TPM Chip in Windows 8 Lays Foundation for Widespread Enhancements to Hardware-Based Security
This was posted at the time Win 8 was released, very good article explaining the importance of Windows 8 to trusted computing as Barge has explained.
Today's release of the Microsoft Windows 8 operating system brings embedded hardware-level security to the forefront. Microsoft, going forward, will require the Trusted Platform Module (TPM) chip on Windows PCs, phones and tablets, moving security checks to the platoform's lowest level. TPM isn't new, but security experts hope this move by Microsoft lays the foundation for future security mechanisms built on top of TPM that deter today's most sophisticated boot-level incursions.
In this interview, Ari Singer, chairman of the Trusted Computing Group's TPM Working Group, and Stacy Cannady, a newly elected TCG board and TPM Working Group member, discuss the impact of the relationship between Windows and TPM and how this can evolve to improve security moving forward.
Threatpost: What is Windows 8 going to do for mainstream adoption of the Trusted Platform Module (TPM) and hardware-based security?
Ari Singer: TPM and other hardware-based technologies are fundamental to the security of a platform. The place where security needs to start is at the lowest level. Having Microsoft require TPM and have that be a critical part of the OS, and the security of the OS, is very big. Probably the most important way for TPM to gain adoption happens when it gets used automatically by the system with no involvement from the users.
Stacy Cannady: TPMs have been built into commercial lines of PCs for five or six years. Home PCs don't have TPM, neither do phones nor tablets. With the advent of Windows 8, Microsoft requires a TPM in many more platforms. If you buy a replacement PC going forward, you are much more likely to have a TPM in it. If you buy a Windows 8 phone or tablet, they will have TPM in it. Microsoft is driving it forward.
Threatpost: What are the advantages and disadvantages of TPM and hardware-based security?
Stacy Cannady: TPMs were created because there was a perception on the part of the security community in the late ‘90s that software-based attacks against computers were increasing and would continue to increase, and software-based defenses were not likely to be successful. You have a firewall and antimalware on your PC; there has been malware in the past that detect these tools and subverts them and then lies to you about their status.
If that happened before, it can happen again. A steady trend in the fight between defenders and attackers is to go further into the machine. Now, you have bootkit attacks against firmware moving closer to hardware. If we can base security in the hardware of the platform, you have a high ground you can use to defend the platform against these types of network-based attack. TPM is about providing that foundation of security for detecting you've been attacked and making it possible to do something about it.
The way this hardware-based system determines if it's been compromised is that it asks if anything changed that shouldn't have changed. It's a simple yes or no question, and it uses cryptographic hashes to make that determination. You don't need to know what that change is, just that I'm in trouble, it's over here and do something about that.
Google Chromebook, for example, has TPM and it's used this way. Press power and as the system comes up, it measures firmware in that system to determine if the firmware changed. If it has, Chromebook goes to a library of last known good modules, rips out the bad one and sticks in a new one, measures it again, and if it's ok, comes up. It's the natural self-healing talent of this device and it's representative of what the TCG would like to see more of.
Ari Singer: One reason protecting against boot-level attacks is so important is that if your BIOS or pre-boot environment is infected, no matter what you do to clean it up, things that get that low into pre-boot can re-infect you at any time and nothing the OS level does to clean that up can protect you. You will be re-infected every single time. It's a way for an attacker to get a persistent attack on machine. Typically, this is very difficult to detect.
Threatpost: Why are boot-level security features more important than ever today?
Ari Singer: If you listen to some of the things coming out of the NSA and other organizations that understand this stuff, the general state of security is one where the attackers are absolutely ahead. It's nearly impossible using traditional technologies to create a safe environment. The NSA is leading charge and TCG and a lot of organizations are realizing this is the best answer to address this. It's a situation where it's really bad, and this is an opportunity to turn the tables and be able to create a foundation that can provide real protection.
Threatpost: What happens when malware infects BIOS and Master Boot Record?
Stacy Cannady: When you can affect the boot loader or install yourself into the Master Boot Record or firmware, a common use for that is to make sure that an OS-level piece of malware can harvest credentials or in some other fashion impose its will on your system and remain present. It may be that your antivirus package can detect and root it out, but since your malware package also has a control position in the OS loader, MBR or firmeware which the antivirus package cannot reach, when you boot your system the next time the malware will detect that its client has been removed and just reinstall itself. Or, it can detect presence of a tool capable of removing its client and install a tool prevent its removal it in the future.
Ari Singer: Once an attacker gets in and has full access to your machine, and has a launching point at other machines, its exceedingly difficult to remove. It's a foothold for an attacker to get in and do what want over a long period of time.
Threatpost: Where is awareness of TPM and its capabilities within the industry?
Ari Singer: Awareness among those in the industry is high, but among the broader population, it's still pretty low. One challenge is that the kinds of things Microsoft are doing are the first steps. Even with what they've done, which certainly has its advantages, it isn't all by itself going to change the threat landscape. You can equate it to the building of railroads in this country; all by itself, that doesn't do anything. But it creates the ability to build on top of it something that adds value. This fundamental technology doesn't solve all problems right away, so it's difficult for enterprise to justify investing in technology like this unless they have a longer term vision.
Windows 8 doing this is huge for the industry and the world overall because it's laying that foundation and it creates an opportunity for a much bigger gain.
Threatpost: What are some things that can be built on top of this that would take it to the next step?
Ari Singer: One thing Windows is already doing that is very related is early-launch antimalware; think of it as antivirus before the OS comes up. The TPM is measuring the pre-boot stuff and the early-launch antimalware makes sure the OS is ok.
In the future, more complementary technologies like those being built by Intel and AMD providing hardware-based isolation of memory that allows certain applications to run in a very isolated way so even if the OS infected, malware cant' get at the app. Another hot topic in security is real-time monitoring; monitoring what's going on at that moment and catching attacks as happen and being able to in real time. I'm fine at boot, am I still fine?
Stacy Cannady: At that point, what we are seeing antivirus companies struggling with is that there are 100,000 variants of malware posted every day. If you're using a signature-based system to ID those things, it's not scalable or sustainable. As a result, it would be very nice to see a tool that can handle it.
Threatpost: What can you tell us about the UEFI BIOS standard? What is its impact on the security of a machine?
Stacy Cannady: UEFI was created because the conventional method of creating BIOS was unstructured and it was difficult to maintain a BIOS. UEFI imposed standards of structured modular programming onto the firmware space. In response to later demand, it incorporated notions of how to do security. The idea there is that certain elements of firmware have to be signed by an approved authority in order for code to be executed. That allows for what's called a chain of transitive trust to be built. When you get an initial module of UEFI BIOS to come up, hopefully it's measured by TPM, which then asks what's the signature of the next piece of code to be executed? When that's done, it executes next element of the chain and checks its signature. Each trusted element determines the trustworthiness of the next element.
Threatpost: What's the relationship between TPM and self-encrypting drives (SED) in Windows 8?
Stacy Cannady: The drive itself is independent of the OS, so you can take a SED and put it on a Linux machine, or it will run on Windows. This is a benefit compared to software-based encryption mechanisms that are universally OS aware or dependent. For example, most of the software-based solutions support Windows, but don't support Linux or MacOS. If you have a SED, you can buy 1,000 of them, shove them into a PC no matter what the OS is and it will work everywhere.
However, when you talk about managing these drives, things get stickier. SED's use a TCG standard called Opal, which defines how to manage a SED. If you get an Opal-compliant application, it will integrate only into Active Directory on Windows, so now you're talking about managing things back to a Windows environment.
Ari Singer: There's been more of a recognition throughout the world that drive encryption is important. When SEDs are broadly used and shipping everywhere, it becomes the default and everything is encrypted all the time. Something else to recognize is that people only pay for security when they absolutely have to. So, the best way to have security is when it's built in and there. When we see the proliferation of TPM and SED, you get that invisible security benefit without it being an inconvenience to the user. With Windows 8, the intent is that users have no idea TPM and SED is there. They just get those benefits automatically provided; that's really what the industry needs.
Information on ELAM – Early Launch Anti-Malware.
With advances in malware detection and better support for related 3rd party solutions, Windows 8 provides support for early detection of boot-level malware hiding underneath the OS and remote attestation by trusted third parties. The active use of TPMs allows boot-level security features to be implemented. TPMs can also enable the enterprise to check the platform’s integrity, which can be affected by malware in the pre-boot state or BIOS. This attestation, confirmed by hardware-protected measurements bound to the platform, ensures the device has not been altered by malicious code. Software security fails to do this.
Microsoft also enables ELAM – Early Launch Anti-Malware. This feature ensures that anti-malware vendors’ drivers running on the validated platform will always be the first to load, so that they cannot be fooled by malware running first and feeding them false data.