A Practical Guide to TPM 2. 0 : : Using the Trusted Platform Module in the New Age of Security.
Saved in:
| : | |
|---|---|
| TeilnehmendeR: | |
| Place / Publishing House: | Berkeley, CA : : Apress L. P.,, 2015. Ã2015. |
| Year of Publication: | 2015 |
| Edition: | 1st ed. |
| Language: | English |
| Online Access: | |
| Physical Description: | 1 online resource (375 pages) |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| LEADER | 10923nam a22004453i 4500 | ||
|---|---|---|---|
| 001 | 5006422766 | ||
| 003 | MiAaPQ | ||
| 005 | 20240229073838.0 | ||
| 006 | m o d | | ||
| 007 | cr cnu|||||||| | ||
| 008 | 240229s2015 xx o ||||0 eng d | ||
| 020 | |a 9781430265849 |q (electronic bk.) | ||
| 020 | |z 9781430265832 | ||
| 035 | |a (MiAaPQ)5006422766 | ||
| 035 | |a (Au-PeEL)EBL6422766 | ||
| 035 | |a (OCoLC)1231606716 | ||
| 040 | |a MiAaPQ |b eng |e rda |e pn |c MiAaPQ |d MiAaPQ | ||
| 050 | 4 | |a QA76.9.A25 | |
| 100 | 1 | |a Arthur, Will. | |
| 245 | 1 | 2 | |a A Practical Guide to TPM 2. 0 : |b Using the Trusted Platform Module in the New Age of Security. |
| 250 | |a 1st ed. | ||
| 264 | 1 | |a Berkeley, CA : |b Apress L. P., |c 2015. | |
| 264 | 4 | |c Ã2015. | |
| 300 | |a 1 online resource (375 pages) | ||
| 336 | |a text |b txt |2 rdacontent | ||
| 337 | |a computer |b c |2 rdamedia | ||
| 338 | |a online resource |b cr |2 rdacarrier | ||
| 505 | 0 | |a Intro -- A Practical Guide to TPM 2.0 -- Contents at a Glance -- About ApressOpen -- Contents -- About the Authors -- About the Technical Reviewers -- Acknowledgments -- Introduction -- Chapter 1: History of the TPM -- Why a TPM? -- History of Development of the TPM Specification from 1.1b to 1.2 -- How TPM 2.0 Developed from TPM 1.2 -- History of TPM 2.0 Specification Development -- Summary -- Chapter 2: Basic Security Concepts -- Cryptographic Attacks -- Brute Force -- Calculating the Strength of Algorithms by Type -- Attacks on the Algorithm Itself -- Security Definitions -- Cryptographic Families -- Secure Hash (or Digest) -- Hash Extend -- HMAC: Message Authentication Code -- KDF: Key Derivation Function -- Authentication or Authorization Ticket -- Symmetric-Encryption Key -- Symmetric-Key Modes -- Nonce -- Asymmetric Keys -- RSA Asymmetric-Key Algorithm -- RSA for Key Encryption -- RSA for Digital Signatures -- ECC Asymmetric-Key Algorithm -- ECDH Asymmetric-Key Algorithm to Use Elliptic Curves to Pass Keys -- ECDSA Asymmetric-Key Algorithm to Use Elliptic Curves for Signatures -- Public Key Certification -- Summary -- Chapter 3: Quick Tutorial on TPM 2.0 -- Scenarios for Using TPM 1.2 -- Identification -- Encryption -- Key Storage -- Random Number Generator -- NVRAM Storage -- Platform Configuration Registers -- Privacy Enablement -- Scenarios for Using Additional TPM 2.0 Capabilities -- Algorithm Agility (New in 2.0) -- Enhanced Authorization (New in 2.0) -- Quick Key Loading (new in 2.0) -- Non-Brittle PCRs (New in 2.0) -- Flexible Management (New in 2.0) -- Identifying Resources by Name (New in 2.0) -- Summary -- Chapter 4: Existing Applications That Use TPMs -- Application Interfaces Used to Talk to TPMs -- TPM Administration and WMI -- The Platform Crypto Provider -- Virtual Smart Card -- Applications That Use TPMs. | |
| 505 | 8 | |a Applications That Should Use the TPM but Don't -- Building Applications for TPM 1.2 -- TSS.Net and TSS.C++ -- Wave System s Embassy Suite -- Rocks to Avoid When Developing TPM Applications -- Microsoft BitLocker -- IBM File and Folder Encryption -- New Manageability Solutions in TPM 2.0 -- Summary -- Chapter 5: Navigating the Specification -- TPM 2.0 Library Specification: The Parts -- Some Definitions -- General Definitions -- Definitions of the Major Fields of the Command Byte Stream -- Definitions of the Major Fields of the Response Byte Stream -- Getting Started in Part 3: the Commands -- Data Details -- Common Structure Constructs -- TPM2B_XXX Structures -- Structure with Union -- Canonicalization -- Endianness -- Part 2: Notation Syntax -- Part 3: Table Decorations -- Commonly Used Sections of the Specification -- How to Find Information in the Specification -- Strategies for Ramping Up on TPM 2.0 -- Will -- Ken -- Dave -- Other TPM 2.0 Specifications -- Summary -- Chapter 6: Execution Environment -- Setting Up the TPM -- Microsoft Simulator -- Building the Simulator from Source Code -- Setting Up a Binary Version of the Simulator -- Running the Simulator -- Testing the Simulator -- Python Script -- TSS.net -- System API Test Code -- Setting Up the Software Stack -- TSS 2.0 -- TSS.net -- Summary -- Chapter 7: TPM Software Stack -- The Stack: a High-Level View -- Feature API -- System API -- Command Context Allocation Functions -- Command Preparation Functions -- Command Execution Functions -- Command Completion Functions -- Simple Code Example -- System API Test Code -- TCTI -- TPM Access Broker ( TAB) -- Resource Manager -- Device Driver -- Summary -- Chapter 8: TPM Entities -- Permanent Entities -- Persistent Hierarchies -- Ephemeral Hierarchy -- Dictionary Attack Lockout Reset -- Platform Configuration Registers ( PCR s) -- Reserved Handles. | |
| 505 | 8 | |a Password Authorization Session -- Platform NV Enable -- Nonvolatile Indexes -- Objects -- Nonpersistent Entities -- Persistent Entities -- Entity Names -- Summary -- Chapter 9: Hierarchies -- Three Persistent Hierarchies -- Platform Hierarchy -- Storage Hierarchy -- Endorsement Hierarchy -- Privacy -- Activating a Credential -- Other Privacy Considerations -- NULL Hierarchy -- Cryptographic Primitives -- Random Number Generator -- Digest Primitives -- HMAC Primitives -- RSA Primitives -- Symmetric Key Primitives -- Summary -- Chapter 10: Keys -- Key Commands -- Key Generator -- Primary Keys and Seeds -- Persistence of Keys -- Key Cache -- Key Authorization -- Key Destruction -- Key Hierarchy -- Key Types and Attributes -- Symmetric and Asymmetric Keys Attributes -- Duplication Attributes -- Restricted Signing Key -- Restricted Decryption Key -- Context Management vs. Loading -- NULL Hierarchy -- Certification -- Keys Unraveled -- Summary -- Chapter 11: NV Indexes -- NV Ordinary Index -- NV Counter Index -- NV Bit Field Index -- NV Extend Index -- Hybrid Index -- NV Access Controls -- NV Written -- NV Index Handle Values -- NV Names -- NV Password -- Separate Commands -- Summary -- Chapter 12: Platform Configuration Registers -- PCR Value -- Number of PCRs -- PCR Commands -- PCRs for Authorization -- PCRs for Attestation -- PCR Quote in Detail -- PCR Attributes -- PCR Authorization and Policy -- PCR Algorithms -- Summary -- Chapter 13: Authorizations and Sessions -- Session-Related Definitions -- Password, HMAC, and Policy Sessions: What Are They? -- Session and Authorization: Compared and Contrasted -- Authorization Roles -- Command and Response Authorization Area Details -- Command Authorization Area -- Command Authorization Structures -- Response Authorization Structures -- Password Authorization: The Simplest Authorization. | |
| 505 | 8 | |a Password Authorization Lifecycle -- Creating a Password Authorized Entity -- Changing a Password Authorization for an Already Created Entity -- Using a Password Authorization -- Code Example: Password Session -- Starting HMAC and Policy Sessions -- TPM2_StartAuthSession Command -- Session Key and HMAC Key Details -- Guidelines for TPM2_StartAuthSession Handles and Parameters -- Session Variations -- Salted vs. Unsalted -- Bound vs. Unbound -- Use Cases for Session Variations -- HMAC and Policy Sessions: Differences -- HMAC Authorization -- HMAC Authorization Lifecycle -- Altering or Creating an Entity That Requires HMAC Authorization -- Creating an HMAC Session -- Using an HMAC Session to Authorize a Single Command -- HMAC and Policy Session Code Example -- Using an HMAC Session to Send Multiple Commands (Rolling Nonces) -- HMAC Session Security -- HMAC Session Data Structure -- Policy Authorization -- How Does EA Work? -- Policy Authorization Time Intervals -- Policy Authorization Lifecycle -- Building the Entity's Policy Digest -- Creating the Entity to Use the Policy Digest -- Starting the Real Policy Session -- Sending Policy Commands to Fulfill the Policy -- Performing the Action That Requires Authorization -- Combined Authorization Lifecycle -- Summary -- Chapter 14: Extended Authorization (EA) Policies -- Policies and Passwords -- Why Extended Authorization? -- Multiple Varieties of Authentication -- Multifactor Authentication -- How Extended Authorization Works -- Creating Policies -- Simple Assertion Policies -- Passwords (Plaintext and HMAC) of the Object -- Passwords of a Different Object -- Digital Signatures (such as Smart Cards) -- PCRs: State of the Machine -- Locality of Command -- Internal State of the TPM (Boot Counter and Timers) -- Internal Value of an NV RAM Location. | |
| 505 | 8 | |a State of the External Device (GPS, Fingerprint Reader, and So On) -- Flexible (Wild Card) Policy -- Example 1: Smart card and Password -- Example 2: A Policy for a Key Used Only for Signing with a Password -- Example 3: A PC state, a Password, and a Fingerprint -- Example 4: A Policy Good for One Boot Cycle -- Example 5: A Policy for Flexible PCRs -- Example 6: A Policy for Group Admission -- Example 7: A Policy for NV RAM between 1 and 100 -- Command-Based Assertions -- Multifactor Authentication -- Compound Policies: Using Logical OR in a Policy -- Making a Compound Policy -- Example: A Policy for Work or Home Computers -- Considerations in Creating Policies -- End User Role -- Administrator Role -- Understudy Role -- Office Role -- Home Role -- Using a Policy to Authorize a Command -- Starting the Policy -- Satisfying a Policy -- Simple Assertions and Multifactor Assertions -- If the Policy Is Compound -- If the Policy Is Flexible (Uses a Wild Card) -- Satisfying the Approved Policy -- Transforming the Approved Policy in the Flexible Policy -- Certified Policies -- Summary -- Chapter 15: Key Management -- Key Generation -- Templates -- Key Trees: Keeping Keys in a Tree with the Same Algorithm Set -- Duplication -- Key Distribution -- Key Activation -- Key Destruction -- Putting It All Together -- Example 1: Simple Key Management -- Example 2: An Enterprise IT Organization with Windows TPM 2.0 Enabled Systems -- Summary -- Chapter 16: Auditing TPM Commands -- Why Audit -- Audit Commands -- Audit Types -- Command Audit -- Session Audit -- Audit Log -- Audit Data -- Exclusive Audit -- Summary -- Chapter 17: Decrypt/Encrypt Sessions -- What Do Encrypt/Decrypt Sessions Do? -- Practical Use Cases -- Decrypt/Encrypt Limitations -- Decrypt/Encrypt Setup -- Pseudocode Flow -- Sample Code -- Summary -- Chapter 18: Context Management. | |
| 505 | 8 | |a TAB and the Resource Manager: A High-Level Description. | |
| 588 | |a Description based on publisher supplied metadata and other sources. | ||
| 590 | |a Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2024. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries. | ||
| 655 | 4 | |a Electronic books. | |
| 700 | 1 | |a Challener, David. | |
| 776 | 0 | 8 | |i Print version: |a Arthur, Will |t A Practical Guide to TPM 2. 0 |d Berkeley, CA : Apress L. P.,c2015 |z 9781430265832 |
| 797 | 2 | |a ProQuest (Firm) | |
| 856 | 4 | 0 | |u https://ebookcentral.proquest.com/lib/oeawat/detail.action?docID=6422766 |z Click to View |