10. Root of Trust (OBJ 1.5)
In this lesson we’re going to talk about the concept of a hardware root of trust, or rot. Now, a hardware root of trust is the foundation upon which all secure operations of a computing system are going to depend. It contains the keys used for cryptographic functions and enables a secure boot process. It is inherently trusted and therefore it must be secure by design. Now, a hardware root of trust is a cryptographic module in edited within a computer system that can endorse trusted execution and attest to boot settings and metrics. Now, this may sound like a complicated concept, but you use a root of trust all the time without even knowing it. In fact, the TPM module inside your computer’s BIOS is an example of a hardware root of trust.
Essentially, a root of trust is going to be used to scan the boot metrics to that system and the operating system files themselves and it’s going to verify their hash values. And then that root of trust will send over a report to the processor that is digitally signed using the root of trust certificate to indicate they can be trusted. Essentially, this hardware root of trust is a digital certificate, but it’s embedded inside of your firmware on the system. The most commonly used hardware root of trust is your trusted platform module or TPM that’s located within your computer. A TPM is a specification for hardware based storage of digital certificates, keys, hashed passwords, and other user and platform identification information. Each TPM has multiple different functions that are going to be performed within it.
First, the TPM provides a secure method of input and output. Second, there is a cryptographic processor within that TPM that provides a true random number generator. The TPM also has an RSA key generator and a Shaw One hash generator and both an encryption and decryption signature engine. In addition to all of that, the TPM also has persistent memory that contains a digital key that is known as the endorsement key and a storage root key known as the SRK. The TPM also has versatile memory located within it and it’s going to include things like the platform configuration registers or PCRs, the Attestation identity keys or AIK’s and some storage keys. There is a lot of functionality located in this one little TPM chip. So you’re probably wondering, do I have to memorize all these different things for the exam? Well, no, not really. Instead, you really need to remember that the trusted platform module or TPM, is a hardware root of trust and that it is part of your system that allows you to have the ability to ensure that when a system is being booted up that it’s being done securely. Because the TPM is attesting to the fact that our BIOS has not been modified and we can trust its firmware. Another function of the TPM is its ability to be used in conjunction with full disk encryption on our system for example, if you’re using BitLocker with full disk encryption, it’s going to use the key inside of your TPM to make sure the data on your storage device remains securely encrypted. To manage the TPM, you can use the TPM MSC Console tool within Windows, or you can modify it using the Group Policy Editor.
Now, for the exam, you do not need to know how to modify or configure your TPM, but in the real world, you may be asked to work with them. So it’s important to know if you are. You can always look up the latest documentation@microsoft. com for how to modify and configure your TPM properly based upon your unique circumstances. Now, another form of hardware root of trust that we can talk about is a hardware security module. Now, a hardware security module, or HSM, is an appliance for generating and storing cryptographic keys, which is less susceptible to tampering and insider threats than using storage based solutions. Hardware security modules are going to be used to protect our encryption paths because they are much more secure than using traditional passwords or secret keys.
Instead, we’re going to use a hardware security module that contains a trusted and protected digital key that can be used with an encryption device. There are many different ways to create hardware security modules, and they are produced in different form factors. For example, here you can see that we have the insight for hardware security module in three different models. There is one that’s going to be an internal card that can be put into a system. There’s another one that’s going to be a rack mounted system. And then there’s this one that’s more of an Internet of Things type of solution. The real advantage of these type of systems is that they are automated and they provide a means that the keys cannot be compromised by human involvement. By removing the person from the equation, we can ensure our systems are much more secure.
11. Attestation (OBJ 1.5)
Systems use Attestation to ensure that a machine meets certain approved baselines prior to receiving access to a given resource. Now, most large organizations establish standard baselines for their corporate workstations, including the operating system, security software and office productivity suites that are going to be used. There are also certain configurations or settings that make this baseline as secure as possible when it’s being deployed. Now, Attestation allows enterprise security personnel to determine if a change to that baseline has already been made.
This concept can be used prior to allowing a device to connect to a server or to another resource on the network. For example, a lot of certification providers allow candidates to take their exams from their home computers. If you’re studying for your idle or Prints two certifications, for example, you can take those exams completely online using a web based proctoring service. When your computer connects to the examination company’s servers at the designated time, their server is going to scan your computer to verify compliance with their approved policies. Prior to allowing you to access the exam, their system is going to verify that your computer has a Webcam and it has a microphone, and both are installed and turned on so the exam proctor can see you and hear you during the exam. Also, the computer is going to be scanned to verify that there is no screen recording software being utilized on your system because they want to make sure the exam is protected from being copied. Finally, they’re going to scan your computer to ensure no other programs are running except the examination tool to prevent any kind of cheating. All this is a form of Attestation that’s being used by this web proctoring company. Now, moving back to the security world, consider the Trusted Platform Module, or TPM chip, that is installed in every system.
Each chip has an endorsement Key, known as an Ek, and an Attestation Integrity Key, known as an AIK. The manufacturer installs the endorsement key, which is then digitally signed by a Trusted Certificate Authority, but the manufacturer also creates an Attestation Integrity key. Third party applications that are installed on the system then are going to use that particular key to determine the integrity of our TPM chip. If this key is modified or damaged, it indicates that the TPM module and its associate endorsement key can no longer be trusted. This is yet another form of Attestation at work.
12. Identity Proofing (OBJ 1.5)
If your organization wants to take identification one step further, they can use identity proofing. Now, identity proofing is a fairly simple concept. It relies on a person providing additional proof of who they are. This, however, can be done in many different ways. Think back to the last time you forgot your password and you had to reset it on a website. You browse to the website, you click Forgot my password, and then you’re asked to answer a couple of questions to prove that you are who you say you are. This might include questions like where you went to high school, what was the name of your first pet? And what city did you meet your spouse? Now, the concept here is that you and only those closest to you should know the details of these additional identity proofing questions.
But that’s not always the case. Take, for example, the case of the 2008 vice presidential candidate Sarah Palin, who had her Yahoo. Email account hacked by a 20 year old college student. Now, how did he do it? Well, he simply answered the identity proofing questions correctly when he clicked on the forgot my password link on Yahoo’s website after putting in Sarah Palin’s email address. Now, the identity proofing questions here include things like what high school did Sarah Palin attend? And what was her birthday? Both of these are easily found by searching publicly online at sites like Wikipedia.
So in response to this, many security experts recommend that you create your own alternative persona to answer these type of identity proofing questions. For example, when asked where I was born, I might answer, Argentina, even though that’s not where I grew up. But if I use the same answers each time for all the websites I go to, this becomes my new alternate persona. That can now serve as a more secure way for me to use identity proofing questions. Now, another method of using identity proofing that’s often used in large enterprises is that you have to present documentation to prove you are who you say you are. For example, at one organization I work for, we had to physically go over to the It. Service desk with a photo ID. Like our driver’s license or passport if we wanted them to reset our password. This type of inperson identity proofing is much more secure, but it does slow down the service desk process. So you need to weigh the costs and the benefits before deciding to implement this type of in person identity proofing. Now, once the user’s identity is verified, that identity is going to be passed on to other servers, devices, and resources throughout your network. This passing of the identity is known as identity propagation. If a system performs its own authentication, then only the identity is passed to that system.
If we’re going to use single sign on, though, then both the identity and the authentication will need to be passed on to the other servers, each vendor allows for identity propagation in their own manner. For Microsoft’s Active Directory, for example, they utilize a proprietary technology that’s based on the carboro’s ticketing system. The various tickets are going to provide the user’s identity and authentication for various Microsoft services located throughout your domain. Sometimes, however, these proprietary systems must be integrated with third party applications. When this occurs, we need to use a centralized system for identity and authentication translation.
This system may be translating Microsoft tickets, single sign on authentication, and even XML tokens for use by different applications. Depending on the methods used for identity propagation, it may actually send the user’s credentials across the network. For example, if you’re using the Credentials Security Support Provider Protocol or CredSSP, this does not limit the passing of a user’s full credentials. If you’re using Cred SSP as your identity propagation protocol, you definitely need to ensure that it is always communicating over an encrypted tunnel like SSL or TLS to prevent prying eyes from seeing the information that’s being passed.
