| Description |
1 online resource (xx, 241 pages) : illustrations |
|
text file PDF rda |
| Series |
The expert's voice in computer security |
|
Expert's voice in computer security.
|
| Summary |
This book is an in-depth introduction to Intel's platform embedded solution: the security and management engine (shipped inside most Intel platforms for servers, personal computers, tablets, and smartphones). The engine realizes advanced security and management functionalities, protects applications' secrets and users' privacy in a secure, light-weight, and inexpensive way, and allows third-party software vendors to develop applications that take advantage of the security infrastructures offered by the engine. This book reveals technical details of the engine and provides a new way for the computer security industry to resolve critical problems resulting from booming mobile technologies, such as increasing threats against confidentiality and privacy. It describes how this advanced level of protection is made possible by the engine, how it can improve users' security experience, and how third-party vendors can make use of it. -- Edited summary from book. |
| Bibliography |
Includes bibliographical references and index. |
| Language |
English. |
| Contents |
Ch. 1 Cyber Security in the Mobile Age -- Three Pillars of Mobile Computing -- Power Efficiency -- Internet Connectivity -- Security -- BYOD -- Incident Case Study -- eBay Data Breach -- Target Data Breach -- OpenSSL Heartbleed -- Key Takeaways -- Strong Authentication -- Network Management -- Boot Integrity -- Hardware-Based Protection -- Open-Source Software Best Practice -- Third-Party Software Best Practice -- Security Development Lifecycle -- Assessment -- Architecture -- Design -- Implementation -- Deployment -- CVSS -- Limitations -- References -- ch. 2 Intel's Embedded Solutions: from Management to Security -- Management Engine vs. Intel AMT -- Intel AMT vs. Intel vPro Technology -- Management Engine Overview -- Hardware -- Overlapped I/O -- Firmware -- Software -- Platform and System Management -- Software Solutions -- Hardware Solutions -- In-Band Solutions -- Out-of-Band Solutions -- Intel AMT Overview -- BIOS Extension -- Local Management Service and Tray Icon -- Remote Management -- The Engine's Evolvement: from Management to Security -- Embedded System as Security Solution -- Security Applications at a Glance -- EPID -- PAVP -- IPT -- Boot Guard -- Virtual Security Core: ARM TrustZone -- Secure Mode and Nonsecure Mode -- Memory Isolation -- Bus Isolation -- Physical Isolation vs. Virtual Isolation -- References -- ch. 3 Building Blocks of the Security and Management Engine -- Random Number Generation -- Message Authentication -- Hash with Multiple Calls -- Symmetric-Key Encryption -- AES -- DES/3DES -- Asymmetric-Key Encryption: RSA -- Key Pair Generation and Validation -- Encryption and Decryption -- Digital Signature -- RSA -- ECDSA -- Hardware Acceleration -- Other Cryptography Functions -- Secure Storage -- Debugging -- Debug Messaging -- Special Production-Signed Firmware Based on Unique Part ID -- Secure Timer -- Host-Embedded Communication Interface -- Direct Memory Access to Host Memory -- References -- ch. 4 The Engine: Safeguarding Itself before Safeguarding Others -- Access to Host Memory -- Communication with the CPU -- Triggering Power Flow -- Security Requirements -- Confidentiality -- Integrity -- Availability -- Threat Analysis and Mitigation -- Load Integrity -- Memory Integrity -- Memory Encryption -- Task Isolation -- Firmware Update and Downgrade -- Published Attacks -- "Introducing Ring -3 Rootkits" -- References -- ch. 5 Privacy at the Next Level: Intel's Enhanced Privacy Identification (EPID) Technology -- Redefining Privacy for the Mobile Age -- Passive Anonymity -- Active Anonymity -- Processor Serial Number -- EPID -- Revocation -- Signature Generation and Verification -- SIGMA -- Verifier's Certificate -- Messages Breakdown -- Implementation of EPID -- Key Recovery -- Attack Mitigation -- Applications of EPID -- Next Generation of EPID -- Two-way EPID -- Optimization -- References -- ch. 6 Boot with Integrity, or Don't Boot -- Boot Attack -- Evil Maid -- BIOS and UEFI -- BIOS Alteration -- Software Replacement -- Jailbreaking -- Trusted Platform Module (TPM) -- Platform Configuration Register -- Field Programmable Fuses -- Field Programmable Fuses vs. Flash Storage -- Field Programmable Fuse Task -- Intel Boot Guard -- Operating System Requirements for Boot Integrity -- OEM Configuration -- Measured Boot -- Verified Boot -- Manifests -- Verification Flow -- References -- ch. 7 Trust Computing, Backed by the Intel Platform Trust Technology -- TPM Overview -- Cryptography Subsystem -- Storage -- Endorsement Key -- Attestation -- Binding and Sealing -- Intel Platform Trust Technology -- Cryptography Algorithms -- Endorsement Key Storage -- Endorsement Key Revocation -- Endorsement Certificate -- Supporting Security Firmware Applications -- Integrated vs. Discrete TPM -- References -- ch. 8 Unleashing Premium Entertainment with Hardware-Based Content Protection Technology -- Rights Protection -- DRM Schemes -- Device Key Management -- Rights Management -- Playback -- Ultraviolet -- End-to-End Content Protection -- Content Server -- License Server -- Software Stack -- External Display -- Weak Points -- Intel's Hardware-Based Content Protection -- Protected Audio and Video Path (PAVP) -- Device Key Provisioning -- Rights Management -- Intel Wireless Display -- Authentication and Key Exchange -- Content Protection on TrustZone -- References -- ch. 9 Breaking the Boundaries with Dynamically Loaded Applications -- Closed-Door Model -- DAL Overview -- DAL Architecture -- Loading an Applet -- Secure Timer -- Host Storage Protection -- Security Considerations -- Reviewing and Signing Process -- References -- ch. 10 Intel Identity Protection Technology: the Robust, Convenient, and Cost-Effective Way to Deter Identity Theft -- One-Time Password -- HOTP -- TOTP -- Transaction Signing -- OTP Tokens -- Embedded OTP and OCRA -- Token Installation -- TOTP and OCRA Generation -- Highlights and Lowlights -- Protected Transaction Display -- Drawing a Sprite -- Gathering the User's PIN Input -- Firmware Architecture -- Embedded PKI and NFC -- References -- ch. 11 Looking Ahead: Tomorrow's Innovations Built on Today's Foundation -- Isolated Computing Environment -- Security-Hardening Measures -- Basic Utilities -- Anonymous Authentication and Secure Session Establishment -- Protected Input and Output -- Dynamic Application Loader -- Summary of Firmware Ingredients -- Software Guard Extensions -- More Excitement to Come. |
| Subject |
Computer security.
|
|
Data encryption (Computer science)
|
|
Sécurité informatique. |
|
Chiffrement (Informatique) |
|
Computer security |
|
Data encryption (Computer science) |
| In: |
OAPEN (Open Access Publishing in European Networks). OAPEN |
| Other Form: |
Printed edition: 9781430265719 |
| ISBN |
9781430265726 (electronic bk.) |
|
1430265728 (electronic bk.) |
|
143026571X (print) |
|
9781430265719 (print) |
| Standard No. |
10.1007/978-1-4302-6572-6 doi |
|
More Resources