Platform Embedded Security Technology Revealed is an in-depth introduction to Intel’s platform embedded solution: the security and management engine. The engine is shipped inside most Intel platforms for servers, personal computers, tablets, and smartphones. The engine realizes advanced security and management functionalities and protects applications’ secrets and users’ privacy in a secure, light-weight, and inexpensive way. Besides native built-in features, it allows third-party software vendors to develop applications that take advantage of the security infrastructures offered by the engine.
Intel’s security and management engine is technologically unique and significant, but is largely unknown to many members of the tech communities who could potentially benefit from it. Platform Embedded Security Technology Revealed reveals technical details of the engine. The engine provides a new way for the computer security industry to resolve critical problems resulting from booming mobile technologies, such as increasing threats against confidentiality and privacy. This book describes how this advanced level of protection is made possible by the engine, how it can improve users’ security experience, and how third-party vendors can make use of it.
It's written for computer security professionals and researchers; embedded system engineers; and software engineers and vendors who are interested in developing new security applications on top of Intel’s security and management engine.
It’s also written for advanced users who are interested in understanding how the security features of Intel’s platforms work.
Conditions of Use
This book is licensed under a Creative Commons License (CC BY). You can download the ebook Platform Embedded Security Technology Revealed for free.
- Title
- Platform Embedded Security Technology Revealed
- Subtitle
- Safeguarding the Future of Computing with Intel Embedded Security and Management Engine
- Publisher
- Apress
- Author(s)
- Xiaoyu Ruan
- Published
- 2014-08-09
- Edition
- 1
- Format
- eBook (pdf, epub, mobi)
- Pages
- 292
- Language
- English
- ISBN-10
- 143026571X
- ISBN-13
- 9781430265726
- License
- CC BY
- Book Homepage
- Free eBook, Errata, Code, Solutions, etc.
Platform Embedded Security Technology Revealed Contents at a Glance Copyright Contents About the Author About the Technical Reviewer Acknowledgments Introduction Chapter 1: Cyber Security in the Mobile Age Three Pillars of Mobile Computing Power Efficiency Internet Connectivity Security BYOD Incident Case Study eBay Data Breach Target Data Breach OpenSSL Heartbleed Key Takeaways Strong Authentication Network Management Boot Integrity Hardware-Based Protection Open-Source Software Best Practice Third-Party Software Best Practice Security Development Lifecycle Assessment Architecture Design Implementation Deployment Interface Testing Penetration Testing CVSS Limitations References Chapter 2: Intel’s Embedded Solutions: from Management to Security Management Engine vs. Intel AMT Intel AMT vs. Intel vPro Technology Management Engine Overview Hardware Overlapped I/O Firmware Software Platform and System Management Software Solutions Hardware Solutions In-Band Solutions Out-of-Band Solutions Intel AMT Overview BIOS Extension Local Management Service and Tray Icon Remote Management The Engine’s Evolvement: from Management to Security Embedded System as Security Solution Security Applications at a Glance EPID PAVP IPT Boot Guard Virtual Security Core: ARM TrustZone Secure Mode and Nonsecure Mode Memory Isolation Bus Isolation Physical Isolation vs. Virtual Isolation References Chapter 3: Building Blocks of the Security and Management Engine Random Number Generation Message Authentication Hash with Multiple Calls Symmetric-Key Encryption AES DES/3DES Asymmetric-Key Encryption: RSA Key Pair Generation and Validation Encryption and Decryption Digital Signature RSA ECDSA Key Pair Generation and Validation Scalar Multiplication Window Method Dual Scalar Multiplication Hardware Acceleration Other Cryptography Functions Secure Storage Debugging Debug Messaging Special Production-Signed Firmware Based on Unique Part ID Secure Timer Host-Embedded Communication Interface Direct Memory Access to Host Memory References Chapter 4: The Engine: Safeguarding Itself before Safeguarding Others Access to Host Memory Communication with the CPU Triggering Power Flow Security Requirements Confidentiality Integrity Availability Threat Analysis and Mitigation Load Integrity Memory Integrity Memory Encryption Task Isolation Asset Protection Memory Manager Thread Manager Memory Protection Control Loader Inter-Task Call Management Exception Handler Nonprivileged Tasks Firmware Update and Downgrade Published Attacks “Introducing Ring -3 Rootkits ” References Chapter 5: Privacy at the Next Level: Intel’s Enhanced Privacy Identification (EPID) Technology Redefining Privacy for the Mobile Age Passive Anonymity Active Anonymity Processor Serial Number EPID Key Structures and Provisioning Revocation Private Key-Based Revocation Signature-Based Revocation Group-Based Revocation Signature Generation and Verification Signature Generation Base Name Signature Verification SIGMA Verifier’s Certificate Messages Breakdown Implementation of EPID Key Recovery Attack Mitigation Applications of EPID Next Generation of EPID Two-way EPID Optimization References Chapter 6: Boot with Integrity, or Don’t Boot Boot Attack Evil Maid BIOS and UEFI BIOS Alteration Software Replacement Jailbreaking Trusted Platform Module (TPM) Platform Configuration Register Field Programmable Fuses Field Programmable Fuses vs. Flash Storage Field Programmable Fuse Task Intel Boot Guard Operating System Requirements for Boot Integrity OEM Configuration Measured Boot Verified Boot Manifests Verification Flow References Chapter 7: Trust Computing, Backed by the Intel Platform Trust Technology TPM Overview Cryptography Subsystem Storage Endorsement Key Attestation Binding and Sealing Intel Platform Trust Technology Cryptography Algorithms Endorsement Key Storage Endorsement Key Revocation Endorsement Certificate Supporting Security Firmware Applications Integrated vs. Discrete TPM References Chapter 8: Unleashing Premium Entertainment with Hardware-Based Content Protection Technology Rights Protection DRM Schemes Device Key Management Rights Management Playback UltraViolet End-to-End Content Protection Content Server License Server Software Stack External Display Weak Points Intel’s Hardware-Based Content Protection Protected Audio and Video Path (PAVP) Device Key Provisioning Rights Management Intel Wireless Display Authentication and Key Exchange Content Protection on TrustZone References Chapter 9: Breaking the Boundaries with Dynamically Loaded Applications Closed-Door Model DAL Overview DAL Architecture Loading an Applet Secure Timer Host Storage Protection Security Considerations Reviewing and Signing Process References Chapter 10: Intel Identity Protection Technology: the Robust, Convenient, and Cost-Effective Way to Deter Identity Theft One-Time Password HOTP TOTP Transaction Signing OTP Tokens Embedded OTP and OCRA Token Installation TOTP and OCRA Generation Highlights and Lowlights Protected Transaction Display Drawing a Sprite Gathering the User’s PIN Input Firmware Architecture Embedded PKI and NFC References Chapter 11: Looking Ahead: Tomorrow’s Innovations Built on Today’s Foundation Isolated Computing Environment Security-Hardening Measures Basic Utilities Anonymous Authentication and Secure Session Establishment Protected Input and Output Dynamic Application Loader Summary of Firmware Ingredients Software Guard Extensions More Excitement to Come References Index
