Cover Image

A Practical Guide to TPM 2. 0 : Using the Trusted Platform Module in the New Age of Security.

Bibliographic Details
Main Author: Arthur, Will.
Other Authors: Challener, David.
Format: eBook
Language:English
Published: Berkeley, CA : Apress L. P., 2015.
Edition:1st ed.
Subjects:
Electronic books.
Online Access:Click to View
Table of Contents:
  • Intro
  • A Practical Guide to TPM 2.0
  • Contents at a Glance
  • About ApressOpen
  • Contents
  • About the Authors
  • About the Technical Reviewers
  • Acknowledgments
  • Introduction
  • Chapter 1: History of the TPM
  • Why a TPM?
  • History of Development of the TPM Specification from 1.1b to 1.2
  • How TPM 2.0 Developed from TPM 1.2
  • History of TPM 2.0 Specification Development
  • Summary
  • Chapter 2: Basic Security Concepts
  • Cryptographic Attacks
  • Brute Force
  • Calculating the Strength of Algorithms by Type
  • Attacks on the Algorithm Itself
  • Security Definitions
  • Cryptographic Families
  • Secure Hash (or Digest)
  • Hash Extend
  • HMAC: Message Authentication Code
  • KDF: Key Derivation Function
  • Authentication or Authorization Ticket
  • Symmetric-Encryption Key
  • Symmetric-Key Modes
  • Nonce
  • Asymmetric Keys
  • RSA Asymmetric-Key Algorithm
  • RSA for Key Encryption
  • RSA for Digital Signatures
  • ECC Asymmetric-Key Algorithm
  • ECDH Asymmetric-Key Algorithm to Use Elliptic Curves to Pass Keys
  • ECDSA Asymmetric-Key Algorithm to Use Elliptic Curves for Signatures
  • Public Key Certification
  • Summary
  • Chapter 3: Quick Tutorial on TPM 2.0
  • Scenarios for Using TPM 1.2
  • Identification
  • Encryption
  • Key Storage
  • Random Number Generator
  • NVRAM Storage
  • Platform Configuration Registers
  • Privacy Enablement
  • Scenarios for Using Additional TPM 2.0 Capabilities
  • Algorithm Agility (New in 2.0)
  • Enhanced Authorization (New in 2.0)
  • Quick Key Loading (new in 2.0)
  • Non-Brittle PCRs (New in 2.0)
  • Flexible Management (New in 2.0)
  • Identifying Resources by Name (New in 2.0)
  • Summary
  • Chapter 4: Existing Applications That Use TPMs
  • Application Interfaces Used to Talk to TPMs
  • TPM Administration and WMI
  • The Platform Crypto Provider
  • Virtual Smart Card
  • Applications That Use TPMs.
  • Applications That Should Use the TPM but Don't
  • Building Applications for TPM 1.2
  • TSS.Net and TSS.C++
  • Wave System s Embassy Suite
  • Rocks to Avoid When Developing TPM Applications
  • Microsoft BitLocker
  • IBM File and Folder Encryption
  • New Manageability Solutions in TPM 2.0
  • Summary
  • Chapter 5: Navigating the Specification
  • TPM 2.0 Library Specification: The Parts
  • Some Definitions
  • General Definitions
  • Definitions of the Major Fields of the Command Byte Stream
  • Definitions of the Major Fields of the Response Byte Stream
  • Getting Started in Part 3: the Commands
  • Data Details
  • Common Structure Constructs
  • TPM2B_XXX Structures
  • Structure with Union
  • Canonicalization
  • Endianness
  • Part 2: Notation Syntax
  • Part 3: Table Decorations
  • Commonly Used Sections of the Specification
  • How to Find Information in the Specification
  • Strategies for Ramping Up on TPM 2.0
  • Will
  • Ken
  • Dave
  • Other TPM 2.0 Specifications
  • Summary
  • Chapter 6: Execution Environment
  • Setting Up the TPM
  • Microsoft Simulator
  • Building the Simulator from Source Code
  • Setting Up a Binary Version of the Simulator
  • Running the Simulator
  • Testing the Simulator
  • Python Script
  • TSS.net
  • System API Test Code
  • Setting Up the Software Stack
  • TSS 2.0
  • TSS.net
  • Summary
  • Chapter 7: TPM Software Stack
  • The Stack: a High-Level View
  • Feature API
  • System API
  • Command Context Allocation Functions
  • Command Preparation Functions
  • Command Execution Functions
  • Command Completion Functions
  • Simple Code Example
  • System API Test Code
  • TCTI
  • TPM Access Broker ( TAB)
  • Resource Manager
  • Device Driver
  • Summary
  • Chapter 8: TPM Entities
  • Permanent Entities
  • Persistent Hierarchies
  • Ephemeral Hierarchy
  • Dictionary Attack Lockout Reset
  • Platform Configuration Registers ( PCR s)
  • Reserved Handles.
  • Password Authorization Session
  • Platform NV Enable
  • Nonvolatile Indexes
  • Objects
  • Nonpersistent Entities
  • Persistent Entities
  • Entity Names
  • Summary
  • Chapter 9: Hierarchies
  • Three Persistent Hierarchies
  • Platform Hierarchy
  • Storage Hierarchy
  • Endorsement Hierarchy
  • Privacy
  • Activating a Credential
  • Other Privacy Considerations
  • NULL Hierarchy
  • Cryptographic Primitives
  • Random Number Generator
  • Digest Primitives
  • HMAC Primitives
  • RSA Primitives
  • Symmetric Key Primitives
  • Summary
  • Chapter 10: Keys
  • Key Commands
  • Key Generator
  • Primary Keys and Seeds
  • Persistence of Keys
  • Key Cache
  • Key Authorization
  • Key Destruction
  • Key Hierarchy
  • Key Types and Attributes
  • Symmetric and Asymmetric Keys Attributes
  • Duplication Attributes
  • Restricted Signing Key
  • Restricted Decryption Key
  • Context Management vs. Loading
  • NULL Hierarchy
  • Certification
  • Keys Unraveled
  • Summary
  • Chapter 11: NV Indexes
  • NV Ordinary Index
  • NV Counter Index
  • NV Bit Field Index
  • NV Extend Index
  • Hybrid Index
  • NV Access Controls
  • NV Written
  • NV Index Handle Values
  • NV Names
  • NV Password
  • Separate Commands
  • Summary
  • Chapter 12: Platform Configuration Registers
  • PCR Value
  • Number of PCRs
  • PCR Commands
  • PCRs for Authorization
  • PCRs for Attestation
  • PCR Quote in Detail
  • PCR Attributes
  • PCR Authorization and Policy
  • PCR Algorithms
  • Summary
  • Chapter 13: Authorizations and Sessions
  • Session-Related Definitions
  • Password, HMAC, and Policy Sessions: What Are They?
  • Session and Authorization: Compared and Contrasted
  • Authorization Roles
  • Command and Response Authorization Area Details
  • Command Authorization Area
  • Command Authorization Structures
  • Response Authorization Structures
  • Password Authorization: The Simplest Authorization.
  • Password Authorization Lifecycle
  • Creating a Password Authorized Entity
  • Changing a Password Authorization for an Already Created Entity
  • Using a Password Authorization
  • Code Example: Password Session
  • Starting HMAC and Policy Sessions
  • TPM2_StartAuthSession Command
  • Session Key and HMAC Key Details
  • Guidelines for TPM2_StartAuthSession Handles and Parameters
  • Session Variations
  • Salted vs. Unsalted
  • Bound vs. Unbound
  • Use Cases for Session Variations
  • HMAC and Policy Sessions: Differences
  • HMAC Authorization
  • HMAC Authorization Lifecycle
  • Altering or Creating an Entity That Requires HMAC Authorization
  • Creating an HMAC Session
  • Using an HMAC Session to Authorize a Single Command
  • HMAC and Policy Session Code Example
  • Using an HMAC Session to Send Multiple Commands (Rolling Nonces)
  • HMAC Session Security
  • HMAC Session Data Structure
  • Policy Authorization
  • How Does EA Work?
  • Policy Authorization Time Intervals
  • Policy Authorization Lifecycle
  • Building the Entity's Policy Digest
  • Creating the Entity to Use the Policy Digest
  • Starting the Real Policy Session
  • Sending Policy Commands to Fulfill the Policy
  • Performing the Action That Requires Authorization
  • Combined Authorization Lifecycle
  • Summary
  • Chapter 14: Extended Authorization (EA) Policies
  • Policies and Passwords
  • Why Extended Authorization?
  • Multiple Varieties of Authentication
  • Multifactor Authentication
  • How Extended Authorization Works
  • Creating Policies
  • Simple Assertion Policies
  • Passwords (Plaintext and HMAC) of the Object
  • Passwords of a Different Object
  • Digital Signatures (such as Smart Cards)
  • PCRs: State of the Machine
  • Locality of Command
  • Internal State of the TPM (Boot Counter and Timers)
  • Internal Value of an NV RAM Location.
  • State of the External Device (GPS, Fingerprint Reader, and So On)
  • Flexible (Wild Card) Policy
  • Example 1: Smart card and Password
  • Example 2: A Policy for a Key Used Only for Signing with a Password
  • Example 3: A PC state, a Password, and a Fingerprint
  • Example 4: A Policy Good for One Boot Cycle
  • Example 5: A Policy for Flexible PCRs
  • Example 6: A Policy for Group Admission
  • Example 7: A Policy for NV RAM between 1 and 100
  • Command-Based Assertions
  • Multifactor Authentication
  • Compound Policies: Using Logical OR in a Policy
  • Making a Compound Policy
  • Example: A Policy for Work or Home Computers
  • Considerations in Creating Policies
  • End User Role
  • Administrator Role
  • Understudy Role
  • Office Role
  • Home Role
  • Using a Policy to Authorize a Command
  • Starting the Policy
  • Satisfying a Policy
  • Simple Assertions and Multifactor Assertions
  • If the Policy Is Compound
  • If the Policy Is Flexible (Uses a Wild Card)
  • Satisfying the Approved Policy
  • Transforming the Approved Policy in the Flexible Policy
  • Certified Policies
  • Summary
  • Chapter 15: Key Management
  • Key Generation
  • Templates
  • Key Trees: Keeping Keys in a Tree with the Same Algorithm Set
  • Duplication
  • Key Distribution
  • Key Activation
  • Key Destruction
  • Putting It All Together
  • Example 1: Simple Key Management
  • Example 2: An Enterprise IT Organization with Windows TPM 2.0 Enabled Systems
  • Summary
  • Chapter 16: Auditing TPM Commands
  • Why Audit
  • Audit Commands
  • Audit Types
  • Command Audit
  • Session Audit
  • Audit Log
  • Audit Data
  • Exclusive Audit
  • Summary
  • Chapter 17: Decrypt/Encrypt Sessions
  • What Do Encrypt/Decrypt Sessions Do?
  • Practical Use Cases
  • Decrypt/Encrypt Limitations
  • Decrypt/Encrypt Setup
  • Pseudocode Flow
  • Sample Code
  • Summary
  • Chapter 18: Context Management.
  • TAB and the Resource Manager: A High-Level Description.

Similar Items