Ruan, Xiaoyu.

Platform Embedded Security Technology Revealed : Safeguarding the Future of Computing with Intel Embedded Security and Management Engine. - 1 online resource (263 pages)

Intro -- Contents at a Glance -- Contents -- About the Author -- About the Technical Reviewer -- Acknowledgments -- Introduction -- Chapter 1: Cyber Security in the Mobile Age -- Three Pillars of Mobile Computing -- Power Efficiency -- Internet Connectivity -- Security -- BYOD -- Incident Case Study -- eBay Data Breach -- Target Data Breach -- OpenSSL Heartbleed -- Key Takeaways -- Strong Authentication -- Network Management -- Boot Integrity -- Hardware-Based Protection -- Open-Source Software Best Practice -- Third-Party Software Best Practice -- Security Development Lifecycle -- Assessment -- Architecture -- Design -- Implementation -- Deployment -- Interface Testing -- Penetration Testing -- CVSS -- Limitations -- References -- Chapter 2: Intel's Embedded Solutions: from Management to Security -- Management Engine vs. Intel AMT -- Intel AMT vs. Intel vPro Technology -- Management Engine Overview -- Hardware -- Overlapped I/O -- Firmware -- Software -- Platform and System Management -- Software Solutions -- Hardware Solutions -- In-Band Solutions -- Out-of-Band Solutions -- Intel AMT Overview -- BIOS Extension -- Local Management Service and Tray Icon -- Remote Management -- The Engine's Evolvement: from Management to Security -- Embedded System as Security Solution -- Security Applications at a Glance -- EPID -- PAVP -- IPT -- Boot Guard -- Virtual Security Core: ARM TrustZone -- Secure Mode and Nonsecure Mode -- Memory Isolation -- Bus Isolation -- Physical Isolation vs. Virtual Isolation -- References -- Chapter 3: Building Blocks of the Security and Management Engine -- Random Number Generation -- Message Authentication -- Hash with Multiple Calls -- Symmetric-Key Encryption -- AES -- DES/3DES -- Asymmetric-Key Encryption: RSA -- Key Pair Generation and Validation -- Encryption and Decryption -- Digital Signature -- RSA -- ECDSA. Key Pair Generation and Validation -- Scalar Multiplication -- Window Method -- Dual Scalar Multiplication -- Hardware Acceleration -- Other Cryptography Functions -- Secure Storage -- Debugging -- Debug Messaging -- Special Production-Signed Firmware Based on Unique Part ID -- Secure Timer -- Host-Embedded Communication Interface -- Direct Memory Access to Host Memory -- References -- Chapter 4: The Engine: Safeguarding Itself before Safeguarding Others -- Access to Host Memory -- Communication with the CPU -- Triggering Power Flow -- Security Requirements -- Confidentiality -- Integrity -- Availability -- Threat Analysis and Mitigation -- Load Integrity -- Memory Integrity -- Memory Encryption -- Task Isolation -- Asset Protection -- Memory Manager -- Thread Manager -- Memory Protection Control -- Loader -- Inter-Task Call Management -- Exception Handler -- Nonprivileged Tasks -- Firmware Update and Downgrade -- Published Attacks -- "Introducing Ring -3 Rootkits " -- References -- Chapter 5: Privacy at the Next Level: Intel's Enhanced Privacy Identification (EPID) Technology -- Redefining Privacy for the Mobile Age -- Passive Anonymity -- Active Anonymity -- Processor Serial Number -- EPID -- Key Structures and Provisioning -- Revocation -- Private Key-Based Revocation -- Signature-Based Revocation -- Group-Based Revocation -- Signature Generation and Verification -- Signature Generation -- Base Name -- Signature Verification -- SIGMA -- Verifier's Certificate -- Messages Breakdown -- Implementation of EPID -- Key Recovery -- Attack Mitigation -- Applications of EPID -- Next Generation of EPID -- Two-way EPID -- Optimization -- References -- Chapter 6: Boot with Integrity, or Don't Boot -- Boot Attack -- Evil Maid -- BIOS and UEFI -- BIOS Alteration -- Software Replacement -- Jailbreaking -- Trusted Platform Module (TPM). Platform Configuration Register -- Field Programmable Fuses -- Field Programmable Fuses vs. Flash Storage -- Field Programmable Fuse Task -- Intel Boot Guard -- Operating System Requirements for Boot Integrity -- OEM Configuration -- Measured Boot -- Verified Boot -- Manifests -- Verification Flow -- References -- Chapter 7: Trust Computing, Backed by the Intel Platform Trust Technology -- TPM Overview -- Cryptography Subsystem -- Storage -- Endorsement Key -- Attestation -- Binding and Sealing -- Intel Platform Trust Technology -- Cryptography Algorithms -- Endorsement Key Storage -- Endorsement Key Revocation -- Endorsement Certificate -- Supporting Security Firmware Applications -- Integrated vs. Discrete TPM -- References -- Chapter 8: Unleashing Premium Entertainment with Hardware-Based Content Protection Technology -- Rights Protection -- DRM Schemes -- Device Key Management -- Rights Management -- Playback -- UltraViolet -- End-to-End Content Protection -- Content Server -- License Server -- Software Stack -- External Display -- Weak Points -- Intel's Hardware-Based Content Protection -- Protected Audio and Video Path (PAVP) -- Device Key Provisioning -- Rights Management -- Intel Wireless Display -- Authentication and Key Exchange -- Content Protection on TrustZone -- References -- Chapter 9: Breaking the Boundaries with Dynamically Loaded Applications -- Closed-Door Model -- DAL Overview -- DAL Architecture -- Loading an Applet -- Secure Timer -- Host Storage Protection -- Security Considerations -- Reviewing and Signing Process -- References -- Chapter 10: Intel Identity Protection Technology: the Robust, Convenient, and Cost-Effective Way to Deter Identity Theft -- One-Time Password -- HOTP -- TOTP -- Transaction Signing -- OTP Tokens -- Embedded OTP and OCRA -- Token Installation -- TOTP and OCRA Generation -- Highlights and Lowlights. Protected Transaction Display -- Drawing a Sprite -- Gathering the User's PIN Input -- Firmware Architecture -- Embedded PKI and NFC -- References -- Chapter 11: Looking Ahead: Tomorrow's Innovations Built on Today's Foundation -- Isolated Computing Environment -- Security-Hardening Measures -- Basic Utilities -- Anonymous Authentication and Secure Session Establishment -- Protected Input and Output -- Dynamic Application Loader -- Summary of Firmware Ingredients -- Software Guard Extensions -- More Excitement to Come -- References -- Index.

9781430265726


Electronic books.

QA76.9.A25