Group: Goals, Achievements and Controversies

Joe Pato, Hewlett-Packard Labs frame grabbers, etc.). NGSCB is not designed to provide SCHEDULE Exploiting a Trusted Platform Framework defenses against hardware-based attacks that originate from someone in control of the local machine. for Safe Appliance-Based Computing: The 8:30 B R E A K F A S T Evolution of Security Mechanisms Must and Registration Ernie Brickell, 4th floor, CIT Building Preserve Choice and Diversity Cryptographic Functionality of the Trusted Security mechanisms should not constrain end users to a Platform Module 1.2 9:00 Introduction limited selection of appliances. In particular, personal The Trusted Computing Group (TCG) has defined the Eli Upfal, CS Chairman preference and functional rather than presumed security John Savage, Michael Black, IPP 1.2 (TPM) to support the cryp- Co-Directors capabilities should drive the choice between special-pur- tographic functionality needed for a trusted platform. In pose dedicated devices, general-purpose appliances, or a this talk, I will describe the cryptographic protocols used 9:15 Exploiting a Trusted Platform dissociated federation of devices to accomplish a task. for this functionality and the purpose and implementation Framework for Safe Appliance-Based Security capability should be available for each of these of the cryptographic protocols. In particular, I will discuss Computing approaches, and a trust infrastructure must be created so the protocols for sealing secrets, creating and using an en- Joe Pato, Hewlett-Packard Labs that all relying parties can measure the operational trust dorsement key, creating and using an Attestation Identity capabilities. 10::00 Next-Generation Secure Computing Key, resetting and extending a platform configuration Base (NGSCB) register and locality. This talk will examine the role of trusted computing fun- Brian LaMacchia, damentals in creating diversity for appliance-based sys- 10:45 B R E A K tems. It will also examine the controversy around the Jan Camenisch, IBM Zurich Research Lab. Trusted Computing Group and how to preserve diversity Achieving Privacy in Remote Authentication 11:00 Cryptographic Functionality of the in secure environments from a variety of perspectives. This talk discusses the direct anonymous attestation Trusted Platform Model 1.2 scheme (DAA). This scheme was adopted by the Trusted Ernie Brickell, Intel Computing Group as the method for remote authentica- Brian LaMacchia, Microsoft tion of a hardware module, called trusted platform mod- 12:00 B U F F E T L U N C H Next-Generation Secure Computing Base ule (TPM), while preserving the privacy of the user of the (NGSCB) platform that contains the module. Direct anonymous at- 1:30 Achieving Privacy in Remote This talk will present a technical overview of the archi- Authentication testation can be seen as a group signature without the fea- Jan Camenisch, IBM Zurich tecture and key features of Microsoft’s Next-Generation ture that a signature can be opened, i.e., the anonymity is Secure Computing Base (NGSCB). NGSCB is new se- not revocable. Moreover, DAA allows for pseudonyms, 2:15 Trusted Computing: Academia Meets curity technology for the Microsoft Windows operating i.e., for each signature a user (in agreement with the recip- Industry system that leverages TCG components plus other ient of the signature) can decide whether or not the signa- Anna Lysyanskaya, Brown unique hardware and software elements to create isolat- ture should be linkable to another signature. DAA ed processing spaces inside the PC that can give people furthermore allows for detection of “known” keys: if the 3:00 B R E A K greater security and privacy in the ways they use com- DAA secret keys are extracted from a TPM and pub- 3:30 D I S C U S S I O N P A N E L puters. Microsoft is building base-level software compo- lished, a verifier can detect that a signature was produced nents that will enable more secure interaction with using these secret keys. The scheme is provably secure in Simson Garfinkel, MIT applications, peripheral hardware, memory, and storage the random oracle model under the strong RSA and the John Jannotti, Brown University by adding four new security services to today’s PCs: cur- decisional Diffie-Hellman assumption. Brian LaMacchia, Microsoft tained memory, secure input and output, sealed storage Seth Schoen, EFF and attestation. Together, these features provide a high- Anna Lysyanskaya, Brown University Audience members are welcome to assurance execution environment running in parallel Trusted Computing: Academia Meets with the “traditional” kernel- and user-mode stacks. The join the discussion goal of NGSCB is to help protect software from soft- Industry ware; that is, to provide a set of features and services that I will give an overview of how fundamental problems in 5:00 R E C E P T I O N (5th floor) a software application can use to defend against mali- theoretical cryptography have found applications in cious software also running on the machine (viruses run- practice, and in particular, in the TCG efforts. I will then ning in the main operating system, keyboard sniffers, review some current key research challenges. continued Rte. 146 North to Worcester North to and Springfield Benefit St. Boston The 32nd IPP Symposium

Interstate North 95 Main St. Dept. of Computer Science BROWN UNIVERSITY Rte. 6

Waterman St. Thayer St. West to CIT Hartford Brook St.

Benefit St. Trusted Computing Group: Charlesfield St. South Main St. Power St. Goals, Achievements and Exit 20 from 95 to 195 195 East Controversies Interstate Wickenden St. 95 Wickenden St. 2nd Exit off 195

EMAIL REGISTRATION Thursday The question I will then discuss in more detail is To: [email protected] March 25, 2004 who trusts whom in trusted computing. Is a user of By: Friday, March 19, 2004 a given application a friend who needs protection Please include the following: from malicious software, or a foe from whom this Hosted by Professor application needs to be protected? I will outline the Name, title Anna Lysyanskaya pros and cons of both approaches, and explain why Company, Department I believe this question to be important for the com- Postal address puter industry and intriguing for academia. Phone/Fax

DIRECTIONS TO THE CIT BUILDING • From I-95 N or S, take Exit 20 to I-195E. • From I-195E take Exit 2, Wickenden St. • Go LEFT on Wickenden, LEFT again at INDUSTRIAL the 2nd light onto Brook St. • The red-brick CIT Building (Center for PARTNERS Information Technology) is on the left at the intersection of Brook and Waterman PROGRAM (1st light). • Registration is on the 4th floor.

This symposium is a benefit of membership in our PARKING Industrial Partners Program. Because most of the visitor parking has been assigned Our Partners and Sponsors include Microsoft to University employees, I’m afraid we’re unable to Research, Sun Microsystems, Intel, nVIDIA, Pixar provide parking. Street parking is usually available for and Siemens Corporate Research. early birds, but watch out for newly designated 2- and There is no charge. 3-hour zones, which used to be all-day spots. You might try the residential area NW of the CIT.