Device control from a distance

Device control from a distance

Embassy Remote Administration Server identifies built-in hardware security to deliver remote administration of trusted systems

By Greg Crowe
August 18, 2008

Link to GCN article

Every network administrator knows that hardware-based security is less prone to hacking than software-based systems. What they might not realize is that the hardware for better security is largely in place, and all they have to do is take advantage of it.

The Trusted Platform Module, or TPM, has been integrated into many new computers and hard drives for several years. The 170-plus member companies of the Trusted Computing Group have developed standards for Trusted Computing that every major computer manufacturer is adopting. Many government agencies, such as the Defense Department, now require every new PC they acquire to have a TPM. In only a matter of years, every laptop PC along with most desktop PCs and hard drives — called trust drives or TDs — will include TPM.

Why is this technology so pervasive? TPM facilitates the secure generation of cryptographic keys at the hardware level, which makes remote identification more reliable than an entirely software-based process. The use of this module can more effectively control who can access programs and data. A chip on the motherboard stores password and biometric information, making them almost impossible to steal.

The problem is that even though practically every company is jumping on this bandwagon, many of them differ on the best way to encrypt the information, and there haven’t been many attempts to unify all brands of TPM under a single management system.

The Embassy Remote Administration Server (ERAS) from Wave Systems does exactly that. ERAS works with all TPMs currently manufactured, bringing them into one central management interface. It also works with Microsoft Active Directory to keep track of authorized users. So it acts as a central headquarters that pulls together all disparate TPM security systems, organizing the chaos and letting you focus on what is probably an already-robust, but unmanaged, security architecture.

ERAS can be installed on any computer that runs Microsoft Windows Server 2003, Internet Information Service (IIS) 6.0, and any version of SQL Server 2005. We found the setup to be fairly simple and straightforward, although it does require knowledge of Active Directory to create the user groups and accounts ERAS needs to function properly. After the server application is installed, the client software must be installed on each network computer you want to administrate remotely.

The server application interface is in the style of most Windows administration consoles. This wasn’t surprising, considering it is an actual Microsoft Management Console snap-in. Performing a quick search allowed us to find all of the computers on the network that had TPMs or TDs, in addition to the client software.

Right-clicking on a specific computer opened a menu of options, which included enrollment and allowing the remote administrator to take ownership. After this was done, changes could only be made through the remote console, and nothing could be changed locally.

Adding and removing users of the TPM or TD was done with a few simple clicks. We could even enable and disable the trusted chip with one click, plus another for confirmation. There was also an option to cryptographically erase the entire drive remotely, ensuring that no data remains. This can be used when a disk is re-purposed, or when it is ultimately being discarded. Another option is to lock the drive from being used by anyone.

A simplified, Web-based version of the administration console is available with the use of IIS. Designed to be used by help-desk employees, the interface allows an operator to search for the computer in question. Once found, the operator can perform the most commonly requested tasks, such as issuing recovery passwords, while leaving the more complex operations to an administrator.

For administrators who like to type in line commands or run scripts, there is a command- line interface that will let them do just that.

Wave Systems is selling Embassy Remote Administration Server starting at $93 per user for as many as 50 users, with volume discounts for larger numbers of users. We found this price to be acceptable, especially considering what the application is capable of doing. Of course, this price does not include the server on which it runs, but we think any existing server in a network that is not already heavily taxed should be able to run ERAS.

This application is just the thing for an administrator who wants to take direct, central control of the network’s trusted drives and computers. Given that most agencies probably have, or will soon have, a security system embedded in equipment, ERAS can help them harness that power. At $93 per seat, it’s a good deal.

Rethinking the Data Encryption Approach

It is obvious that we must radically rethink our approach to data encryption.

Software only solutions, when it comes to protecting data-at-rest and authentication, is no longer state-of-the-art. Hardware based solutions, available from all PC OEMs for enterprise class PCs appears to be a securer and more streamlined approach. Native hardware based encryption runs with without a performance penalty, as is inherent to all software based encryption approaches, it also eliminates any hacking possibilty because the encryption key is never exposed, even to the OS.

Temporary data (encryption keys, passwords etc.) should no longer be stored in DRAM. These keys and certificates need to be protected in hardware. The recent DRAM attack as presented by the Princeton folks is a strong reminder that your keys are not safe with only software solution. As Seagate commented, there is theoretically any number of possibilities to lift temporary data from DRAM in software only solutions to protecting data-at-rest.

The best and really only way preventing lifting of sensitive temporary data from DRAM is simply to try and circumvent storing sensitive data in DRAM

The Seagate MOMENTUS FDE.2 native hard drive encryption approach is a simple one. This solution is available from Dell (Latitude series of notebooks), Lenovo and also from NEC Europe.

Keep the encryption key in a safe partition of the hard drive and do not make it available for the system to see.

The Seagate MOMENTUS FDE.2 does just that. It works as follows:

Users must authenticate themselves directly to the drive using a password before the drive will unlock and allow the normal OS to boot. This does not use either the BIOS or the OS to perform the authentication.

The Seagate MOMENTUS FDE.2 drive supports more secure authentication approach where the authentication to the drive is done using an alternate pre-boot OS held in a protected area of the drive, and also support new ATA security commands for Trusted Send and Trusted Receive to protect the password.

If the authentication is successful, as determined by the Seagate MOMENTUS FDE.2 drive, then the drive is unlocked and the system is allowed to boot normally.

With this solution, not only is the authentication done before any foreign software is allowed to load, the encryption keys are never exposed outside the protected hardware of the drive itself, including the user area of the drive or in the OS, which is what these attacks are exploiting.

The state of Trusted Computing

The other day the Aberdeen Group released a research paper discussing the state of Trusted Computing.

While just about all enterprise class PCs, like the Dell Latitude series, today come equipped with the necessary hardware few enterprises have actually activated the technology. Aberdeen concludes that more education about this technology needs to be made.

Trusted computing is an industry standard to make personal computers more secure through a dedicated hardware chip, called a Trusted Platform Module (TPM).

The TPM enhances the security of critical capabilities such as:

Login
Email
Web access
Protection of data

Along with the proliferation of mobile computing, electronic communication, and the sophistication of wired and wireless networks come more sophisticated attacks and an increased vulnerability of the most important asset to an enterprise — the data. Critical incidents are occurring day-by-day including identity theft, information leakage, data destruction, sensitive data exposure due to lost or stolen notebook computers and unauthorized access to corporate networks. In many countries, government legislation is mandating increased security around sensitive data for specified vertical industries. With the increased vulnerability, businesses and consumers are also demanding a computing environment that is more trusted, private, safe and secure.

The technical industry is responding to the challenge raised by these issues with standards-based security solutions specified by the Trusted Computing Group (TCG). At the lowest level, the Trusted Platform Module (TPM) protects secrets in hardware that would otherwise be vulnerable in software.

Why Trusted Computing will be ubiquitous...

Steven Sprague wrote a compelling essay about the benefits of Trusted Computing. It is truly astonishing how little is understood and how numerous wrong statements are made, still today.

The trust matrix

We hear a great many people talk about what a trust architecture will prevent. A lot less about what it can enable.

Seems to me that running a network for information - some of which has considerable personal or exchangeable value - without any kind of integrity mechanisms in place is rather like trying to run an economy without a reliable currency.

Sure, there are numerous things you can do without reliable identity of a user and their machine. Just as you can barter physical goods in the marketplace without money in your pocket.

But there are other things which are enabled via a hardened trust system. Techie types of things, like making sure network access is properly and reliably authenticated and that spyware isn't running alongside an application; economic ones, like making transactions enforceable; and personal ones, like making sure your resume isn't treated by someone else as if it was not confidential information.

So the architecture of trust - and I use the term broadly to include not just the hardened system, but the software applications which run within it - which in and of itself appears to be a rather dull set of building blocks and software stacks, actually allows the networks' users to glean all kinds of optional benefits in the use, storage and exchange of information.

Which tangibly changes the way we use the network and the society which operates through it.

The most secure laptop in the world...

During the December 2007 and January 2008 timeframe Dell, in conjunction with Seagate and Wave Systems Co. ran a series of advertisements in major US publications.

The Dell Latitude series of notebooks is available with the Seagate MOMENTUS FDE.2 hardware based self encrypting hard disk. Encrypting and decrypting at full interface speed this is a new and safer approach to protecting data-at-rest. Unfortunately - and unexplainably - Hewlett Packard does not offer hardware based disk encryption solution. Lenovo and NEC Europe do.

Interesting here, that Wave Systems Co. not only builds the client application but also offers a full complement of enterprise grade central management tools for such platforms. Wave's ERAS server integrates into active directory and allows the simultaneous central management of FDE.2 and/or TPM configured clients.

Comment on hardware security...

Comment by Steven Sprague, CEO, Wave Systems Corp.

Hardware Security the key to keeping your data safe

The fundamental problem with software security is that it is executed on the main processor so any secrets that are part of the "security" get exposed as part of the main memory of the system.

Most of the articles on this memory vulnerability fail to mention that this problem can be just as acute for Authentication Keys used by the VPN or Wireless infrastructure. The bad news is that you can't easily fix this with software, The good news is that solutions are available that leverage hardware security to protect the secrets.

Let me try to break the problem down and explain the tools and approaches which are available to address the memory attack problem.

The memory attack that was described by Declan McCullagh works because the secret keys used to encrypt the data need to be used by the processor and as a result must be available in the main processor memory. This is a systemic problem of an open programmable PC. The memory attacks described to find encryption keys was not all that surprising as an approach, however, the ease with which the attack could be successfully achieved was clearly unforeseen.

To address these two security challenges security hardware can be used to not just store keys securely but also use those keys for the function that needs to be executed. Let's focus on two security related functions first, authentication and second, bulk data encryption.

For VPN keys, a chip can securely create store and use the keys without the operation requiring any processing of the data within the main processor memory. A good example is the TPM (Trusted Platform Module). This is a security chip that can be found on millions of business laptops and desktops. The TPM creates a public/private key pair for securing the VPN and keeps the private key secured so that it is never exposed outside of the chip. The TPM can be asked to use this private key as an identity for authentication of the PC or the user. When used for authentication the TPM can complete the secure portion of the authentication transaction completely inside the TPM chip. This is important because the TPMs are tamper resistant and would require a significant attack effort to extract a secret key from a TPM. This is the same type of protection that is used in millions of cell phone SIM modules, smart cards and other security chips. While the TPM that is used with the Microsoft BitLocker FDE application is used to protect the keys when the PC is turned off, while the system is either running or in standby mode, the encryption keys are still exposed within the main processor of the system. The TPM is not a bulk encryption device, only a key generation and secure key storage device. Therefore, Bitlocker and other software FDE solutions, even if they support TPMs are still going to expose the encryption keys to these kinds of memory attacks.

The Seagate Momentus 5400.2 FDE drive provides an entirely different approach to the encryption solution. The disk drive controller, a powerful and secure processor, generates its own encryption keys and then encrypts/decrypts all data sent to or requested from the disk drive. In addition, the strong authentication of users using passwords is integrated directly into the drive and is performed before any foreign software, including the operating system are ever loaded. The means that all access control and encryption take place within the highly secure hardware of the disk drive. The keys which encrypt the data are not accessible and never leave the drive, so there is no exposure from the kinds of memory attacks described.

The additional benefit of integrating encryption directly into the hard drive is that system performance is never affected and main processor cycles are never used to perform the computationally intense tasks of encryption and decryption. Encryption directly in the hard drive is a win-win solution for both security and performance.

Consequently, the data protection answer is clear, enterprises should be ordering all new laptops with the highly secure Seagate Momentus 5400.2 FDE drives. Laptops with these drives are currently sold by Dell, Lenovo, NEC Europe and ASI. These solutions have robust security management software available in order to provide remote management, including full audit logging for the FDE drives in order assist in meeting compliance to the numerous data protection regulations.

Wave Systems' Embassy Trust Suite software provide the software that enable central management of both the TPM and the Seagate FDE drives. These tools make it easy to leverage these hardware security technologies to secure the enterprise.

Actions any IT department can take to reduce vulnerabilities

- Utilize the TPM chip to store any client side certificates for more secure network access and user authentication

- Specify and purchase laptops with Seagate FDE drives in all new laptops.

- Install an integrated centralized management solution for the hardware security features currently in most laptops including the TPM, FDE drives, finger print readers and smart card readers

There is no magical SW. All of the software solutions today have the same vulnerabilities to secrets being held in memory so that the processor can use them. The greater the complexity of the software the more likely there are vulnerabilities. Hardware security is a well known solution. Industry has invested to bring inexpensive robust hardware security to millions of PCs. It is time for Every VPN and every Wifi connection to leverage hardware to secure the enterprise.

Conduct an audit of the machines in your enterprise and see how many already have a TPM. Ask your network vendors for documentation on how the TPM can be used (if your network supports MSCAPI it will support a TPM) and begin to explore the use of hardware to secure your enterprise. Seagate's FDE drive is a must for anyone buying a laptop. The reduction in liability for the corporation is more than enough ROI for any IT department. It is an easy to deploy, Very secure, and easy to manage device for full disk encryption. Ask your OEM to supply you one or feel free to call Wave so we can help you evaluate the solution.