Muutke küpsiste eelistusi

E-raamat: Practical Guide to TPM 2.0: Using the Trusted Platform Module in the New Age of Security

,
  • Formaat: PDF+DRM
  • Ilmumisaeg: 28-Jan-2015
  • Kirjastus: APress
  • Keel: eng
  • ISBN-13: 9781430265849
Teised raamatud teemal:
  • Formaat - PDF+DRM
  • Hind: 4,08 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
Practical Guide to TPM 2.0: Using the Trusted Platform Module in the New Age of SecuritySuurem pilt
  • Formaat: PDF+DRM
  • Ilmumisaeg: 28-Jan-2015
  • Kirjastus: APress
  • Keel: eng
  • ISBN-13: 9781430265849
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

A Practical Guide to TPM 2.0: Using the Trusted Platform Module in the New Age of Security is a straight-forward primer for developers. It shows security and TPM concepts, demonstrating their use in real applications that the reader can try out.

Simply put, this book is designed to empower and excite the programming community to go out and do cool things with the TPM. The approach is to ramp the reader up quickly and keep their interest.A Practical Guide to TPM 2.0: Using the Trusted Platform Module in the New Age of Security explains security concepts, describes the TPM 2.0 architecture, and provides code and pseudo-code examples in parallel, from very simple concepts and code to highly complex concepts and pseudo-code.

The book includes instructions for the available execution environments and real code examples to get readers up and talking to the TPM quickly. The authors then help the users expand on that with pseudo-code descriptions of useful applications using the TPM.

Muu info

This is an open access book, the electronic versions are freely accessible online.
About the Authors xxi
About the Technical Reviewers xxiii
Acknowledgments xxv
Introduction xxvii
Chapter 1 History of the TPM
1(6)
Why a TPM?
1(1)
History of Development of the TPM Specification from 1.1b to 1.2
2(1)
How TPM 2.0 Developed from TPM 1.2
3(1)
History of TPM 2.0 Specification Development
4(1)
Summary
5(2)
Chapter 2 Basic Security Concepts
7(16)
Cryptographic Attacks
8(2)
Brute Force
8(2)
Attacks on the Algorithm Itself
10(1)
Security Definitions
10(2)
Cryptographic Families
12(8)
Secure Hash (or Digest)
12(1)
Hash Extend
13(1)
HMAC: Message Authentication Code
14(1)
KDF: Key Derivation Function
14(1)
Authentication or Authorization Ticket
15(1)
Symmetric-Encryption Key
15(2)
Nonce
17(1)
Asymmetric Keys
18(2)
Public Key Certification
20(2)
Summary
22(1)
Chapter 3 Quick Tutorial on TPM 2.0
23(16)
Scenarios for Using TPM 1.2
24(5)
Identification
24(2)
Encryption
26(1)
Key Storage
26(1)
Random Number Generator
27(1)
NVRAM Storage
27(1)
Platform Configuration Registers
28(1)
Privacy Enablement
28(1)
Scenarios for Using Additional TPM 2.0 Capabilities
29(8)
Algorithm Agility (New in 2.0)
29(2)
Enhanced Authorization (New in 2.0)
31(3)
Quick Key Loading (new in 2.0)
34(1)
Non-Brittle PCRs (New in 2.0)
34(1)
Flexible Management (New in 2.0)
35(1)
Identifying Resources by Name (New in 2.0)
36(1)
Summary
37(2)
Chapter 4 Existing Applications That Use TPMs
39(12)
Application Interfaces Used to Talk to TPMs
39(3)
TPM Administration and WMI
42(1)
The Platform Crypto Provider
42(1)
Virtual Smart Card
42(1)
Applications That Use TPMs
42(3)
Applications That Should Use the TPM but Don't
45(1)
Building Applications for TPM 1.2
46(1)
TSS.Net and TSS.C++
46(1)
Wave Systems Embassy Suite
47(1)
Rocks to Avoid When Developing TPM Applications
48(1)
Microsoft BitLocker
48(1)
IBM File and Folder Encryption
49(1)
New Manageability Solutions in TPM 2.0
49(1)
Summary
50(1)
Chapter 5 Navigating the Specification
51(20)
TPM 2.0 Library Specification: The Parts
52(1)
Some Definitions
53(2)
General Definitions
53(1)
Definitions of the Major Fields of the Command Byte Stream
54(1)
Definitions of the Major Fields of the Response Byte Stream
55(1)
Getting Started in Part 3: the Commands
55(5)
Data Details
60(3)
Common Structure Constructs
61(1)
Structure with Union
61(1)
Canonicalization
62(1)
Endianness
63(1)
Part 2 Notation Syntax
63(1)
Part 3 Table Decorations
64(1)
Commonly Used Sections of the Specification
65(1)
How to Find Information in the Specification
66(1)
Strategies for Ramping Up on TPM 2.0
66(3)
Will
66(2)
Ken
68(1)
Dave
68(1)
Other TPM 2.0 Specifications
69(1)
Summary
69(2)
Chapter 6 Execution Environment
71(6)
Setting Up the TPM
71(4)
Microsoft Simulator
71(1)
Building the Simulator from Source Code
72(1)
Setting Up a Binary Version of the Simulator
72(1)
Running the Simulator
72(1)
Testing the Simulator
73(2)
Setting Up the Software Stack
75(1)
TSS 2.0
75(1)
TSS.net
75(1)
Summary
76(1)
Chapter 7 TPM Software Stack
77(20)
The Stack: a High-Level View
77(2)
Feature API
79(6)
System API
85(9)
Command Context Allocation Functions
86(2)
Command Preparation Functions
88(1)
Command Execution Functions
89(1)
Command Completion Functions
90(1)
Simple Code Example
91(2)
System API Test Code
93(1)
TCTI
94(1)
TPM Access Broker (TAB)
95(1)
Resource Manager
95(1)
Device Driver
96(1)
Summary
96(1)
Chapter 8 TPM Entities
97(8)
Permanent Entities
97(2)
Persistent Hierarchies
97(1)
Ephemeral Hierarchy
98(1)
Dictionary Attack Lockout Reset
98(1)
Platform Configuration Registers (PCRs)
98(1)
Reserved Handles
99(1)
Password Authorization Session
99(1)
Platform NV Enable
99(1)
Nonvolatile Indexes
99(1)
Objects
100(1)
Nonpersistent Entities
100(1)
Persistent Entities
101(1)
Entity Names
102(2)
Summary
104(1)
Chapter 9 Hierarchies
105(14)
Three Persistent Hierarchies
105(3)
Platform Hierarchy
106(1)
Storage Hierarchy
107(1)
Endorsement Hierarchy
108(1)
Privacy
108(5)
Activating a Credential
109(2)
Other Privacy Considerations
111(2)
NULL Hierarchy
113(1)
Cryptographic Primitives
113(5)
Random Number Generator
114(1)
Digest Primitives
114(2)
HMAC Primitives
116(1)
RSA Primitives
117(1)
Symmetric Key Primitives
117(1)
Summary
118(1)
Chapter 10 Keys
119(18)
Key Commands
119(1)
Key Generator
120(1)
Primary Keys and Seeds
120(3)
Persistence of Keys
123(1)
Key Cache
123(1)
Key Authorization
124(1)
Key Destruction
125(1)
Key Hierarchy
125(1)
Key Types and Attributes
125(4)
Symmetric and Asymmetric Keys Attributes
126(1)
Duplication Attributes
126(2)
Restricted Signing Key
128(1)
Restricted Decryption Key
129(1)
Context Management vs. Loading
129(1)
NULL Hierarchy
130(1)
Certification
130(2)
Keys Unraveled
132(3)
Summary
135(2)
Chapter 11 NV Indexes
137(14)
NV Ordinary Index
138(11)
NV Counter Index
141(1)
NV Bit Field Index
141(1)
NV Extend Index
142(1)
Hybrid Index
143(1)
NV Access Controls
144(1)
NV Written
145(1)
NV Index Handle Values
146(1)
NV Names
147(2)
NV Password
149(1)
Separate Commands
149(1)
Summary
150(1)
Chapter 12 Platform Configuration Registers
151(12)
PCR Value
151(5)
Number of PCRs
153(1)
PCR Commands
153(1)
PCRs for Authorization
154(2)
PCRs for Attestation
156(5)
PCR Quote in Detail
158(1)
PCR Attributes
159(1)
PCR Authorization and Policy
160(1)
PCR Algorithms
160(1)
Summary
161(2)
Chapter 13 Authorizations and Sessions
163(54)
Session-Related Definitions
164(1)
Password, HMAC, and Policy Sessions: What Are They?
165(2)
Session and Authorization: Compared and Contrasted
167(3)
Authorization Roles
170(2)
Command and Response Authorization Area Details
172(4)
Command Authorization Area
172(2)
Command Authorization Structures
174(1)
Response Authorization Structures
175(1)
Password Authorization: The Simplest Authorization
176(6)
Password Authorization Lifecycle
176(1)
Creating a Password Authorized Entity
177(1)
Changing a Password Authorization for an Already Created Entity
177(1)
Using a Password Authorization
178(1)
Code Example: Password Session
178(4)
Starting HMAC and Policy Sessions
182(7)
TPM2_StartAuthSession Command
183(2)
Session Key and HMAC Key Details
185(2)
Guidelines for TPM2_StartAuthSession Handles and Parameters
187(1)
Session Variations
187(2)
HMAC and Policy Sessions: Differences
189(1)
HMAC Authorization
190(17)
HMAC Authorization Lifecycle
190(3)
HMAC and Policy Session Code Example
193(10)
Using an HMAC Session to Send Multiple Commands (Rolling Nonces)
203(2)
HMAC Session Security
205(1)
HMAC Session Data Structure
206(1)
Policy Authorization
207(8)
How Does EA Work?
207(2)
Policy Authorization Time Intervals
209(1)
Policy Authorization Lifecycle
210(5)
Combined Authorization Lifecycle
215(1)
Summary
216(1)
Chapter 14 Extended Authorization (EA) Policies
217(32)
Policies and Passwords
218(1)
Why Extended Authorization?
218(2)
Multiple Varieties of Authentication
219(1)
Multifactor Authentication
219(1)
How Extended Authorization Works
220(2)
Creating Policies
222(11)
Simple Assertion Policies
222(11)
Command-Based Assertions
233(1)
Multifactor Authentication
234(3)
Example 1 Smart card and Password
234(3)
Compound Policies: Using Logical OR in a Policy
237(4)
Making a Compound Policy
240(1)
Example: A Policy for Work or Home Computers
240(1)
Considerations in Creating Policies
241(1)
End User Role
241(1)
Administrator Role
242(1)
Understudy Role
242(1)
Office Role
242(1)
Home Role
242(1)
Using a Policy to Authorize a Command
242(5)
Starting the Policy
243(1)
Satisfying a Policy
243(1)
If the Policy Is Compound
244(2)
If the Policy Is Flexible (Uses a Wild Card)
246(1)
Certified Policies
247(1)
Summary
248(1)
Chapter 15 Key Management
249(14)
Key Generation
249(3)
Templates
252(1)
Key Trees: Keeping Keys in a Tree with the Same Algorithm Set
252(1)
Duplication
253(2)
Key Distribution
255(1)
Key Activation
256(1)
Key Destruction
257(1)
Putting It All Together
258(3)
Example 1 Simple Key Management
258(1)
Example 2 An Enterprise IT Organization with Windows TPM 2.0 Enabled Systems
259(2)
Summary
261(2)
Chapter 16 Auditing TPM Commands
263(8)
Why Audit
263(2)
Audit Commands
265(1)
Audit Types
265(2)
Command Audit
265(1)
Session Audit
266(1)
Audit Log
267(1)
Audit Data
268(1)
Exclusive Audit
268(1)
Summary
269(2)
Chapter 17 Decrypt/Encrypt Sessions
271(18)
What Do Encrypt/Decrypt Sessions Do?
271(1)
Practical Use Cases
271(1)
Decrypt/Encrypt Limitations
272(1)
Decrypt/Encrypt Setup
273(14)
Pseudocode Flow
273(2)
Sample Code
275(12)
Summary
287(2)
Chapter 18 Context Management
289(12)
TAB and the Resource Manager: A High-Level Description
289(5)
TAB
290(1)
Resource Manager
291(1)
Resource Manager Operations
291(3)
Management of Objects, Sessions, and Sequences
294(5)
TPM Context-Management Features
294(2)
Special Rules Related to Power and Shutdown Events
296(1)
State Diagrams
297(2)
Summary
299(2)
Chapter 19 Startup, Shutdown, and Provisioning
301(10)
Startup and Shutdown
301(3)
Startup Initialization
303(1)
Provisioning
304(5)
TPM Manufacturer Provisioning
305(1)
Platform OEM Provisioning
306(1)
End User Provisioning
307(1)
Deprovisioning
308(1)
Summary
309(2)
Chapter 20 Debugging
311(12)
Low-Level Application Debugging
311(6)
The Problem
312(1)
Analyze the Error Code
312(1)
Debug Trace Analysis
313(2)
More Complex Errors
315(1)
Last Resort
315(2)
Common Bugs
317(1)
Debugging High-level Applications
317(4)
Debug Process
318(1)
Typical Bugs
318(3)
Summary
321(2)
Chapter 21 Solving Bigger Problems with the TPM 2.0
323(8)
Remote Provisioning of PCs with IDevIDs Using the EK
323(4)
Technique 1
324(1)
Technique 2
325(2)
Technique 3
327(1)
Data Backups
327(1)
Separation of Privilege
328(1)
Securing a Server's Logon
329(1)
Locking Firmware in an Embedded System, but Allowing for Upgrades
330(1)
Summary
330(1)
Chapter 22 Platform Security Technologies That Use TPM 2.0
331(18)
The Three Technologies
331(2)
Some Terms
332(1)
Intel® Trusted Execution Technology (Intel® TXT)
333(8)
High-Level Description
333(6)
How TPM 2.0 Devices Are Used
339(2)
ARM® TrustZone®
341(5)
High-Level Description
341(2)
Implementation of TrustZone
343(3)
AMD Secure Technology™
346(2)
Hardware Validated Boot
347(1)
TPM on an AMD Platform
348(1)
SKINIT
348(1)
Summary
348(1)
Index 349
Will Arthur is a server TXT architect and lead developer for Intel Corporation; currently developing TSS 2.0 system API specification and code; participant in TCG TPM 2.0 readability sub group, TPM workgroup, and TSS workgroup. He has a BS in Computer Science from Arizona State University and has worked in the embedded firmware, BIOS and low level software space for over 25 years.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97814302658492e.html
Märksõnad: