Hardware Security 3.3 Flashcards
Full Disk Encryption (FDE)
Encrypts the entire storage drive and protects everything. You will need a password to access the hard drive. This also protects the data if you move the hard drive to another system. OS’s have this functionality built into them in their own proprietary manner.
Trusted Platform Module (TPM)
This is a piece of hardware on your computing device that handles the high level encryption. The cryptographic processor has random number generator and key generator. It also includes persistent memory with unique keys burned in during production. Additionally it has versatile memory for encryption keys or configurations for the current hardware in case you need to see if the hardware has seen any changes. It’s also password protected with protection against dictionary attacks.
Hardware Security Module (HSM)
High-end cryptographic hardware that can plug into a load balancer or be stand alone. It backs up keys as a storage, and can take over SSL processing from other devices. Often seen in large environments.
Root of Trust
Security is based on trust. The Hardware Security Module (HSM) and the Trusted Platform Module (TPM) is the root of our hardware trust. Cant remove these.
Unified Extensible Firmware Interface - UEFI BIOS
Based on Intel’s Extensible Firmware Interface (EFI). A defined standard that all manufactures have implemented. Replaced old BIOS. Foundation of increased boot security.
Secure Boot
Malware can own your system via malicious drivers or OS software. Secure boot is a part of the UEFI specifications. Secure boot has a set of known-good digital signatures. They are cryptographically secure. If the system does not have one of the known-good signatures, the UEFI BIOS check fails, and the system will not boot. This is build into many OS’s now. Apple has their own.
Remote Attestation
We detect potential security problems via hardware or software changes. In large scale environments, the administrator can’t be familiar with every computer, thus we have remote attestation. Remote attestation is a centralized recording function that runs an inventory of hardware and software on a computer and then encrypts and digitally signs the information via a TPM. Upon boot, the check is performed and compared, and if there is a difference, the boot process can be stopped.
Electromagnetic Interference/Pulse (EMI/EMP )
It is possible to read electromagnetic waves and find out what has been playing on a screen. Even to the point of being able to recreate someone’s keyboard strokes. Top level security systems will use EMP shielding to protect themselves.