Platform embedded security technology revealed: Safeguarding the future of computing with intel embedded security and management engine

Platform Embedded Security Technology Revealed: Safeguarding the Future of Computing with Intel Embedded Security and Management Engine

Volumn 9781430265726, Issue , 2014, Pages 1-246

  Ruan, Xiaoyu ^a  

^a NONE   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

APPLICATION PROGRAMS; COMPUTER PRIVACY; PERSONAL COMPUTERS; SECURITY OF DATA; SECURITY SYSTEMS;

EMBEDDED SECURITY; MANAGEMENT FUNCTIONALITY; SECURITY APPLICATION; SECURITY INFRASTRUCTURE; SECURITY PROFESSIONALS; TECHNICAL DETAILS; THIRD PARTY SOFTWARE; THIRD PARTY VENDORS;

ENGINES;

EID: 84933518796     PISSN: None     EISSN: None     Source Type: Book    
DOI: 10.1007/978-1-4302-6572-6     Document Type: Book

References (119)

1. Intel IT Center, "Insights on the Current State of BYOD", www.intel.com/content/www/us/en/mobile-computing/consumerization-enterprise-byod-peerresearch-paper.html, accessed on June 10, 2014.
2. Trusted Computing Group, "Trusted Platform Module Library", www.trustedcomputinggroup.org, accessed on March 20, 2014.
3. Intel, Trusted Execution Technology, www.intel.com/txt, accessed on January 30, 2014.
4. Intel, "Software Guard Extensions Programming Reference", https://software. intel.com/sites/default/files/329298-001.pdf, accessed on May 10, 2014.
5. CTIA: The Wireless Association, "Smartphone Anti-Theft Voluntary Commitment", www.ctia.org/policy-initiatives/voluntary-guidelines/smartphone-antitheft-voluntary-commitment, accessed on June 10, 2014.
6. eBay Inc., "eBay Inc. to Ask eBay Users to Change Passwords", http://announcements.ebay.com/2014/05/ebay-inc-to-ask-ebay-users-tochange-passwords/, accessed on June 10, 2014.
7. Target Corp., "Target Confirms Unauthorized Access to Payment Card Data in U. S. Stores", http://pressroom.target.com/news/target-confirms-unauthorizedaccess-to-payment-card-data-in-u-s-stores, accessed on June 10, 2014.
8. McAfee Labs, "Threat Advisory: EPOS Data Theft", https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT-DOCUMENTATION/24000/PD24927/en-US/McAfee-Labs-Threat-Advisory-EPOS-Data-Theft.pdf, accessed on June 10, 2014.
9. Internet Engineering Task Force (IETF), Request for Comments 6520, "Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension", http://tools.ietf.org/html/rfc6520, accessed on June 10, 2014.
10. OpenSSL Security Advisory, www.openssl.org/news/secadv-20140407.txt, accessed on June 10, 2014.
11. Netcraft, "April 2014 Web Server Survey", http://news.netcraft.com/archives/2014/04/02/april-2014-web-server-survey.html, accessed on June 10, 2014.
12. Kumar, Arvind, Purushottam Goel, and Ylian Saint-Hilaire, Active Platform Management Demystified: Unleashing the Power of Intel vPro Technology, Intel Press, 2009.
13. OpenSSL Security Advisory, www.openssl.org/news/secadv-20140605.txt, accessed on June 10, 2014.
14. Intel, Identity Protection Technology, http://ipt.intel.com/, accessed on April 20, 2014.
15. Hewlett-Packard Development Co., "Reducing Security Risks from Open Source Software", http://h20195.www2.hp.com/v2/GetPDF.aspx%2F4AA0-8061ENW.pdf, accessed on June 10, 2014.
16. National Institute of Standards and Technology, "Advanced Encryption Standard (AES)", http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf, accessed on November 17, 2013.
17. National Institute of Standards and Technology, "Security Requirements for Cryptographic Modules", http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf, accessed on April 15, 2014.
18. National Institute of Standards and Technology, Common Vulnerability Scoring System (CVSS), http://nvd.nist.gov/cvss.cfm, accessed on December 12, 2013.
19. Arvind, Kumar, Purushottam Goel, and Ylian Saint-Hilaire, Active Platform Management Demystified-Unleashing the Power of Intel vPro Technology, Intel Press, 2009.
20. Intel Trusted Execution Technology, www.intel.com/txt, accessed on January 30, 2014.
21. Intel Virtualization Technology, www.intel.com/content/www/us/en/virtualization/virtualization-technology/hardware-assist-virtualizationtechnology.html, accessed on January 30, 2014.
22. Intel Identity Protection Technology, www.intel.com/content/www/us/en/architecture-and-technology/identity-protection/identity-protectiontechnology-general.html, accessed on January 30, 2014.
23. Intel Anti-Theft Technology, www.intel.com/antitheft, accessed on January 30, 2014.
24. Intel AMT Implementation and Reference Guide, http://software.intel.com/sites/manageability/AMT-Implementation-and-Reference-Guide/default.htm, accessed on January 30, 2014.
25. Hoekstra, Matthew, Reshma Lal, Pradeep Pappachan, Carlos Rozas, Vinay Phegade, and Juan Del Cuvillo, "Using Innovative Instructions to Create Trustworthy Software Solutions", http://software.intel.com/sites/default/files/article/413938/hasp-2013-innovative-instructions-for-trusted-solutions.pdf, accessed on January 30, 2014.
26. Digital Content Protection LLC, "High-bandwidth Digital Content Protection", www.digital-cp.com, accessed on May 10, 2014.
27. ARM SecurCore Processors, http://www.arm.com/products/processors/securcore/, accessed on April 1, 2014.
28. ARM TrustZone Technology, www.arm.com/products/processors/technologies/trustzone/index.php, accessed on January 30, 2014.
29. ARM Limited, "ARM Security Technology-Building a Secure System using TrustZone Technology", http://infocenter.arm.com/help/topic/com.arm.doc. prd29-genc-009492c/PRD29-GENC-009492C-trustzone-security-whitepaper.pdf, accessed on April 1, 2014.
30. Stinson, D. R., Cryptography: Theory and Practice, Chapman & Hall/CRC, 2006.
31. National Institute of Standards and Technology, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf, accessed on November 17, 2013.
32. National Institute of Standards and Technology, Supplemental ITL Bulletin for September 2013, http://csrc.nist.gov/publications/nistbul/itlbul2013-09-supplemental.pdf, accessed on November 17, 2013.
33. Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, April 1996, http://www.ietf.org/rfc/rfc1321.txt, accessed on March 18, 2014.
34. National Institute of Standards and Technology, Secure Hash Standard (SHS), http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf, accessed on November 17, 2013.
35. National Institute of Standards and Technology, The Keyed-Hash Message Authentication Code (HMAC), http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1-final.pdf, accessed on November 17, 2013.
36. ® IPP), http://software.intel.com/en-us/intel-ipp, accessed on February 23, 2014.
37. National Institute of Standards and Technology, Advanced Encryption Standard (AES), http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf, accessed on November 17, 2013.
38. Biryukov, Alex and Dmitry Khovratovich, "Related-key Cryptanalysis of the Full AES-192 and AES-256", Cryptology ePrint Archive: Report 2009/317, 2009, http://eprint.iacr.org/2009/317.pdf, accessed on November 17, 2013.
39. National Institute of Standards and Technology, Data Encryption Standard (DES), http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf, accessed on November 17, 2013.
40. RSA Laboratories, PKCS # 1 v2.1: RSA Cryptography Standard, ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf, accessed on November 17, 2013.
41. Kumar, Arvind, Purushottam Goel, and Ylian Saint-Hilaire, Active Platform Management Demystified-Unleashing the Power of Intel vPro Technology, Intel Press, 2009.
42. Rabin, M. O., "Probabilistic algorithm for testing primality", Journal of Number Theory, 1980, 12(1), pp. 128-138.
43. Damgard, I., P. Landrock, and C. Pomerance, "Average case error estimates for the strong probable prime test", Mathematics of Computation, 1993, 61, pp. 177-194.
44. Bleichenbacher, Daniel, "Chosen Ciphertext Attacks against Protocols Based on the RSA Encryption Standard PKCS #1", CRYPTO'98, pp. 1-12.
45. National Institute of Standards and Technology, Digital Signature Standard (DSS), http://nvlpubs.nist.gov/nistpubs/FIPS/NIST. FIPS.186-4.pdf, accessed on November 17, 2013.
46. Tereshkin, Alexander and Rafal Wojtczuk, "Introducing Ring-3 Rootkits", Black Hat USA, July 29, 2009, Las Vegas, NV.
47. Tereshkin, Alexander, and Rafal Wojtczuk, "Introducing Ring-3 Rootkits", Black Hat USA, July 29, 2009, Las Vegas, NV.
48. ® BIOS", Black Hat USA, July 29, 2009, Las Vegas, NV.
49. Intel Virtualization Technology, http://www.intel.com/content/www/us/en/virtualization/virtualization-technology/hardware-assist-virtualizationtechnology.html, accessed on January 30, 2014.
50. Intel, "EFI System Management Mode Core Interface Spec (SMM CIS)", http://www.intel.com/content/www/us/en/architecture-and-technology/unifiedextensible-firmware-interface/efi-smm-cis-v091.html, accessed on March 3, 2014.
51. National Institute of Standards and Technology, Common Vulnerability Scoring System (CVSS), http://nvd.nist.gov/cvss.cfm, accessed on December 12, 2013.
52. Request for comments 5246, "The Transport Layer Security (TLS) Protocol, Version 1.2", http://tools.ietf.org/html/rfc5246, access on December 12, 2013.
53. Brown, Rhonda, and Jackie Davenport, "Forensic Science: Advanced Investigations", Case Studies for Sasser Worm, Cengage Learning, 2012, pp. 414.
54. Huffman, D. A., "A Method for the Construction of Minimum-Redundancy Codes", Proceedings of the I. R. E., September 1952, pp. 1098-1102.
55. Pavlov, Igor, LZMA Software Development Kit, http://7-zip.org/sdk.html, accessed on December 12, 2013.
56. Hex-Rays, IDA disassembler, https://www.hex-rays.com/products/ida/, accessed on December 12, 2013.
57. Brickell, Ernie, and Jiangtao Li, "Enhanced Privacy ID: A Direct Anonymous Attestation Scheme with Enhanced Revocation Capabilities", IEEE Transactions on Dependable and Secure Computing, May/June 2012, pp. 345-360.
58. National Institute of Standards and Technology, Digital Signature Standard (DSS), http://nvlpubs.nist.gov/nistpubs/FIPS/NIST. FIPS.186-4.pdf, accessed on November 10, 2013.
59. Network Working Group, "Diffie-Hellman Key Agreement Method", http://tools.ietf.org/html/rfc2631, accessed on November 10, 2013.
60. Identity Protection Technology, http://ipt.intel.com/, accessed on April 20, 2014.
61. ISO/IEC JTC 1, "Anonymous digital signatures", ISO/IEC 20008-2, 2013.
62. Joanna Rutkowska, "Evil Maid Goes After TrueCrypt", http://theinvisiblethings. blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html, accessed on March 20, 2014.
63. J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten, "Lest We Remember: Cold Boot Attacks on Encryption Keys", Proc. 17th USENIX Security Symposium, San Jose, CA, July 2008.
64. Unified EFI, Inc., "Unified Extensible Firmware Interface Specification", www.uefi.org, accessed on March 20, 2014.
65. John Heasman, "Implementing and Detecting an ACPI BIOS Rootkit", Black Hat Europe, March 3, 2006, Amsterdam, the Netherlands.
66. Anibal Sacco and Alfredo Ortega, "Persistent BIOS Infection", CanSecWest, March 19, 2009, Vancouver, BC.
67. ® BIOS", Black Hat USA, July 30, 2009, Las Vegas, NV.
68. Trusted Computing Group, "Trusted Platform Module Library", www.trustedcomputinggroup.org, accessed on March 20, 2014.
69. Intel Trusted Execution Technology, www.intel.com/txt, accessed on January 30, 2014.
70. Microsoft Corporation, "Windows Certification Program: Hardware Certification Taxonomy & Requirements-Systems", December 16, 2013, pp. 125.
71. N. Asokan, Lucas Davi, Alexandra Dmitrienko, Stephan Heuser, Kari Kostiainen, Elena Reshetova, and Ahmad-Reza Sadeghi, "Mobile Platform Security", Morgan & Claypool Publishers, 2013, pp. 40.
72. Trusted Computing Group, "Trusted Platform Module Library", www.trustedcomputinggroup.org, accessed on March 20, 2014.
73. Joanna Rutkowska, "Evil Maid goes after TrueCrypt", http://theinvisiblethings. blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html, accessed on March 20, 2014.
74. Gilbert S. Vernam, "Cipher Printing Telegraph Systems for Secret Wire and Radio Telegraphic Communications", Journal of the IEEE 55, pp. 109-115, 1926.
75. State Encryption Management Bureau of China, "SM3 Cryptographic Hash Algorithm", standard publication GM/T 0004-2012, www.oscca.gov. cn/UpFile/20101222141857786.pdf, accessed on April 15, 2014.
76. State Encryption Management Bureau of China, "SM4 Block Cipher Algorithm", standard publication GM/T 0002-2012, http://gm.gd.gov. cn/upfile/2009113105257460.pdf, accessed on April 15, 2014.
77. State Encryption Management Bureau of China, "Public Key Cryptographic Algorithm SM2 Based on Elliptic Curves", standard publication GM/T 0003-2012, www.oscca.gov. cn/UpFile/2010122214822692.pdf, accessed on April 15, 2014.
78. National Institute of Standards and Technology, "Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography", http://csrc. nist.gov/publications/nistpubs/800-56A/SP800-56A-Revision1-Mar08-2007.pdf, accessed on April 15, 2014.
79. National Institute of Standards and Technology, "Recommendation for Key Derivation Using Pseudorandom Functions", http://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf, accessed on April 15, 2014.
80. William Futral and James Greene, Intel Trusted Execution Technology for Server Platforms: A Guide to More Secure Datacenters, Apress, 2013.
81. Daniel Nemiroff, "Cryptographic Key Generation Using a Stored Input Value and a Stored Count Value", US patent 20100329455 A1.
82. American National Standards Institute, "Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry (rDSA)", ANSI X9.31-1988, September 1998.
83. National Institute of Standards and Technology, "Security Requirements for Cryptographic Modules", http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf, accessed on April 15, 2014.
84. Common Criteria, www.commoncriteriaportal.org/cc/, accessed on April 15, 2014.
85. Dartmouth College, PKI/Trust Lab, "TPM Reset Attack", www.cs.dartmouth.edu/~pkilab/sparks/, accessed on April 15, 2014.
86. Microsoft, "Netflix Taps Microsoft PlayReady as Its Primary DRM Technology for Netflix Ready Devices and Applications", www.microsoft.com/en-us/news/press/2010/may10/05-25playreadynetflixpr.aspx, accessed on May 25, 2014.
87. National Institute of Standards and Technology, "Advanced Encryption Standard (AES)", http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf, accessed on November 17, 2013.
88. Digital Content Protection LLC, "High-bandwidth Digital Content Protection System", www.digital-cp.com, accessed on May 10, 2014.
89. Intel, Unlock the World of UltraViolet with Intel Devices, www.intel.com/content/www/us/en/architecture-and-technology/intel-insider-for-premium-hd-homeentertainment.html, accessed on May 25, 2014.
90. DECE, UltraViolet, www.uvvu.com, accessed on May 25, 2014.
91. Intel Wireless Display, www.intel.com/go/widi, accessed on May 25, 2014.
92. Discretix, "Hardware-Assisted DRM with ARM TrustZone on the Samsung GALAXY S III Smartphone Secured by Discretix", www.discretix.com/press-release/hardware-assisted-drm-with-arm-trustzone-on-the-samsung-galaxy-s-iii-smartphone-secured-by-discretix, accessed on May 30, 2014.
93. D. A. Huffman, "A Method for the Construction of Minimum-Redundancy Codes", Proceedings of the I. R. E., September 1952, pp. 1098-1102.
94. Igor Pavlov, "LZMA Software Development Kit", http://7-zip.org/sdk.html, accessed on December 12, 2013.
95. National Institute of Standards and Technology, "Secure Hash Standard (SHS)", http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf, accessed on November 17, 2013.
96. RSA Laboratories, PKCS #1 v2.1: RSA Cryptography Standard, ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf, accessed on November 17, 2013.
97. National Institute of Standards and Technology, "Advanced Encryption Standard (AES)", http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf, accessed on November 17, 2013.
98. National Institute of Standards and Technology, "The Keyed-Hash Message Authentication Code (HMAC)", http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1-final.pdf, accessed on November 17, 2013.
99. Intel Identity Protection Technology, http://ipt.intel.com, accessed on April 20, 2014.
100. Intel Identity Protection Technology, http://ipt.intel.com/, accessed on April 20, 2014.
101. National Institute of Standards and Technology, "The Keyed-Hash Message Authentication Code (HMAC)", http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1-final.pdf, accessed on November 17, 2013.
102. RSA, the Security Division of EMC, "Open Letter to RSA Customers", www.sec.gov/Archives/edgar/data/790070/000119312511070159/dex991.htm, accessed on May 10, 2014.
103. Internet Engineering Task Force, "HOTP: An HMAC-Based One-Time Password Algorithm", Request for Comments 4226, http://tools.ietf.org/html/rfc4226, accessed on May 10, 2014.
104. Internet Engineering Task Force, "TOTP: Time-Based One-Time Password Algorithm", Request for Comments 6238, http://tools.ietf.org/html/rfc6238, accessed on May 10, 2014.
105. Initiative for Open Authentication, www.openauthentication.org/, accessed on May 10, 2014.
106. Internet Engineering Task Force, "OCRA: OATH Challenge-Response Algorithm", Request for Comments 6287, http://tools.ietf.org/html/rfc6287, accessed on May 10, 2014.
107. National Institute of Standards and Technology, Advanced Encryption Standard (AES), http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf, accessed on November 17, 2013.
108. RSA Laboratories, "PKCS #1 v2.1: RSA Cryptography Standard", ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf, accessed on November 17, 2013.
109. Intel Identity Protection Technology white paper, "Deeper Levels of Security with Intel Identity Protection Technology", http://ipt.intel.com/Libraries/Documents/Deeper-Levels-of-Security-with-Intel%c2%ae-Identity-Protection-Technology.pdf, accessed on May 10, 2014.
110. Kumar, Arvind, Purushottam Goel, and Ylian Saint-Hilaire, "Active Platform Management Demystified - Unleashing the Power of Intel vPro Technology", Intel Press, 2009.
111. National Institute of Standards and Technology, "Security Requirements for Cryptographic Modules", http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf, accessed on April 15, 2014.
112. Intel Identity Protection Technology, http://ipt.intel.com/, accessed on April 20, 2014.
113. Digital Content Protection LLC, "High-Bandwidth Digital Content Protection", www.digital-cp.com, accessed on May 10, 2014.
114. Trusted Computing Group, "Trusted Platform Module Library", www.trustedcomputinggroup.org, accessed on March 20, 2014.
115. Intel Remote Wake Technology, www.intel.com/support/motherboards/desktop/sb/CS-032989.htm, accessed on May 10, 2014.
116. McKeen, Frank, Ilya Alexandrovich, Alex Berenzon, Carlos Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday Savagaonkar, "Innovative instructions and software model for isolated execution", Workshop on Hardware and Architectural Support for Security and Privacy, Tel-Aviv, Israel, June 2013.
117. Anati, Ittai, Shay Gueron, Simon P. Johnson, and Vincent R. Scarlata, "Innovative technology for CPU-based attestation and sealing", Workshop on Hardware and Architectural Support for Security and Privacy, Tel-Aviv, Israel, June 2013.
118. Hoekstra, Matthew, Reshma Lal, Pradeep Pappachan, Carlos Rozas, Vinay Phegade, and Juan Del Cuvillo, "Using innovative instructions to create trustworthy software solutions", Workshop on Hardware and Architectural Support for Security and Privacy, Tel-Aviv, Israel, June 2013.
119. Intel, "Software Guard Extensions Programming Reference", https://software.intel.com/sites/default/files/329298-001.pdf, accessed on May 10, 2014.