masterthesis/presentation/190115_secondshort/second.tex

\documentclass[naustrian,notes]{beamer}

\input{header}
%Titelinformationen
\title[Digidow Biometric Sensor]{Digital Shadow: Biometric Sensor}
\subtitle{Master's Thesis Seminar}
\author[Michael Preisach]{Michael Preisach}
\date{January 15, 2019}
\institute[INS]{\includegraphics[width=0.1\textwidth]{../../resources/ins}}

\begin{document}
\begin{frame}
	\titlepage
\end{frame}
	
\begin{frame}
	\frametitle{Project Overview Digital Shadow}
	\begin{figure}
		\centering
		\includegraphics[width=0.9\textwidth]{../../resources/globalview}
	\end{figure}
\end{frame}

\begin{frame}
	\frametitle{Physical Overview}
	\begin{figure}
		\centering
		\includegraphics[height=0.8\textheight]{../../resources/networkview2.pdf}
	\end{figure}
	
\end{frame}

  \begin{frame}
\frametitle{TPM2: Platform Configuration Registers (PCR)\footnote{Arthur, Challener: \emph{A Practical Guide to TPM 2.0}}}
\begin{columns}
	\begin{column}{0.5\textwidth}
		\begin{itemize}
			\item 24 Registers (for the PC)
			\item represents state of measured unit
			\item reset only by power cycle
			\item SHA1 or SHA256 
			\item modify by \emph{Extend()}: \\
			{\scriptsize\texttt{newPCR = Digest(oldPCR || data)}}
			\item extension chain possible
		\end{itemize}
	\end{column}
	\begin{column}{0.5\textwidth}  %%<--- here
		\begin{scriptsize}
			\begin{tabular}{c|p{3.5cm}}
				PCR &Allocation\\\hline
				0	&BIOS			\\
				1	&BIOS Config	\\
				2	&Option ROM		\\
				3	&Option ROM Config	\\
				4	&MBR			\\
				5	&MBR Config		\\
				6	&State transition and wake events\\
				7	&Platform specific measurements\\
				8-15	&Static OS\\
				16	&Debug\\
				17-22	&General Purpose\\
				23	&Application Support\\
			\end{tabular}   
		\end{scriptsize}
	\end{column}
\end{columns}
\end{frame}

\begin{frame}
\frametitle{TPM2: Platform Configuration Registers (PCR)\footnote{\url{https://github.com/Rohde-Schwarz-Cybersecurity/TrustedGRUB2}}}
		\begin{center}
			\begin{tabular}{l|l}
				Component &measured by\\\hline
				BIOS	&CRTM			\\
				TrustedGRUB MBR bootcode	&BIOS	\\
				TrustedGRUB kernel (\texttt{diskboot.img})	&TrustedGRUB MBR bootcode	\\
				TrustedGRUB kernel (\texttt{core.img})	&\texttt{diskboot.img}	\\
				GRUB modules + OS	&TrustedGRUB kernel			\\
				Applications	&OS (e.g. Linux IMA)		\\
			\end{tabular}   
		\end{center}
\end{frame}

\begin{frame}
	\frametitle{Linux Integrity Measurement Architecture (IMA)
	\footnote{\url{https://wiki.strongswan.org/projects/strongswan/wiki/IMA}}
	\footnote{\url{https://sourceforge.net/p/linux-ima/wiki/Home/}}}
	\begin{itemize}
		\item Kernel extension for measuring accessed files
		\item configurable via policies (access mode, files, users, \ldots)
		\item standardized log file entries
		\item extend PCR and create log file entry
	\end{itemize}
\end{frame}

\begin{frame}
\frametitle{Attestation}
	\begin{enumerate}
		\item hash a number of PCR values (= \emph{Quote})
		\item sign hash with TPM key
		\item remote party validates signing key
		\item remote party validates values of PCRs
		\item remote party validates values of (IMA-)Event log
	\end{enumerate}
\end{frame}


\begin{frame}
	\frametitle{State of the Project: What is Done}
	\begin{itemize}
		\item small PC with dedicated TPM2 device
		\item installed GRUB-TPM2 
		\item installed TPM2-ESAPI and development environment
		\item read most parts of the book \emph{Trusted Computing Platforms - 
			TPM2.0 in Context} and implemented basic examples
	\end{itemize}
\end{frame}

\begin{frame}
	\frametitle{State of the Project: What is next}
	\begin{itemize}
		\item solve remaining problems with GRUB-TPM2
		\item implementing more complex tasks with the TPM2
		\item understanding \emph{Direct Anonymous Attestation} (DAA)
		\item define and develop a trusted environment between BS and PA
	\end{itemize}
\end{frame}

\begin{frame}
\frametitle{Questions}
\begin{itemize}
	\item IMA also works for other system calls?
	\item Details about CRTM
\end{itemize}
\end{frame}






\end{document}