12.00.012.08.9 7.18 9.20 8.60 6.40 5.00 6.40 6.80 6.20 Trusted Computing Cooperative Research ETISS...
-
Upload
byron-knight -
Category
Documents
-
view
214 -
download
1
Transcript of 12.00.012.08.9 7.18 9.20 8.60 6.40 5.00 6.40 6.80 6.20 Trusted Computing Cooperative Research ETISS...
Trusted Computing Cooperative Research
ETISS 2008, Oxford
Hans Brandl, [email protected] Technologies AG, Germany
Page 2Apr 18, 2023 Copyright © Infineon Technologies 2006. All rights reserved.
IT Security Research History
1st Generation1st Generation(Prevent Intrusions)(Prevent Intrusions)
Intrusions will Occur
Some Attacks will Succeed
Cryptography
Trusted Computing Base
Access Control & Physical Security
Multiple Levels of Security
2nd Generation2nd Generation(Detect Intrusions, Limit Damage)(Detect Intrusions, Limit Damage) Firewalls
Intrusion Detection Systems
Boundary Controllers VPNs
PKI
3rd Generation(Operate Through Attacks) Big Board View of Attacks
Real-Time Situation Awareness& Response
Intrusion Tolerance
Graceful Degradation
Hardened Core
Functionality
Performance
Security
Page 3Apr 18, 2023 Copyright © Infineon Technologies 2006. All rights reserved.
Trusted Computing Application Fields
TCG Standar
ds
TCG Standar
ds
TPMTPM
TPTPMM
OperatingSystemsApplications
Storage
Mobile PhonesWeb Services
Credentials
Servers
Notebooks
DesktopsSecurity Hardware
Input Devices
Authentication Devices
PDAs Trusted Platform Module
• The “root of trust” of the system.
• The TPM is a HW security engine that stores secrets and prevents many common software
attacks.
Page 4Apr 18, 2023 Copyright © Infineon Technologies 2006. All rights reserved.
Trusted Computing Research Areas Today:
Supporting and enhancing existing technologies and applications:
Secure storage of critical data New authentication and communication supplements
New (TC based ) field of research:
Trusted OS: Virtualization, Microkernel Error tolerant
New Hardware platform structures: Trusted embedded platforms (mobile phones, critical controllers
(automotive), network boxes … Infrastructure:
Public Testing capabilities, Remote TC management and network control
Training: Making TC development much easier, SDK. Application Examples
Page 5Apr 18, 2023 Copyright © Infineon Technologies 2006. All rights reserved.
Existing Trusted Computing R&D projectsOpenTC (EU-FP6) :
2006-2009, 24 partners, Basic TC Interfaces and APIs, Virtualization, Microkernel, Application examples, Standardization contributionshttp://www.OpenTC.net/
TECOM (Trusted Embedded Computing), EU-FP7 : 2008-2010, 8 partners,Embedded Hardware with integrated TC, Common criteria certification for integrated
chips, Trusted OS for embedded: Virtualization, Microkernel, Security layers, Applications
http://www.TECOM-project.eu
SECRICOM (Secure Crisis Communication), EU-Security:2008-2011), 10 partners, first TC supported project ( TC is not anymore the main task,
but is used for supporting the project targets). http://www.secricom.org
NADA (Nanodatacenters), EU-FP7:2008-2011, 10 partners, distributed media systems with trust and security.
www.nanodatacenters.eu EVITA Automotive security , EU-FP7:2008-2011, 14 partner
www.evita.eu
Other national projects: France, USA, Spain, Germany, Japan, Malaysia, Austria
Page 6Apr 18, 2023 Copyright © Infineon Technologies 2006. All rights reserved.
Field of research #1: Trusted Hardware
Next generation TPMs
Which additional functions are really required? TPMs are already to complex, minimalistic TPM
what is hw and what is software How many privacy on embedded
TPM design complexity barrier (Turing-Goedel barrier).How to verify the correctness of a TPM implementation itself ?From 128 KB code for TPM 1.1 to about 512 KB in 2010 to 1MB in ?Guaranteed Error free ?
TPM and host platform integration. E.g. TPM and ARM Trustzone on one chip: Advantages , System and interface requirements, bidirectional support of technologies.
Page 7Apr 18, 2023 Copyright © Infineon Technologies 2006. All rights reserved.
Field of research #2: Trusted Operating systems
Virtualisation for PC like systems
Virtualization for embedded systems- Small code - e.g. real time behaviour
Microkernel
Other Trusted operating system concepts ?
Until now, no R&D project delivered an easy to use, just out of the box TOS!
Page 8Apr 18, 2023 Copyright © Infineon Technologies 2006. All rights reserved.
Field of research #3: Specific TPM use scenarios,
Integrated Trusted Computing systems for next generations Automotive products:SW error resistant platforms, secure integrated authentication and communication, product copy prevention….
Secure car to car communication
Mobile communications Separating critical and uncritical parts in the system Scalability and usability features
Industrial plant control
Critical infrastructures Single point of failure
Page 9Apr 18, 2023 Copyright © Infineon Technologies 2006. All rights reserved.
Field of research #4: Making TC development much easier,
Training examples for the newcomer
Software Development Kits for special application fields and kernels
Building blocks for training
Surrounding Infrastructure missing
Page 10Apr 18, 2023 Copyright © Infineon Technologies 2006. All rights reserved.
Field of research #5: TPM platform management
A TPM may cost some 1 or 2 €.TPM enterprise total cost of ownership may be in the range of 200-300€ per year (installation, Training, helpdesk, IT visits….)
Authentication by exiting idm structures(kerberos, X509, PK…)
TPM management via existing network management capabilities?
Silent installation Roaming, automatic and remote key migration, extended
certificate store TPM migration, backup
Embedding into existent IT security structures
Are there more market oriented application scenarios than just platform security and certificate management ?
Page 11Apr 18, 2023 Copyright © Infineon Technologies 2006. All rights reserved.
Field of research #6: Infrastructure
Public research on advanced Compliance and testability
Public research on advanced Conformance evaluation(Security evaluation) , Advanced and fast TOE description and testing methods
Handling TOE changes fast and with low effort
Complex reduction for software/hardware systems
Page 12Apr 18, 2023 Copyright © Infineon Technologies 2006. All rights reserved.
Field of research #7: applicationsSpecific,
High level applications
Page 13Apr 18, 2023 Copyright © Infineon Technologies 2006. All rights reserved.
Preview EU FP7 Security Research call 2008
A new Call for Proposals for Security Research (FP7-SEC-2009-1) under the Seventh Framework Programme for Research and Technological Development (FP7) is planned to be published on 4 September 2008.
Security research does not mean IT research ! Comparable to homeland security
http://ec.europa.eu/enterprise/security/index_en.htm
Page 14Apr 18, 2023 Copyright © Infineon Technologies 2006. All rights reserved.
Preview EU FP7 call 2008 IST: Future of the Internet
TC as support feature:
Building and managing trustworthy network infrastructures as well as communication, computing and storage infrastructures in the context of the development of the Future Internet as conglomerate of heterogeneous networks and systems. This will include novel architectures with built-in security, dependability and privacy; secure interfaces and scalable dynamic security policies across networks. It will also include the trustworthy management of billions of networked devices, "things" and virtual entities connected in the Future Internet.
http://ec.europa.eu/information_society/activities/foi/index_en.htm
Next full blown Trusted computing call: IST 2009
Page 15Apr 18, 2023 Copyright © Infineon Technologies 2006. All rights reserved.
Objective ICT-2009.1.4: Trustworthy ICT a) Trustworthy Network InfrastructuresTrustworthy platforms and frameworks for autonomously monitoring and
managing threats, which are typically cross-border, cross-organisational, scalable, distributed, dynamically evolving and collaborative.
Experimentation and demonstration of trustworthiness of network infrastructures
Projects should give adequate attention to usability, societal acceptance and economic and legal viability of the technologies developed
b) Trustworthy Service InfrastructuresResearch projects should include in addition to technology development,
attention to aspects of usability, legislation, human behaviour, privacy and principles of human rights . This could involve research in other relevant disciplines or demonstrating trustworthiness properties in the proposed frameworks.
c) Technology and Tools for Trustworthy ICTFor user-centric and privacy preserving identity management, including for
management of risks and policy compliance verification.Management and assurance of security, integrity and availability, also at very
long term, of data and knowledge in business processes and services.In enabling technologies for trustworthy ICT, this includes cryptography,
biometrics; trustworthy communication; virtualisation; metrics and certification methodologies.
Page 16Apr 18, 2023 Copyright © Infineon Technologies 2006. All rights reserved.
Objective ICT-2009.1.4: Trustworthy ICTd) Networking, Coordination and Support Networks of Excellence could be particularly relevant for the areas of (i), (ii)
and (iii).
Expected Impact: For trustworthy network and service infrastructures:Demonstrable improvement (i) of the trustworthiness of the future European
network infrastructures consisting of various heterogeneous communication networks and systems and (ii) in handling network threats and attacks and reduction of security incidents.
Significant contribution to the development of trustworthy European infrastructures and frameworks for network services; improved interoperability and standardisation supporting usability and user-centricity in the handling of information and privacy.
For all IP/STREP projects:Improving European industrial competitiveness in markets of trustworthy ICT
by offering business opportunities and consumer choice in usable innovative technologies; increased awareness of the potential and relevance of trustworthy ICT.
For networking, coordination and support actions (NoE/CSA):Improved coordination of research and integration of research activities in
areas where that is beneficial for European research and innovation capacity.
Indicative budget distribution: 90 M€
Page 17Apr 18, 2023 Copyright © Infineon Technologies 2006. All rights reserved.
Artemis program for embedded platforms: 20.5.2008
The ARTEMIS Joint Undertaking has launched its first Call for proposal with a total public funding of 99 Million €. This happen because of a unique collaboration between industry and public authorities.
Please look at: https://www.artemis-ju.eu/call_2008
Tom Bo CLAUSEN European Commission DG Information Society
E-mail: [email protected] http://cordis.europa.eu/ist/embedded/