Cargando…
Platform embedded security technology revealed : safeguarding the future of computing with Intel Embedded Security and Management Engine /
This book is an in-depth introduction to Intel's platform embedded solution: the security and management engine (shipped inside most Intel platforms for servers, personal computers, tablets, and smartphones). The engine realizes advanced security and management functionalities, protects applica...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Berkeley, CA :
Apress,
2014.
|
| Colección: | Expert's voice in computer security.
|
| Temas: | |
| Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- Ch. 1 Cyber Security in the Mobile Age
- Three Pillars of Mobile Computing
- Power Efficiency
- Internet Connectivity
- Security
- BYOD
- Incident Case Study
- eBay Data Breach
- Target Data Breach
- OpenSSL Heartbleed
- Key Takeaways
- Strong Authentication
- Network Management
- Boot Integrity
- Hardware-Based Protection
- Open-Source Software Best Practice
- Third-Party Software Best Practice
- Security Development Lifecycle
- Assessment
- Architecture
- Design
- Implementation
- Deployment
- CVSS
- Limitations
- References
- ch. 2 Intel's Embedded Solutions: from Management to Security
- Management Engine vs. Intel AMT
- Intel AMT vs. Intel vPro Technology
- Management Engine Overview
- Hardware
- Overlapped I/O
- Firmware
- Software
- Platform and System Management
- Software Solutions
- Hardware Solutions
- In-Band Solutions
- Out-of-Band Solutions
- Intel AMT Overview
- BIOS Extension
- Local Management Service and Tray Icon
- Remote Management
- The Engine's Evolvement: from Management to Security
- Embedded System as Security Solution
- Security Applications at a Glance
- EPID
- PAVP
- IPT
- Boot Guard
- Virtual Security Core: ARM TrustZone
- Secure Mode and Nonsecure Mode
- Memory Isolation
- Bus Isolation
- Physical Isolation vs. Virtual Isolation
- References
- ch. 3 Building Blocks of the Security and Management Engine
- Random Number Generation
- Message Authentication
- Hash with Multiple Calls
- Symmetric-Key Encryption
- AES
- DES/3DES
- Asymmetric-Key Encryption: RSA
- Key Pair Generation and Validation
- Encryption and Decryption
- Digital Signature
- RSA
- ECDSA
- Hardware Acceleration
- Other Cryptography Functions
- Secure Storage
- Debugging
- Debug Messaging
- Special Production-Signed Firmware Based on Unique Part ID
- Secure Timer
- Host-Embedded Communication Interface
- Direct Memory Access to Host Memory
- References
- ch. 4 The Engine: Safeguarding Itself before Safeguarding Others
- Access to Host Memory
- Communication with the CPU
- Triggering Power Flow
- Security Requirements
- Confidentiality
- Integrity
- Availability
- Threat Analysis and Mitigation
- Load Integrity
- Memory Integrity
- Memory Encryption
- Task Isolation
- Firmware Update and Downgrade
- Published Attacks
- "Introducing Ring -3 Rootkits"
- References
- ch. 5 Privacy at the Next Level: Intel's Enhanced Privacy Identification (EPID) Technology
- Redefining Privacy for the Mobile Age
- Passive Anonymity
- Active Anonymity
- Processor Serial Number
- EPID
- Revocation
- Signature Generation and Verification
- SIGMA
- Verifier's Certificate
- Messages Breakdown
- Implementation of EPID
- Key Recovery
- Attack Mitigation
- Applications of EPID
- Next Generation of EPID
- Two-way EPID
- Optimization
- References
- ch. 6 Boot with Integrity, or Don't Boot
- Boot Attack
- Evil Maid
- BIOS and UEFI
- BIOS Alteration
- Software Replacement
- Jailbreaking
- Trusted Platform Module (TPM)
- Platform Configuration Register
- Field Programmable Fuses
- Field Programmable Fuses vs. Flash Storage
- Field Programmable Fuse Task
- Intel Boot Guard
- Operating System Requirements for Boot Integrity
- OEM Configuration
- Measured Boot
- Verified Boot
- Manifests
- Verification Flow
- References
- ch. 7 Trust Computing, Backed by the Intel Platform Trust Technology
- TPM Overview
- Cryptography Subsystem
- Storage
- Endorsement Key
- Attestation
- Binding and Sealing
- Intel Platform Trust Technology
- Cryptography Algorithms
- Endorsement Key Storage
- Endorsement Key Revocation
- Endorsement Certificate
- Supporting Security Firmware Applications
- Integrated vs. Discrete TPM
- References
- ch. 8 Unleashing Premium Entertainment with Hardware-Based Content Protection Technology
- Rights Protection
- DRM Schemes
- Device Key Management
- Rights Management
- Playback
- Ultraviolet
- End-to-End Content Protection
- Content Server
- License Server
- Software Stack
- External Display
- Weak Points
- Intel's Hardware-Based Content Protection
- Protected Audio and Video Path (PAVP)
- Device Key Provisioning
- Rights Management
- Intel Wireless Display
- Authentication and Key Exchange
- Content Protection on TrustZone
- References
- ch. 9 Breaking the Boundaries with Dynamically Loaded Applications
- Closed-Door Model
- DAL Overview
- DAL Architecture
- Loading an Applet
- Secure Timer
- Host Storage Protection
- Security Considerations
- Reviewing and Signing Process
- References
- ch. 10 Intel Identity Protection Technology: the Robust, Convenient, and Cost-Effective Way to Deter Identity Theft
- One-Time Password
- HOTP
- TOTP
- Transaction Signing
- OTP Tokens
- Embedded OTP and OCRA
- Token Installation
- TOTP and OCRA Generation
- Highlights and Lowlights
- Protected Transaction Display
- Drawing a Sprite
- Gathering the User's PIN Input
- Firmware Architecture
- Embedded PKI and NFC
- References
- ch. 11 Looking Ahead: Tomorrow's Innovations Built on Today's Foundation
- Isolated Computing Environment
- Security-Hardening Measures
- Basic Utilities
- Anonymous Authentication and Secure Session Establishment
- Protected Input and Output
- Dynamic Application Loader
- Summary of Firmware Ingredients
- Software Guard Extensions
- More Excitement to Come.