agenda - teletrust · 2009-04-03 · ubs raiffeisen banken fed. res. bank of boston den norske bank...
TRANSCRIPT
1
February 2004
Cooperation for a promising future
�U
timac
o S
afew
are
AG
, 08/
03/2
004
2
IBM
& U
timac
o, th
e jo
int s
olut
ion
Agenda
� The Utimaco customer base� TCG - the organization� TCG technology
� TPM 1.2� TCG PC implementation
� TCG products made by Utimaco� The “make of” � TCG technology and perception� The “mobile world” of tomorrow
(or is it already today ...)
2
�U
timac
o S
afew
are
AG
, 08/
03/2
004
3
IBM
& U
timac
o, th
e jo
int s
olut
ion
Banks &Insurances
Government Trade, Transport & Industry
Business Services
DBV VersicherungAllianz Gruppe
Dresdner Bank Deutsche BankFoerenings SparbankenBanque de FranceNational Bank of Sweden
SEB Lloyds TSBRobert Fleming
Société Générale Crédit Suisse
UBS Raiffeisen Banken
Fed. Res. Bank of BostonDen norske Bank
ABN AMRO BankFortis Bank
United Asia Finance Isaserver
SwiftBourse de Luxembourg
Banque Central de Luxembourg etc.
European CommissionNATO
FBIMin. of Finance (BUL,D,NL)
Min. of Interior (SLO,F)Min. of Justice (B,D,NL)Rijkspolitie (NL)Canadian C & R Agency
Justizdirektion Zürich Bundeswehr
Skattedirektoratet Kadaster (NL)
Sev. national Police forcesNational Treasury Office (S) HKSAR/Government (HK)
Bundesamt f. FinanzenLand of Berlin
Land of Baden-Württemberg Police of Hamburg
Police of Schleswig-HolsteinMinisterie van
Landsverdediging (B)etc.
Nokia Daimler-Chrysler
VolkswagenMitsubishiNorsk HydroNovartis
Astra ZenecaSanofi
AventisPfizer
AbbottMcDonald‘s Nestlé
Cartier British American Tobacco
Alfa LavalStatoil
ABB AGA GAS
SKFDSM
etc.
Ernst & Young Price Waterhouse CoopersDanzas AdeccoIBMFujitsu Siemens Swiss Post
La Poste (France) T-Systems / Debis
KPN TelecomBritish Telecom
HongKong TelecomTelenor Vodafone
China Light & Power UK Lottery
Global OneCert Europe
TPG Groupetc.
„Blue Chip“- Customer Base�
Utim
aco
Saf
ewar
eA
G, 0
8/03
/200
4
4
IBM
& U
timac
o, th
e jo
int s
olut
ion
Technology Cooperation
� In the center of future computing is trusted computing and
� How ist works ------------------------------------------------>
3
�U
timac
o S
afew
are
AG
, 08/
03/2
004
5
IBM
& U
timac
o, th
e jo
int s
olut
ion
The Evolution of the Standard
� Member Status January 04
� Promoters:� AMD*, Hewlett Packard*, IBM*, Intel*, Microsoft*, Seagate*+, Sony*, Sun
Microsystems*, and Verisign*+
� Contributors:� Agere Systems*, ARM*, ATi Technologies*, Atmel*, Broadcom Corporation*,
Comodo*, Fujitsu Limited*, Fujitsu-Siemens Computers*, Gemplus*, Infineon*, Legend Limited Group*, National Semiconductor*, Nokia*, NTRU Crytosystems, Inc.*, NVIDIA*, Phoenix*, Philips*, Rainbow Technologies*, RSA Security*, Seagate*, Shang Hai Wellhope Information*, Silicon Storage Technology*, Standard Microsystems*, STMicroelectronics*, Texas Instruments*, Utimaco Software AG*, VeriSign Inc.*, Wave Systems*
� Adopters: � Ali Corporation*, Gateway*, M-Systems*, Silicon Integrated Systems*, Softex*,
Toshiba*, Winbond Electronics*� A number of additional companies have expressed interest and intent
to join
* Names and brands are properties of their respective owners
�U
timac
o S
afew
are
AG
, 08/
03/2
004
6
IBM
& U
timac
o, th
e jo
int s
olut
ion
TCG Components
� TPM (Trusted Platform Module)
Random Random
NumberNumber
GeneratorGenerator
RSARSA
EngineEngine
NonNon--VolatileVolatile
StorageStorage
Key Key
GenerationGeneration
PlatformPlatform
ConfigurationConfiguration
Register (PCR)Register (PCR)
AttestationAttestation
Identity Identity
Key (AIK)Key (AIK)
OptOpt--InInSHASHA--11
EngineEngine
Trusted Platform Module (TPM)Trusted Platform Module (TPM)
PackagingPackaging
I/OI/O
ExecExec
EngineEngine
Program Program
CodeCode
4
�U
timac
o S
afew
are
AG
, 08/
03/2
004
7
IBM
& U
timac
o, th
e jo
int s
olut
ion
What (only) a TPM can perform
� Platform integrity
�U
timac
o S
afew
are
AG
, 08/
03/2
004
8
IBM
& U
timac
o, th
e jo
int s
olut
ion
What (only) a TPM can perform
� Platform integrity at work: “parachute” plain text data into a “foe or friend” environment
� .... and there is a lot more ...
5
�U
timac
o S
afew
are
AG
, 08/
03/2
004
9
IBM
& U
timac
o, th
e jo
int s
olut
ion
What (only) a TPM can perform�
Utim
aco
Saf
ewar
eA
G, 0
8/03
/200
4
10
IBM
& U
timac
o, th
e jo
int s
olut
ion
From TPM to TSS (TCG Software Stack)
� TPM is a subsystem with protected storage and protected capabilities� The TPM is intended to provide trust and intended to be an
inexpensive component� Narrow resources� Cumbersome interfaces
� Separation� Protected storage and protected capabilities� Others (CPU, main storage)� I/F: TSS
� TSS:� Single entry point for applications to the TPM functionality� Synchronization� Manage TPM resources and their release
6
�U
timac
o S
afew
are
AG
, 08/
03/2
004
11
IBM
& U
timac
o, th
e jo
int s
olut
ion
Platform Owner and User ControlTCG is committed to ensuring owners and users of computing platforms remain in full control of their computing platform, and to require platform owners to opt-in to enable TCG features
Backwards CompatibilityTCG commits to make reasonable efforts to ensure backward compatibility in future specifications for currently approved specifications
TCG Policy Position�
Utim
aco
Saf
ewar
eA
G, 0
8/03
/200
4
12
IBM
& U
timac
o, th
e jo
int s
olut
ion
The Evolution of the Standard
� TPM 1.2 Specification announced Nov. 5, 2003
� Direct anonymous attestation reliably communicates information about the static or dynamic capabilities of a computer with a Trusted Platform Module
� Locality allows owners of the Trusted Platform Module to assign permissions to external software processes
� Delegation allows platform owners to delegate software, an object or other entity to use specific, owner-authorized commands, without allowing access of other commands in the Trusted Platform Module
7
�U
timac
o S
afew
are
AG
, 08/
03/2
004
13
IBM
& U
timac
o, th
e jo
int s
olut
ion
The Evolution of the Standard
� TPM 1.2 Specification announced Nov. 5, 2003
� Non-volatile storage can be used by system software or firmware to store information on the Trusted Platform Module
� Transport protection for commands sent to the Trusted Platform Module
� Monotonic counters� Tick counter
� Trusted Platform Modules for computing devices to include additional privacy protections, more user control, better defense against attacks
�U
timac
o S
afew
are
AG
, 08/
03/2
004
14
IBM
& U
timac
o, th
e jo
int s
olut
ion
The Evolution of the Standard
� PC Specific Implementation Specification v.1., August 2003
� Implementation reference for the 32-bit PC architecture� Usage of PCR registers in the Pre-Boot state through the
transition to Post-Boot state� How the BIOS, or a component thereof, functions as the
Core Root of Trust for Measurement (CRTM)� Programmatic Interfaces to the BIOS as it performs the
functions of the TCG Subsystem (TSS and access to the TPM)
� Behavior entering, during, and exiting power and initialization states
� Guidelines for Option ROMS� Status: Work-in-progress ! Subject to changes !
8
�U
timac
o S
afew
are
AG
, 08/
03/2
004
15
IBM
& U
timac
o, th
e jo
int s
olut
ion
The Evolution of the Standard - Implementation
� Trusted Platform Modules (TPM) based on 1.1b specification available from TPM vendors� Atmel* � Infineon*� National Semiconductor*
� Compliant PC platforms shipping now� IBM* ThinkPad notebooks and NetVista desktops� HP* D530 desktops� More expected soon
� Application support by multiple ISV’s� TCG Software Stack (TSS) announced Sept. 16, 2003� TPM 1.2 Specification announced Nov. 5, 2003
* Names and brands are properties of their respective owners
..Atmel TPM 1.2RTM now !
�U
timac
o S
afew
are
AG
, 08/
03/2
004
16
IBM
& U
timac
o, th
e jo
int s
olut
ion
The Evolution of the Standard
� Work groups operational, Jan ‘04� Marketing Work Group� Trusted Platform Module (TPM)� TPM Software Stack (TSS)� PC Specific Implementation� Server Specific Implementation� PDA Specific Implementation� Mobile Phone Specific Implementation� Conformance (Common Criteria)� InfraStructure � Peripherals
� Additional work groups anticipated
9
�U
timac
o S
afew
are
AG
, 08/
03/2
004
17
IBM
& U
timac
o, th
e jo
int s
olut
ion
Utimaco Safeware: TCG Related Products�
Utim
aco
Saf
ewar
eA
G, 0
8/03
/200
4
18
IBM
& U
timac
o, th
e jo
int s
olut
ion
Utimaco Safeware: TCG Related Products� The entire Utimaco portfolio takes advantage of TCG
� SafeGuard Easy (Hard Disk Bulk Encryption)� SafeGuard PrivateDisk (confidentiality container)� SafeGuard LogonGuard (SingleSignOn)� SafeGuard LANCrypt (transparent file encryption, secure collaboration
work)� SafeGuard Advanced Security (Authentication, Biometrics,Removable
Media Management, policy enforcement, integrity,...)� HSM (High Security Module),
high-level tamper proof and sealed PCI board for servers. It carries a crypto-coprocessor as well as secure key storage facilities. The HSM is usedto serve PKI and TCG infrastructures
10
�U
timac
o S
afew
are
AG
, 08/
03/2
004
19
IBM
& U
timac
o, th
e jo
int s
olut
ion
Utimaco TCG Products‘ Benefits
� TPM is used as “Root of Trust” � Secure storage of credentials without external readers� Machine binding
� only authorized users can access client or hard drive� steeling parts is useless
� SSO to the OS and applications� “Security joins convenience”
� Challenge/Response via voice recognition: can be used for 24x7h support, even if malicious client logins are a major risk
� Utimaco High Security Module (HSM) based help desk system can handle malicious help desk users for remote support (credentials are unknown to administrators, smartcards and certificates can be revoked easily)
�U
timac
o S
afew
are
AG
, 08/
03/2
004
20
IBM
& U
timac
o, th
e jo
int s
olut
ion
� TCG Contributor Membership � Member of Infineon Silicon Trust� World premiere:
During the 4th Security Solutions Forum, London, November 2002, Utimaco presented a prototype of TCG technology, comprising harddisk encryption, SSO and automatic virtual drive mounting - based on Infineon TPM
� First sales successes at Fortune 500 customers already achieved
� IP on application software as well as low-level programming� Celebration 5th of Febuary, 2004: 20 years IT-security made in
Germany by Utimaco Safeware AG� Profitable and public company� Worldwide sales, support and partners
TCG, Utimaco and History
* Names and brands are properties of their respective owners
11
�U
timac
o S
afew
are
AG
, 08/
03/2
004
21
IBM
& U
timac
o, th
e jo
int s
olut
ion� Rob Enderle, The Enderle Group:
� Trusted Computing: "Maligned by Misrepresentations and Creative Fabrications"
„The Trusted Computing Group can help fix a lot of what's wrong with PC security“
� The group is laboring under the burden of a couple of misconceptions by the public: Despite misconceptions to the contrary, this group is not directed by either Microsoft or the U.S. government. They are not primarily focused on Digital Rights Management; any secure repository would be attractive to a DRM solution, but DRM is not the goal of this group.
� “Anyone who considers arithmetic methodsof producing random digits is, of course, in a state of sin.” (John von Neumann)
Tech Facts and Public Opinion
Random Random
NumberNumber
GeneratorGenerator
�U
timac
o S
afew
are
AG
, 08/
03/2
004
22
IBM
& U
timac
o, th
e jo
int s
olut
ion
� Gartner comments, ”The architecture assumes that the connection is equivalent to the office LAN – unfortunately, just a little slower. In practice, response times may make client/server applications unusable…”
� Utimaco products are designed to cope with the challenges of themobile world:� Notebook access recovery even when internet access is not
possible (sales force) by using an infrastructure with a higher level of ubiquity
� Decrease of TCO via headless helpdesk based on voice recognition systems
� Error free enforcement of corporate security policy
Mobile Security is Design Inherent
12
�U
timac
o S
afew
are
AG
, 08/
03/2
004
23
IBM
& U
timac
o, th
e jo
int s
olut
ionYour trusted partner for IT security
since 20 years !
Alexander W. Koehlerwww.utimaco.com