Progressive technological development has paved the way for the ever increasing addition of multiple disparate devices. Devices which have the capability to connect to each other over a network affording them the ability to communicate with ease. Unfortunately the improved proficiency for communication carries with it a negative impact on information security. This detriment comes through the increased possibility of data loss and vulnerability exploitation. In this paper, we will seek to define one such measure to ensure security; by utilizing the Trusted Platform Module (TPM). We will also explore the strengths and vulnerabilities of the Trusted Platform Module as well as attacks against the TPM both in terms of hardware and software.
Background:
The term Trusted Platform Module pertains to a design model and the execution of said deign model established by the Trusted Compute Group. The Trusted Computer Group is a worldwide organizational body comprised of multiple computing technology vendors for the creation of industry hardware standards. The Trusted Computing Group establishes requirements and recommendations for the production of hardware elements which may be implemented to enhance the defensive capabilities of computing assets. These standards delineate rule sets for mobile devices, desktop systems, laptop computers, and servers as well as network infrastructure constraints. Stipulations concerning Application Programming Interfaces as well as the protocols required to function within a trusted computing state are additionally outlined. (Malipatlolla et al, 2013)
The Trusted Platform Module may be deployed in the form of hardware or as software component on a system that contains RSA encryption keys detailed to ...
... middle of paper ...
... 16-16). Retrieved from https://www.usenix.org/events/sec04/tech/full_papers/sailer/sailer.pdf
Malipatlolla, S. & Huss, S. & Shoufan, A. (2013). Sustainable trusted computing: A novel approach for a flexible and secure update of cryptographic engines on a trusted platform module.
Mason, S. (2005). Trusted Computing: Trusting your computer to be trusted. Computer Fraud & Security, 20057-
11. doi:10.1016/S1361-3723(05)00146-6
McGill, K. (2013). Trusted Mobile Devices: Requirements for a Mobile Trusted Platform Module. Johns Hopkins Apl
Technical Digest, 32(2), 544-554.
Osborn, J., & Challener, D. (2013). Trusted platform module evolution. Johns Hopkins Apl Technical Digest, 32(2),
536-543
Winter, J., & Dietrich, K. (2012). A hijacker's guide to communication interfaces of the trusted platform module.
Computers & Mathematics With Applications, 65(5), 748-761.
Each Trusted Platform Module consists of a n RSA key paid called the EK or the Endorsement Key. The EK is stored inside the chip and there is no way of accessing it with the use of Software. The ownership of a system is endorsed by the Storage Root Key, which is generated based on the Endorsement Key and an owner-specified password.
In this section we investigate attacks and threats to our primary devices. These attacks and threats are built off of the vulnerabilities the previous section and help to determine which security controls would be most valuable against future attacks.
The Operating System (OS) is the heart of computer server and client systems; therefore they are the pivotal components of the Information Technology (IT) architecture. The OS contains the crucial data, information, and applications, which are vulnerable, and can be infiltrated to cripple the entire IT architecture of the organization. Therefore, it becomes mandatory to properly safeguard the OS from an internal or external intrusion (Stallings & Brown, 2012). This critical thinking report will highlight the security concerns that may impact the OS. Further, the security guidelines and best practices for the OS in general, along with the specific fundamentals regarding the Windows and Linux OS are comprehensively illustrated.
In the world today, computers are used in every field. Be it a major space exploration or a small chore like cleaning our room. The use of computers has made our lives easier but at the same time a computer failure can make our lives miserable too. We trust computers more than we trust anything else these days. We use computers to communicate, share personal information, buy goods online, etc. We also trust computers with our safety. Starting from house alarm systems and other safety devices we have now moved on to using computers to Test Car Crashes.
Privacy and security issues have become one of the top concerns among computer users in today’s market. It has become a game of survival of the fittest in protection of your security. The only true way to defend yourself is knowledge. You should prepare your self against hackers, spammers and potential system crashing viruses and web bugs. Lets focus on how you can protect yourselves from the would be thieves.
RSA is the encryption and network security division of EMC, assisting top organizations to solve complex IT security challenges. RSA’s products and mission consist of a combinations of business-critical controls, encryption, and tokenization to secure access to organizations IS infrastructure. The Security Division offers a wide range of two-factor authentication solutions to help organizations assure user identities and meet regulatory compliance requirements. The authentication keys come in a variety of forms such as hardware and software authenticators that can be applied to a range of computer devices.
There is constant concern about different kinds of devices and tools because of their vulnerability: laptops; personal computers in the home; libraries and public workstations; USB Flash Drives and email, to name a few. These items are easily accessible for those attempting to breach security.... ... middle of paper ... ...
This project must meet the requirements of DoD security policies and standards for delivery of the technology services. The first requirement we are to discuss is Federal Information Security Management Act (FISMA) which is a United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats. FISMA assigned the National Institute of Standards and Technology (NIST), the responsibility of defining standards and security procedures to be followed and must be complied. There are nine processes NIST outlines to be in compliance with FISMA:
Tan, L. M., and M. Newman. 1991. “Computer Misuse and the Law.” International Journal of Information Management 11 (4): 282–291.
The computer is considered one of the most important technological advances of the twentieth century. Security and privacy issues have been in existence long before the computer became a vital component of organizations' operations. Nevertheless, the operating features of a computer make it a double-edged sword. Computer technologies with reliable error detection and recording capabilities, permit the invasion of a supposedly secure environment to occur on a grand scale and go undetected. Furthermore, computer and communications technology permit the invasion of a persons' privacy and likewise go undetected. Two forces threaten privacy: one, the growth of information technology with its enhanced capacity for surveillance, communication, computation, storage and retrieval and two, the more insidious threat, the increased value of information in decision making. Information has become more vital in the competitive environment, thus, decision makers covet it even if it viol!
It has been demonstrated that a number of interoperable systems must be implemented to fully protect a network; a strategy known as Defense in Depth. Due to the multitude of security devices and device categories available, it can be very difficult to identify the correct tools for meeting security goals. Using the Defense in Depth strategy will require an understanding of the interactions between devices occuring within the network.
With the increasingly ubiquitous nature of mobile devices and online availability, including smartphones and tablets, there is also an understandable concern about the level of security that is afforded to such devices. This can be considered as increasingly important given the proliferation of policies such as BYOD (Bring Your Own Device) which is being used by diverse organizations as a way of lowering the cost of ownership for such devices while also leveraging the flexibility advantages that their utilization can bring. It is therefore an area of immense interest due to the changing and emerging nature of both the technology itself as well as the security concerns.
Depending on the recommended cryptography system, this section defines the security requirements that must be satisfied by cryptographic modules conform to the standard. The areas that are related to the design and implementation of cryptographic unit that consists of a basic design, documentation, and management of key
This paper is going to discuss wireless security from a broad view where I will go into why exactly wireless security is so important especially today as the ways in which we are communicating is changing dramatically. From there I will discuss the multiple wireless securities that are available to give a better understanding of the options given. Then I will go into why exactly not protecting your wireless can be so dangerous with some descriptions on the most dangerous wireless attacks out there today. Finally I will then discuss how we can better prepare for these types of attacks with a synopsis on several effective security methods that will help to ensure data is securely passed and kept hidden.
The book is structured into four parts: Part 1 discusses the fundamentals of Internet security and privacy, Part 2 specializes in privacy while on the World Wide Web, Part 3’s topics are e-mail security and privacy, and Part 4 discusses the ways in which to secure a computer. Following the structure of the book, I will review and summarize the most important aspects of the parts and chapters in chronological order.