7 - 2: Hardware Security Flashcards
Encryption
Either entire files or full-disk encryption (FDE)
Hardware Security Module
Use dedicated hardware to perform encrypt/decrypt, in a way that takes resource demand off the computer itself
Trusted Platform Module
A physical chip that contains decryption keys. If the correct TPM is not present for it’s drive, the drive cannot be decrypted
Self-encrypting drive
A drive that has its own encryption technology in addition to the drive itself
Opal Storage specification
A self-encrypting drive standard produced by the Trusted Computing Group
BIOS
Basic Input/Output System, the lightweight operating system stored in firmware that provides basic functionality to load the full OS from disk
UEFI
Unified Extensible Firmware Interface, a more flexible firmware for boot. Includes secure boot function.
Secure Boot
1) Reads the first piece of the OS, boot loader
2) Computes the boot loader hash value
3) Decrypts the boot loader’s digital signature
4) Verifies the signature is accurate
If it isn’t the right OS, it stops at UEFI
Remote Attestation
A compliance report of calculated hash values sent to an external server
Measured Boot
Each step of boot measures the level of trust of sequential steps
Measured Boot Attestation
Trusted hashes are stored in the TPM
Hardware Root of Trust
Stores keys to validate UEFI hardware within its own storage location
Electromagnetic Interference
EMI, electromagnetic waves that can alter or disrupt computers
Wireless devices
Use the same protocols within Wi-Fi and Bluetooth to communicate
Removable storage
Represent a way to steal data
