book

Platform Embedded Security Technology Revealed : Safeguarding the Future of Computing with Intel Embedded Security and Management Engine

Name: Platform Embedded Security Technology Revealed : Safeguarding the Future of Computing with Intel Embedded Security and Management Engine
Author: Xiaoyu Ruan
ISBN: 9781430265726

by Xiaoyu Ruan

August 2014

Intermediate to advanced

272 pages

7h 43m

English

Apress

Read now

Unlock full access

Cover
Title
Copyright
About ApressOpen
Dedication
Contents at a Glance
Contents
About the Author
About the Technical Reviewer
Acknowledgments

Introduction
Chapter 1: Cyber Security in the Mobile Age
Three Pillars of Mobile ComputingPower EfficiencyInternet ConnectivitySecurityBYODIncident Case StudyeBay Data BreachTarget Data BreachOpenSSL HeartbleedKey TakeawaysStrong AuthenticationNetwork ManagementBoot IntegrityHardware-Based ProtectionOpen-Source Software Best PracticeThird-Party Software Best PracticeSecurity Development LifecycleAssessmentArchitectureDesignImplementationDeploymentCVSSLimitationsReferences
Chapter 2: Intel’s Embedded Solutions: from Management to Security
Management Engine vs. Intel AMTIntel AMT vs. Intel vPro TechnologyManagement Engine OverviewHardwareOverlapped I/OFirmwareSoftwarePlatform and System ManagementSoftware SolutionsHardware SolutionsIn-Band SolutionsOut-of-Band SolutionsIntel AMT OverviewBIOS ExtensionLocal Management Service and Tray IconRemote ManagementThe Engine’s Evolvement: from Management to SecurityEmbedded System as Security SolutionSecurity Applications at a GlanceEPIDPAVPIPTBoot GuardVirtual Security Core: ARM TrustZoneSecure Mode and Nonsecure ModeMemory IsolationBus IsolationPhysical Isolation vs. Virtual IsolationReferences
Chapter 3: Building Blocks of the Security and Management Engine
Random Number GenerationMessage AuthenticationHash with Multiple CallsSymmetric-Key EncryptionAESDES/3DESAsymmetric-Key Encryption: RSAKey Pair Generation and ValidationEncryption and DecryptionDigital SignatureRSAECDSAHardware AccelerationOther Cryptography FunctionsSecure StorageDebuggingDebug MessagingSpecial Production-Signed Firmware Based on Unique Part IDSecure TimerHost-Embedded Communication InterfaceDirect Memory Access to Host MemoryReferences
Chapter 4: The Engine: Safeguarding Itself before Safeguarding Others
Access to Host MemoryCommunication with the CPUTriggering Power FlowSecurity RequirementsConfidentialityIntegrityAvailabilityThreat Analysis and MitigationLoad IntegrityMemory IntegrityMemory EncryptionTask IsolationFirmware Update and DowngradePublished Attacks“Introducing Ring -3 Rootkits”References
Chapter 5: Privacy at the Next Level: Intel’s Enhanced Privacy Identification (EPID) Technology
Redefining Privacy for the Mobile AgePassive AnonymityActive AnonymityProcessor Serial NumberEPIDRevocationSignature Generation and VerificationSIGMAVerifier’s CertificateMessages BreakdownImplementation of EPIDKey RecoveryAttack MitigationApplications of EPIDNext Generation of EPIDTwo-way EPIDOptimizationReferences
Chapter 6: Boot with Integrity, or Don’t Boot
Boot AttackEvil MaidBIOS and UEFIBIOS AlterationSoftware ReplacementJailbreakingTrusted Platform Module (TPM)Platform Configuration RegisterField Programmable FusesField Programmable Fuses vs. Flash StorageField Programmable Fuse TaskIntel Boot GuardOperating System Requirements for Boot IntegrityOEM ConfigurationMeasured BootVerified BootManifestsVerification FlowReferences
Chapter 7: Trust Computing, Backed by the Intel Platform Trust Technology
TPM OverviewCryptography SubsystemStorageEndorsement KeyAttestationBinding and SealingIntel Platform Trust TechnologyCryptography AlgorithmsEndorsement Key StorageEndorsement Key RevocationEndorsement CertificateSupporting Security Firmware ApplicationsIntegrated vs. Discrete TPMReferences
Chapter 8: Unleashing Premium Entertainment with Hardware-Based Content Protection Technology
Rights ProtectionDRM SchemesDevice Key ManagementRights ManagementPlaybackUltraVioletEnd-to-End Content ProtectionContent ServerLicense ServerSoftware StackExternal DisplayWeak PointsIntel’s Hardware-Based Content ProtectionProtected Audio and Video Path (PAVP)Device Key ProvisioningRights ManagementIntel Wireless DisplayAuthentication and Key ExchangeContent Protection on TrustZoneReferences
Chapter 9: Breaking the Boundaries with Dynamically Loaded Applications
Closed-Door ModelDAL OverviewDAL ArchitectureLoading an AppletSecure TimerHost Storage ProtectionSecurity ConsiderationsReviewing and Signing ProcessReferences
Chapter 10: Intel Identity Protection Technology: the Robust, Convenient, and Cost-Effective Way to Deter Identity Theft
One-Time PasswordHOTPTOTPTransaction SigningOTP TokensEmbedded OTP and OCRAToken InstallationTOTP and OCRA GenerationHighlights and LowlightsProtected Transaction DisplayDrawing a SpriteGathering the User’s PIN InputFirmware ArchitectureEmbedded PKI and NFCReferences
Chapter 11: Looking Ahead: Tomorrow’s Innovations Built on Today’s Foundation
Isolated Computing EnvironmentSecurity-Hardening MeasuresBasic UtilitiesAnonymous Authentication and Secure Session EstablishmentProtected Input and OutputDynamic Application LoaderSummary of Firmware IngredientsSoftware Guard ExtensionsMore Excitement to ComeReferences
Index

Overview

Platform Embedded Security Technology Revealedis an in-depth introduction to Intel's platform embedded solution: the security and management engine. The engine is shipped inside most Intel platforms for servers, personal computers, tablets, and smartphones. The engine realizes advanced security and management functionalities and protects applications' secrets and users' privacy in a secure, light-weight, and inexpensive way. Besides native built-in features, it allows third-party software vendors to develop applications that take advantage of the security infrastructures offered by the engine.

Intel's security and management engine is technologically unique and significant, but is largely unknown to many members of the tech communities who could potentially benefit from it. Platform Embedded Security Technology Revealed reveals technical details of the engine. The engine provides a new way for the computer security industry to resolve critical problems resulting from booming mobile technologies, such as increasing threats against confidentiality and privacy. This book describes how this advanced level of protection is made possible by the engine, how it can improve users' security experience, and how third-party vendors can make use of it.

It's written for computer security professionals and researchers; embedded system engineers; and software engineers and vendors who are interested in developing new security applications on top of Intel's security and management engine.

It's also written for advanced users who are interested in understanding how the security features of Intel's platforms work.

What you'll learn

The cyber security challenges behind the creation of the embedded security and management engine, and the solutions it presents

The pros and cons of enforcing security in the embedded engine

Basic cryptography and security infrastructure of the engine

Security-hardening features of the engine

Handling dynamically loaded applications

How anonymous authentication works with enhanced privacy protection

Content protection at the hardware level

Secure boot with a hardware root of trust

Firmware-based TPM

Identity protection with a hardware-based, one-time password

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Trusted Computing Platforms: TCPA Technology in Context

Publisher Resources

ISBN: 9781430265726Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills