Multiple Levels of Security

2nd Generation2nd Generation(Detect Intrusions, Limit Damage)(Detect Intrusions, Limit Damage) Firewalls

Intrusion Detection Systems

Boundary Controllers VPNs

PKI

3rd Generation(Operate Through Attacks) Big Board View of Attacks

Real-Time Situation Awareness& Response

Intrusion Tolerance

Graceful Degradation

Hardened Core

Functionality

Performance

Security


Trusted Computing Application Fields

TCG Standar

ds

TCG Standar

ds

TPMTPM

TPTPMM

OperatingSystemsApplications

Storage

Mobile PhonesWeb Services

Credentials

Servers

Notebooks

DesktopsSecurity Hardware

Input Devices

Authentication Devices

PDAs Trusted Platform Module

• The “root of trust” of the system.

• The TPM is a HW security engine that stores secrets and prevents many common software

attacks.


Trusted Computing Research Areas Today:

Supporting and enhancing existing technologies and applications:

Secure storage of critical data New authentication and communication supplements

New (TC based ) field of research:

Trusted OS: Virtualization, Microkernel Error tolerant

New Hardware platform structures: Trusted embedded platforms (mobile phones, critical controllers

(automotive), network boxes … Infrastructure:

Public Testing capabilities, Remote TC management and network control

Training: Making TC development much easier, SDK. Application Examples


Existing Trusted Computing R&D projectsOpenTC (EU-FP6) :

2006-2009, 24 partners, Basic TC Interfaces and APIs, Virtualization, Microkernel, Application examples, Standardization contributionshttp://www.OpenTC.net/

TECOM (Trusted Embedded Computing), EU-FP7 : 2008-2010, 8 partners,Embedded Hardware with integrated TC, Common criteria certification for integrated

chips, Trusted OS for embedded: Virtualization, Microkernel, Security layers, Applications

http://www.TECOM-project.eu

SECRICOM (Secure Crisis Communication), EU-Security:2008-2011), 10 partners, first TC supported project ( TC is not anymore the main task,

but is used for supporting the project targets). http://www.secricom.org

NADA (Nanodatacenters), EU-FP7:2008-2011, 10 partners, distributed media systems with trust and security.

www.nanodatacenters.eu EVITA Automotive security , EU-FP7:2008-2011, 14 partner

www.evita.eu

Other national projects: France, USA, Spain, Germany, Japan, Malaysia, Austria


Field of research #1: Trusted Hardware

Next generation TPMs

Which additional functions are really required? TPMs are already to complex, minimalistic TPM

what is hw and what is software How many privacy on embedded

TPM design complexity barrier (Turing-Goedel barrier).How to verify the correctness of a TPM implementation itself ?From 128 KB code for TPM 1.1 to about 512 KB in 2010 to 1MB in ?Guaranteed Error free ?

TPM and host platform integration. E.g. TPM and ARM Trustzone on one chip: Advantages , System and interface requirements, bidirectional support of technologies.


Field of research #2: Trusted Operating systems

Virtualisation for PC like systems

Virtualization for embedded systems- Small code - e.g. real time behaviour

Microkernel

Other Trusted operating system concepts ?

Until now, no R&D project delivered an easy to use, just out of the box TOS!


Field of research #3: Specific TPM use scenarios,

Integrated Trusted Computing systems for next generations Automotive products:SW error resistant platforms, secure integrated authentication and communication, product copy prevention….

Secure car to car communication

Mobile communications Separating critical and uncritical parts in the system Scalability and usability features

Industrial plant control

Critical infrastructures Single point of failure


Field of research #4: Making TC development much easier,

Training examples for the newcomer

Software Development Kits for special application fields and kernels

Building blocks for training

Surrounding Infrastructure missing


Field of research #5: TPM platform management

A TPM may cost some 1 or 2 €.TPM enterprise total cost of ownership may be in the range of 200-300€ per year (installation, Training, helpdesk, IT visits….)

Authentication by exiting idm structures(kerberos, X509, PK…)

TPM management via existing network management capabilities?

Silent installation Roaming, automatic and remote key migration, extended

certificate store TPM migration, backup

Embedding into existent IT security structures

Are there more market oriented application scenarios than just platform security and certificate management ?


Field of research #6: Infrastructure

Public research on advanced Compliance and testability

Public research on advanced Conformance evaluation(Security evaluation) , Advanced and fast TOE description and testing methods

Handling TOE changes fast and with low effort

Complex reduction for software/hardware systems


Field of research #7: applicationsSpecific,

High level applications


Preview EU FP7 Security Research call 2008

A new Call for Proposals for Security Research (FP7-SEC-2009-1) under the Seventh Framework Programme for Research and Technological Development (FP7) is planned to be published on 4 September 2008.

Security research does not mean IT research ! Comparable to homeland security

http://ec.europa.eu/enterprise/security/index_en.htm


Preview EU FP7 call 2008 IST: Future of the Internet

TC as support feature:

Building and managing trustworthy network infrastructures as well as communication, computing and storage infrastructures in the context of the development of the Future Internet as conglomerate of heterogeneous networks and systems. This will include novel architectures with built-in security, dependability and privacy; secure interfaces and scalable dynamic security policies across networks. It will also include the trustworthy management of billions of networked devices, "things" and virtual entities connected in the Future Internet.

http://ec.europa.eu/information_society/activities/foi/index_en.htm

Next full blown Trusted computing call: IST 2009


Objective ICT-2009.1.4: Trustworthy ICT a) Trustworthy Network InfrastructuresTrustworthy platforms and frameworks for autonomously monitoring and

managing threats, which are typically cross-border, cross-organisational, scalable, distributed, dynamically evolving and collaborative.

Experimentation and demonstration of trustworthiness of network infrastructures

Projects should give adequate attention to usability, societal acceptance and economic and legal viability of the technologies developed

b) Trustworthy Service InfrastructuresResearch projects should include in addition to technology development,

attention to aspects of usability, legislation, human behaviour, privacy and principles of human rights . This could involve research in other relevant disciplines or demonstrating trustworthiness properties in the proposed frameworks.

c) Technology and Tools for Trustworthy ICTFor user-centric and privacy preserving identity management, including for

management of risks and policy compliance verification.Management and assurance of security, integrity and availability, also at very

long term, of data and knowledge in business processes and services.In enabling technologies for trustworthy ICT, this includes cryptography,

biometrics; trustworthy communication; virtualisation; metrics and certification methodologies.


Objective ICT-2009.1.4: Trustworthy ICTd) Networking, Coordination and Support Networks of Excellence could be particularly relevant for the areas of (i), (ii)

and (iii).

Expected Impact: For trustworthy network and service infrastructures:Demonstrable improvement (i) of the trustworthiness of the future European

network infrastructures consisting of various heterogeneous communication networks and systems and (ii) in handling network threats and attacks and reduction of security incidents.

Significant contribution to the development of trustworthy European infrastructures and frameworks for network services; improved interoperability and standardisation supporting usability and user-centricity in the handling of information and privacy.

For all IP/STREP projects:Improving European industrial competitiveness in markets of trustworthy ICT

by offering business opportunities and consumer choice in usable innovative technologies; increased awareness of the potential and relevance of trustworthy ICT.

For networking, coordination and support actions (NoE/CSA):Improved coordination of research and integration of research activities in

areas where that is beneficial for European research and innovation capacity.

Indicative budget distribution: 90 M€


Artemis program for embedded platforms: 20.5.2008

The ARTEMIS Joint Undertaking has launched its first Call for proposal with a total public funding of 99 Million €. This happen because of a unique collaboration between industry and public authorities.

Please look at: https://www.artemis-ju.eu/call_2008

Tom Bo CLAUSEN European Commission DG Information Society

E-mail: [email protected] http://cordis.europa.eu/ist/embedded/

12.00.012.08.9 7.18 9.20 8.60 6.40 5.00 6.40 6.80 6.20 Trusted Computing Cooperative Research ETISS...

Documents

Transcript of 12.00.012.08.9 7.18 9.20 8.60 6.40 5.00 6.40 6.80 6.20 Trusted Computing Cooperative Research ETISS...