secure endpoints, secure network: bios integrity measurements heuristics tool
TRANSCRIPT
![Page 1: Secure Endpoints, Secure Network: BIOS Integrity Measurements Heuristics Tool](https://reader035.vdocuments.net/reader035/viewer/2022080213/55a2b5811a28ab040d8b462d/html5/thumbnails/1.jpg)
Secure Endpoints, Secure
Network
BIOS Integrity Measurements
Heuristics Tool for CFT
Dan Griffin
JW Secure, Inc.
![Page 2: Secure Endpoints, Secure Network: BIOS Integrity Measurements Heuristics Tool](https://reader035.vdocuments.net/reader035/viewer/2022080213/55a2b5811a28ab040d8b462d/html5/thumbnails/2.jpg)
WWNSAD?
• NSA and NIST have been public about:
– Inevitability of mobile computing
– Need to support cloud-based services
– Even for use with secret data in the field
• What works for them can work for you
![Page 3: Secure Endpoints, Secure Network: BIOS Integrity Measurements Heuristics Tool](https://reader035.vdocuments.net/reader035/viewer/2022080213/55a2b5811a28ab040d8b462d/html5/thumbnails/3.jpg)
![Page 4: Secure Endpoints, Secure Network: BIOS Integrity Measurements Heuristics Tool](https://reader035.vdocuments.net/reader035/viewer/2022080213/55a2b5811a28ab040d8b462d/html5/thumbnails/4.jpg)
![Page 5: Secure Endpoints, Secure Network: BIOS Integrity Measurements Heuristics Tool](https://reader035.vdocuments.net/reader035/viewer/2022080213/55a2b5811a28ab040d8b462d/html5/thumbnails/5.jpg)
![Page 6: Secure Endpoints, Secure Network: BIOS Integrity Measurements Heuristics Tool](https://reader035.vdocuments.net/reader035/viewer/2022080213/55a2b5811a28ab040d8b462d/html5/thumbnails/6.jpg)
![Page 7: Secure Endpoints, Secure Network: BIOS Integrity Measurements Heuristics Tool](https://reader035.vdocuments.net/reader035/viewer/2022080213/55a2b5811a28ab040d8b462d/html5/thumbnails/7.jpg)
![Page 8: Secure Endpoints, Secure Network: BIOS Integrity Measurements Heuristics Tool](https://reader035.vdocuments.net/reader035/viewer/2022080213/55a2b5811a28ab040d8b462d/html5/thumbnails/8.jpg)
Introduction
• What is a TPM?
• What is “measured boot”?
• What is “remote attestation”?
![Page 9: Secure Endpoints, Secure Network: BIOS Integrity Measurements Heuristics Tool](https://reader035.vdocuments.net/reader035/viewer/2022080213/55a2b5811a28ab040d8b462d/html5/thumbnails/9.jpg)
Measured Boot + Remote
Attestation
![Page 10: Secure Endpoints, Secure Network: BIOS Integrity Measurements Heuristics Tool](https://reader035.vdocuments.net/reader035/viewer/2022080213/55a2b5811a28ab040d8b462d/html5/thumbnails/10.jpg)
What is measured boot?
TPM
BIOS
Boot
Loader
Kernel
Early
Drivers
Hash of next item(s)
Boot Log
[PCR data]
[AIK pub]
[Signature]
![Page 11: Secure Endpoints, Secure Network: BIOS Integrity Measurements Heuristics Tool](https://reader035.vdocuments.net/reader035/viewer/2022080213/55a2b5811a28ab040d8b462d/html5/thumbnails/11.jpg)
What is remote attestation?
Client Device
TPM
Signed
Boot
Log Attestation
Server
some token…
![Page 12: Secure Endpoints, Secure Network: BIOS Integrity Measurements Heuristics Tool](https://reader035.vdocuments.net/reader035/viewer/2022080213/55a2b5811a28ab040d8b462d/html5/thumbnails/12.jpg)
Weaknesses
• Provisioning
– Secure supply chain?
– TPM EK database
– Patching delay & whitelist maintenance
• Integrity of the TPM hardware
– Capping; electron microscopes
– Trend of migration from hardware to firmware
• Hibernate file is unprotected
![Page 13: Secure Endpoints, Secure Network: BIOS Integrity Measurements Heuristics Tool](https://reader035.vdocuments.net/reader035/viewer/2022080213/55a2b5811a28ab040d8b462d/html5/thumbnails/13.jpg)
Post-CFT
• Measurement-Bound Keys
– “Trusted Tamperproof Time on Mobile
Devices”
– See http://www.jwsecure.com/dan
• Commercialization
– JW Secure StrongNet
– RSA 2013
![Page 14: Secure Endpoints, Secure Network: BIOS Integrity Measurements Heuristics Tool](https://reader035.vdocuments.net/reader035/viewer/2022080213/55a2b5811a28ab040d8b462d/html5/thumbnails/14.jpg)
![Page 15: Secure Endpoints, Secure Network: BIOS Integrity Measurements Heuristics Tool](https://reader035.vdocuments.net/reader035/viewer/2022080213/55a2b5811a28ab040d8b462d/html5/thumbnails/15.jpg)
Questions?
206-683-6551
@JWSdan
JW Secure provides custom security
software development services.