A Practical Guide to TPM 2. 0 : Using the Trusted Platform Module in the New Age of Security.

Yazar:Arthur, Will
Katkıda bulunan(lar):Challener, David
Materyal türü: KonuKonuYayıncı: Berkeley, CA : Apress L. P., 2015Telif hakkı tarihi: �2015Tanım: 1 online resource (375 pages)İçerik türü:text Ortam türü:computer Taşıyıcı türü: online resourceISBN: 9781430265849Tür/Form:Electronic books.Ek fiziksel biçimler:Print version:: A Practical Guide to TPM 2. 0LOC classification: QA76.9.A25Çevrimiçi kaynaklar: Click to View
İçindekiler:
Intro -- A Practical Guide to TPM 2.0 -- Contents at a Glance -- About ApressOpen -- Contents -- About the Authors -- About the Technical Reviewers -- Acknowledgments -- Introduction -- Chapter 1: History of the TPM -- Why a TPM? -- History of Development of the TPM Specification from 1.1b to 1.2 -- How TPM 2.0 Developed from TPM 1.2 -- History of TPM 2.0 Specification Development -- Summary -- Chapter 2: Basic Security Concepts -- Cryptographic Attacks -- Brute Force -- Calculating the Strength of Algorithms by Type -- Attacks on the Algorithm Itself -- Security Definitions -- Cryptographic Families -- Secure Hash (or Digest) -- Hash Extend -- HMAC: Message Authentication Code -- KDF: Key Derivation Function -- Authentication or Authorization Ticket -- Symmetric-Encryption Key -- Symmetric-Key Modes -- Nonce -- Asymmetric Keys -- RSA Asymmetric-Key Algorithm -- RSA for Key Encryption -- RSA for Digital Signatures -- ECC Asymmetric-Key Algorithm -- ECDH Asymmetric-Key Algorithm to Use Elliptic Curves to Pass Keys -- ECDSA Asymmetric-Key Algorithm to Use Elliptic Curves for Signatures -- Public Key Certification -- Summary -- Chapter 3: Quick Tutorial on TPM 2.0 -- Scenarios for Using TPM 1.2 -- Identification -- Encryption -- Key Storage -- Random Number Generator -- NVRAM Storage -- Platform Configuration Registers -- Privacy Enablement -- Scenarios for Using Additional TPM 2.0 Capabilities -- Algorithm Agility (New in 2.0) -- Enhanced Authorization (New in 2.0) -- Quick Key Loading (new in 2.0) -- Non-Brittle PCRs (New in 2.0) -- Flexible Management (New in 2.0) -- Identifying Resources by Name (New in 2.0) -- Summary -- Chapter 4: Existing Applications That Use TPMs -- Application Interfaces Used to Talk to TPMs -- TPM Administration and WMI -- The Platform Crypto Provider -- Virtual Smart Card -- Applications That Use TPMs.
Applications That Should Use the TPM but Don't -- Building Applications for TPM 1.2 -- TSS.Net and TSS.C++ -- Wave System s Embassy Suite -- Rocks to Avoid When Developing TPM Applications -- Microsoft BitLocker -- IBM File and Folder Encryption -- New Manageability Solutions in TPM 2.0 -- Summary -- Chapter 5: Navigating the Specification -- TPM 2.0 Library Specification: The Parts -- Some Definitions -- General Definitions -- Definitions of the Major Fields of the Command Byte Stream -- Definitions of the Major Fields of the Response Byte Stream -- Getting Started in Part 3: the Commands -- Data Details -- Common Structure Constructs -- TPM2B_XXX Structures -- Structure with Union -- Canonicalization -- Endianness -- Part 2: Notation Syntax -- Part 3: Table Decorations -- Commonly Used Sections of the Specification -- How to Find Information in the Specification -- Strategies for Ramping Up on TPM 2.0 -- Will -- Ken -- Dave -- Other TPM 2.0 Specifications -- Summary -- Chapter 6: Execution Environment -- Setting Up the TPM -- Microsoft Simulator -- Building the Simulator from Source Code -- Setting Up a Binary Version of the Simulator -- Running the Simulator -- Testing the Simulator -- Python Script -- TSS.net -- System API Test Code -- Setting Up the Software Stack -- TSS 2.0 -- TSS.net -- Summary -- Chapter 7: TPM Software Stack -- The Stack: a High-Level View -- Feature API -- System API -- Command Context Allocation Functions -- Command Preparation Functions -- Command Execution Functions -- Command Completion Functions -- Simple Code Example -- System API Test Code -- TCTI -- TPM Access Broker ( TAB) -- Resource Manager -- Device Driver -- Summary -- Chapter 8: TPM Entities -- Permanent Entities -- Persistent Hierarchies -- Ephemeral Hierarchy -- Dictionary Attack Lockout Reset -- Platform Configuration Registers ( PCR s) -- Reserved Handles.
Password Authorization Session -- Platform NV Enable -- Nonvolatile Indexes -- Objects -- Nonpersistent Entities -- Persistent Entities -- Entity Names -- Summary -- Chapter 9: Hierarchies -- Three Persistent Hierarchies -- Platform Hierarchy -- Storage Hierarchy -- Endorsement Hierarchy -- Privacy -- Activating a Credential -- Other Privacy Considerations -- NULL Hierarchy -- Cryptographic Primitives -- Random Number Generator -- Digest Primitives -- HMAC Primitives -- RSA Primitives -- Symmetric Key Primitives -- Summary -- Chapter 10: Keys -- Key Commands -- Key Generator -- Primary Keys and Seeds -- Persistence of Keys -- Key Cache -- Key Authorization -- Key Destruction -- Key Hierarchy -- Key Types and Attributes -- Symmetric and Asymmetric Keys Attributes -- Duplication Attributes -- Restricted Signing Key -- Restricted Decryption Key -- Context Management vs. Loading -- NULL Hierarchy -- Certification -- Keys Unraveled -- Summary -- Chapter 11: NV Indexes -- NV Ordinary Index -- NV Counter Index -- NV Bit Field Index -- NV Extend Index -- Hybrid Index -- NV Access Controls -- NV Written -- NV Index Handle Values -- NV Names -- NV Password -- Separate Commands -- Summary -- Chapter 12: Platform Configuration Registers -- PCR Value -- Number of PCRs -- PCR Commands -- PCRs for Authorization -- PCRs for Attestation -- PCR Quote in Detail -- PCR Attributes -- PCR Authorization and Policy -- PCR Algorithms -- Summary -- Chapter 13: Authorizations and Sessions -- Session-Related Definitions -- Password, HMAC, and Policy Sessions: What Are They? -- Session and Authorization: Compared and Contrasted -- Authorization Roles -- Command and Response Authorization Area Details -- Command Authorization Area -- Command Authorization Structures -- Response Authorization Structures -- Password Authorization: The Simplest Authorization.
Password Authorization Lifecycle -- Creating a Password Authorized Entity -- Changing a Password Authorization for an Already Created Entity -- Using a Password Authorization -- Code Example: Password Session -- Starting HMAC and Policy Sessions -- TPM2_StartAuthSession Command -- Session Key and HMAC Key Details -- Guidelines for TPM2_StartAuthSession Handles and Parameters -- Session Variations -- Salted vs. Unsalted -- Bound vs. Unbound -- Use Cases for Session Variations -- HMAC and Policy Sessions: Differences -- HMAC Authorization -- HMAC Authorization Lifecycle -- Altering or Creating an Entity That Requires HMAC Authorization -- Creating an HMAC Session -- Using an HMAC Session to Authorize a Single Command -- HMAC and Policy Session Code Example -- Using an HMAC Session to Send Multiple Commands (Rolling Nonces) -- HMAC Session Security -- HMAC Session Data Structure -- Policy Authorization -- How Does EA Work? -- Policy Authorization Time Intervals -- Policy Authorization Lifecycle -- Building the Entity's Policy Digest -- Creating the Entity to Use the Policy Digest -- Starting the Real Policy Session -- Sending Policy Commands to Fulfill the Policy -- Performing the Action That Requires Authorization -- Combined Authorization Lifecycle -- Summary -- Chapter 14: Extended Authorization (EA) Policies -- Policies and Passwords -- Why Extended Authorization? -- Multiple Varieties of Authentication -- Multifactor Authentication -- How Extended Authorization Works -- Creating Policies -- Simple Assertion Policies -- Passwords (Plaintext and HMAC) of the Object -- Passwords of a Different Object -- Digital Signatures (such as Smart Cards) -- PCRs: State of the Machine -- Locality of Command -- Internal State of the TPM (Boot Counter and Timers) -- Internal Value of an NV RAM Location.
State of the External Device (GPS, Fingerprint Reader, and So On) -- Flexible (Wild Card) Policy -- Example 1: Smart card and Password -- Example 2: A Policy for a Key Used Only for Signing with a Password -- Example 3: A PC state, a Password, and a Fingerprint -- Example 4: A Policy Good for One Boot Cycle -- Example 5: A Policy for Flexible PCRs -- Example 6: A Policy for Group Admission -- Example 7: A Policy for NV RAM between 1 and 100 -- Command-Based Assertions -- Multifactor Authentication -- Compound Policies: Using Logical OR in a Policy -- Making a Compound Policy -- Example: A Policy for Work or Home Computers -- Considerations in Creating Policies -- End User Role -- Administrator Role -- Understudy Role -- Office Role -- Home Role -- Using a Policy to Authorize a Command -- Starting the Policy -- Satisfying a Policy -- Simple Assertions and Multifactor Assertions -- If the Policy Is Compound -- If the Policy Is Flexible (Uses a Wild Card) -- Satisfying the Approved Policy -- Transforming the Approved Policy in the Flexible Policy -- Certified Policies -- Summary -- Chapter 15: Key Management -- Key Generation -- Templates -- Key Trees: Keeping Keys in a Tree with the Same Algorithm Set -- Duplication -- Key Distribution -- Key Activation -- Key Destruction -- Putting It All Together -- Example 1: Simple Key Management -- Example 2: An Enterprise IT Organization with Windows TPM 2.0 Enabled Systems -- Summary -- Chapter 16: Auditing TPM Commands -- Why Audit -- Audit Commands -- Audit Types -- Command Audit -- Session Audit -- Audit Log -- Audit Data -- Exclusive Audit -- Summary -- Chapter 17: Decrypt/Encrypt Sessions -- What Do Encrypt/Decrypt Sessions Do? -- Practical Use Cases -- Decrypt/Encrypt Limitations -- Decrypt/Encrypt Setup -- Pseudocode Flow -- Sample Code -- Summary -- Chapter 18: Context Management.
TAB and the Resource Manager: A High-Level Description.
Bu kütüphanenin etiketleri: Kütüphanedeki eser adı için etiket yok. Etiket eklemek için oturumu açın.
    Ortalama derecelendirme: 0.0 (0 oy)
Bu kayda ilişkin materyal yok

Intro -- A Practical Guide to TPM 2.0 -- Contents at a Glance -- About ApressOpen -- Contents -- About the Authors -- About the Technical Reviewers -- Acknowledgments -- Introduction -- Chapter 1: History of the TPM -- Why a TPM? -- History of Development of the TPM Specification from 1.1b to 1.2 -- How TPM 2.0 Developed from TPM 1.2 -- History of TPM 2.0 Specification Development -- Summary -- Chapter 2: Basic Security Concepts -- Cryptographic Attacks -- Brute Force -- Calculating the Strength of Algorithms by Type -- Attacks on the Algorithm Itself -- Security Definitions -- Cryptographic Families -- Secure Hash (or Digest) -- Hash Extend -- HMAC: Message Authentication Code -- KDF: Key Derivation Function -- Authentication or Authorization Ticket -- Symmetric-Encryption Key -- Symmetric-Key Modes -- Nonce -- Asymmetric Keys -- RSA Asymmetric-Key Algorithm -- RSA for Key Encryption -- RSA for Digital Signatures -- ECC Asymmetric-Key Algorithm -- ECDH Asymmetric-Key Algorithm to Use Elliptic Curves to Pass Keys -- ECDSA Asymmetric-Key Algorithm to Use Elliptic Curves for Signatures -- Public Key Certification -- Summary -- Chapter 3: Quick Tutorial on TPM 2.0 -- Scenarios for Using TPM 1.2 -- Identification -- Encryption -- Key Storage -- Random Number Generator -- NVRAM Storage -- Platform Configuration Registers -- Privacy Enablement -- Scenarios for Using Additional TPM 2.0 Capabilities -- Algorithm Agility (New in 2.0) -- Enhanced Authorization (New in 2.0) -- Quick Key Loading (new in 2.0) -- Non-Brittle PCRs (New in 2.0) -- Flexible Management (New in 2.0) -- Identifying Resources by Name (New in 2.0) -- Summary -- Chapter 4: Existing Applications That Use TPMs -- Application Interfaces Used to Talk to TPMs -- TPM Administration and WMI -- The Platform Crypto Provider -- Virtual Smart Card -- Applications That Use TPMs.

Applications That Should Use the TPM but Don't -- Building Applications for TPM 1.2 -- TSS.Net and TSS.C++ -- Wave System s Embassy Suite -- Rocks to Avoid When Developing TPM Applications -- Microsoft BitLocker -- IBM File and Folder Encryption -- New Manageability Solutions in TPM 2.0 -- Summary -- Chapter 5: Navigating the Specification -- TPM 2.0 Library Specification: The Parts -- Some Definitions -- General Definitions -- Definitions of the Major Fields of the Command Byte Stream -- Definitions of the Major Fields of the Response Byte Stream -- Getting Started in Part 3: the Commands -- Data Details -- Common Structure Constructs -- TPM2B_XXX Structures -- Structure with Union -- Canonicalization -- Endianness -- Part 2: Notation Syntax -- Part 3: Table Decorations -- Commonly Used Sections of the Specification -- How to Find Information in the Specification -- Strategies for Ramping Up on TPM 2.0 -- Will -- Ken -- Dave -- Other TPM 2.0 Specifications -- Summary -- Chapter 6: Execution Environment -- Setting Up the TPM -- Microsoft Simulator -- Building the Simulator from Source Code -- Setting Up a Binary Version of the Simulator -- Running the Simulator -- Testing the Simulator -- Python Script -- TSS.net -- System API Test Code -- Setting Up the Software Stack -- TSS 2.0 -- TSS.net -- Summary -- Chapter 7: TPM Software Stack -- The Stack: a High-Level View -- Feature API -- System API -- Command Context Allocation Functions -- Command Preparation Functions -- Command Execution Functions -- Command Completion Functions -- Simple Code Example -- System API Test Code -- TCTI -- TPM Access Broker ( TAB) -- Resource Manager -- Device Driver -- Summary -- Chapter 8: TPM Entities -- Permanent Entities -- Persistent Hierarchies -- Ephemeral Hierarchy -- Dictionary Attack Lockout Reset -- Platform Configuration Registers ( PCR s) -- Reserved Handles.

Password Authorization Session -- Platform NV Enable -- Nonvolatile Indexes -- Objects -- Nonpersistent Entities -- Persistent Entities -- Entity Names -- Summary -- Chapter 9: Hierarchies -- Three Persistent Hierarchies -- Platform Hierarchy -- Storage Hierarchy -- Endorsement Hierarchy -- Privacy -- Activating a Credential -- Other Privacy Considerations -- NULL Hierarchy -- Cryptographic Primitives -- Random Number Generator -- Digest Primitives -- HMAC Primitives -- RSA Primitives -- Symmetric Key Primitives -- Summary -- Chapter 10: Keys -- Key Commands -- Key Generator -- Primary Keys and Seeds -- Persistence of Keys -- Key Cache -- Key Authorization -- Key Destruction -- Key Hierarchy -- Key Types and Attributes -- Symmetric and Asymmetric Keys Attributes -- Duplication Attributes -- Restricted Signing Key -- Restricted Decryption Key -- Context Management vs. Loading -- NULL Hierarchy -- Certification -- Keys Unraveled -- Summary -- Chapter 11: NV Indexes -- NV Ordinary Index -- NV Counter Index -- NV Bit Field Index -- NV Extend Index -- Hybrid Index -- NV Access Controls -- NV Written -- NV Index Handle Values -- NV Names -- NV Password -- Separate Commands -- Summary -- Chapter 12: Platform Configuration Registers -- PCR Value -- Number of PCRs -- PCR Commands -- PCRs for Authorization -- PCRs for Attestation -- PCR Quote in Detail -- PCR Attributes -- PCR Authorization and Policy -- PCR Algorithms -- Summary -- Chapter 13: Authorizations and Sessions -- Session-Related Definitions -- Password, HMAC, and Policy Sessions: What Are They? -- Session and Authorization: Compared and Contrasted -- Authorization Roles -- Command and Response Authorization Area Details -- Command Authorization Area -- Command Authorization Structures -- Response Authorization Structures -- Password Authorization: The Simplest Authorization.

Password Authorization Lifecycle -- Creating a Password Authorized Entity -- Changing a Password Authorization for an Already Created Entity -- Using a Password Authorization -- Code Example: Password Session -- Starting HMAC and Policy Sessions -- TPM2_StartAuthSession Command -- Session Key and HMAC Key Details -- Guidelines for TPM2_StartAuthSession Handles and Parameters -- Session Variations -- Salted vs. Unsalted -- Bound vs. Unbound -- Use Cases for Session Variations -- HMAC and Policy Sessions: Differences -- HMAC Authorization -- HMAC Authorization Lifecycle -- Altering or Creating an Entity That Requires HMAC Authorization -- Creating an HMAC Session -- Using an HMAC Session to Authorize a Single Command -- HMAC and Policy Session Code Example -- Using an HMAC Session to Send Multiple Commands (Rolling Nonces) -- HMAC Session Security -- HMAC Session Data Structure -- Policy Authorization -- How Does EA Work? -- Policy Authorization Time Intervals -- Policy Authorization Lifecycle -- Building the Entity's Policy Digest -- Creating the Entity to Use the Policy Digest -- Starting the Real Policy Session -- Sending Policy Commands to Fulfill the Policy -- Performing the Action That Requires Authorization -- Combined Authorization Lifecycle -- Summary -- Chapter 14: Extended Authorization (EA) Policies -- Policies and Passwords -- Why Extended Authorization? -- Multiple Varieties of Authentication -- Multifactor Authentication -- How Extended Authorization Works -- Creating Policies -- Simple Assertion Policies -- Passwords (Plaintext and HMAC) of the Object -- Passwords of a Different Object -- Digital Signatures (such as Smart Cards) -- PCRs: State of the Machine -- Locality of Command -- Internal State of the TPM (Boot Counter and Timers) -- Internal Value of an NV RAM Location.

State of the External Device (GPS, Fingerprint Reader, and So On) -- Flexible (Wild Card) Policy -- Example 1: Smart card and Password -- Example 2: A Policy for a Key Used Only for Signing with a Password -- Example 3: A PC state, a Password, and a Fingerprint -- Example 4: A Policy Good for One Boot Cycle -- Example 5: A Policy for Flexible PCRs -- Example 6: A Policy for Group Admission -- Example 7: A Policy for NV RAM between 1 and 100 -- Command-Based Assertions -- Multifactor Authentication -- Compound Policies: Using Logical OR in a Policy -- Making a Compound Policy -- Example: A Policy for Work or Home Computers -- Considerations in Creating Policies -- End User Role -- Administrator Role -- Understudy Role -- Office Role -- Home Role -- Using a Policy to Authorize a Command -- Starting the Policy -- Satisfying a Policy -- Simple Assertions and Multifactor Assertions -- If the Policy Is Compound -- If the Policy Is Flexible (Uses a Wild Card) -- Satisfying the Approved Policy -- Transforming the Approved Policy in the Flexible Policy -- Certified Policies -- Summary -- Chapter 15: Key Management -- Key Generation -- Templates -- Key Trees: Keeping Keys in a Tree with the Same Algorithm Set -- Duplication -- Key Distribution -- Key Activation -- Key Destruction -- Putting It All Together -- Example 1: Simple Key Management -- Example 2: An Enterprise IT Organization with Windows TPM 2.0 Enabled Systems -- Summary -- Chapter 16: Auditing TPM Commands -- Why Audit -- Audit Commands -- Audit Types -- Command Audit -- Session Audit -- Audit Log -- Audit Data -- Exclusive Audit -- Summary -- Chapter 17: Decrypt/Encrypt Sessions -- What Do Encrypt/Decrypt Sessions Do? -- Practical Use Cases -- Decrypt/Encrypt Limitations -- Decrypt/Encrypt Setup -- Pseudocode Flow -- Sample Code -- Summary -- Chapter 18: Context Management.

TAB and the Resource Manager: A High-Level Description.

Description based on publisher supplied metadata and other sources.

Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2022. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.

There are no comments on this title.

yorum yazmak için.

Ziyaretçi Sayısı

Destekleyen Koha