LEADER 00000cam a2200757Ii 4500 001 890133382 003 OCoLC 005 20240129213017.0 006 m o d 007 cr cnu|||unuuu 008 140908s2014 caua ob 001 0 eng d 019 891397942|a896723275|a900559471|a1111255013|a1125493259 |a1135607671|a1160933146|a1163744152 020 9781430265726|q(electronic bk.) 020 1430265728|q(electronic bk.) 020 143026571X|q(print) 020 9781430265719|q(print) 024 7 10.1007/978-1-4302-6572-6|2doi 029 1 AU@|b000058380603 029 1 AU@|b000060583835 029 1 DEBBG|bBV042490255 029 1 DEBSZ|b434834351 029 1 GBVCP|b882737740 035 (OCoLC)890133382|z(OCoLC)891397942|z(OCoLC)896723275 |z(OCoLC)900559471|z(OCoLC)1111255013|z(OCoLC)1125493259 |z(OCoLC)1135607671|z(OCoLC)1160933146|z(OCoLC)1163744152 037 CL0500000504|bSafari Books Online 040 GW5XE|beng|erda|epn|cGW5XE|dYDXCP|dCOO|dBTCTA|dCAUOI |dB24X7|dUMI|dDEBBG|dE7B|dEBLCP|dOCLCQ|dOCLCF|dZ5A|dLIV |dESU|dOCLCQ|dIOG|dOCLCA|dCEF|dUAB|dDEHBZ|dVTS|dOCLCQ|dU3W |dWYU|dLVT|dYOU|dAU@|dOCLCQ|dUPM|dOCLCQ|dSFB|dUEJ|dBRF |dAAA|dOCLCO|dOCLCQ|dOCLCO|dOCLCL 049 INap 082 04 005.8 082 04 005.8|223 099 eBook O'Reilly for Public Libraries 100 1 Ruan, Xiaoyu,|eauthor. 245 10 Platform embedded security technology revealed : |bsafeguarding the future of computing with Intel Embedded Security and Management Engine /|cXiaoyu Ruan.|h[O'Reilly electronic resource] 264 1 Berkeley, CA :|bApress,|c2014. 264 2 New York, NY :|bDistributed to the Book trade worldwide by Springer 264 4 |c©2014 300 1 online resource (xx, 241 pages) :|billustrations 336 text|btxt|2rdacontent 337 computer|bc|2rdamedia 338 online resource|bcr|2rdacarrier 347 text file|bPDF|2rda 490 1 The expert's voice in computer security 504 Includes bibliographical references and index. 505 0 Ch. 1 Cyber Security in the Mobile Age -- Three Pillars of Mobile Computing -- Power Efficiency -- Internet Connectivity -- Security -- BYOD -- Incident Case Study -- eBay Data Breach -- Target Data Breach -- OpenSSL Heartbleed -- Key Takeaways -- Strong Authentication -- Network Management -- Boot Integrity -- Hardware-Based Protection -- Open-Source Software Best Practice -- Third- Party Software Best Practice -- Security Development Lifecycle -- Assessment -- Architecture -- Design -- Implementation -- Deployment -- CVSS -- Limitations -- References -- ch. 2 Intel's Embedded Solutions: from Management to Security -- Management Engine vs. Intel AMT -- Intel AMT vs. Intel vPro Technology -- Management Engine Overview -- Hardware -- Overlapped I/O -- Firmware -- Software -- Platform and System Management -- Software Solutions -- Hardware Solutions -- In-Band Solutions -- Out-of-Band Solutions -- Intel AMT Overview -- BIOS Extension -- Local Management Service and Tray Icon -- Remote Management -- The Engine's Evolvement: from Management to Security -- Embedded System as Security Solution -- Security Applications at a Glance -- EPID -- PAVP -- IPT -- Boot Guard -- Virtual Security Core: ARM TrustZone -- Secure Mode and Nonsecure Mode -- Memory Isolation -- Bus Isolation -- Physical Isolation vs. Virtual Isolation -- References -- ch. 3 Building Blocks of the Security and Management Engine -- Random Number Generation -- Message Authentication -- Hash with Multiple Calls -- Symmetric-Key Encryption -- AES -- DES/3DES -- Asymmetric-Key Encryption: RSA -- Key Pair Generation and Validation -- Encryption and Decryption -- Digital Signature -- RSA -- ECDSA -- Hardware Acceleration -- Other Cryptography Functions -- Secure Storage -- Debugging -- Debug Messaging -- Special Production-Signed Firmware Based on Unique Part ID -- Secure Timer -- Host- Embedded Communication Interface -- Direct Memory Access to Host Memory -- References -- ch. 4 The Engine: Safeguarding Itself before Safeguarding Others -- Access to Host Memory -- Communication with the CPU -- Triggering Power Flow -- Security Requirements -- Confidentiality -- Integrity -- Availability -- Threat Analysis and Mitigation -- Load Integrity -- Memory Integrity -- Memory Encryption -- Task Isolation -- Firmware Update and Downgrade -- Published Attacks -- "Introducing Ring -3 Rootkits" -- References -- ch. 5 Privacy at the Next Level : Intel's Enhanced Privacy Identification (EPID) Technology -- Redefining Privacy for the Mobile Age -- Passive Anonymity -- Active Anonymity -- Processor Serial Number -- EPID -- Revocation -- Signature Generation and Verification -- SIGMA -- Verifier's Certificate -- Messages Breakdown -- Implementation of EPID -- Key Recovery -- Attack Mitigation -- Applications of EPID -- Next Generation of EPID -- Two-way EPID -- Optimization -- References -- ch. 6 Boot with Integrity, or Don't Boot -- Boot Attack -- Evil Maid -- BIOS and UEFI -- BIOS Alteration -- Software Replacement -- Jailbreaking -- Trusted Platform Module (TPM) -- Platform Configuration Register -- Field Programmable Fuses -- Field Programmable Fuses vs. Flash Storage -- Field Programmable Fuse Task -- Intel Boot Guard -- Operating System Requirements for Boot Integrity -- OEM Configuration -- Measured Boot -- Verified Boot -- Manifests -- Verification Flow -- References -- ch. 7 Trust Computing, Backed by the Intel Platform Trust Technology -- TPM Overview -- Cryptography Subsystem -- Storage -- Endorsement Key -- Attestation -- Binding and Sealing -- Intel Platform Trust Technology -- Cryptography Algorithms -- Endorsement Key Storage -- Endorsement Key Revocation -- Endorsement Certificate -- Supporting Security Firmware Applications -- Integrated vs. Discrete TPM -- References -- ch. 8 Unleashing Premium Entertainment with Hardware-Based Content Protection Technology -- Rights Protection -- DRM Schemes -- Device Key Management -- Rights Management -- Playback -- Ultraviolet -- End-to-End Content Protection -- Content Server -- License Server -- Software Stack -- External Display -- Weak Points -- Intel's Hardware-Based Content Protection -- Protected Audio and Video Path (PAVP) -- Device Key Provisioning -- Rights Management -- Intel Wireless Display -- Authentication and Key Exchange -- Content Protection on TrustZone -- References -- ch. 9 Breaking the Boundaries with Dynamically Loaded Applications -- Closed-Door Model -- DAL Overview -- DAL Architecture -- Loading an Applet -- Secure Timer -- Host Storage Protection -- Security Considerations -- Reviewing and Signing Process -- References -- ch. 10 Intel Identity Protection Technology: the Robust, Convenient, and Cost- Effective Way to Deter Identity Theft -- One-Time Password -- HOTP -- TOTP -- Transaction Signing -- OTP Tokens -- Embedded OTP and OCRA -- Token Installation -- TOTP and OCRA Generation -- Highlights and Lowlights -- Protected Transaction Display -- Drawing a Sprite -- Gathering the User's PIN Input -- Firmware Architecture -- Embedded PKI and NFC -- References -- ch. 11 Looking Ahead: Tomorrow's Innovations Built on Today's Foundation -- Isolated Computing Environment -- Security-Hardening Measures -- Basic Utilities -- Anonymous Authentication and Secure Session Establishment -- Protected Input and Output -- Dynamic Application Loader -- Summary of Firmware Ingredients -- Software Guard Extensions -- More Excitement to Come. 520 This book is an in-depth introduction to Intel's platform embedded solution: the security and management engine (shipped inside most Intel platforms for servers, personal computers, tablets, and smartphones). The engine realizes advanced security and management functionalities, protects applications' secrets and users' privacy in a secure, light-weight, and inexpensive way, and allows third-party software vendors to develop applications that take advantage of the security infrastructures offered by the engine. This book reveals technical details of the engine and provides a new way for the computer security industry to resolve critical problems resulting from booming mobile technologies, such as increasing threats against confidentiality and privacy. It describes how this advanced level of protection is made possible by the engine, how it can improve users' security experience, and how third-party vendors can make use of it. --|cEdited summary from book. 546 English. 588 0 Online resource; title from PDF title page (SpringerLink, viewed September 8, 2014). 590 O'Reilly|bO'Reilly Online Learning: Academic/Public Library Edition 650 0 Computer security. 650 0 Data encryption (Computer science) 650 6 Sécurité informatique. 650 6 Chiffrement (Informatique) 650 7 Computer security|2fast 650 7 Data encryption (Computer science)|2fast 773 0 |tOAPEN (Open Access Publishing in European Networks). |dOAPEN 776 08 |iPrinted edition:|z9781430265719 830 0 Expert's voice in computer security. 856 40 |uhttps://ezproxy.naperville-lib.org/login?url=https:// learning.oreilly.com/library/view/~/9781430265726/?ar |zAvailable on O'Reilly for Public Libraries 938 ProQuest Ebook Central|bEBLB|nEBL6422807 938 Books 24x7|bB247|nbks00070710 938 Baker and Taylor|bBTCP|nBK0015933738 938 ProQuest Ebook Central|bEBLB|nEBL3078300 938 ebrary|bEBRY|nebr10924342 938 YBP Library Services|bYANK|n12058400 994 92|bJFN