Atjaunināt sīkdatņu piekrišanu

E-grāmata: Trusted Computing Platforms: TPM2.0 in Context

, ,
  • Formāts: PDF+DRM
  • Izdošanas datums: 08-Jan-2015
  • Izdevniecība: Springer International Publishing AG
  • Valoda: eng
  • ISBN-13: 9783319087443
Citas grāmatas par šo tēmu:
  • Formāts - PDF+DRM
  • Cena: 165,96 €*
  • * ši ir gala cena, t.i., netiek piemērotas nekādas papildus atlaides
  • Ielikt grozā
  • Pievienot vēlmju sarakstam
  • Šī e-grāmata paredzēta tikai personīgai lietošanai. E-grāmatas nav iespējams atgriezt un nauda par iegādātajām e-grāmatām netiek atmaksāta.
Trusted Computing Platforms: TPM2.0 in ContextPalielināt
  • Formāts: PDF+DRM
  • Izdošanas datums: 08-Jan-2015
  • Izdevniecība: Springer International Publishing AG
  • Valoda: eng
  • ISBN-13: 9783319087443
Citas grāmatas par šo tēmu:

DRM restrictions

  • Kopēšana (kopēt/ievietot):

    nav atļauts

  • Drukāšana:

    nav atļauts

  • Lietošana:

    Digitālo tiesību pārvaldība (Digital Rights Management (DRM))
    Izdevējs ir piegādājis šo grāmatu šifrētā veidā, kas nozīmē, ka jums ir jāinstalē bezmaksas programmatūra, lai to atbloķētu un lasītu. Lai lasītu šo e-grāmatu, jums ir jāizveido Adobe ID. Vairāk informācijas šeit. E-grāmatu var lasīt un lejupielādēt līdz 6 ierīcēm (vienam lietotājam ar vienu un to pašu Adobe ID).

    Nepieciešamā programmatūra
    Lai lasītu šo e-grāmatu mobilajā ierīcē (tālrunī vai planšetdatorā), jums būs jāinstalē šī bezmaksas lietotne: PocketBook Reader (iOS / Android)

    Lai lejupielādētu un lasītu šo e-grāmatu datorā vai Mac datorā, jums ir nepieciešamid Adobe Digital Editions (šī ir bezmaksas lietotne, kas īpaši izstrādāta e-grāmatām. Tā nav tas pats, kas Adobe Reader, kas, iespējams, jau ir jūsu datorā.)

    Jūs nevarat lasīt šo e-grāmatu, izmantojot Amazon Kindle.

In this book the authors first describe the background of trusted platforms and trusted computing and speculate about the future. They then describe the technical features and architectures of trusted platforms from several different perspectives, finally explaining second-generation TPMs, including a technical description intended to supplement the Trusted Computing Group"s TPM2 specifications. The intended audience is IT managers and engineers and graduate students in information security.

Introduction to Trusted Computing.- Futures for Trusted Computing.- Basics of Trusted Platforms.- Trusted Platform Architecture.- TPM2 Requirements.- TPM2 Operation.- Initialising TPM2.- Managing TPM2.- Accessing Keys and Data in TPM2.- Customer Configuration of TPM2 and Its Host Platform.- Starting to Use TPM2.- Direct Anonymous Attestation (DAA) in More Depth.- Machine Virtualisation, Virtual Machines, and TPMs.- Index.
1 Introduction 1(20)
1.1 The State of Play
2(2)
1.2 Objectives
4(2)
1.3 Trusted Computing Technology
6(1)
1.4 Benefits of Trusted Computing
7(2)
1.5 Trust, Instead of Security
9(3)
1.5.1 Secure Computing
9(1)
1.5.2 Trusted Computing
10(2)
1.6 Limitations of Trusted Computing
12(1)
1.7 Concerns About Trusted Computing
13(5)
1.8 First Generation Trusted Computing
18(1)
References
19(2)
2 Futures for Trusted Computing 21(16)
2.1 Trusted Virtualisation
21(5)
2.1.1 Privacy Implications of Trusted Virtualisation
24(1)
2.1.2 Virtualised Trusted Platforms
25(1)
2.2 Future Trusted Services
26(3)
2.2.1 Data Deletion
26(1)
2.2.2 Contracts and Negotiations
27(1)
2.2.3 Single Sign-On
28(1)
2.2.4 Trusted Software Agents
28(1)
2.2.5 What You See Is What You Sign
29(1)
2.3 Infrastructure Requirements
29(8)
2.3.1 Public Key Infrastructure
29(1)
2.3.2 Manufacture
30(1)
2.3.3 Upgrading TPMs
31(1)
2.3.4 Upgrading Integrity Metrics
31(1)
2.3.5 Auditing Trusted Platforms
32(1)
2.3.6 Discovering Trusted Services
33(4)
3 Basics of Trusted Platforms 37(72)
3.1 Design Constraints, Requirements, and Motivations
37(6)
3.1.1 Legacy Platforms, Software and Infrastructure
37(1)
3.1.2 Out of the Box
38(1)
3.1.3 Legal
38(2)
3.1.4 Privacy Constraints
40(1)
3.1.5 Disaster Recovery
41(2)
3.2 Conventional Security in Trusted Platforms
43(14)
3.2.1 High Security
44(1)
3.2.2 No Global Secrets
45(1)
3.2.3 Separation of Privilege
45(1)
3.2.4 Authorisation and Authentication of the Owner and User
46(2)
3.2.5 Dictionary Attacks
48(1)
3.2.6 Cryptographic Algorithms
49(1)
3.2.7 Isolation of Processes
50(1)
3.2.8 Certification
51(6)
3.3 Innovations in Trusted Platforms
57(27)
3.3.1 General Principles
59(2)
3.3.2 Roots of Trust
61(5)
3.3.3 Platform Configuration Registers
66(1)
3.3.4 Authenticated/Measured Boot
66(1)
3.3.5 Authenticated/Measured Secure Boot
67(1)
3.3.6 Protected Storage, Data Backup and Recovery
67(5)
3.3.7 Attestation
72(2)
3.3.8 Physical Presence and Provisioning Authorisation
74(3)
3.3.9 Recognising and Identifying a Trusted Platform
77(7)
3.4 Types of Trusted Platform
84(8)
3.4.1 Personal Computers
84(2)
3.4.2 Servers and Data Centres
86(1)
3.4.3 Mobile Phones
86(5)
3.4.4 Appliances
91(1)
3.5 Trusted Platform Lifecycle
92(14)
3.5.1 TPM Design
92(1)
3.5.2 TPM Manufacture
93(3)
3.5.3 Platform Manufacture
96(2)
3.5.4 Platform Deployment
98(3)
3.5.5 Platform Use
101(1)
3.5.6 Platform Maintenance and Recovery
102(3)
3.5.7 Platform Redeployment
105(1)
3.5.8 TPM and Platform Revocation
105(1)
3.5.9 Platform Decommissioning
106(1)
References
106(3)
4 Trusted Platform Architecture 109(22)
4.1 Isolation
110(2)
4.1.1 Isolation Hardware
111(1)
4.2 Credentials
112(1)
4.3 Chain of Trust
112(3)
4.4 Integrity Metrics
115(1)
4.5 Platform Configuration Registers
116(2)
4.6 Audit
118(1)
4.7 Verifying the State of a Trusted Platform
118(1)
4.8 Trusted Platform Module
119(3)
4.9 Locality
122(1)
4.10 Peripherals
123(1)
4.10.1 Trusted Drives
123(1)
4.11 TPM Software Interface
124(2)
4.12 Virtualisation
126(3)
4.12.1 Hosts of Virtualised Trusted Platforms
127(1)
4.12.2 Virtualised Trusted Platforms
127(1)
4.12.3 TPM Virtualisation
128(1)
References
129(2)
5 TPM2 Requirements 131(20)
5.1 Controllability and Privacy
131(4)
5.1.1 Controllability
132(3)
5.1.2 Privacy
135(1)
5.2 Protecting the Platform's Services
135(1)
5.3 Cryptographic Agility
136(3)
5.4 The Commercial Environment
139(1)
5.5 What Works, and What Doesn't Work
140(2)
5.6 What's Unpopular
142(1)
5.7 Platform Manufacturer Requirements
143(4)
5.8 Hypervisor and OS Enhancements
147(2)
5.9 Other Considerations
149(1)
Reference
150(1)
6 TPM2 Operation 151(22)
6.1 TPM2 and Its Host Platform
155(2)
6.2 Using TPM2 Instead of TPMv1.2
157(16)
7 Initialising TPM2 173(24)
7.1 Manufacture
173(11)
7.1.1 Providing TPM Endorsement
173(2)
7.1.2 Providing Platform Credentials
175(1)
7.1.3 Providing a Trusted Computing Base
175(2)
7.1.4 TCB Authorisation Requirements
177(1)
7.1.5 Storing TCB Keys in the TPM
178(1)
7.1.6 Storing TCB data in the TPM
179(2)
7.1.7 Provisioning Platform Configuration Registers
181(2)
7.1.8 Allowing "Physical Presence" Authorisation
183(1)
7.2 Booting the Platform
184(5)
7.2.1 Initialising the TPM
184(2)
7.2.2 Ensuring that the Primary TCB can Manage the TPM
186(1)
7.2.3 Testing the TPM
187(1)
7.2.4 Using the TPM to Assist the TCB
187(1)
7.2.5 Enabling the Customer to Control the TPM via the Primary TCB
188(1)
7.2.6 Enabling or Disabling Further Access to the TPM
189(1)
7.3 Recording Platform History in PCRs
189(3)
7.4 Run-Time Initialisation
192(1)
7.5 Late Launch Environments
193(4)
8 Managing TPM2 197(28)
8.1 Obtaining Management Information
197(3)
8.2 Keeping TPM Data Outside the TPM
200(14)
8.2.1 Short-Term Cached TPM Data
204(5)
8.2.2 Long-Term Cached TPM Data
209(5)
8.3 Dictionary Attacks
214(4)
8.4 Auditing Commands
218(3)
8.5 Clock and Timer
221(1)
8.5.1 Clock Functionality
221(1)
8.5.2 Timer Functionality
222(1)
8.6 Platform Shutdown
222(3)
9 Accessing Keys and Data in TPM2 225(30)
9.1 Names and QualifiedNames
225(1)
9.2 Session Basics
226(2)
9.3 HMAC Sessions
228(7)
9.3.1 Freshness Nonces in HMAC Sessions
228(1)
9.3.2 Binding and Salting HMAC Sessions
229(1)
9.3.3 SessionKeys in HMAC Sessions
230(1)
9.3.4 HMAC Checksums on Commands and Responses
231(1)
9.3.5 Encrypting Command Parameters and Response Parameters
232(1)
9.3.6 Auditing HMAC Sessions
233(2)
9.4 Authorisation Roles
235(1)
9.5 Authorisation Session Types
236(2)
9.6 Plain Authorisation
238(2)
9.6.1 Plain Authorisation Without a Session
239(1)
9.6.2 Plain Authorisation with HMAC Sessions
239(1)
9.7 Policy Authorisation
240(15)
9.7.1 Composing a Policy
240(9)
9.7.2 Enumerating a Policy
249(3)
9.7.3 Assigning a Policy
252(1)
9.7.4 Executing a Policy
252(3)
10 Customer Configuration of TPM2 and Its Host Platform 255(22)
10.1 Customer Responsibilities
255(2)
10.2 Provisioning
257(3)
10.3 Setting up NV Storage
260(4)
10.4 Assigning Physical Presence Gating to Commands
264(1)
10.5 Assigning Personal Endorsement Keys
265(2)
10.6 Assigning Platform Identities
267(8)
10.6.1 Identities with Some Privacy Risk but Low Complexity
268(2)
10.6.2 Identities with Intermediate Privacy Risk, but Intermediate Complexity
270(3)
10.6.3 Identities with No Known Privacy Risk, but Higher Complexity
273(2)
Reference
275(2)
11 Starting to Use TPM2 277(62)
11.1 Testing TPM2
278(1)
11.2 Creating and Obtaining Random Numbers
279(1)
11.3 Starting a Key Hierarchy
279(5)
11.4 Populating a Key Hierarchy by Creating Keys
284(6)
11.5 Populating a Key Hierarchy by Importing Keys
290(1)
11.6 Making a Key from an External Hierarchy Ready for Use
290(1)
11.7 Making an External Public Key or Plaintext Key Ready for Use
291(1)
11.8 Duplicating a Key
292(2)
11.9 Embedding and Ejecting Keys
294(1)
11.10 Reading the Public Part of a Loaded Key
295(1)
11.11 Changing Authorisation Values
295(2)
11.12 Encrypting and Sealing Data
297(3)
11.13 Decrypting Data and Unsealing Data
300(1)
11.14 Signing
301(3)
11.15 Verifying Signatures
304(1)
11.16 Obtaining PCR Values
305(4)
11.17 Certifying Key Creation
309(5)
11.18 Cross Certification of Keys
314(5)
11.19 Certifying Sequences of Commands
319(3)
11.20 Certifying the Usage of Commands
322(4)
11.21 Certifying TPM Time, Resets, and TPM Firmware Version
326(4)
11.22 Storing Data in NV Storage
330(3)
11.23 Certifying NV Storage
333(4)
11.24 Using TPM2 as an Ordinary Cryptographic Service
337(2)
12 Direct Anonymous Attestation (DAA) in More Depth 339(14)
12.1 The Concept of General Anonymous Digital Signatures
339(2)
12.2 The Concept of DAA
341(2)
12.3 The Setup Algorithm
343(1)
12.4 The DAA Join Protocol
344(2)
12.5 The Sign/Verify Protocol
346(2)
12.6 The Link Algorithm
348(1)
12.7 Revocation Considerations
348(2)
12.8 Discussion on DAA Security Levels
350(1)
References
351(2)
13 Machine Virtualisation, Virtual Machines, and TPMs 353(8)
13.1 Introduction
353(1)
13.2 Machine Virtualisation and Security
354(1)
13.3 Containment and Isolation
354(1)
13.4 Robust Control and Introspection Point
355(1)
13.5 Small Code Base
355(1)
13.6 Examples of Hypervisor-Based Enhanced Security
356(4)
13.6.1 The TPM and Supporting Machine Virtualisation
357(1)
13.6.2 Additional Chipset and CPU Hardware Extensions
358(1)
13.6.3 Machine Virtualisation and Supporting the TPM
359(1)
13.6.4 Challenges Around TPM and Virtualisation
360(1)
13.6.5 Summary
360(1)
References
360(1)
Index 361
Graeme Proudler was a researcher at Hewlett-Packard Laboratories in Bristol, UK, and the Chair of the Trusted Computing Groups Technical Committee until November 2013. He was the technical lead of the HP Labs research group that contributed to Trusted Computing Platform Alliance specifications, a founder member of the TCPA Technical Committee and original editor of the TCPA main (TPM) specification. His research interests include information security, networking and mobile communications.

Dr. Liqun Chen is a researcher at Hewlett-Packard Laboratories in Bristol, UK. She has developed a number of well-known cryptographic schemes, some of which were designed for and are implemented in the TPM. She has an extensive publication record in cryptography and information security and holds 38 granted US patents in these areas. She has served as editor or co-editor for five ISO/IEC standard documents in cryptography and serves on boards for related academic journals and conferences.





Christopher Dalton is a Principal Research Engineer within HP Labs, UK. His research interests include platform security (fixed and mobile), operating systems, network security and virtualisation, as well as a wider interest in distributed systems. He has been responsible for many successful technology transfers from research through to commercial products. He has published influential papers in the areas of systems, network security and virtualisation and has generated a number of patents in areas including novel low-level security features and efficient network virtualisation mechanisms.
Biežāk uzdotie jautājumi par e-grāmatām Biežāk uzdotie jautājumi par e-grāmatām
Permanent link: https://www.kriso.lv/db/97833190874432e.html
Keywords: