wave armed forces comm's & electronics presentation 8-12

AFCEA TechNet Land Forces East Plenary Address, Steven Sprague 1 of 19 Transcribed by C. Nerrie ([email protected]) © 2012 Wave Systems Corp. All Rights Reserved. (wave.com)

Armed Forces Communications and Electronics Association (AFCEA) TechNet Land Forces East

August 14 - 16, 2012 Plenary Address by Steven Sprague, CEO of Wave Systems Corp.

Video: http://www.slideshare.net/afcea/sprague3 Slides: http://www.afcea.org/events/tnlf/east12/documents/spragueafceaaug014final.pdf Thank you and good morning everybody. Hopefully they’re going to put my slides up here. There we go. So Becky referenced my cow story. On Memorial Day, we were, my – we live on a horse farm. Our next door neighbor’s cows had escaped and we captured one in the pasture and we were chasing it around and it decided to head butt me. And so, much to my children’s great entertainment I was dragged off to the hospital unconscious. It was brilliantly good fun. So now, anything I say I can blame on a cow for at least another six months or so. But anyway. So we can – do I have the ability to move the slides forward? Can you just move…? Thank you.

So maybe just a little background on who Wave is. We’ve been in this space for a really long time. And we’ve been focused on how do we bring hardware security into the PC platform as a standard capability. And the problem with hardware security is how do you get it built in. Because resetting all of the devices is a challenge. And so back now in 2000-2003, hardware security was standardized, and we’re on today over 600 million machines with industry-standard security in the box. (Move to the next slide. [3])


But I thought the more interesting thing to discuss is we have a problem with cybersecurity today. We’re not seeming to make any progress. Almost every chart looks like that. It’s getting worse. Over time, the number of incidents is going up. But if you look back in history there’s one place where we successfully licked the problem. (And if you click one forward.) [NOTE: Modified slide not available.] That’s the mobile industry in the mid-1990s. We need to make the cyber fraud curves look like that. So what did they do? They put hardware security in every handset and eliminated cloning in the middle of the nineties, and fraud effectively went to zero. When you open your cellular bill, and you look at the phone calls you made, if there’s an incorrect phone call, you believe that it is a billing error not that it’s fraud. So this is only for calling and texting, this isn’t all of your mobile phone. There are other issues that have to be addressed with that. (You can move forward a slide. [4])

But the interesting question is, “What’s mobile?” Because if we could do this for everything, it would be cool. So I had a very entertaining time with this subject because: “Is it the size of the device? Is it that it has a keyboard?” If you read the current NIST specifications, it’s quite entertaining. They say that it is an operating system that is not a full-fledged desktop or laptop. You should try that test on both the Android guys and the iOS guys. “Oh, so you have an inadequate operating system. The Microsoft guys are real computers, you’re just like little computers.” Well, that’s not true. Actually in the NIST definition it also says the microphone is optional, which I find very funny. So what is mobile? So I would argue that mobile (You can move one slide forward. [5])


mobile is a transition of the network architecture. This is probably out of all the things I’ll say this morning, one thing if you take away, this is probably the most useful piece of information. It’s a transformation of a network based on connections to a network based on identity. What that means is, to use some examples: If I take the phone out of my house and I take it to your house and I plug it in, what’s the phone number? Well it’s your house’s phone number. On the other hand, if I take my mobile phone from my house to your house and I use it, what’s the phone number? It’s my mobile phone’s number. It has no basis on the connection. And yet all of enterprise is still building a network that’s based on the connection. You have to form the VPN, then you get your mail. Where with a mobile appliance, you just connect. It doesn’t care whether you’re on WiFi or 4G or DSL. And if you’re dynamically moving between them, it’s able to maintain the session. So you get on your T-Mobile phone now, start a phone call on Wi-Fi, walk outside onto 4G and it just continues. That’s pretty tricky, but it’s done because there’s identity in the device. And so the device plays a huge role in the securing of the enterprise. (Move forward a slide. [6])

So how should you think of the enterprise? Think of the enterprise as its own little carrier. So actually DoD is like kind of medium size. You’ve got ten million endpoints. Ten million endpoints, you don’t even make it on page 1 of the size of carriers on a global basis. Right? Ten million endpoints is a small country that you’re running as a carrier, and you’re delivering services. But a ten million system carrier today can tell you with 100% certainty all the phones on their network. How are we doing at the ability to tell you all the machines on the DoD network today? Like, can I get a list in 15 minutes of all the machines on the DoD network? Verizon could print you a list. It might take longer than 15 minutes to print it, but they could print you a list of every Verizon phone authorized on the network this morning. We can’t do that for the machines that are PCs. And so every device, in essence, needs its own SIM module because what we’re trying to do right now is build carriers with 1989 technology. We have no hardware security in the box and so we have this little cloning and fraud problem that’s going like this.

There are other great examples. Like how much video theft was there in a DIRECTV set-top box global network vs. how much video theft is there in Netflix? Well, Netflix is hugely – has a dramatically greater problem with fraud because we’ve entrusted security of the network to the user. And I don’t know about your kids, but my kids trade Netflix passwords with everybody.


So what we need to do is we need to remove reliance for securing the enterprise from the user. If we can build a network where the network itself is secure, where the Information Assurance professionals are responsible for securing the network and we don’t have to train the users. So there are great examples of this. Anybody ever watch that program on how things are built on TV? It’s great by the way. They’re putting the hood assembly for some car into a punch press machine. There’s not a big sign that says, “Do not stick your hands in the punch press machine.” No, they’ve handcuffed the guy’s hands to strings and when he puts it in and pulls his hands back like this, it activates the machine. That requires a lot less training and you lose a lot less hands because you can’t activate the machine unless you’re standing like this with your hands not in the machine. And certainly there are cases of people with duct tape that are modifying the safety guards. (Move to the next slide. [7])

So thus was formed the Trusted Computing Group. The Trusted Computing Group is an industry standards body. It’s made up of over 130 companies today. And it sets the standards for hardware security within the device. (Move one more slide forward. [8])

It has a very broad array of standards: standards in servers, standards in virtualization of TPMs, standards for Trusted Platform Modules, standards for mobile devices, standards for storage. And so it really encompasses a very broad array of standards within the infrastructure.


So one of the most important devices in the Trusted Computing standards body is the TPM. The Trusted Platform Module is a little chip that sits on the motherboard of your computer, and we’re on like 90%+ of all DoD machines deployed worldwide today. Ninety percent of your coalition partners, 90% of NATO, 90% of your systems integrators, 90% of the hospitals on a worldwide basis have this in place. Why? Because we’ve shipped, as industry, 600 million TPMs to date. And so 600 million is a big number. What’s intriguing is not very many of them are in use. You don’t think the device is important. Almost everybody says, “Any service, any time, any place, any device.” The “any device” is wrong. That’s putting a dollar on the table and investing in real networks and arguing that Apple is a bunch of fools and idiots. ‘Cause Apple said, “Any time, any place, anywhere, Apple device.” So how much happier are the consumers with a device that’s magically managing all their access control? They’re pretty happy. So recently, one of the most interesting things that’s happened is Microsoft just made TPMs part of all their Windows mobile strategy. A TPM is required for Windows RT, which means their ARM-based platforms have a TPM in them. And this has resulted in actually bridging the technology to ARM and the mobile phone players. And decisions are being made now as to how much security should be put in a cell phone that can be controlled by the enterprise not just controlled by the carrier. You desperately need the ability to hold tamper-resistant keys in every device that are under control of your enterprise. You’re not trusting Apple or trusting a carrier to provision the device for you. And it really is also the foundation of how you do Trusted Execution. How do you assure that code that runs in the machine is the code you expect? If you want to look at a little investment that’s been made in this: NSA spent the better part of a few millions of dollars on doing High Assurance Platform. Underneath High Assurance Platform is a TPM providing the security to the independent isolation kernels. So the goal is, “How do I make my cell phone at a consumer product level run High Assurance Platform for a buck or two.” That’s the goal. And we’ll absolutely get there. The technology to do that is there. And classified and unclassified is kind of fun and entertaining language. It’s the same as my kid’s PC and HBO. Same problem. I need to be able to assure that the content that’s leveraged is shared properly, can’t be copied, and is under control of a licensing authority. So the coolest thing about TPM is you already deployed it and you already paid for it. [Minute 10:25] And so one of the interesting other challenges today in cybersecurity is, “How’s your budget going?” Not so good. Could we spend twice as much? Yes. But do we have twice as much? No. So you can do two things. You can do less or you can spend other people’s money. It’s much more fun to spend other people’s money. So how do you do that? With industry standards. Industry spent $2 billion building this for you. Didn’t cost you a dime. So maybe we should turn it on and use it, but it’s been an interesting and entertaining challenge. (Next slide. [10])


So today with Trusted Computing you have the hardware deployed, the tools are available. They’re only from a couple of different companies. We’re one of the vendors that supplies tools in this area. And what we really need is the economy to start. The broader-based use of this technology. It’s an industry standard. How many companies can build tools for Trusted Computing? Everybody. You can build your own, you can buy tools from third party vendors, you can get them from Microsoft or other OS vendors where they’re including TPM in the OS. It’s infrastructure that’s already there. The other interesting aspect is, if I have 600 million TPMs and you call up Cisco and you say, “So, does your stuff work with a TPM?” If they say “no” then they’re clearly ignoring the entire enterprise market because there are 600 million PCs that could work with that Cisco equipment. And so, as we increase the usage of this, every vendor that’s out there should be able to provide you with that little bullet point at the bottom of tear sheet #3 that says, “Works with and supports Trusted Computing.” And if today you’re a vendor building infrastructure in the cybersecurity space and you don’t have interoperability with Trusted Platform Modules, you should understand what its impacts are. So it’s one of the most effective cyber security tools ever deployed that’s been proven to work. Only known devices. Not any device. Not the special Russian computer you picked up at the mall with every virus on the planet known as your kid’s laptop. Right? You don’t want to use that to manage the nuclear power plant. It’s a bad idea. What you want to do is have known devices that are connected to the services. (Next slide please. [11])


So the other interesting one is just economics. So there are some great examples of infrastructures out there with known devices. I would argue that every major service-delivery network bar none has known devices in its infrastructure. How much do they spend? What do you think it costs Apple to manage an iPad? What’s Apple get for what they pay? They get only five iPads on their iTunes account. 100% knowledge of machines. Only Apple software running on the Apple device. They have hardware Digital Rights Management if you wanted to use it for content protection in the Apple device. Our guess is they’re spending about $20 a year at iTunes to manage all the iPads per iPad. Lifecycle management of the device. Now they’re a single organization, it’s fully controlled, it’s all contained. One would spend more. But should we be spending 200 times more or 20 times more or 3 times more? It’s a really interesting context. Verizon spends even less to manage the phones on its enterprise network. How much does DoD spend? And what do we get? So again, can we print a list of all the devices? Is it one of yours? We don’t know. Is HBSS running? Can you prove it? Like mathematically prove HBSS is running on every machine? Not so simple. Does the machine have data-at-rest encryption before I send you the file with all the sensitive information in it? How do you know if you didn’t check to see if it was one of your machines? Even if I have a policy that says “every machine must have data-at-rest.” Do we ever get to 100% saturation to every machine? No. This machine might have been accidentally provisioned without it. How do I know? How do I check? Has this machine been patched? This is where we’re having the problems. We’re not having the humans get viruses, although I have a cold today so clearly somebody gave me a virus. I think I can blame it on my children. (Next slide. [12])

So in leveraging the device not the user, I can do interesting things from a policy perspective. I can make the device safe to lose. How do we do that? By putting hardware security in the box. One of the other standards out of Trusted Computing is the standards for self-encrypting hard drives, and I’ll talk a little bit about them because they’re a great little microcosm of the benefits both economically, technologically, and the benefit of a group of people getting together to drive a standard as opposed to buying proprietary one-off solutions. So the Opal standard – Opal doesn’t stand for anything – is the standard for how hardware security is done inside an encrypted hard drive. And so it really defines how do I provision the user, how do I de-provision the user, where do I keep keys, etc. And we’ll talk a little bit more about that. The other piece is, “How do I assure the integrity of my device?” So if I have a PC and I turn it on, what software is it running? ‘Cause it would be really cool if we knew what software it’s running. And so TPM plays an absolutely critical role in measuring the assurance of the pre-OS environment, and that builds a stack up into the operating system and then ultimately the applications. And whether you measure it with a TNC, or Trusted Network Connect-type infrastructure, or you can measure it with a cloud service, literally with a device identity server. Doesn’t matter. They’re just different mechanisms to check the integrity of the device. (Next slide. [13])


So lets talk a little bit about self-encrypting drives. This is a technology that has been broadly available since 2009. Every drive manufacturer makes it. You have Toshiba, Fujitsu, Hitachi, Samsung, Western Digital, Micron, Seagate, Intel, Sandisk, etc. Industry-standard, vendor-neutral, in every box. Same thing. Interoperability testing has gone really well with it. They have their own processor and RAM. They run just as fast as the hard disk runs. There’s no performance impact. The encryption keys are permanently stored in the drive controller. There are no keys to lose or manage. You’re managing access control to the drive, not keys. It has always-on AES encryption, some of the drives are FIPS-approved. It supports standard SATA interfaces. I can re-image a computer without turning off the encryption. Because it’s just a normal drive, so I have no cost in removing the encryption, re-image the computer, put the encryption back. And there’s this little minor technical detail, which is just a technology concept, that in a solid state drive, software encryption and delete don’t work very well. And the reason is is because inside a solid state drive there are five or six copies of your data. And with the five or six copies of your data – Micron did a demonstration two years ago where they did a full DoD wipe of a solid state drive and then did 85% recovery of the data that was on the drive. Because the data was still there, it just moved all the pointers around. And so, as you move forward and you buy solid state drives, which are really cool – they’re the best performance thing you can add to a PC – you really want to make sure that they are Opal-compliant solid state drives so you can do a crypto erase. (Next slide. [14]) [Minute 18:00]


And all the major OEMs have solid state drives – or have self-encrypting drives – available today. So some people look at it and say, ‘Yeah, but I don’t want to spend $5 or $10 extra for encryption for my machine.” Because it’s an industry standard and because it’s been implemented and because it has better performance characteristics, it’s actually the cheapest solution you can buy in data-at-rest even if you assume Microsoft BitLocker is free. Because it turns out – when we were kids and your mom gave you some money to go buy a laptop and you had a choice to spend an extra hundred bucks on the Nvidia card or a hundred bucks on the hot smokin’ Intel processor, which did you buy? Why you bought the graphics card because your games ran faster. Everybody knows that. So it turns out if you’re required to have encryption and you buy encryption built-in in hardware and it runs faster, it’s cheaper to buy a self-encrypting drive than two gigs of RAM. And the computer’s faster. A two gig machine with a self-encrypting drive is faster than a four gig machine with BitLocker. And cheaper. But hey, let’s deploy BitLocker because we got extra money. Cause the budget’s overflowing with extra cash and we just want to support the thing that comes in enterprise software for free because we believe it to be free, but nobody actually ran a performance test. It’s also invisible to the end user. So there’s a very interesting business model here to look at: industry-standard built-in security. How many people have duct taped air bags to the front of their car? Nobody. No, it comes built-in. We send it off for crash testing. There was a whole thing about the other day of off-set crash tests. We want other people running off-set crash tests on our car telling us which car is safer. That’s cool. That’s certification. That’s actually much better certification than just a government test. Because an independent lab spent their money, published in Consumer Reports, and you know you should buy a Volvo now instead of a Mercedes because it’s supposed to be safer. So it’s an interesting aspect of how do we procure technology with built-in security. How many people have IA in charge of hardware commodity buy? Nobody. Whoops. You’re doing the safety tests after you buy the car. That’s the problem. If the security’s built-in, you don’t want to be adding seat belts after the fact. You want them built in to the car with good engineering from the ground up. (Next slide please. [15])


So I put a couple of slides up just for fun. We’ll only spend a second on these. See the blue lines? That’s the drive throughput, regular hard drive / self-encrypting drives. See the red lines? That’s software encryption. (Next slide. [16])

Time required to encrypt the drive. See the top line, there’s no bar. That’s because you never have to encrypt a self-encrypting drive, it comes encrypted from the factory. It takes zero seconds. You’re provisioning user access control. The other one takes a couple of hours and the bottom one there took 24 hours for a 500 gig drive. Everybody got an extra 24 hours every time you re-image a computer? And time to return from hibernate. How many people are walking around with their laptops open because it takes too long to reboot the machine? Right? You’re like under 20 seconds to reboot a computer in DoD, right? No. You’ve got all sorts of stuff that’s running. So, let’s build it in. We added, with self-encrypting drives, two seconds to the boot time in this process. (Next slide please. [17])


This one is my favorite one. This is independent data research. So the first is (and then you can just build the slide) hard drive with software FDE, hard drive with self-encrypting drive, solid state drive with software FDE, and solid state drive with self-encrypting. It’s just entertaining the fact that their independent research came out with the same number for a Seagate drive with self-encryption vs. a solid state drive. Now this, to be fair, is for heavy read/writes, this is your full data throughput. But you spent like $100 extra to get all that stuff to the right there. Or at least it’s my right, your right too. (Next. Click one more. So anyway, next slide. [18])

So what’s really fun about a self-encrypting drive: it’s not about the encryption. That’s actually not really what the technology does. Yes, it happens to do encryption. It’s the primary medium-assurance hardware mechanism to bind a user to a machine. Let me say that again. It’s the primary mechanism to bind a user to a machine at a medium assurance level. So what happens now when I unlock my machine in a pre-OS environment – there’s no OS running, it’s on the drive – I’m supplying the user credentials to unlock the drive and I can do it with a CAC card. You want to try and watch that process? It’s really, really hard. If I complement it with BIOS integrity, I have a Trusted Execution Environment with measured software in a pre-OS environment with no OS running, allowing me to bind the human to the machine. You can’t phish it. That’s cool and it comes for free. It’s always encrypting. I can re-image the computer in the field and it’s always encrypting. I could actually give the ability to turn off encryption to three people in an enterprise of 100,000 because the day-to-day system test guys and system rebuild


guys do not need to have the tools to turn off encryption. They don’t have to be part of the equation, they don’t have to be trained, they don’t have to be watched. They just have to rebuild machines. All machines are always encrypting. Also, do you really want encryption or do you want proof the device was encrypted when you lost it? Your Commanding General or your legal department – it doesn’t really matter who you are – the only thing they want to know is, “Yes we understand you left the laptop at the restaurant last night. It was a great time at AFCEA, and you left your bag under the table and poof. What was on it? Oh, all of the secret plans for the thing we were going to build. Cool. Was it encrypted?” If you can’t answer that question of “was it encrypted,” if you have no evidence of that encryption process, then you have to assume it wasn’t encrypted when you lost it. So proof of encryption is actually really, really, really important. What’s interesting to me: no one tests that. Everybody wants to know how it’s installed, everybody wants to know how it’s managed, everybody wants to know what strength the encryption is. No one has yet called the legal department and said, “Here’s the evidence that it’s encrypted. Would this meet the minimum requirements for data-at rest?” I just find that funny. That’s actually the thing we’re trying to buy. Millions and millions of dollars have been spent, nobody tested the product. It’s actually quite easy to build machines that are encrypted. (So let’s move to the next slide. [19])

But ultimately this is a cheaper, stronger, better, faster solution. [Minute 25:30] So the nice thing about standards is standards get absorbed by others and then they write more standards around it. So last year NIST published 800-147. It’s now required on 100% of machines acquired by DoD. What is it? It’s that the BIOS is done in such a way that it can be measured. Now in draft form is NIST 800-155, which says, “Now that I have something to be measured, we should collect the measurements.” So it’s great that it’s self-test, let’s collect the self-test and determine whether the machine booted correctly in the morning. So both of these are existing. One is in draft form, I think it’s going to be published very soon, and the other one’s already part of procurement strategy. (Next slide. [20])


So let’s talk a little bit about BIOS integrity. At the end of the day, the first thing you’ve got to do is deploy your TPM, put a key in it. That gives me device identity. Then I can start to monitor that endpoint and understand how do I assure that this machine booted the way I expected it to be. (Next slide. [21])

So we’ve built a product that today, what it does is a very simple thing. It just goes out on the network, checks the identity of all the machines, and every morning when every machine boots, it collects the integrity information from the BIOS. Doesn’t do anything with it, just collects it. Because we’re not really ready to do anything with it. It’s kind of like putting smoke detectors throughout an entire building when you’ve never tried smoke detectors before. Don’t hook them to the fire department on the first day. Hook them to a light or a buzzer so that when you discover that if you’re cooking French fries and there’s smoke going up to the kitchen, that all of a sudden there aren’t 27 fire trucks parked outside going, “What’s going on, dudes?” It takes some time to understand how we’re going to use this and what it even means. The ability to collect information about every machine is really intriguing ‘cause now I have a list every morning of every machine on the enterprise and the health of its BIOS. First step: known devices. Then we’ll integrate health. So I had a very interesting experience. We built this little product and we built self-encrypting drive management, all this kind of stuff, and it turns out that when you turn on and off locking of a self-encrypting drive, it changes the BIOS integrity measurement, so we use it as a demo. Push the button, and lock the drive, and then you reboot the computer and you can see that it changed. And what I enjoyed about this experience was, the first time I saw it we realized we


didn’t know a thing about what we were talking about. So what did we learn? We learned it’s not about health, it’s about confirm. So what should we do? We should hook the system that says “lock drive,” lock the drive, and hold the transaction pending. Then when that machine reboots and we measure the alteration of the BIOS integrity through a second, independent hardware security system, we get a confirm. And now for the first time ever, you have a dynamically-managed endpoint device where I got confirmation of the management transaction. So instead of mailing Grandma a check and I have no idea whether she got it, I sent her a wire transfer with an ACH confirm. That’s cool. But it’s going to take a while for everybody to figure that out, but this is the beginning of how we would do standards-based confirmation of known endpoint configuration of all machines. So you want this in every management console you buy today. You’re not asking for it yet. If you started asking today, in five years you could have it for free. This doesn’t incrementally increase the cost of your endpoint management by a lot. It should be incorporated in the price you’re already spending. (Next slide. [22])

So I put this up there. This is actually stolen from a slide from Microsoft. This is Windows 8 Malware Resistance. And what it does (I think it builds a little bit, just click a little bit. I didn’t animate this as well as I would have liked to. One more click.) Anyway, what happens is it does a UEFI boot and measures the TPM. (Next click.) Then it goes to Windows and it measures the Windows OS kernel. And so this actually completes the picture. In Windows 8 you’re going to get UEFI boot, measured OS, and measured third-party malware components. And then they report to that little attestation (Push one more click.) – that little attestation service was the previous slide, which tells me that this actually happened. So TPM is an integral part of Windows 8. Are you ready? No, you’re not going to deploy Windows 8 for two or three years. Cool. It’s going to take you two or three yeas to turn on the identity in 100% of all your machines. We just completed a pilot, or we’re in the final stages of a pilot, at NSA. Guess what the #1 thing we learned in the pilot was. You’re going to love this. It is way cheaper to turn on the TPM before it’s deployed as opposed to automatically turning it on in the network. Guess what the second really funny thing we learned is. This is BIOS integrity; you have to reboot the computer. The network they put us on never turns the computers off. So we sent a message out and said, “Please reboot your computers.” Couple hundred machines. Next day, 25 machines rebooted. Those users are so compliant. All they had to do was turn the thing on and off. It was really good fun. So don’t rely on the users to reboot your machines. It’ll actually turn out at the end that if they were to turn the machines off at 6 o’clock at night and turn them on in the morning, that the power savings over a one-year period of time would completely pay for the infrastructure that they deployed, so maybe we should just turn the machines off at night. That actually would be really cool. (But anyway, next slide. [23])


[Minute 31:00]

So I put this in there – I don’t expect everybody to fully understand this next train of thought – but I want to say it. Here’s the ultimate PC today in consumer PC. And I could replace user login with a CAC card as well. Do the same thing. So BIOS integrity management first. Ensures the integrity of the BIOS. Then I load a self-encrypting drive. Then I log the user in, without network connectivity, to authorize the user on that machine in a secure Trusted Execution, pre-OS BIOS. Because it’s measured and verified and incorporated as part of the drive authentication. If the BIOS changes, you will not log in to that machine. Then I run Microsoft Direct Access. Microsoft Direct Access is enormously cool because it turns my PC into a mobile device. This is before the user logs in, I form a connection back to the enterprise. It’s a policy-managed machine, held by the TPM as my mechanism for identity, and Direct Access. So I have a SIM module, and an always-connected machine. If it’s got on the IP network, it’s on my domain and it’s policy managed. Then I log the user in and I can do it with a smartcard or I could use the TPM as a virtual smartcard. And so a consumer enterprise, my employees have no domain credentials. Now, I did these in two colors on purpose because NSA tells you if you want to do Top Secret you should have dual independent systems that are Commercial Off The Shelf technology in order to combine the threat vectors so that if I have a 10% chance of compromising this and a 10% chance of compromising that, actually I have a 1% chance of compromising both or even better. The light blue is TPM, the dark blue is self-encrypting drives. You have two independently-sourced, independently-manufactured, independently-generated hardware security chips, Commercial Off The Shelf, under $10 in cost, gives you the highest assurance authentication to a machine. You can’t phish that user. That user has no credentials. (Next slide. [24])


So what’s the challenge? How many people have 1,000 seats deployed? Nobody. There’s 600 million devices, I’m on 95% of all your network endpoints. You have no experience. Go play. Find some project, turn it on. PriceWaterhouse turned it on for WiFi and VPN. 132 offices worldwide with three guys, 90,000 machines, and about a year project. They have no credentials for WiFi. Very cool. Industry-built self-encrypting drives. How many are deploying self-encrypting drives today? No, you’re all deploying BitLocker. But you have extra cash so it’s not a problem because BitLocker is more expensive and lower performance. So it’s an interesting challenge. These are industry-standard, vendor-neutral technologies. Now, you can buy SEDs off, for example, the U.S. Army CHESS program. They’re an option. They’re available for deployment today. And slowly but surely they’re getting mandated because you shouldn’t buy solid state without Opal. If you look, I think coming in the fall you’ll see solid state requiring Opal in those commodity programs. And so the early value in this is it lays the foundation for stuff you want to do. The big problem is you want to get all the way to here but you haven’t built the foundation yet. You need device identity, you need to know your devices before you can manage the integrity of your device. You can’t do integrity first without knowing the device. (Next slide. [25])


So a final piece of the puzzle. This is just a list, I’m not going to read through it, of the Trusted Computing use cases for mobile. It’s a fun list. (Next slide. [26])

This is the architecture for Trusted Platform Module in an ARM smartphone. Because Microsoft has put the technology into the Microsoft mobile products, we’re now getting it built in to all the major device manufacturers, in through their silicon. And so within 2013 we’ll start to see broad availability of smartphones with Trusted Platform Modules on them. Ask for them. Define the minimum requirements of what you need in hardware. My conversation with people like Samsung is, “Oh, they don’t need hardware, we’ll just emulate the TPM in software.” Really? How do you feel about that? Want to take the fundamental security component of the entire security of your enterprise mobile network and move it to a virtual software image? (So last slide. [27])

Time to start. Come play.


This is, and will be, the most important technology in the next decade. Why? This is the set-top box for cloud services. This is how you assure that only DoD machines are connected to that service. This is how you can run a Trusted Execution Environment to do secure information sharing because you need a conditional access system in the box. You don’t know how to build one today. I’m doing a little entertaining thing in social media encryption which is really great fun. But what we’re doing is encrypting messages on Twitter. One of the top important messages from the U.S. government is “spectral dominance.” Right? Cool. Anybody in here sent an encrypted message on Twitter yet? Because Twitter’s spectrum. It’s really interesting spectrum. In Egypt when they shut down everything, it turned that the one thing that was left was Twitter. It’s just messages. You can get little cigarette boxes from all the big guys in systems integrators, right, that will make you a high assurance little box that will secure a link. We can get a Type 1 encrypted link. Can you send me a Type 1 encrypted Tweet? And why not? So the network is moved up a level. It’s moved from protecting links to protecting identity and infrastructure. This is how we go build the next generation of network sharing, where I have assurance of both the creation of the content and the consumption of the content. What happens in the middle is irrelevant. But if you look at last year’s budget, you spent 25% of your budget on securing the network. The network’s irrelevant if I encrypt all the Tweets. It’s not entirely irrelevant: Transmission is really important, quality of service is really important. Content inspection? Well the content’s encrypted, you can’t see it. This is the beginning of getting towards that model, but before I can do that I have to get to a known good executing device in which I can run an isolation kernel or a bare metal hypervisor for my VM or whatever on running on known devices. You can’t run a thin client on anybody else’s machine: It’s a special Russian computer that automatically sends everything on that thin client to Russia or China or the guys in Ohio. It doesn’t really matter who’s trying to hack the network. So I’ll leave you with this final concept. Only Known Devices. It’s the one thing that we do. It’s a simple concept. It’s a simple policy. It’s not so simple in its execution. But Only Known Devices is how all the major global enterprises secure their services network. With that I’ll stop. And I’m sure there’s a couple of minutes for questions. And I’m around after this. So thank you. [Minute 38:30] [Q&A] Q. Thank you. Our first question: we’ve heard that TPM is coming to handheld computers like smartphones. Is there a current roadmap? A. So there is. I would say it’s balanced in the concept of demand. And this is where I think people need to be clear in asking for it, as well. So Microsoft’s built it in to all mobile. So this fall you will have tablets and phones with TPMs, running Windows RT. It’s why Windows 8 doesn’t run on the Nokia 7.5-compatible phone: it doesn’t have a TPM. And so it plays a very important role in assuring the Microsoft integrity. Google has secured Chrome with TPM, the Chrome operating system. And it’s in all the Google Chrome laptops. There’s a very broad set of conversations. I would say 2013 we’ll see devices. Samsung’s building chips today, Qualcomm is, so are a number of other manufacturers – that have TPM functionality. But I think we need to be clearer on our needs and requirements because you want them in every device. Instead we’re still sort of messing around with what mobile device management is. It’s – there is no such thing as mobile. Get that out of your head. There’s no such thing as mobile. It’s a change in network architecture, not change in the device. Like wipe. Can I wipe a laptop? Does that give me data-at-rest? Can I wipe a laptop? No. Doesn’t give me data-at-rest. So why is 100 MB laptop storage not the same as a 100 MB iPad storage? Where’s the encryption? Anyway. Next question. Q. Thank you. Are there any downsides to TPMs other than cost?


A. So I don’t think cost is the issue. I think the challenge is is that you actually have to manage the device. The earlier you think about that process, the better off you are. The fundamental downside is you are binding the device so therefore I can’t just walk up to any Greek cyber café, supply my smartcard and type in the targeting coordinates. Probably a bad idea to begin with. Because the concept of “any device” is a false concept. And so I would argue that the benefits today outweigh the management costs of “how do I provision the machines with identity?” You’re spending way more watching all the traffic because you have no knowledge of the machines. Q. In your opinion, what is the best solution for identity management? DoD is moving toward a CAC card. Is this the direction that best supports the future? A. So. Let’s look at the kids. The kids have one of these, right? So let’s fast forward a decade just to make it long enough that we can really look at kids. So. The kid decides to join the Army. How’s he get to base camp? Well, he’s going to leave his house, he’s going to pay for the taxi ride with his phone. Then he’s going to get to the airport. He’s going to check into his flight with his phone. He’s going to get to the airport where he gets to, he’s going to get on the bus and pay for his bus pass with his phone, and he’s going to have bought a coffee, a bag of chips, two sodas, and a Gatorade along the way with his phone. Then he’s going to stand in line and they’re going to hand him a CAC card. And there’s no damn slot. By the way, on the plane and the train, he’s going to have bumped phones with all his recruits so when he arrives everybody else who was going to boot camp has already formed a completely self-formed social secured communications network on their phone. And if you had TPMs on all the phones they’re doing AES 256 crypto with every single call on a unique key session automatically managed by a central server doing classified-level secured communication. On the bus! And you’re going to give him a card. Where’s the slot? So I would just argue that “make this the card.” So check your rules because you can’t make this a FIPS 201 compatible device today because in FIPS 201 the smartcard guys put in a little line that says, “the primary authentication identity credentials must be separate from the device that uses it.” Really! Well, you don’t have a secure reader so it doesn’t actually matter. By the way, you have no secure PIN entry so the thing’s pretty hokey compared to a payment terminal in Europe. You could, with Trusted Execution in this, have an assured ARM Trust Zone PIN entry pad that would assure that the PINs when collected on this device are securely supplied only to the credential held in this device so this will be, and probably is today, more secure than the CAC card you have today. But let’s give them a card. So I don’t know what the plan is. It just seems to me that we have – we’re reading about the plan in The New York Times but when we get on down on the ground and we have an identity conference about it, everybody wants to know where it is. By the way if I had your identity credential in a phone, doesn’t that make every phone a secure reader? Oh, that’s really cool. So now I could identity-proof you by having you bump your phone with my phone or send me a message or a proximity-based message, and your picture comes up on this in a trusted manner because this is an authorized terminal allowed to check to see whether you are or are not on the list. I think it’s a simple question. The answer is “the phone is the credential.” Do I also want a CAC card? Sure. It fits in my wallet way better than my phone. So the real thing I think you got to focus on is a transition that says, “I’m going to have more than one credential that represents me.” That’s the really big change. I’m going to have one in my phone, one in my computer, one in my car, one in …. I want them everywhere so I can assert my identity when I need to. I think we’ve used up our time. Q. Thank you. A. Thank you very much.

wave armed forces comm's & electronics presentation 8-12

Business