Trusted Computing Base Flashcards
TCB is critical to security!
What is the definition of trust according to the US Department of Defense as presented in the slides?
A) A system that guarantees security
B) A system you are forced to trust because you have no choice
C) A system that is inherently trustworthy
D) A system with no vulnerabilities
Answer: B
Explanation:
US DoD stating, “A system that you are forced to trust because you have no choice,” emphasizing that trust is often imposed due to lack of alternatives, not because the system is inherently secure.
According to Bruce Schneier, what does a “trusted” computer imply?
A) It is completely secure
B) It does not necessarily mean it is trustworthy
C) It has no software vulnerabilities
D) It is immune to hardware attacks
Answer: B
Explanation:
Schneier’s statement, “A ‘trusted’ computer does not mean a computer is trustworthy,” highlighting the distinction between being labeled as trusted and actually being reliable or secure.
What is the Trusted Computing Base (TCB)?
A) The entire operating system
B) The combination of hardware, firmware, and operating system components that must be trusted
C) A software-only security layer
D) A network protocol for secure communication
Answer: B
Explanation:
TCB encompasses hardware, firmware, operating system, etc., represents the critical components that a system relies on for security.
What is one way to enhance the security of the Trusted Computing Base?
A) Increase its size
B) Shrink the TCB
C) Remove all hardware components
D) Disable firmware updates
Answer: B
Explanation:
“How can we shrink the TCB?” indicates that reducing the TCB’s size minimizes the attack surface and enhances security.
What was Microsoft’s Palladium initiative also known as?
A) Trusted Platform Module
B) Next Generation Secure Computing Base (NGSCB)
C) Windows Defender
D) Secure Boot Architecture
Answer: B
Explanation:
Palladium is codenamed and also known as the Next Generation Secure Computing Base (NGSCB).
What was the primary goal of Microsoft’s NGSCB?
A) To enhance gaming performance
B) To provide better privacy, security, and system integrity
C) To simplify software installation
D) To reduce hardware costs
Answer: B
Explanation:
NGSCB aims to improve privacy, security, and system integrity for Windows users.
What hardware group designed components relied upon by NGSCB?
A) Open Source Initiative
B) Trusted Computing Group
C) IEEE Standards Association
D) Internet Engineering Task Force
Answer: B
Explanation:
NGSCB relied on hardware designed by the Trusted Computing Group.
Which component of Trusted Computing ensures that data is only accessible in a specific system state?
A) Secure I/O
B) Sealed Storage
C) Memory Curtaining
D) Remote Attestation
Answer: B
Explanation:
Sealed storage is a Trusted Computing component, which protects data by tying access to specific system states (e.g., PCR values).
What does the Trusted Platform Module (TPM) primarily provide hardware support for?
A) Graphics processing
B) Sealed storage and remote attestation
C) Network connectivity
D) Real-time system monitoring
Answer: B
Explanation:
TPM provides hardware support for sealed storage and remote attestation.
- What is the most common purpose of a TPM, as per the slides?
A) Real-time virus scanning
B) Measured boot
C) User authentication
D) Network encryption
Answer: B
Explanation:
The most common purpose of a TPM is measured boot, verifying the integrity of boot components.
How does a TPM detect an “evil maid” attack?
A) By monitoring network traffic
B) By verifying the integrity of BIOS and firmware
C) By scanning for malware
D) By tracking user logins
Answer: B
Explanation:
TPM verifies the integrity of BIOS, option ROMs, and other boot components to detect modifications, such as those from an evil maid attack.
What happens if the hashes of firmware components do not match known values during a TPM measured boot?
A) The system reboots automatically
B) The TPM does not unseal, preventing access to encryption keys
C) The system ignores the mismatch
D) The TPM generates new hashes
Answer: B
Explanation:
If hashes don’t match, the TPM will not unseal, blocking access to keys like those for disk encryption.
Which TPM component is responsible for communicating with the rest of the system?
A) Random Number Generator
B) Input/Output (I/O)
C) SHA-1 Engine
D) Non-Volatile Storage
Answer: B
Explanation:
Input/Output (I/O) is the TPM component that enables communication with the system.
What is stored in a TPM’s Platform Configuration Registers (PCRs)?
A) User passwords
B) System state hashes
C) Encryption algorithms
D) Network configurations
Answer: B
Explanation:
PCRs store hashes representing the system’s state, used for integrity verification.
How can a PCR’s state be modified?
A) By direct user input
B) Through the Extend operation
C) By rebooting the system
D) By updating the BIOS
Answer: B
Explanation:
PCR can only be modified via the Extend operation, which updates the PCR with a new hash.
What is the main difference between secure boot and authenticated boot?
A) Secure boot measures states, while authenticated boot stops execution
B) Secure boot stops execution if measurements are incorrect, while authenticated boot records states
C) Secure boot uses TPM, while authenticated boot does not
D) Secure boot is software-based, while authenticated boot is hardware-based
Answer: B
Explanation:
Secure boot halts if measurements are wrong, whereas authenticated boot records states for remote verification.
What is the purpose of the Endorsement Key (EK) in a TPM?
A) To encrypt user data
B) To identify the TPM for its lifetime
C) To manage sealed storage
D) To generate random numbers
Answer: B
Explanation:
EK is a unique key pair set by the manufacturer, identifying the TPM throughout its lifetime.
Where is the private portion of the Storage Root Key (SRK) stored?
A) On the system’s hard drive
B) In the TPM, never leaving it
C) In cloud storage
D) In the BIOS
Answer: B
Explanation:
The private portion of the SRK never leaves the TPM, ensuring its security.
What is required before remote attestation can occur?
A) A valid user password
B) Knowledge of the public portion of an Attestation Identity Key (AIK) or a CA’s public key
C) A system reboot
D) A network firewall
Answer: B
Explanation:
Remote attestation requires the challenger to know the AIK’s public portion or a CA’s public key.
What does Direct Anonymous Attestation (DAA) use to verify a TPM’s authenticity?
A) A password-based system
B) A zero-knowledge proof
C) A public database
D) A physical token
Answer: B
Explanation:
DAA uses a zero-knowledge proof to confirm a TPM is real without revealing sensitive information.
What is the primary function of the Linux Integrity Measurement Architecture (IMA)?
A) To encrypt network traffic
B) To collect and verify file hashes
C) To manage user permissions
D) To optimize system performance
Answer: B
Explanation:
IMA is responsible for collecting file hashes and enabling their verification.
What does the Extended Verification Module (EVM) aim to detect?
A) Online hacking attempts
B) Offline tampering of security attributes
C) Software bugs
D) Hardware failures
Answer: B
Explanation:
EVM detects offline tampering, such as modifications to security extended attributes.
Which of the following is NOT a main function of a TPM?
A) Cryptographic key generation
B) Hardware authentication
C) Altering the system’s execution flow
D) Sealed storage
Answer: C
Explanation:
TPM cannot alter the system’s execution flow, ruling it out as a function.
What is a common misconception about TPMs?
A) They prevent the use of open-source software
B) They improve system performance
C) They eliminate all security risks
D) They require constant internet access
Answer: A
Explanation:
TPM prevents open-source software use, clarifying that they only support authenticated boot.
How does the Trusted Computing Group architecture handle boot processes?
A) It uses secure boot exclusively
B) It uses authenticated boot
C) It disables booting if TPM is present
D) It requires manual user verification
Answer: B
Explanation:
TCG architecture uses authenticated boot, measuring states without halting execution.
What is a potential benefit of using a TPM for Digital Rights Management (DRM)?
A) It simplifies software installation
B) It can restrict access to content based on system state
C) It eliminates the need for licenses
D) It enhances graphics performance
Answer: B
Explanation:
TPM could aid DRM by controlling access to content via sealed storage tied to system states.
What challenge does the heterogeneity of operating systems pose for Trusted Computing?
A) It increases hardware costs
B) It complicates verifying the correct OS state
C) It prevents TPM integration
D) It reduces system performance
Answer: B
Explanation:
“How do you verify this state in a heterogeneous environment?” indicating that diverse OS environments make state verification difficult.
What does the SHA-1 Engine in a TPM do?
A) Generates random numbers
B) Computes signatures and key blocks
C) Manages user authentication
D) Stores encryption keys
Answer: B
Explanation:
SHA-1 Engine is responsible for computing signatures and creating key blocks.
What is a key privacy concern regarding Trusted Computing?
A) Exposure of user passwords
B) Whether remote systems must know the state of a user’s machine
C) Lack of encryption standards
D) Inability to update software
Answer: B
Explanation:
“Must they know the state of my machine?” highlights privacy concerns about remote state disclosure.
What is the primary function of the Random Number Generator (RNG) in a TPM?
A) To encrypt user data
B) To generate keys and nonces
C) To store system state hashes
D) To authenticate remote users
Answer: B
Explanation:
Random Number Generator (RNG) is a TPM component used for key generation, nonce creation, and similar cryptographic tasks, ensuring secure random values for these processes.
What is a key benefit of the Linux Extended Verification Module (EVM) in combating physical attacks?
A) It encrypts network communications
B) It detects offline tampering of security attributes
C) It optimizes boot performance
D) It manages cryptographic keys
Answer: B
Explanation:
EVM detects offline tampering, such as modifications to security extended attributes, which helps mitigate physical attacks like those in an evil maid scenario.
Define the Trusted Computing Base (TCB).
Answer:
The TCB includes hardware, firmware, operating system, and other components that a system must rely on for security.
Why is shrinking the TCB important?
Answer:
Shrinking the TCB reduces the attack surface, making the system more secure by minimizing components that must be trusted.
What was the codename for Microsoft’s NGSCB?
Answer:
Palladium.
Name one goal of Microsoft’s NGSCB initiative.
Answer:
To provide better privacy, security, or system integrity.
What is sealed storage in Trusted Computing?
Answer:
Sealed storage protects data by only allowing access when the system is in a specific state, verified by the TPM.
What is the primary role of the Trusted Platform Module (TPM)?
Answer:
To provide hardware support for sealed storage and remote attestation.
What is a measured boot?
Answer:
A process where the TPM verifies the integrity of boot components (e.g., BIOS, bootloader) by comparing their hashes to known values.
How does a TPM help detect an evil maid attack?
Answer:
It verifies the integrity of firmware and boot components, detecting unauthorized modifications.
What is stored in a TPM’s Platform Configuration Registers (PCRs)?
Answer:
Hashes represent the system’s state.
What operation modifies a PCR’s state?
Answer:
The Extend operation.
PCRs are updated only via Extend, combining new values with existing hashes.
Differentiate between secure boot and authenticated boot.
Answer:
Secure boot stops execution if measurements are incorrect;
authenticated boot records states for remote verification.
What is the Endorsement Key (EK) in a TPM?
Answer:
A unique key pair set by the manufacturer, identifying the TPM for its lifetime.
Where is the private portion of the Storage Root Key (SRK) kept?
Answer:
Inside the TPM, never leaving it.
What is the purpose of Attestation Identity Keys (AIKs)?
Answer:
They are used for remote attestation to verify a system’s state.
What is Direct Anonymous Attestation (DAA)?
Answer:
A method using zero-knowledge proofs to verify a TPM’s authenticity anonymously.
What does the Linux Integrity Measurement Architecture (IMA) do?
Answer:
It collects file hashes and allows verification of their integrity.
What is the Extended Verification Module (EVM) designed to detect?
Answer:
Offline tampering of security extended attributes.
How might a TPM be used for Digital Rights Management (DRM)?
Answer:
By sealing access to content to specific system states, ensuring only authorized systems can access it.
Name one false claim about TPMs.
Answer:
One false claim is that TPM prevents the use of open-source software.
The truth is that TPM does not block open-source OSes, only measure boot states.
Explain the concept of the Trusted Computing Base (TCB) and discuss why minimizing its size is critical for system security. Provide examples.
Answer:
1. The TCB comprises hardware, firmware, operating system, and other components critical to a system’s security.
2. Minimizing its size reduces the number of components that must be trusted, lowering the attack surface.
3. For example, a large TCB might include unnecessary drivers or bloated OS features, increasing vulnerability points.
4. “How can we shrink the TCB?” suggesting that a smaller TCB, such as a minimal OS kernel with essential firmware, is harder to compromise. This enhances security by limiting exploitable code.
Describe Microsoft’s Next Generation Secure Computing Base (NGSCB), including its goals, components, and eventual outcome.
Answer:
1. NGSCB, codenamed Palladium, was a Microsoft initiative to enhance Windows security, privacy, and integrity, part of the Trustworthy Computing initiative.
2. Its goals included hardware-based process isolation, data encryption, and secure authentication, relying on Trusted Computing Group hardware.
3. It used a hypervisor-like “Nexus” for a parallel secure environment.
4. NGSCB was planned for Windows Vista but do not confirm its success, suggesting it may not have been fully implemented.
Discuss the role of the Trusted Platform Module (TPM) in ensuring system integrity, particularly through measured boot.
How does it mitigate attacks like the evil maid attack?
Answer:
1. The TPM is a hardware crypto-processor that supports system integrity via functions like measured boot, which verifies the hashes of boot components (BIOS, bootloader) against known values, storing results in PCRs.
2. If hashes match, the TPM unseals encryption keys; if not, it prevents access, halting unauthorized boots.
3. For an evil maid attack, where an adversary modifies firmware physically, the TPM detects altered hashes, preventing the system from unlocking sensitive data.
Compare and contrast secure boot and authenticated boot.
Why does the Trusted Computing Group favor authenticated boot?
Answer:
1. Secure boot halts system execution if boot measurements deviate from expected values, ensuring only authorized software runs.
2. Authenticated boot, however, measures and records boot states in PCRs without stopping execution, allowing remote systems to verify integrity later.
3. The TCG favors authenticated boot, because it supports flexibility in diverse environments, enabling verification without restricting software (e.g., open-source OSes). This avoids dictating what can run, balancing security and usability.
Explain how sealed storage works in a TPM and its significance for data protection. Provide an example scenario.
Answer:
1. Sealed storage encrypts data such that it can only be accessed when the system’s PCRs reflect a specific state, verified by the TPM.
2. Keys are stored on the system but encrypted by a TPM storage key (e.g., SRK).
3. If the system state changes (e.g., due to malware), the TPM denies access.
4. For example, a laptop’s disk encryption key might be sealed to a clean OS state, preventing data access if the bootloader is tampered with. The is a core TPM feature for secure data access control.
Discuss the concept of remote attestation in Trusted Computing.
How does Direct Anonymous Attestation (DAA) address privacy concerns?
Answer:
1. Remote attestation allows a system to prove its state to a remote party using TPM-generated evidence, typically via Attestation Identity Keys (AIKs). The challenger verifies PCR values or AIK signatures. Privacy concerns arise if the TPM’s identity is exposed.
2. DAA, as noted in the slides, uses zero-knowledge proofs to confirm a TPM’s authenticity without revealing its Endorsement Key, ensuring anonymity.
3. This balances attestation’s security benefits with user privacy, critical in open environments.
Describe the Linux kernel’s Integrity Measurement Architecture (IMA) and Extended Verification Module (EVM).
How do they complement TPM functionality?
Answer:
1. IMA collects hashes of software and configuration files, storing them securely in kernel memory for local or remote verification, ensuring file integrity.
2. EVM detects offline tampering of security attributes, mitigating physical attacks.
3. Together, they complement TPMs by extending integrity checks beyond boot (IMA) and detecting physical modifications (EVM), while TPMs handle hardware-based measurements and key protection.
Evaluate the potential of TPMs in supporting Digital Rights Management (DRM).
What are the ethical implications of this use?
Answer:
1. TPMs can support DRM by sealing content access to specific system states, ensuring only authorized devices or software access protected media (e.g., movies playable only on verified platforms).
2. TPMs can restrict key access based on PCRs. Ethically, this raises concerns about user freedom, as it could limit software choice or enforce restrictive licensing, potentially undermining open-source ecosystems.
3. However, it protects content creators’ rights, balancing security with control.
Address common misconceptions about TPM.
Why do these myths persist?
Answer:
1. TPM prevents open-source software use, equating TPM with DRM, or causing loss of anonymity.
2. These are false because TPM uses authenticated boot, not secure boot, and supports privacy via DAA.
3. Myths persist due to early fears about initiatives like Palladium, which promised tight control, and public misunderstanding of TPM’s limited role as a hardware enabler, not a policy enforcer. Lack of clear communication fuels suspicion.
Discuss the challenges of implementing Trusted Computing in a heterogeneous environment.
Propose a potential solution.
Answer:
1. Challenges like verifying the correct OS state across diverse systems and ensuring security updates don’t disrupt functionality.
2. In a heterogeneous environment, varying hardware and OS versions complicate standardizing PCR values.
3. Privacy concerns also arise if systems must expose states.
4. A solution could be a universal attestation framework where systems report abstract integrity metrics (e.g., compliance with a security baseline) rather than specific states, using DAA for anonymity. This balances verification with flexibility.
