WO2013119103A1 - Hardware authentication system - Google Patents

Hardware authentication system Download PDF

Info

Publication number
WO2013119103A1
WO2013119103A1 PCT/MY2013/000022 MY2013000022W WO2013119103A1 WO 2013119103 A1 WO2013119103 A1 WO 2013119103A1 MY 2013000022 W MY2013000022 W MY 2013000022W WO 2013119103 A1 WO2013119103 A1 WO 2013119103A1
Authority
WO
WIPO (PCT)
Prior art keywords
trusted
external device
authentication system
devices
power
Prior art date
Application number
PCT/MY2013/000022
Other languages
French (fr)
Inventor
Mohd Anuar Bin MAT ISA
Wira Zanoramy Ansiry Bin ZAKARIA
Norazah Binti ABD AZIZ
Kilausuria Binti ABDULLAH
Azhar Bin Abu Talib
Original Assignee
Mimos Berhad
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mimos Berhad filed Critical Mimos Berhad
Publication of WO2013119103A1 publication Critical patent/WO2013119103A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Definitions

  • the invention relates to authentication of hardware devices, and more specifically, but not limited to, Trusted Platform Module (TPM) systems.
  • TPM Trusted Platform Module
  • a computer system may be provided which includes a Trusted Platform Module (TPM) chip, containing a unique and secret RSA key, which can be used to authenticate hardware devices.
  • TPM Trusted Platform Module
  • PCRs Platform Configuration Registers
  • BIOS Basic Input Output System
  • POST Power On Self Test
  • the system is no longer trusted by TPM as the respective hardware lists are no longer identical. This may occur even if the change is minor such as a software or firmware update.
  • the system may not be able to load software which relies on the platform being trusted, as may be the case with high-security applications. This is undesirable when the changes are insignificant with respect to the security of the platform.
  • the problem is therefore how to allow a user to update their hardware (and/or software) without contravening the trust provided by TPM.
  • an authentication system for a computer system on which an operating system may be loaded
  • said computer system including a Basic Input Output System which runs a Power On Self Test when power is applied to the computer system;
  • the validity of the external device is checked before an operating system is loaded.
  • external devices can be added to the computer system before the operating system loads, such that the root of trust is extended (at a low level) to the external device.
  • the security risk of malignant software creating false trust is reduced.
  • the user is responsible for validating the external device, and is prompted to select if the external device is trusted or not.
  • the validity of the external device is determined by a policy.
  • the validity of the external device is determined by a remote server.
  • the authentication system is integrated into the BIOS.
  • a BIOS can be updated or modified to include the authentication system.
  • the computer system includes a Trusted Platform Module (TPM) for determining if devices are trusted or not.
  • TPM Trusted Platform Module
  • PCRs Platform Configuration Registers
  • the root of trust is extended to devices considered to be trusted by the authentication system. This has the advantage over the TPM alone which cannot extend the root of trust to external devices, as the PCRs defined by the TPM are static. In one embodiment the devices considered to be trusted can be checked for validity with a remote server.
  • the computer system is virtual.
  • the authentication system can be used to verify devices on an isolated guest operating system, within a normal host operating system, before the guest operating system is loaded.
  • TPM Trusted Platform Module
  • PCRs Platform Configuration Registers
  • the root of trust is extended to the external device.
  • root of trust is extended prior to an operating system being loaded.
  • Figure 1 is a schematic view of an authentication system according to an embodiment of the invention.
  • BIOS Basic Input Output System
  • POST Power On Self Test
  • the Substantiation System collects 101 all platform evidence of the machine (hardware properties such as manufacture date, serial number, version, test functionality of the device etc). The Substantiation System then verifies 102 collected platform evidences with the local core evidence storage.
  • Substantiation System sends 103 collected platform evidences to server for validation process.
  • the Substantiation System then executes 104 server's instruction(s) for the next stage of booting the machine.
  • Figure 1 can be explained in more detail as follows;
  • the trusted BIOS loads up and runs 200 POST, which checks 201 if the next boot device is either an external device or an internal device. If it is an internal device, trusted BIOS measures 202 internal memory/storage and extend the measurement to PCR to define which devices are trusted.
  • the trusted BIOS loads 203 Substantiation System into main memory and calls 204 Substantiation System.
  • the Substantiation System measures 205 Root of Trust for Measurement (RTM) from the Internal Core Evidence Storage i.e. a secure storage device or database and also extends these measurements to PCR 240, then loads and calls 206 RTM.
  • RTM Root of Trust for Measurement
  • the Substantiation system checks 207 if it is the first time run or not. If it is not first time run, it will collect 214 hardware evidence by executing functional tests on the hardware. The collected evidence is measured 215 and the stored evidence is measured 216. The Result of measurement for new evidence and stored evidence are compared 217, and any differences are checked 218.
  • the location of the initial core evidence is checked 208. If it is local core evidence storage, hardware evidence is collected by executing 210 functional tests on the hardware on the machine. If the core evidence is not local, local core evidence storage is created 209 based on configuration or properties policy. The collected evidence is measured 21 1 and the measurement is extended to the PCR 240. The evidence is stored 212 inside the Internal Core Evidence Storage. The need to update the server is checked 213. If an update to the server is not needed, it will proceed to the next booting stage and the process ends 226.
  • the client and server are informed 219 about the changes on the platform, and the server makes security related decisions 220.
  • the trusted BIOS measures and loads the external Master Boot Record (MBR) and extends 222 it to PCR 240.
  • the MBR measures 223 the external storage and extends it to PCR 240.
  • the trusted BIOS executes 224 the Substantiation system to determine if the external storage is trusted - a user prompt may be generated asking the user if the device is trusted or not.
  • the Substantiation system may also check 225 whether validation with server is needed or not. If validation with the server is needed, secure communication is established 227, and the client sends 228 evidence to the server.
  • the server compares 229 the evidence sent with core evidence stored inside the server and checks 230 if the compared evidences is valid or not.
  • the server informs the client machine that the machine is trusted 232 or not trusted 231 accordingly, and then the Substantiation System executes 221 server instructions. If the external device is not trusted it is halted or the process of concern is stopped.

Abstract

An authentication system for a computer system wherein if an external device is found during the POST (200), said external device is checked for validity (224), and if valid the root of trust can be extended thereto.

Description

HARDWARE AUTHENTICATION SYSTEM
Field of Invention
The invention relates to authentication of hardware devices, and more specifically, but not limited to, Trusted Platform Module (TPM) systems.
Background
In some situations it is desirable to check the integrity of computer hardware and/or software, for example to ensure that the system has an approved configuration and is secure. Thus a computer system may be provided which includes a Trusted Platform Module (TPM) chip, containing a unique and secret RSA key, which can be used to authenticate hardware devices.
Current TPM systems contain Platform Configuration Registers (PCRs) which detail the expected hardware (and/or software) of a system, such that when the system boots via the Basic Input Output System (BIOS), the hardware found during Power On Self Test (POST) can be checked against those listed by the TPM, wherein on finding a match the system is considered to be trusted.
However, if the hardware is modified, such as by adding an external device, the system is no longer trusted by TPM as the respective hardware lists are no longer identical. This may occur even if the change is minor such as a software or firmware update.
As a consequence the system may not be able to load software which relies on the platform being trusted, as may be the case with high-security applications. This is undesirable when the changes are insignificant with respect to the security of the platform.
The problem is therefore how to allow a user to update their hardware (and/or software) without contravening the trust provided by TPM.
Summary of Invention
In an aspect of the invention, there is provided an authentication system for a computer system on which an operating system may be loaded,
said computer system including a Basic Input Output System which runs a Power On Self Test when power is applied to the computer system;
characterised in that if an external device is found during the Power On Self Test, said external device is checked for validity to determine if it is trusted or not.
In one embodiment the validity of the external device is checked before an operating system is loaded. Thus external devices can be added to the computer system before the operating system loads, such that the root of trust is extended (at a low level) to the external device. Advantageously, as the trust is extended before the operating system loads, the security risk of malignant software creating false trust is reduced.
In one embodiment the user is responsible for validating the external device, and is prompted to select if the external device is trusted or not. In a further embodiment the validity of the external device is determined by a policy. In a yet further embodiment the validity of the external device is determined by a remote server.
In one embodiment the authentication system is integrated into the BIOS. Typically a BIOS can be updated or modified to include the authentication system.
In one embodiment the computer system includes a Trusted Platform Module (TPM) for determining if devices are trusted or not. Typically the TPM contains one or more Platform Configuration Registers (PCRs) that defines which devices the root of trust may be extended to.
In one embodiment the root of trust is extended to devices considered to be trusted by the authentication system. This has the advantage over the TPM alone which cannot extend the root of trust to external devices, as the PCRs defined by the TPM are static. In one embodiment the devices considered to be trusted can be checked for validity with a remote server.
In one embodiment the computer system is virtual. Thus the authentication system can be used to verify devices on an isolated guest operating system, within a normal host operating system, before the guest operating system is loaded.
In a further aspect of the invention, there is provided a method of authenticating devices in a computer system comprising the steps of:
running a Power On Self Test from a Basic Input Output System when power is applied to the computer system;
characterised in that if an external device is found during the Power On Self Test, said external device is checked for validity to determine if it is trusted or not. In one embodiment a Trusted Platform Module (TPM) extends root of trust to devices indicated as being trusted by Platform Configuration Registers (PCRs).
In one embodiment, if the external device is considered to trusted by a policy, or by a user in response to a prompt, the root of trust is extended to the external device.
Typically the root of trust is extended prior to an operating system being loaded.
Brief Description of Drawings It will be convenient to further describe the present invention with respect to the accompanying drawings that illustrate possible arrangements of the invention. Other arrangements of the invention are possible, and consequently the particularity of the accompanying drawings is not to be understood as superseding the generality of the preceding description of the invention.
Figure 1 is a schematic view of an authentication system according to an embodiment of the invention.
Detailed Description
In general the system comprises the following steps, as indicated by the dashed lines in Figure 1 :
When the user starts up 100 the machine, the Basic Input Output System (BIOS) runs a Power On Self Test (POST), and then measures, loads and runs a Hardware and Firmware Authentication System, hereinafter referred to as a Substantiation System.
The Substantiation System collects 101 all platform evidence of the machine (hardware properties such as manufacture date, serial number, version, test functionality of the device etc). The Substantiation System then verifies 102 collected platform evidences with the local core evidence storage.
If validation is required in order to boot the platform, Substantiation System sends 103 collected platform evidences to server for validation process.
The Substantiation System then executes 104 server's instruction(s) for the next stage of booting the machine. Figure 1 can be explained in more detail as follows;
The trusted BIOS loads up and runs 200 POST, which checks 201 if the next boot device is either an external device or an internal device. If it is an internal device, trusted BIOS measures 202 internal memory/storage and extend the measurement to PCR to define which devices are trusted. The trusted BIOS loads 203 Substantiation System into main memory and calls 204 Substantiation System. The Substantiation System measures 205 Root of Trust for Measurement (RTM) from the Internal Core Evidence Storage i.e. a secure storage device or database and also extends these measurements to PCR 240, then loads and calls 206 RTM.
The Substantiation system checks 207 if it is the first time run or not. If it is not first time run, it will collect 214 hardware evidence by executing functional tests on the hardware. The collected evidence is measured 215 and the stored evidence is measured 216. The Result of measurement for new evidence and stored evidence are compared 217, and any differences are checked 218.
If it is the first time run, the location of the initial core evidence is checked 208. If it is local core evidence storage, hardware evidence is collected by executing 210 functional tests on the hardware on the machine. If the core evidence is not local, local core evidence storage is created 209 based on configuration or properties policy. The collected evidence is measured 21 1 and the measurement is extended to the PCR 240. The evidence is stored 212 inside the Internal Core Evidence Storage. The need to update the server is checked 213. If an update to the server is not needed, it will proceed to the next booting stage and the process ends 226.
If the integrity of the system is valid, the client and server are informed 219 about the changes on the platform, and the server makes security related decisions 220.
If the POST determines that there is an external device, such as an external drive, the trusted BIOS measures and loads the external Master Boot Record (MBR) and extends 222 it to PCR 240. The MBR measures 223 the external storage and extends it to PCR 240. The trusted BIOS executes 224 the Substantiation system to determine if the external storage is trusted - a user prompt may be generated asking the user if the device is trusted or not. The Substantiation system may also check 225 whether validation with server is needed or not. If validation with the server is needed, secure communication is established 227, and the client sends 228 evidence to the server. The server compares 229 the evidence sent with core evidence stored inside the server and checks 230 if the compared evidences is valid or not. The server informs the client machine that the machine is trusted 232 or not trusted 231 accordingly, and then the Substantiation System executes 221 server instructions. If the external device is not trusted it is halted or the process of concern is stopped.
It will be appreciated by persons skilled in the art that the present invention may also include further additional modifications made to the device which does not affect the overall functioning of the device.

Claims

Claims
1. An authentication system for a computer system on which an operating system may be loaded,
said computer system including a Basic Input Output System which runs (200) a Power On Self Test when power is applied to the computer system; characterised in that if an external device is found during the Power On Self Test, said external device is checked for validity (224) to determine if it is trusted or not.
2. An authentication system according to claim 1 wherein the validity of the external device is checked (224) before an operating system is loaded.
3. An authentication system according to claim 1 or 2 wherein the user is prompted to select if the external device is trusted or not.
4. An authentication system according to any preceding claim wherein the authentication system is integrated into the Basic Input Output System. 5. An authentication system according to any preceding claim wherein the computer system includes a Trusted Platform Module for determining if devices are trusted or not.
6. An authentication system according to claim 5 wherein the Trusted Platform Module contains one or more Platform Configuration Registers that define a root of trust indicating trusted devices. 7. An authentication system according to claim 6 wherein the root of trust is extended to devices considered to be trusted.
An authentication system according to claim 7 wherein the devices considered to be trusted can be checked for validity with a remote server.
An authentication system according to any preceding claim wherein the computer system is virtual.
A method of authenticating devices in a computer system comprising the steps of:
running (200) a Power On Self Test from a Basic Input Output System when power is applied to the computer system;
characterised in that if an external device is found during the Power On Self Test, said external device is checked for validity (224) to determine if it is trusted or not.
11. A method according to claim 10 wherein a Trusted Platform Module extends root of trust to devices indicated as being trusted by Platform Configuration Registers. 12. A method according to claim 11 wherein if the external device is valid, the root of trust is extended thereto, prior to an operating system being loaded.
13. A method according to any of claims 10-12 wherein the check for validity comprises a user's answer in response to a prompt.
PCT/MY2013/000022 2012-02-09 2013-02-05 Hardware authentication system WO2013119103A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MYPI2012000551 2012-02-09
MYPI2012000551A MY164496A (en) 2012-02-09 2012-02-09 Hardware authentication system

Publications (1)

Publication Number Publication Date
WO2013119103A1 true WO2013119103A1 (en) 2013-08-15

Family

ID=48044973

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2013/000022 WO2013119103A1 (en) 2012-02-09 2013-02-05 Hardware authentication system

Country Status (2)

Country Link
MY (1) MY164496A (en)
WO (1) WO2013119103A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030135727A1 (en) * 2002-01-15 2003-07-17 International Business Machines Corporation Computer system with selectively available immutable boot block code
US20050033987A1 (en) * 2003-08-08 2005-02-10 Zheng Yan System and method to establish and maintain conditional trust by stating signal of distrust
US20050141717A1 (en) * 2003-12-30 2005-06-30 International Business Machines Corporation Apparatus, system, and method for sealing a data repository to a trusted computing platform
US20080226080A1 (en) * 2007-03-16 2008-09-18 Bin Li Encryption key restoring method, information processing apparatus, and encryption key restoring program
US7430668B1 (en) * 1999-02-15 2008-09-30 Hewlett-Packard Development Company, L.P. Protection of the configuration of modules in computing apparatus

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7430668B1 (en) * 1999-02-15 2008-09-30 Hewlett-Packard Development Company, L.P. Protection of the configuration of modules in computing apparatus
US20030135727A1 (en) * 2002-01-15 2003-07-17 International Business Machines Corporation Computer system with selectively available immutable boot block code
US20050033987A1 (en) * 2003-08-08 2005-02-10 Zheng Yan System and method to establish and maintain conditional trust by stating signal of distrust
US20050141717A1 (en) * 2003-12-30 2005-06-30 International Business Machines Corporation Apparatus, system, and method for sealing a data repository to a trusted computing platform
US20080226080A1 (en) * 2007-03-16 2008-09-18 Bin Li Encryption key restoring method, information processing apparatus, and encryption key restoring program

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
SETH DAVID SCHOEN: "EOF - Give TCPA an Owner Override", 1 December 2003 (2003-12-01), XP055064540, Retrieved from the Internet <URL:www.linuxjournal.com/article/7055> [retrieved on 20130529] *

Also Published As

Publication number Publication date
MY164496A (en) 2017-12-29

Similar Documents

Publication Publication Date Title
US20220207130A1 (en) Unlock and recovery for encrypted devices
US11861372B2 (en) Integrity manifest certificate
US8694761B2 (en) System and method to secure boot both UEFI and legacy option ROM&#39;s with common policy engine
JP5745061B2 (en) Authenticating the use of interactive components during the boot process
US9167002B2 (en) Global platform health management
US20090172378A1 (en) Method and system for using a trusted disk drive and alternate master boot record for integrity services during the boot of a computing platform
EP2250609B1 (en) Secure boot with optional components method
EP2013807B1 (en) Trusted platform field upgrade system and method
US20130055335A1 (en) Security enhancement methods and systems
CN103329093A (en) Updating software
EP3859579B1 (en) Trusted computing method, and server
CN107045611B (en) Safe starting method and device
US20080278285A1 (en) Recording device
US10592661B2 (en) Package processing
US10181956B2 (en) Key revocation
US20120233449A1 (en) Methods and systems for measuring trustworthiness of a self-protecting drive
TW201602835A (en) Allowing use of a test key for a BIOS installation
CN112329005A (en) Boot measurement method, device, electronic equipment and medium for starting operating system
US10095855B2 (en) Computer system and operating method therefor
WO2013119103A1 (en) Hardware authentication system
WO2013028059A1 (en) Verification system for trusted platform
WO2011149329A1 (en) Method of providing trusted application services
US20230106491A1 (en) Security dominion of computing device
WO2013036097A1 (en) A system and method to establish trusted boot loader using self-substantiated boot loader
CN115982714A (en) Computing device and trusted chain construction method thereof

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13713545

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13713545

Country of ref document: EP

Kind code of ref document: A1