secure endpoints, secure network: bios integrity measurements heuristics tool

Secure Endpoints, Secure

Network

BIOS Integrity Measurements

Heuristics Tool for CFT

Dan Griffin

JW Secure, Inc.

WWNSAD?

• NSA and NIST have been public about:

– Inevitability of mobile computing

– Need to support cloud-based services

– Even for use with secret data in the field

• What works for them can work for you

Introduction

• What is a TPM?

• What is “measured boot”?

• What is “remote attestation”?

Measured Boot + Remote

Attestation

What is measured boot?

TPM

BIOS

Boot

Loader

Kernel

Early

Drivers

Hash of next item(s)

Boot Log

[PCR data]

[AIK pub]

[Signature]

What is remote attestation?

Client Device

TPM

Signed

Boot

Log Attestation

Server

some token…

Weaknesses

• Provisioning

– Secure supply chain?

– TPM EK database

– Patching delay & whitelist maintenance

• Integrity of the TPM hardware

– Capping; electron microscopes

– Trend of migration from hardware to firmware

• Hibernate file is unprotected

Post-CFT

• Measurement-Bound Keys

– “Trusted Tamperproof Time on Mobile

Devices”

– See http://www.jwsecure.com/dan

• Commercialization

– JW Secure StrongNet

– RSA 2013

Questions?

dan@jwsecure.com

206-683-6551

@JWSdan

JW Secure provides custom security

software development services.