A Practical Guide to TPM 2. 0 : : Using the Trusted Platform Module in the New Age of Security.

A Practical Guide to TPM 2. 0 : : Using the Trusted Platform Module in the New Age of Security.

Saved in:
Bibliographic Details
:
Arthur, Will.
TeilnehmendeR:
Challener, David.
Place / Publishing House:Berkeley, CA : : Apress L. P.,, 2015.
Ã2015.
Year of Publication:2015
Edition:1st ed.
Language:English
Online Access:
Physical Description:1 online resource (375 pages)
Tags: Add Tag
No Tags, Be the first to tag this record!
id 5006422766
ctrlnum (MiAaPQ)5006422766
(Au-PeEL)EBL6422766
(OCoLC)1231606716
collection bib_alma
record_format marc
spelling Arthur, Will.
A Practical Guide to TPM 2. 0 : Using the Trusted Platform Module in the New Age of Security.
1st ed.
Berkeley, CA : Apress L. P., 2015.
Ã2015.
1 online resource (375 pages)
text txt rdacontent
computer c rdamedia
online resource cr rdacarrier
Intro -- A Practical Guide to TPM 2.0 -- Contents at a Glance -- About ApressOpen -- Contents -- About the Authors -- About the Technical Reviewers -- Acknowledgments -- Introduction -- Chapter 1: History of the TPM -- Why a TPM? -- History of Development of the TPM Specification from 1.1b to 1.2 -- How TPM 2.0 Developed from TPM 1.2 -- History of TPM 2.0 Specification Development -- Summary -- Chapter 2: Basic Security Concepts -- Cryptographic Attacks -- Brute Force -- Calculating the Strength of Algorithms by Type -- Attacks on the Algorithm Itself -- Security Definitions -- Cryptographic Families -- Secure Hash (or Digest) -- Hash Extend -- HMAC: Message Authentication Code -- KDF: Key Derivation Function -- Authentication or Authorization Ticket -- Symmetric-Encryption Key -- Symmetric-Key Modes -- Nonce -- Asymmetric Keys -- RSA Asymmetric-Key Algorithm -- RSA for Key Encryption -- RSA for Digital Signatures -- ECC Asymmetric-Key Algorithm -- ECDH Asymmetric-Key Algorithm to Use Elliptic Curves to Pass Keys -- ECDSA Asymmetric-Key Algorithm to Use Elliptic Curves for Signatures -- Public Key Certification -- Summary -- Chapter 3: Quick Tutorial on TPM 2.0 -- Scenarios for Using TPM 1.2 -- Identification -- Encryption -- Key Storage -- Random Number Generator -- NVRAM Storage -- Platform Configuration Registers -- Privacy Enablement -- Scenarios for Using Additional TPM 2.0 Capabilities -- Algorithm Agility (New in 2.0) -- Enhanced Authorization (New in 2.0) -- Quick Key Loading (new in 2.0) -- Non-Brittle PCRs (New in 2.0) -- Flexible Management (New in 2.0) -- Identifying Resources by Name (New in 2.0) -- Summary -- Chapter 4: Existing Applications That Use TPMs -- Application Interfaces Used to Talk to TPMs -- TPM Administration and WMI -- The Platform Crypto Provider -- Virtual Smart Card -- Applications That Use TPMs.
Applications That Should Use the TPM but Don't -- Building Applications for TPM 1.2 -- TSS.Net and TSS.C++ -- Wave System s Embassy Suite -- Rocks to Avoid When Developing TPM Applications -- Microsoft BitLocker -- IBM File and Folder Encryption -- New Manageability Solutions in TPM 2.0 -- Summary -- Chapter 5: Navigating the Specification -- TPM 2.0 Library Specification: The Parts -- Some Definitions -- General Definitions -- Definitions of the Major Fields of the Command Byte Stream -- Definitions of the Major Fields of the Response Byte Stream -- Getting Started in Part 3: the Commands -- Data Details -- Common Structure Constructs -- TPM2B_XXX Structures -- Structure with Union -- Canonicalization -- Endianness -- Part 2: Notation Syntax -- Part 3: Table Decorations -- Commonly Used Sections of the Specification -- How to Find Information in the Specification -- Strategies for Ramping Up on TPM 2.0 -- Will -- Ken -- Dave -- Other TPM 2.0 Specifications -- Summary -- Chapter 6: Execution Environment -- Setting Up the TPM -- Microsoft Simulator -- Building the Simulator from Source Code -- Setting Up a Binary Version of the Simulator -- Running the Simulator -- Testing the Simulator -- Python Script -- TSS.net -- System API Test Code -- Setting Up the Software Stack -- TSS 2.0 -- TSS.net -- Summary -- Chapter 7: TPM Software Stack -- The Stack: a High-Level View -- Feature API -- System API -- Command Context Allocation Functions -- Command Preparation Functions -- Command Execution Functions -- Command Completion Functions -- Simple Code Example -- System API Test Code -- TCTI -- TPM Access Broker ( TAB) -- Resource Manager -- Device Driver -- Summary -- Chapter 8: TPM Entities -- Permanent Entities -- Persistent Hierarchies -- Ephemeral Hierarchy -- Dictionary Attack Lockout Reset -- Platform Configuration Registers ( PCR s) -- Reserved Handles.
Password Authorization Session -- Platform NV Enable -- Nonvolatile Indexes -- Objects -- Nonpersistent Entities -- Persistent Entities -- Entity Names -- Summary -- Chapter 9: Hierarchies -- Three Persistent Hierarchies -- Platform Hierarchy -- Storage Hierarchy -- Endorsement Hierarchy -- Privacy -- Activating a Credential -- Other Privacy Considerations -- NULL Hierarchy -- Cryptographic Primitives -- Random Number Generator -- Digest Primitives -- HMAC Primitives -- RSA Primitives -- Symmetric Key Primitives -- Summary -- Chapter 10: Keys -- Key Commands -- Key Generator -- Primary Keys and Seeds -- Persistence of Keys -- Key Cache -- Key Authorization -- Key Destruction -- Key Hierarchy -- Key Types and Attributes -- Symmetric and Asymmetric Keys Attributes -- Duplication Attributes -- Restricted Signing Key -- Restricted Decryption Key -- Context Management vs. Loading -- NULL Hierarchy -- Certification -- Keys Unraveled -- Summary -- Chapter 11: NV Indexes -- NV Ordinary Index -- NV Counter Index -- NV Bit Field Index -- NV Extend Index -- Hybrid Index -- NV Access Controls -- NV Written -- NV Index Handle Values -- NV Names -- NV Password -- Separate Commands -- Summary -- Chapter 12: Platform Configuration Registers -- PCR Value -- Number of PCRs -- PCR Commands -- PCRs for Authorization -- PCRs for Attestation -- PCR Quote in Detail -- PCR Attributes -- PCR Authorization and Policy -- PCR Algorithms -- Summary -- Chapter 13: Authorizations and Sessions -- Session-Related Definitions -- Password, HMAC, and Policy Sessions: What Are They? -- Session and Authorization: Compared and Contrasted -- Authorization Roles -- Command and Response Authorization Area Details -- Command Authorization Area -- Command Authorization Structures -- Response Authorization Structures -- Password Authorization: The Simplest Authorization.
Password Authorization Lifecycle -- Creating a Password Authorized Entity -- Changing a Password Authorization for an Already Created Entity -- Using a Password Authorization -- Code Example: Password Session -- Starting HMAC and Policy Sessions -- TPM2_StartAuthSession Command -- Session Key and HMAC Key Details -- Guidelines for TPM2_StartAuthSession Handles and Parameters -- Session Variations -- Salted vs. Unsalted -- Bound vs. Unbound -- Use Cases for Session Variations -- HMAC and Policy Sessions: Differences -- HMAC Authorization -- HMAC Authorization Lifecycle -- Altering or Creating an Entity That Requires HMAC Authorization -- Creating an HMAC Session -- Using an HMAC Session to Authorize a Single Command -- HMAC and Policy Session Code Example -- Using an HMAC Session to Send Multiple Commands (Rolling Nonces) -- HMAC Session Security -- HMAC Session Data Structure -- Policy Authorization -- How Does EA Work? -- Policy Authorization Time Intervals -- Policy Authorization Lifecycle -- Building the Entity's Policy Digest -- Creating the Entity to Use the Policy Digest -- Starting the Real Policy Session -- Sending Policy Commands to Fulfill the Policy -- Performing the Action That Requires Authorization -- Combined Authorization Lifecycle -- Summary -- Chapter 14: Extended Authorization (EA) Policies -- Policies and Passwords -- Why Extended Authorization? -- Multiple Varieties of Authentication -- Multifactor Authentication -- How Extended Authorization Works -- Creating Policies -- Simple Assertion Policies -- Passwords (Plaintext and HMAC) of the Object -- Passwords of a Different Object -- Digital Signatures (such as Smart Cards) -- PCRs: State of the Machine -- Locality of Command -- Internal State of the TPM (Boot Counter and Timers) -- Internal Value of an NV RAM Location.
State of the External Device (GPS, Fingerprint Reader, and So On) -- Flexible (Wild Card) Policy -- Example 1: Smart card and Password -- Example 2: A Policy for a Key Used Only for Signing with a Password -- Example 3: A PC state, a Password, and a Fingerprint -- Example 4: A Policy Good for One Boot Cycle -- Example 5: A Policy for Flexible PCRs -- Example 6: A Policy for Group Admission -- Example 7: A Policy for NV RAM between 1 and 100 -- Command-Based Assertions -- Multifactor Authentication -- Compound Policies: Using Logical OR in a Policy -- Making a Compound Policy -- Example: A Policy for Work or Home Computers -- Considerations in Creating Policies -- End User Role -- Administrator Role -- Understudy Role -- Office Role -- Home Role -- Using a Policy to Authorize a Command -- Starting the Policy -- Satisfying a Policy -- Simple Assertions and Multifactor Assertions -- If the Policy Is Compound -- If the Policy Is Flexible (Uses a Wild Card) -- Satisfying the Approved Policy -- Transforming the Approved Policy in the Flexible Policy -- Certified Policies -- Summary -- Chapter 15: Key Management -- Key Generation -- Templates -- Key Trees: Keeping Keys in a Tree with the Same Algorithm Set -- Duplication -- Key Distribution -- Key Activation -- Key Destruction -- Putting It All Together -- Example 1: Simple Key Management -- Example 2: An Enterprise IT Organization with Windows TPM 2.0 Enabled Systems -- Summary -- Chapter 16: Auditing TPM Commands -- Why Audit -- Audit Commands -- Audit Types -- Command Audit -- Session Audit -- Audit Log -- Audit Data -- Exclusive Audit -- Summary -- Chapter 17: Decrypt/Encrypt Sessions -- What Do Encrypt/Decrypt Sessions Do? -- Practical Use Cases -- Decrypt/Encrypt Limitations -- Decrypt/Encrypt Setup -- Pseudocode Flow -- Sample Code -- Summary -- Chapter 18: Context Management.
TAB and the Resource Manager: A High-Level Description.
Description based on publisher supplied metadata and other sources.
Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2024. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.
Electronic books.
Challener, David.
Print version: Arthur, Will A Practical Guide to TPM 2. 0 Berkeley, CA : Apress L. P.,c2015 9781430265832
ProQuest (Firm)
https://ebookcentral.proquest.com/lib/oeawat/detail.action?docID=6422766 Click to View
language English
format eBook
author Arthur, Will.
spellingShingle Arthur, Will.
A Practical Guide to TPM 2. 0 : Using the Trusted Platform Module in the New Age of Security.
Intro -- A Practical Guide to TPM 2.0 -- Contents at a Glance -- About ApressOpen -- Contents -- About the Authors -- About the Technical Reviewers -- Acknowledgments -- Introduction -- Chapter 1: History of the TPM -- Why a TPM? -- History of Development of the TPM Specification from 1.1b to 1.2 -- How TPM 2.0 Developed from TPM 1.2 -- History of TPM 2.0 Specification Development -- Summary -- Chapter 2: Basic Security Concepts -- Cryptographic Attacks -- Brute Force -- Calculating the Strength of Algorithms by Type -- Attacks on the Algorithm Itself -- Security Definitions -- Cryptographic Families -- Secure Hash (or Digest) -- Hash Extend -- HMAC: Message Authentication Code -- KDF: Key Derivation Function -- Authentication or Authorization Ticket -- Symmetric-Encryption Key -- Symmetric-Key Modes -- Nonce -- Asymmetric Keys -- RSA Asymmetric-Key Algorithm -- RSA for Key Encryption -- RSA for Digital Signatures -- ECC Asymmetric-Key Algorithm -- ECDH Asymmetric-Key Algorithm to Use Elliptic Curves to Pass Keys -- ECDSA Asymmetric-Key Algorithm to Use Elliptic Curves for Signatures -- Public Key Certification -- Summary -- Chapter 3: Quick Tutorial on TPM 2.0 -- Scenarios for Using TPM 1.2 -- Identification -- Encryption -- Key Storage -- Random Number Generator -- NVRAM Storage -- Platform Configuration Registers -- Privacy Enablement -- Scenarios for Using Additional TPM 2.0 Capabilities -- Algorithm Agility (New in 2.0) -- Enhanced Authorization (New in 2.0) -- Quick Key Loading (new in 2.0) -- Non-Brittle PCRs (New in 2.0) -- Flexible Management (New in 2.0) -- Identifying Resources by Name (New in 2.0) -- Summary -- Chapter 4: Existing Applications That Use TPMs -- Application Interfaces Used to Talk to TPMs -- TPM Administration and WMI -- The Platform Crypto Provider -- Virtual Smart Card -- Applications That Use TPMs.
Applications That Should Use the TPM but Don't -- Building Applications for TPM 1.2 -- TSS.Net and TSS.C++ -- Wave System s Embassy Suite -- Rocks to Avoid When Developing TPM Applications -- Microsoft BitLocker -- IBM File and Folder Encryption -- New Manageability Solutions in TPM 2.0 -- Summary -- Chapter 5: Navigating the Specification -- TPM 2.0 Library Specification: The Parts -- Some Definitions -- General Definitions -- Definitions of the Major Fields of the Command Byte Stream -- Definitions of the Major Fields of the Response Byte Stream -- Getting Started in Part 3: the Commands -- Data Details -- Common Structure Constructs -- TPM2B_XXX Structures -- Structure with Union -- Canonicalization -- Endianness -- Part 2: Notation Syntax -- Part 3: Table Decorations -- Commonly Used Sections of the Specification -- How to Find Information in the Specification -- Strategies for Ramping Up on TPM 2.0 -- Will -- Ken -- Dave -- Other TPM 2.0 Specifications -- Summary -- Chapter 6: Execution Environment -- Setting Up the TPM -- Microsoft Simulator -- Building the Simulator from Source Code -- Setting Up a Binary Version of the Simulator -- Running the Simulator -- Testing the Simulator -- Python Script -- TSS.net -- System API Test Code -- Setting Up the Software Stack -- TSS 2.0 -- TSS.net -- Summary -- Chapter 7: TPM Software Stack -- The Stack: a High-Level View -- Feature API -- System API -- Command Context Allocation Functions -- Command Preparation Functions -- Command Execution Functions -- Command Completion Functions -- Simple Code Example -- System API Test Code -- TCTI -- TPM Access Broker ( TAB) -- Resource Manager -- Device Driver -- Summary -- Chapter 8: TPM Entities -- Permanent Entities -- Persistent Hierarchies -- Ephemeral Hierarchy -- Dictionary Attack Lockout Reset -- Platform Configuration Registers ( PCR s) -- Reserved Handles.
Password Authorization Session -- Platform NV Enable -- Nonvolatile Indexes -- Objects -- Nonpersistent Entities -- Persistent Entities -- Entity Names -- Summary -- Chapter 9: Hierarchies -- Three Persistent Hierarchies -- Platform Hierarchy -- Storage Hierarchy -- Endorsement Hierarchy -- Privacy -- Activating a Credential -- Other Privacy Considerations -- NULL Hierarchy -- Cryptographic Primitives -- Random Number Generator -- Digest Primitives -- HMAC Primitives -- RSA Primitives -- Symmetric Key Primitives -- Summary -- Chapter 10: Keys -- Key Commands -- Key Generator -- Primary Keys and Seeds -- Persistence of Keys -- Key Cache -- Key Authorization -- Key Destruction -- Key Hierarchy -- Key Types and Attributes -- Symmetric and Asymmetric Keys Attributes -- Duplication Attributes -- Restricted Signing Key -- Restricted Decryption Key -- Context Management vs. Loading -- NULL Hierarchy -- Certification -- Keys Unraveled -- Summary -- Chapter 11: NV Indexes -- NV Ordinary Index -- NV Counter Index -- NV Bit Field Index -- NV Extend Index -- Hybrid Index -- NV Access Controls -- NV Written -- NV Index Handle Values -- NV Names -- NV Password -- Separate Commands -- Summary -- Chapter 12: Platform Configuration Registers -- PCR Value -- Number of PCRs -- PCR Commands -- PCRs for Authorization -- PCRs for Attestation -- PCR Quote in Detail -- PCR Attributes -- PCR Authorization and Policy -- PCR Algorithms -- Summary -- Chapter 13: Authorizations and Sessions -- Session-Related Definitions -- Password, HMAC, and Policy Sessions: What Are They? -- Session and Authorization: Compared and Contrasted -- Authorization Roles -- Command and Response Authorization Area Details -- Command Authorization Area -- Command Authorization Structures -- Response Authorization Structures -- Password Authorization: The Simplest Authorization.
Password Authorization Lifecycle -- Creating a Password Authorized Entity -- Changing a Password Authorization for an Already Created Entity -- Using a Password Authorization -- Code Example: Password Session -- Starting HMAC and Policy Sessions -- TPM2_StartAuthSession Command -- Session Key and HMAC Key Details -- Guidelines for TPM2_StartAuthSession Handles and Parameters -- Session Variations -- Salted vs. Unsalted -- Bound vs. Unbound -- Use Cases for Session Variations -- HMAC and Policy Sessions: Differences -- HMAC Authorization -- HMAC Authorization Lifecycle -- Altering or Creating an Entity That Requires HMAC Authorization -- Creating an HMAC Session -- Using an HMAC Session to Authorize a Single Command -- HMAC and Policy Session Code Example -- Using an HMAC Session to Send Multiple Commands (Rolling Nonces) -- HMAC Session Security -- HMAC Session Data Structure -- Policy Authorization -- How Does EA Work? -- Policy Authorization Time Intervals -- Policy Authorization Lifecycle -- Building the Entity's Policy Digest -- Creating the Entity to Use the Policy Digest -- Starting the Real Policy Session -- Sending Policy Commands to Fulfill the Policy -- Performing the Action That Requires Authorization -- Combined Authorization Lifecycle -- Summary -- Chapter 14: Extended Authorization (EA) Policies -- Policies and Passwords -- Why Extended Authorization? -- Multiple Varieties of Authentication -- Multifactor Authentication -- How Extended Authorization Works -- Creating Policies -- Simple Assertion Policies -- Passwords (Plaintext and HMAC) of the Object -- Passwords of a Different Object -- Digital Signatures (such as Smart Cards) -- PCRs: State of the Machine -- Locality of Command -- Internal State of the TPM (Boot Counter and Timers) -- Internal Value of an NV RAM Location.
State of the External Device (GPS, Fingerprint Reader, and So On) -- Flexible (Wild Card) Policy -- Example 1: Smart card and Password -- Example 2: A Policy for a Key Used Only for Signing with a Password -- Example 3: A PC state, a Password, and a Fingerprint -- Example 4: A Policy Good for One Boot Cycle -- Example 5: A Policy for Flexible PCRs -- Example 6: A Policy for Group Admission -- Example 7: A Policy for NV RAM between 1 and 100 -- Command-Based Assertions -- Multifactor Authentication -- Compound Policies: Using Logical OR in a Policy -- Making a Compound Policy -- Example: A Policy for Work or Home Computers -- Considerations in Creating Policies -- End User Role -- Administrator Role -- Understudy Role -- Office Role -- Home Role -- Using a Policy to Authorize a Command -- Starting the Policy -- Satisfying a Policy -- Simple Assertions and Multifactor Assertions -- If the Policy Is Compound -- If the Policy Is Flexible (Uses a Wild Card) -- Satisfying the Approved Policy -- Transforming the Approved Policy in the Flexible Policy -- Certified Policies -- Summary -- Chapter 15: Key Management -- Key Generation -- Templates -- Key Trees: Keeping Keys in a Tree with the Same Algorithm Set -- Duplication -- Key Distribution -- Key Activation -- Key Destruction -- Putting It All Together -- Example 1: Simple Key Management -- Example 2: An Enterprise IT Organization with Windows TPM 2.0 Enabled Systems -- Summary -- Chapter 16: Auditing TPM Commands -- Why Audit -- Audit Commands -- Audit Types -- Command Audit -- Session Audit -- Audit Log -- Audit Data -- Exclusive Audit -- Summary -- Chapter 17: Decrypt/Encrypt Sessions -- What Do Encrypt/Decrypt Sessions Do? -- Practical Use Cases -- Decrypt/Encrypt Limitations -- Decrypt/Encrypt Setup -- Pseudocode Flow -- Sample Code -- Summary -- Chapter 18: Context Management.
TAB and the Resource Manager: A High-Level Description.
author_facet Arthur, Will.
Challener, David.
author_variant w a wa
author2 Challener, David.
author2_variant d c dc
author2_role TeilnehmendeR
author_sort Arthur, Will.
title A Practical Guide to TPM 2. 0 : Using the Trusted Platform Module in the New Age of Security.
title_sub Using the Trusted Platform Module in the New Age of Security.
title_full A Practical Guide to TPM 2. 0 : Using the Trusted Platform Module in the New Age of Security.
title_fullStr A Practical Guide to TPM 2. 0 : Using the Trusted Platform Module in the New Age of Security.
title_full_unstemmed A Practical Guide to TPM 2. 0 : Using the Trusted Platform Module in the New Age of Security.
title_auth A Practical Guide to TPM 2. 0 : Using the Trusted Platform Module in the New Age of Security.
title_new A Practical Guide to TPM 2. 0 :
title_sort a practical guide to tpm 2. 0 : using the trusted platform module in the new age of security.
publisher Apress L. P.,
publishDate 2015
physical 1 online resource (375 pages)
edition 1st ed.
contents Intro -- A Practical Guide to TPM 2.0 -- Contents at a Glance -- About ApressOpen -- Contents -- About the Authors -- About the Technical Reviewers -- Acknowledgments -- Introduction -- Chapter 1: History of the TPM -- Why a TPM? -- History of Development of the TPM Specification from 1.1b to 1.2 -- How TPM 2.0 Developed from TPM 1.2 -- History of TPM 2.0 Specification Development -- Summary -- Chapter 2: Basic Security Concepts -- Cryptographic Attacks -- Brute Force -- Calculating the Strength of Algorithms by Type -- Attacks on the Algorithm Itself -- Security Definitions -- Cryptographic Families -- Secure Hash (or Digest) -- Hash Extend -- HMAC: Message Authentication Code -- KDF: Key Derivation Function -- Authentication or Authorization Ticket -- Symmetric-Encryption Key -- Symmetric-Key Modes -- Nonce -- Asymmetric Keys -- RSA Asymmetric-Key Algorithm -- RSA for Key Encryption -- RSA for Digital Signatures -- ECC Asymmetric-Key Algorithm -- ECDH Asymmetric-Key Algorithm to Use Elliptic Curves to Pass Keys -- ECDSA Asymmetric-Key Algorithm to Use Elliptic Curves for Signatures -- Public Key Certification -- Summary -- Chapter 3: Quick Tutorial on TPM 2.0 -- Scenarios for Using TPM 1.2 -- Identification -- Encryption -- Key Storage -- Random Number Generator -- NVRAM Storage -- Platform Configuration Registers -- Privacy Enablement -- Scenarios for Using Additional TPM 2.0 Capabilities -- Algorithm Agility (New in 2.0) -- Enhanced Authorization (New in 2.0) -- Quick Key Loading (new in 2.0) -- Non-Brittle PCRs (New in 2.0) -- Flexible Management (New in 2.0) -- Identifying Resources by Name (New in 2.0) -- Summary -- Chapter 4: Existing Applications That Use TPMs -- Application Interfaces Used to Talk to TPMs -- TPM Administration and WMI -- The Platform Crypto Provider -- Virtual Smart Card -- Applications That Use TPMs.
Applications That Should Use the TPM but Don't -- Building Applications for TPM 1.2 -- TSS.Net and TSS.C++ -- Wave System s Embassy Suite -- Rocks to Avoid When Developing TPM Applications -- Microsoft BitLocker -- IBM File and Folder Encryption -- New Manageability Solutions in TPM 2.0 -- Summary -- Chapter 5: Navigating the Specification -- TPM 2.0 Library Specification: The Parts -- Some Definitions -- General Definitions -- Definitions of the Major Fields of the Command Byte Stream -- Definitions of the Major Fields of the Response Byte Stream -- Getting Started in Part 3: the Commands -- Data Details -- Common Structure Constructs -- TPM2B_XXX Structures -- Structure with Union -- Canonicalization -- Endianness -- Part 2: Notation Syntax -- Part 3: Table Decorations -- Commonly Used Sections of the Specification -- How to Find Information in the Specification -- Strategies for Ramping Up on TPM 2.0 -- Will -- Ken -- Dave -- Other TPM 2.0 Specifications -- Summary -- Chapter 6: Execution Environment -- Setting Up the TPM -- Microsoft Simulator -- Building the Simulator from Source Code -- Setting Up a Binary Version of the Simulator -- Running the Simulator -- Testing the Simulator -- Python Script -- TSS.net -- System API Test Code -- Setting Up the Software Stack -- TSS 2.0 -- TSS.net -- Summary -- Chapter 7: TPM Software Stack -- The Stack: a High-Level View -- Feature API -- System API -- Command Context Allocation Functions -- Command Preparation Functions -- Command Execution Functions -- Command Completion Functions -- Simple Code Example -- System API Test Code -- TCTI -- TPM Access Broker ( TAB) -- Resource Manager -- Device Driver -- Summary -- Chapter 8: TPM Entities -- Permanent Entities -- Persistent Hierarchies -- Ephemeral Hierarchy -- Dictionary Attack Lockout Reset -- Platform Configuration Registers ( PCR s) -- Reserved Handles.
Password Authorization Session -- Platform NV Enable -- Nonvolatile Indexes -- Objects -- Nonpersistent Entities -- Persistent Entities -- Entity Names -- Summary -- Chapter 9: Hierarchies -- Three Persistent Hierarchies -- Platform Hierarchy -- Storage Hierarchy -- Endorsement Hierarchy -- Privacy -- Activating a Credential -- Other Privacy Considerations -- NULL Hierarchy -- Cryptographic Primitives -- Random Number Generator -- Digest Primitives -- HMAC Primitives -- RSA Primitives -- Symmetric Key Primitives -- Summary -- Chapter 10: Keys -- Key Commands -- Key Generator -- Primary Keys and Seeds -- Persistence of Keys -- Key Cache -- Key Authorization -- Key Destruction -- Key Hierarchy -- Key Types and Attributes -- Symmetric and Asymmetric Keys Attributes -- Duplication Attributes -- Restricted Signing Key -- Restricted Decryption Key -- Context Management vs. Loading -- NULL Hierarchy -- Certification -- Keys Unraveled -- Summary -- Chapter 11: NV Indexes -- NV Ordinary Index -- NV Counter Index -- NV Bit Field Index -- NV Extend Index -- Hybrid Index -- NV Access Controls -- NV Written -- NV Index Handle Values -- NV Names -- NV Password -- Separate Commands -- Summary -- Chapter 12: Platform Configuration Registers -- PCR Value -- Number of PCRs -- PCR Commands -- PCRs for Authorization -- PCRs for Attestation -- PCR Quote in Detail -- PCR Attributes -- PCR Authorization and Policy -- PCR Algorithms -- Summary -- Chapter 13: Authorizations and Sessions -- Session-Related Definitions -- Password, HMAC, and Policy Sessions: What Are They? -- Session and Authorization: Compared and Contrasted -- Authorization Roles -- Command and Response Authorization Area Details -- Command Authorization Area -- Command Authorization Structures -- Response Authorization Structures -- Password Authorization: The Simplest Authorization.
Password Authorization Lifecycle -- Creating a Password Authorized Entity -- Changing a Password Authorization for an Already Created Entity -- Using a Password Authorization -- Code Example: Password Session -- Starting HMAC and Policy Sessions -- TPM2_StartAuthSession Command -- Session Key and HMAC Key Details -- Guidelines for TPM2_StartAuthSession Handles and Parameters -- Session Variations -- Salted vs. Unsalted -- Bound vs. Unbound -- Use Cases for Session Variations -- HMAC and Policy Sessions: Differences -- HMAC Authorization -- HMAC Authorization Lifecycle -- Altering or Creating an Entity That Requires HMAC Authorization -- Creating an HMAC Session -- Using an HMAC Session to Authorize a Single Command -- HMAC and Policy Session Code Example -- Using an HMAC Session to Send Multiple Commands (Rolling Nonces) -- HMAC Session Security -- HMAC Session Data Structure -- Policy Authorization -- How Does EA Work? -- Policy Authorization Time Intervals -- Policy Authorization Lifecycle -- Building the Entity's Policy Digest -- Creating the Entity to Use the Policy Digest -- Starting the Real Policy Session -- Sending Policy Commands to Fulfill the Policy -- Performing the Action That Requires Authorization -- Combined Authorization Lifecycle -- Summary -- Chapter 14: Extended Authorization (EA) Policies -- Policies and Passwords -- Why Extended Authorization? -- Multiple Varieties of Authentication -- Multifactor Authentication -- How Extended Authorization Works -- Creating Policies -- Simple Assertion Policies -- Passwords (Plaintext and HMAC) of the Object -- Passwords of a Different Object -- Digital Signatures (such as Smart Cards) -- PCRs: State of the Machine -- Locality of Command -- Internal State of the TPM (Boot Counter and Timers) -- Internal Value of an NV RAM Location.
State of the External Device (GPS, Fingerprint Reader, and So On) -- Flexible (Wild Card) Policy -- Example 1: Smart card and Password -- Example 2: A Policy for a Key Used Only for Signing with a Password -- Example 3: A PC state, a Password, and a Fingerprint -- Example 4: A Policy Good for One Boot Cycle -- Example 5: A Policy for Flexible PCRs -- Example 6: A Policy for Group Admission -- Example 7: A Policy for NV RAM between 1 and 100 -- Command-Based Assertions -- Multifactor Authentication -- Compound Policies: Using Logical OR in a Policy -- Making a Compound Policy -- Example: A Policy for Work or Home Computers -- Considerations in Creating Policies -- End User Role -- Administrator Role -- Understudy Role -- Office Role -- Home Role -- Using a Policy to Authorize a Command -- Starting the Policy -- Satisfying a Policy -- Simple Assertions and Multifactor Assertions -- If the Policy Is Compound -- If the Policy Is Flexible (Uses a Wild Card) -- Satisfying the Approved Policy -- Transforming the Approved Policy in the Flexible Policy -- Certified Policies -- Summary -- Chapter 15: Key Management -- Key Generation -- Templates -- Key Trees: Keeping Keys in a Tree with the Same Algorithm Set -- Duplication -- Key Distribution -- Key Activation -- Key Destruction -- Putting It All Together -- Example 1: Simple Key Management -- Example 2: An Enterprise IT Organization with Windows TPM 2.0 Enabled Systems -- Summary -- Chapter 16: Auditing TPM Commands -- Why Audit -- Audit Commands -- Audit Types -- Command Audit -- Session Audit -- Audit Log -- Audit Data -- Exclusive Audit -- Summary -- Chapter 17: Decrypt/Encrypt Sessions -- What Do Encrypt/Decrypt Sessions Do? -- Practical Use Cases -- Decrypt/Encrypt Limitations -- Decrypt/Encrypt Setup -- Pseudocode Flow -- Sample Code -- Summary -- Chapter 18: Context Management.
TAB and the Resource Manager: A High-Level Description.
isbn 9781430265849
9781430265832
callnumber-first Q - Science
callnumber-subject QA - Mathematics
callnumber-label QA76
callnumber-sort QA 276.9 A25
genre Electronic books.
genre_facet Electronic books.
url https://ebookcentral.proquest.com/lib/oeawat/detail.action?docID=6422766
illustrated Not Illustrated
oclc_num 1231606716
work_keys_str_mv AT arthurwill apracticalguidetotpm20usingthetrustedplatformmoduleinthenewageofsecurity
AT challenerdavid apracticalguidetotpm20usingthetrustedplatformmoduleinthenewageofsecurity
AT arthurwill practicalguidetotpm20usingthetrustedplatformmoduleinthenewageofsecurity
AT challenerdavid practicalguidetotpm20usingthetrustedplatformmoduleinthenewageofsecurity
status_str n
ids_txt_mv (MiAaPQ)5006422766
(Au-PeEL)EBL6422766
(OCoLC)1231606716
carrierType_str_mv cr
is_hierarchy_title A Practical Guide to TPM 2. 0 : Using the Trusted Platform Module in the New Age of Security.
author2_original_writing_str_mv noLinkedField
marc_error Info : Unimarc and ISO-8859-1 translations identical, choosing ISO-8859-1. --- [ 856 : z ]
_version_ 1792331059181912064
fullrecord <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>10923nam a22004453i 4500</leader><controlfield tag="001">5006422766</controlfield><controlfield tag="003">MiAaPQ</controlfield><controlfield tag="005">20240229073838.0</controlfield><controlfield tag="006">m o d | </controlfield><controlfield tag="007">cr cnu||||||||</controlfield><controlfield tag="008">240229s2015 xx o ||||0 eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781430265849</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="z">9781430265832</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(MiAaPQ)5006422766</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(Au-PeEL)EBL6422766</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1231606716</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">MiAaPQ</subfield><subfield code="b">eng</subfield><subfield code="e">rda</subfield><subfield code="e">pn</subfield><subfield code="c">MiAaPQ</subfield><subfield code="d">MiAaPQ</subfield></datafield><datafield tag="050" ind1=" " ind2="4"><subfield code="a">QA76.9.A25</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Arthur, Will.</subfield></datafield><datafield tag="245" ind1="1" ind2="2"><subfield code="a">A Practical Guide to TPM 2. 0 :</subfield><subfield code="b">Using the Trusted Platform Module in the New Age of Security.</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">1st ed.</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Berkeley, CA :</subfield><subfield code="b">Apress L. P.,</subfield><subfield code="c">2015.</subfield></datafield><datafield tag="264" ind1=" " ind2="4"><subfield code="c">Ã2015.</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 online resource (375 pages)</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">computer</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">online resource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="505" ind1="0" ind2=" "><subfield code="a">Intro -- A Practical Guide to TPM 2.0 -- Contents at a Glance -- About ApressOpen -- Contents -- About the Authors -- About the Technical Reviewers -- Acknowledgments -- Introduction -- Chapter 1: History of the TPM -- Why a TPM? -- History of Development of the TPM Specification from 1.1b to 1.2 -- How TPM 2.0 Developed from TPM 1.2 -- History of TPM 2.0 Specification Development -- Summary -- Chapter 2: Basic Security Concepts -- Cryptographic Attacks -- Brute Force -- Calculating the Strength of Algorithms by Type -- Attacks on the Algorithm Itself -- Security Definitions -- Cryptographic Families -- Secure Hash (or Digest) -- Hash Extend -- HMAC: Message Authentication Code -- KDF: Key Derivation Function -- Authentication or Authorization Ticket -- Symmetric-Encryption Key -- Symmetric-Key Modes -- Nonce -- Asymmetric Keys -- RSA Asymmetric-Key Algorithm -- RSA for Key Encryption -- RSA for Digital Signatures -- ECC Asymmetric-Key Algorithm -- ECDH Asymmetric-Key Algorithm to Use Elliptic Curves to Pass Keys -- ECDSA Asymmetric-Key Algorithm to Use Elliptic Curves for Signatures -- Public Key Certification -- Summary -- Chapter 3: Quick Tutorial on TPM 2.0 -- Scenarios for Using TPM 1.2 -- Identification -- Encryption -- Key Storage -- Random Number Generator -- NVRAM Storage -- Platform Configuration Registers -- Privacy Enablement -- Scenarios for Using Additional TPM 2.0 Capabilities -- Algorithm Agility (New in 2.0) -- Enhanced Authorization (New in 2.0) -- Quick Key Loading (new in 2.0) -- Non-Brittle PCRs (New in 2.0) -- Flexible Management (New in 2.0) -- Identifying Resources by Name (New in 2.0) -- Summary -- Chapter 4: Existing Applications That Use TPMs -- Application Interfaces Used to Talk to TPMs -- TPM Administration and WMI -- The Platform Crypto Provider -- Virtual Smart Card -- Applications That Use TPMs.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Applications That Should Use the TPM but Don't -- Building Applications for TPM 1.2 -- TSS.Net and TSS.C++ -- Wave System s Embassy Suite -- Rocks to Avoid When Developing TPM Applications -- Microsoft BitLocker -- IBM File and Folder Encryption -- New Manageability Solutions in TPM 2.0 -- Summary -- Chapter 5: Navigating the Specification -- TPM 2.0 Library Specification: The Parts -- Some Definitions -- General Definitions -- Definitions of the Major Fields of the Command Byte Stream -- Definitions of the Major Fields of the Response Byte Stream -- Getting Started in Part 3: the Commands -- Data Details -- Common Structure Constructs -- TPM2B_XXX Structures -- Structure with Union -- Canonicalization -- Endianness -- Part 2: Notation Syntax -- Part 3: Table Decorations -- Commonly Used Sections of the Specification -- How to Find Information in the Specification -- Strategies for Ramping Up on TPM 2.0 -- Will -- Ken -- Dave -- Other TPM 2.0 Specifications -- Summary -- Chapter 6: Execution Environment -- Setting Up the TPM -- Microsoft Simulator -- Building the Simulator from Source Code -- Setting Up a Binary Version of the Simulator -- Running the Simulator -- Testing the Simulator -- Python Script -- TSS.net -- System API Test Code -- Setting Up the Software Stack -- TSS 2.0 -- TSS.net -- Summary -- Chapter 7: TPM Software Stack -- The Stack: a High-Level View -- Feature API -- System API -- Command Context Allocation Functions -- Command Preparation Functions -- Command Execution Functions -- Command Completion Functions -- Simple Code Example -- System API Test Code -- TCTI -- TPM Access Broker ( TAB) -- Resource Manager -- Device Driver -- Summary -- Chapter 8: TPM Entities -- Permanent Entities -- Persistent Hierarchies -- Ephemeral Hierarchy -- Dictionary Attack Lockout Reset -- Platform Configuration Registers ( PCR s) -- Reserved Handles.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Password Authorization Session -- Platform NV Enable -- Nonvolatile Indexes -- Objects -- Nonpersistent Entities -- Persistent Entities -- Entity Names -- Summary -- Chapter 9: Hierarchies -- Three Persistent Hierarchies -- Platform Hierarchy -- Storage Hierarchy -- Endorsement Hierarchy -- Privacy -- Activating a Credential -- Other Privacy Considerations -- NULL Hierarchy -- Cryptographic Primitives -- Random Number Generator -- Digest Primitives -- HMAC Primitives -- RSA Primitives -- Symmetric Key Primitives -- Summary -- Chapter 10: Keys -- Key Commands -- Key Generator -- Primary Keys and Seeds -- Persistence of Keys -- Key Cache -- Key Authorization -- Key Destruction -- Key Hierarchy -- Key Types and Attributes -- Symmetric and Asymmetric Keys Attributes -- Duplication Attributes -- Restricted Signing Key -- Restricted Decryption Key -- Context Management vs. Loading -- NULL Hierarchy -- Certification -- Keys Unraveled -- Summary -- Chapter 11: NV Indexes -- NV Ordinary Index -- NV Counter Index -- NV Bit Field Index -- NV Extend Index -- Hybrid Index -- NV Access Controls -- NV Written -- NV Index Handle Values -- NV Names -- NV Password -- Separate Commands -- Summary -- Chapter 12: Platform Configuration Registers -- PCR Value -- Number of PCRs -- PCR Commands -- PCRs for Authorization -- PCRs for Attestation -- PCR Quote in Detail -- PCR Attributes -- PCR Authorization and Policy -- PCR Algorithms -- Summary -- Chapter 13: Authorizations and Sessions -- Session-Related Definitions -- Password, HMAC, and Policy Sessions: What Are They? -- Session and Authorization: Compared and Contrasted -- Authorization Roles -- Command and Response Authorization Area Details -- Command Authorization Area -- Command Authorization Structures -- Response Authorization Structures -- Password Authorization: The Simplest Authorization.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Password Authorization Lifecycle -- Creating a Password Authorized Entity -- Changing a Password Authorization for an Already Created Entity -- Using a Password Authorization -- Code Example: Password Session -- Starting HMAC and Policy Sessions -- TPM2_StartAuthSession Command -- Session Key and HMAC Key Details -- Guidelines for TPM2_StartAuthSession Handles and Parameters -- Session Variations -- Salted vs. Unsalted -- Bound vs. Unbound -- Use Cases for Session Variations -- HMAC and Policy Sessions: Differences -- HMAC Authorization -- HMAC Authorization Lifecycle -- Altering or Creating an Entity That Requires HMAC Authorization -- Creating an HMAC Session -- Using an HMAC Session to Authorize a Single Command -- HMAC and Policy Session Code Example -- Using an HMAC Session to Send Multiple Commands (Rolling Nonces) -- HMAC Session Security -- HMAC Session Data Structure -- Policy Authorization -- How Does EA Work? -- Policy Authorization Time Intervals -- Policy Authorization Lifecycle -- Building the Entity's Policy Digest -- Creating the Entity to Use the Policy Digest -- Starting the Real Policy Session -- Sending Policy Commands to Fulfill the Policy -- Performing the Action That Requires Authorization -- Combined Authorization Lifecycle -- Summary -- Chapter 14: Extended Authorization (EA) Policies -- Policies and Passwords -- Why Extended Authorization? -- Multiple Varieties of Authentication -- Multifactor Authentication -- How Extended Authorization Works -- Creating Policies -- Simple Assertion Policies -- Passwords (Plaintext and HMAC) of the Object -- Passwords of a Different Object -- Digital Signatures (such as Smart Cards) -- PCRs: State of the Machine -- Locality of Command -- Internal State of the TPM (Boot Counter and Timers) -- Internal Value of an NV RAM Location.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">State of the External Device (GPS, Fingerprint Reader, and So On) -- Flexible (Wild Card) Policy -- Example 1: Smart card and Password -- Example 2: A Policy for a Key Used Only for Signing with a Password -- Example 3: A PC state, a Password, and a Fingerprint -- Example 4: A Policy Good for One Boot Cycle -- Example 5: A Policy for Flexible PCRs -- Example 6: A Policy for Group Admission -- Example 7: A Policy for NV RAM between 1 and 100 -- Command-Based Assertions -- Multifactor Authentication -- Compound Policies: Using Logical OR in a Policy -- Making a Compound Policy -- Example: A Policy for Work or Home Computers -- Considerations in Creating Policies -- End User Role -- Administrator Role -- Understudy Role -- Office Role -- Home Role -- Using a Policy to Authorize a Command -- Starting the Policy -- Satisfying a Policy -- Simple Assertions and Multifactor Assertions -- If the Policy Is Compound -- If the Policy Is Flexible (Uses a Wild Card) -- Satisfying the Approved Policy -- Transforming the Approved Policy in the Flexible Policy -- Certified Policies -- Summary -- Chapter 15: Key Management -- Key Generation -- Templates -- Key Trees: Keeping Keys in a Tree with the Same Algorithm Set -- Duplication -- Key Distribution -- Key Activation -- Key Destruction -- Putting It All Together -- Example 1: Simple Key Management -- Example 2: An Enterprise IT Organization with Windows TPM 2.0 Enabled Systems -- Summary -- Chapter 16: Auditing TPM Commands -- Why Audit -- Audit Commands -- Audit Types -- Command Audit -- Session Audit -- Audit Log -- Audit Data -- Exclusive Audit -- Summary -- Chapter 17: Decrypt/Encrypt Sessions -- What Do Encrypt/Decrypt Sessions Do? -- Practical Use Cases -- Decrypt/Encrypt Limitations -- Decrypt/Encrypt Setup -- Pseudocode Flow -- Sample Code -- Summary -- Chapter 18: Context Management.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">TAB and the Resource Manager: A High-Level Description.</subfield></datafield><datafield tag="588" ind1=" " ind2=" "><subfield code="a">Description based on publisher supplied metadata and other sources.</subfield></datafield><datafield tag="590" ind1=" " ind2=" "><subfield code="a">Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2024. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries. </subfield></datafield><datafield tag="655" ind1=" " ind2="4"><subfield code="a">Electronic books.</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Challener, David.</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Print version:</subfield><subfield code="a">Arthur, Will</subfield><subfield code="t">A Practical Guide to TPM 2. 0</subfield><subfield code="d">Berkeley, CA : Apress L. P.,c2015</subfield><subfield code="z">9781430265832</subfield></datafield><datafield tag="797" ind1="2" ind2=" "><subfield code="a">ProQuest (Firm)</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="u">https://ebookcentral.proquest.com/lib/oeawat/detail.action?docID=6422766</subfield><subfield code="z">Click to View</subfield></datafield></record></collection>

Similar Items