Dissertations / Theses on the topic 'Trusted computing platform'

A Trusted Platform Module (TPM) is a security device included in most modern desktop and laptop computers. It helps keep the computing environment secure by isolating cryptographic functions and data from the CPU. A TPM is usually implemented with a small microcontroller which is near the main processor. In addition to a microcontroller, it may employ hardware acceleration to assist in cryptographic computations. When vulnerabilities are found, or new algorithms developed, TPMs become obsolete because the hardware accelerators cannot be upgraded. This thesis presents a proof of concept implementation of a TPM on an FPGA. By using an FPGA, the TPM gains the ability to be upgraded or have new cryptographic modules added. This new design easily fits on the Zynq FPGA used in this work, with room left over for additional functionality. We explore the feasibility of this approach, including the added cost of the FPGA, and the added benefits of reconfigurable hardware.

Organizations have many employees that lack the technical knowledge to securely operate their machines. These users may open malicious email attachments/links or install unverified software such as P2P programs. These actions introduce significant risk to an organization's network since they allow attackers to exploit the trust and access given to a client machine. However, system administrators currently lack the control of client machines needed to prevent these security risks. A possible solution to address this issue lies in attestation. With respect to computer science, attestation is the ability of a machine to prove its current state. This capability can be used by client machines to remotely attest to their state, which can be used by other machines in the network when making trust decisions. Previous research in this area has focused on the use of a static root of trust (RoT), requiring the use of a chain of trust over the entire software stack. We would argue this approach is limited in feasibility, because it requires an understanding and evaluation of the all the previous states of a machine. With the use of late launch, a dynamic root of trust introduced in the Trusted Platform Module (TPM) v1.2 specification, the required chain of trust is drastically shortened, minimizing the previous states of a machine that must be evaluated. This reduced chain of trust may allow a dynamic RoT to address the limitations of a static RoT. We are implementing a client terminal service that utilizes late launch to attest to its execution. Further, the minimal functional requirements of the service facilitate strong software verification. The goal in designing this service is not to increase the security of the network, but rather to push the functionality, and therefore the security risks and responsibilities, of client machines to the network€™s servers. In doing so, we create a platform that can more easily be administered by those individuals best equipped to do so with the expectation that this will lead to better security practices. Through the use of late launch and remote attestation in our terminal service, the system administrators have a strong guarantee the clients connecting to their system are secure and can therefore focus their efforts on securing the server architecture. This effectively addresses our motivating problem as it forces user actions to occur under the control of system administrators.

Trusted platform modules (TPMs) are hardware modules that are bound to a computer's motherboard, that are being included in many desktops and laptops. Augmenting computers with these hardware modules adds powerful functionality in distributed settings, allowing us to reason about the security of these systems in new ways. In this dissertation, I study the functionality of TPMs from a theoretical as well as an experimental perspective. On the theoretical front, I leverage various features of TPMs to construct applications like random oracles that are impossible to implement in a standard model of computation. Apart from random oracles, I construct a new cryptographic primitive which is basically a non-interactive form of the standard cryptographic primitive of oblivious transfer. I apply this new primitive to secure mobile agent computations, where interaction between various entities is typically required to ensure security. I prove these constructions are secure using standard cryptographic techniques and assumptions. To test the practicability of these constructions and their applications, I performed an experimental study, both on an actual TPM and a software TPM simulator which has been enhanced to make it reflect timings from a real TPM. This allowed me to benchmark the performance of the applications and test the feasibility of the proposed extensions to standard TPMs. My tests also show that these constructions are practical.

Data stored in third party storage systems like the cloud might not be secure since confidentiality and integrity of data are not guaranteed. Though cloud computing provides cost-effective storage services, it is a third party service and so, a client cannot trust the cloud service provider to store its data securely within the cloud. Hence, many organizations and users may not be willing to use the cloud services to store their data in the cloud until certain security guarantees are made. In this thesis, a solution to the problem of securely storing the client’s data by maintaining the confidentiality and integrity of the data within the cloud is developed. Five protocols are developed which ensure that the client’s data is stored only on trusted storage servers, replicated only on trusted storage servers, and guarantee that the data owners and other privileged users of that data access the data securely. The system is based on trusted computing platform technology [11]. It uses a Trusted Platform Module, specified by the Trusted Computing Group [11]. An encrypted file system is used to encrypt the user’s data. The system provides data security against a system administrator in the cloud.

<p>This thesis presents a comparative study of four Network Access Control (NAC) technologies; Trusted Network Connect by the Trusted Computing group, Juniper Networks, Inc.’s Unified Access Control, Microsoft Corp.’s Network Access Protection, and Cisco Systems Inc.’s Network Admission Control. NAC is a vision, which utilizes existing solutions and new technologies to provide assurance that any device connecting to a network policy domain is authenticated and is subject to the network’s policy enforcement. Non-compliant devices are isolated until they have been brought back to a complaint status. We compare the NAC technologies in terms of architectural and functional features they provide.</p><p>There is a race of NAC solutions in the marketplace, each claiming their own definition and terminology, making it difficult for customers to adopt such a solution, resulting in much uncertainty. The NAC paradigm can be classified into two categories: the first category embraces open standards; the second follows proprietary standards. By selecting these architectures, we cover a representative set of proprietary and open standards-based NAC technologies.</p><p>This study concludes that there is a great need for standardization and interoperability of NAC components and that the four major solution proposals that we studied fall short of the desired interoperability. With standards, customers have the choice to adopt solution components from different vendors, selecting, what is commonly referred to as the best of breed. One example for a standard technology that all four NAC technologies that we studied did adopt is the IEEE’s 802.1X port-based access control technology. It is used to control endpoint device access to the network.</p><p>One shortcoming that most NAC architectures (with the exception of Trusted Network Connect) have in common, is the lack of a strong root-of-trust. Without it, clients’ compliance measurements cannot be trusted by the policy server whose task is to assess each client’s policy compliance.</p>

To create a trusted environment for program execution and data storage, the Trusted Computing Group (TCG) has introduced a set of technologies to create a Trusted Platform, based on a hardware trust anchor capable of protecting sensitive information and identifying the components running in a computer system. A Trusted Platform is built around a cost-effective and tamper-resistant hardware component called Trusted Platform Module (TPM). Although TPM is widely available, building a Trusted Platforms and Applications is not an easy task. This work wants to encourage the usage of Trusted Computing in commodity systems and propose the adoption of the Trusted Computing Technology in different applications which require the guarantee that information is handled correctly. The broad diffusion of Trusted Computing and Trusted Platforms in real life scenarios will allow mitigating software attacks and will allow users to increase confidence on their platforms.

The evolution of cloud technologies which allows the provisioning of IT resources over the Internet promises many benefits for the individuals and enterprises alike. However, this new resource provisioning model comes with the security challenges which did not exist in the traditional resource procurement mechanisms. We focus on the possible security concerns of a cloud user (e.g. an organization, government department, etc.) to lease cloud services such as resources in the form of Virtual Machines (VM) from a public Infrastructure-as-a-Service (IaaS) provider. There are many security critical areas in the cloud systems, such as data confidentiality, resource integrity, service compliance, security audits etc. In this thesis, we focus on the security aspects which result in the trust deficit among the cloud stakeholders and hence hinder a security sensitive user to benefit from the opportunities offered by the cloud computing. Based upon our findings from the security requirements analysis,we propose solutions that enable user trust in the public IaaS clouds. Our solutions mainly deal with the secure life cycle management of the user VM which include mechanisms for VM launch and migration. The VM launch and migration solutions ensure that the user VM is always protected in the cloud by only allowing it to run on the user trusted platforms. This is done by using trusted computing techniques that allow the users to remotely attest and hence rate the cloud platforms trusted or untrusted. We also provide a prototype implementation to prove the implementation feasibility of the proposed trust enabling principles used in the VM launch and migration solutions.

<p>With Cloud Computing becoming a popular term on the Information Technology (IT) market, security and accountability has become important issues to highlight. In our research we review these concepts by focusing on security risks with Cloud Computing and the associated services; Software, Platform and Infrastructure (SPI) and connecting them with a social study of trust.</p><p>The method that was conducted during our research was reviewing secondary literature, interviewing different experts regarding Cloud Computing and relating standards already established by ENISA, NIST, and CSA to the interviews.</p><p>The result of this study shows connections between the specific SPIs, both how they compare, but also how they differ. In the end we were also able to rank the top security risks from interviews with experts and see which SPI could be the most insecure one and  what countermeasures could be applied.</p><p>This was further related to trust and Service Level Agreement (SLA) in Cloud Computing to show how the security risks we discuss are related to these two specific areas. By highlighting this we wanted to present useable information for both clients and providers in how to create a better Cloud Computing environment.</p>

Nous vivons aujourd’hui dans l'ère cybernétique où de nouvelles technologies naissent chaque jour avec la promesse de rendre la vie humaine plus confortable, pratique et sûre. Parmi ces nouvelles technologies, l'informatique mobile se développe en influençant la vie de l’utilisateur. En effet, les plates-formes mobiles (smartphone, tablette) sont devenues les meilleurs compagnons de l’utilisateur pour mener à bien ses activités quotidiennes, comme les activités commerciales ou de divertissement. En jouant ces rôles importants, les plates-formes mobiles doivent opérer dans des environnements de confiance. Dans cette thèse, nous étudions la sécurité des plates-formes mobiles en passant d’un niveau de sécurité primitif qui s’appuie sur les plates-formes de confiance, à un niveau plus sophistiqué qui se base sur de l’intelligence bio-inspirée. Plus précisément, après avoir abordé les défis du cloud computing mobile (MCC), nous développons une étude de cas appelée Droplock pour le cloud mobile et nous étudions son efficacité énergétique et ses performances pour illustrer le modèle MCC. En outre, en s’appuyant sur les plates-formes de confiance (comme les TPM), nous avons introduit un nouveau schéma d'attestation à distance pour sécuriser les plates-formes mobiles dans le contexte du cloud mobile. Pour améliorer le niveau de sécurité et être adaptatif au contexte, nous avons utilisé de la logique floue combinant un système de colonies de fourmis pour évaluer la confiance et la réputation du cloud mobile basé sur la notion de cloudlets<br>As living in the cyber era, we admit that a dozen of new technologies have been born every day with the promises that making a human life be more comfortable, convenient and safe. In the forest of new technologies, mobile computing is raise as an essential part of human life. Normally, mobile devices have become the best companions in daily activities. They have served us from the simple activities like entertainment to the complicated one as business operations. As playing the important roles, mobile devices deserve to work in the environment which they can trust for serving us better. In this thesis, we investigate the way to secure mobile devices from the primitive security level (Trusted Platforms) to the sophisticated one (bio-inspired intelligence). More precisely, after addressing the challenges of mobile cloud computing (MCC), we have studied the real-case of mobile cloud computing, in terms of energy efficiency and performance, as well as proposed a demonstration of particular MCC model, called Droplock system. Moreover, taking advantages of trusted platform module functionality, we introduced a novel schema of remote attestation to secure mobile devices in the context of Mobile-Cloud based solution. To enhance the security level, we used fuzzy logic combining with ant colony system to assess the trust and reputation for securing another mobile cloud computing model based on the cloudlet notion

Nous vivons aujourd’hui dans l'ère cybernétique où de nouvelles technologies naissent chaque jour avec la promesse de rendre la vie humaine plus confortable, pratique et sûre. Parmi ces nouvelles technologies, l'informatique mobile se développe en influençant la vie de l’utilisateur. En effet, les plates-formes mobiles (smartphone, tablette) sont devenues les meilleurs compagnons de l’utilisateur pour mener à bien ses activités quotidiennes, comme les activités commerciales ou de divertissement. En jouant ces rôles importants, les plates-formes mobiles doivent opérer dans des environnements de confiance. Dans cette thèse, nous étudions la sécurité des plates-formes mobiles en passant d’un niveau de sécurité primitif qui s’appuie sur les plates-formes de confiance, à un niveau plus sophistiqué qui se base sur de l’intelligence bio-inspirée. Plus précisément, après avoir abordé les défis du cloud computing mobile (MCC), nous développons une étude de cas appelée Droplock pour le cloud mobile et nous étudions son efficacité énergétique et ses performances pour illustrer le modèle MCC. En outre, en s’appuyant sur les plates-formes de confiance (comme les TPM), nous avons introduit un nouveau schéma d'attestation à distance pour sécuriser les plates-formes mobiles dans le contexte du cloud mobile. Pour améliorer le niveau de sécurité et être adaptatif au contexte, nous avons utilisé de la logique floue combinant un système de colonies de fourmis pour évaluer la confiance et la réputation du cloud mobile basé sur la notion de cloudlets<br>As living in the cyber era, we admit that a dozen of new technologies have been born every day with the promises that making a human life be more comfortable, convenient and safe. In the forest of new technologies, mobile computing is raise as an essential part of human life. Normally, mobile devices have become the best companions in daily activities. They have served us from the simple activities like entertainment to the complicated one as business operations. As playing the important roles, mobile devices deserve to work in the environment which they can trust for serving us better. In this thesis, we investigate the way to secure mobile devices from the primitive security level (Trusted Platforms) to the sophisticated one (bio-inspired intelligence). More precisely, after addressing the challenges of mobile cloud computing (MCC), we have studied the real-case of mobile cloud computing, in terms of energy efficiency and performance, as well as proposed a demonstration of particular MCC model, called Droplock system. Moreover, taking advantages of trusted platform module functionality, we introduced a novel schema of remote attestation to secure mobile devices in the context of Mobile-Cloud based solution. To enhance the security level, we used fuzzy logic combining with ant colony system to assess the trust and reputation for securing another mobile cloud computing model based on the cloudlet notion

Portable languages and distributed paradigms have driven a wave of new applications and processing models. One of the most promising, certainly from its early marketing, but disappointing (from its limited uptake)is the mobile agent execution and data processing model. Mobile agents are autonomous programs which can move around a heterogeneous network such as the Internet, crossing through a number of different security domains, and perform some work at each visited destination as partial completion of a mission for their agent user. Despite their promise as a technology and paradigm to drive global electronic services (i.e.any Internet-driven-and-delivered service, not solely e-commerce related activities), their up take on the Internet has been very limited. Chief among the reasons for the paradigm's practical under-achievement is there is no ubiquitous frame work for using Internet mobile agents, and non-trivial security concerns abound for the two major stake holders (mobile agent users and mobile agent platform owners). While both stake holders have security concerns with the dangers of the mobile agent processing model, most investigators in the field are of the opinion that protecting mobile agents from malicious agent platforms is more problematic than protecting agent platforms from malicious mobile agents. Traditional cryptographic mechanisms are not well-suited to counter the bulk of the threats associated with the mobile agent paradigm due to the untrusted hosting of an agent and its intended autonomous, flexible movement and processing. In our investigation, we identified that the large majority of the research undertaken on mobile agent security to date has taken a micro-level perspective. By this we mean research focused solely on either of the two major stakeholders, and even then often only on improving measures to address one security issue dear to the stake holder - for example mobile agent privacy (for agent users) or access control to platform resources (for mobile agent platform owners). We decided to take a more encompassing, higher-level approach in tackling mobile agent security issues. In this endeavour, we developed the beginnings of an infrastructural-approach to not only reduce the security concerns of both major stakeholders, but bring them transparently to a working relationship. Strategic utilisation of both existing distributed system trusted-third parties (TTPs) and novel mobile agent paradigm-specific TTPs are fundamental in the infrastructural framework we have devised. Besides designing an application and language independent frame work for supporting a large-scale Internet mobile agent network, our Mobile Agent Secure Hub Infrastructure (MASHIn) proposal encompasses support for flexible access control to agent platform resources. A reliable means to track the location and processing times of autonomous Internet mobile agents is discussed, withfault-tolerant handling support to work around unexpected processing delays. Secure,highly-effective (incomparison to existing mechanisms) strategies for providing mobile agent privacy, execution integrity, and stake holder confidence scores were devised - all which fit comfortably within the MASHIn framework. We have deliberately considered the interests - withoutbias -of both stake holders when designing our solutions. In relation to mobile agent execution integrity, we devised a new criteria for assessing the robustness of existing execution integrity schemes. Whilst none of the existing schemes analysed met a large number of our desired properties for a robust scheme, we identified that the objectives of Hohl's reference states scheme were most admirable - particularly real - time in - mission execution integrity checking. Subsequently, we revised Hohl's reference states protocols to fit in the MASHIn framework, and were able to overcome not only the two major limitations identified in his scheme, but also meet all of our desired properties for a robust execution integrity scheme (given an acceptable decrease in processing effiency). The MASHIn offers a promising new perspective for future mobile agent security research and indeed a new frame work for enabling safe and autonomous Internet mobile agents. Just as an economy cannot thrive without diligent care given to micro and macro-level issues, we do not see the security prospects of mobile agents (and ultimately the prospects of the mobile agent paradigm) advancing without diligent research on both levels.

Portable languages and distributed paradigms have driven a wave of new applications and processing models. One of the most promising, certainly from its early marketing, but disappointing (from its limited uptake)is the mobile agent execution and data processing model. Mobile agents are autonomous programs which can move around a heterogeneous network such as the Internet, crossing through a number of different security domains, and perform some work at each visited destination as partial completion of a mission for their agent user. Despite their promise as a technology and paradigm to drive global electronic services (i.e.any Internet-driven-and-delivered service, not solely e-commerce related activities), their up take on the Internet has been very limited. Chief among the reasons for the paradigm's practical under-achievement is there is no ubiquitous frame work for using Internet mobile agents, and non-trivial security concerns abound for the two major stake holders (mobile agent users and mobile agent platform owners). While both stake holders have security concerns with the dangers of the mobile agent processing model, most investigators in the field are of the opinion that protecting mobile agents from malicious agent platforms is more problematic than protecting agent platforms from malicious mobile agents. Traditional cryptographic mechanisms are not well-suited to counter the bulk of the threats associated with the mobile agent paradigm due to the untrusted hosting of an agent and its intended autonomous, flexible movement and processing. In our investigation, we identified that the large majority of the research undertaken on mobile agent security to date has taken a micro-level perspective. By this we mean research focused solely on either of the two major stakeholders, and even then often only on improving measures to address one security issue dear to the stake holder - for example mobile agent privacy (for agent users) or access control to platform resources (for mobile agent platform owners). We decided to take a more encompassing, higher-level approach in tackling mobile agent security issues. In this endeavour, we developed the beginnings of an infrastructural-approach to not only reduce the security concerns of both major stakeholders, but bring them transparently to a working relationship. Strategic utilisation of both existing distributed system trusted-third parties (TTPs) and novel mobile agent paradigm-specific TTPs are fundamental in the infrastructural framework we have devised. Besides designing an application and language independent frame work for supporting a large-scale Internet mobile agent network, our Mobile Agent Secure Hub Infrastructure (MASHIn) proposal encompasses support for flexible access control to agent platform resources. A reliable means to track the location and processing times of autonomous Internet mobile agents is discussed, withfault-tolerant handling support to work around unexpected processing delays. Secure,highly-effective (incomparison to existing mechanisms) strategies for providing mobile agent privacy, execution integrity, and stake holder confidence scores were devised - all which fit comfortably within the MASHIn framework. We have deliberately considered the interests - withoutbias -of both stake holders when designing our solutions. In relation to mobile agent execution integrity, we devised a new criteria for assessing the robustness of existing execution integrity schemes. Whilst none of the existing schemes analysed met a large number of our desired properties for a robust scheme, we identified that the objectives of Hohl's reference states scheme were most admirable - particularly real - time in - mission execution integrity checking. Subsequently, we revised Hohl's reference states protocols to fit in the MASHIn framework, and were able to overcome not only the two major limitations identified in his scheme, but also meet all of our desired properties for a robust execution integrity scheme (given an acceptable decrease in processing effiency). The MASHIn offers a promising new perspective for future mobile agent security research and indeed a new frame work for enabling safe and autonomous Internet mobile agents. Just as an economy cannot thrive without diligent care given to micro and macro-level issues, we do not see the security prospects of mobile agents (and ultimately the prospects of the mobile agent paradigm) advancing without diligent research on both levels.

Trusted computing is gaining an increasing acceptance in the industry and finding its way to cloud computing. With this penetration, the question arises whether the concept of hardwired security modules will cope with the increasing sophistication and security requirements of future IT systems and the ever expanding threats and violations. So far, embedding cryptographic hardware engines into the Trusted Platform Module (TPM) has been regarded as a security feature. However, new developments in cryptanalysis, side-channel analysis, and the emergence of novel powerful computing systems, such as quantum computers, can render this approach useless. Given that, the question arises: Do we have to throw away all TPMs and lose the data protected by them, if someday a cryptographic engine on the TPM becomes insecure? To address this question, we present a novel architecture called Sustainable Trusted Platform Module (STPM), which guarantees a secure update of the TPM cryptographic engines without compromising the system’s trustworthiness. The STPM architecture has been implemented as a proof-of-concept on top of a Xilinx Virtex-5 FPGA platform, demonstrating the test cases with an update of the fundamental hash and asymmetric engines of the TPM.