Platform Embedded Security Technology Revealed : : Safeguarding the Future of Computing with Intel Embedded Security and Management Engine.

Platform Embedded Security Technology Revealed : : Safeguarding the Future of Computing with Intel Embedded Security and Management Engine.

Saved in:
Bibliographic Details
:
Ruan, Xiaoyu.
Place / Publishing House:Berkeley, CA : : Apress L. P.,, 2014.
Ã2014.
Year of Publication:2014
Edition:1st ed.
Language:English
Online Access:
Physical Description:1 online resource (263 pages)
Tags: Add Tag
No Tags, Be the first to tag this record!
Table of Contents:
  • Intro
  • Contents at a Glance
  • Contents
  • About the Author
  • About the Technical Reviewer
  • Acknowledgments
  • Introduction
  • Chapter 1: Cyber Security in the Mobile Age
  • Three Pillars of Mobile Computing
  • Power Efficiency
  • Internet Connectivity
  • Security
  • BYOD
  • Incident Case Study
  • eBay Data Breach
  • Target Data Breach
  • OpenSSL Heartbleed
  • Key Takeaways
  • Strong Authentication
  • Network Management
  • Boot Integrity
  • Hardware-Based Protection
  • Open-Source Software Best Practice
  • Third-Party Software Best Practice
  • Security Development Lifecycle
  • Assessment
  • Architecture
  • Design
  • Implementation
  • Deployment
  • Interface Testing
  • Penetration Testing
  • CVSS
  • Limitations
  • References
  • Chapter 2: Intel's Embedded Solutions: from Management to Security
  • Management Engine vs. Intel AMT
  • Intel AMT vs. Intel vPro Technology
  • Management Engine Overview
  • Hardware
  • Overlapped I/O
  • Firmware
  • Software
  • Platform and System Management
  • Software Solutions
  • Hardware Solutions
  • In-Band Solutions
  • Out-of-Band Solutions
  • Intel AMT Overview
  • BIOS Extension
  • Local Management Service and Tray Icon
  • Remote Management
  • The Engine's Evolvement: from Management to Security
  • Embedded System as Security Solution
  • Security Applications at a Glance
  • EPID
  • PAVP
  • IPT
  • Boot Guard
  • Virtual Security Core: ARM TrustZone
  • Secure Mode and Nonsecure Mode
  • Memory Isolation
  • Bus Isolation
  • Physical Isolation vs. Virtual Isolation
  • References
  • Chapter 3: Building Blocks of the Security and Management Engine
  • Random Number Generation
  • Message Authentication
  • Hash with Multiple Calls
  • Symmetric-Key Encryption
  • AES
  • DES/3DES
  • Asymmetric-Key Encryption: RSA
  • Key Pair Generation and Validation
  • Encryption and Decryption
  • Digital Signature
  • RSA
  • ECDSA.
  • Key Pair Generation and Validation
  • Scalar Multiplication
  • Window Method
  • Dual Scalar Multiplication
  • Hardware Acceleration
  • Other Cryptography Functions
  • Secure Storage
  • Debugging
  • Debug Messaging
  • Special Production-Signed Firmware Based on Unique Part ID
  • Secure Timer
  • Host-Embedded Communication Interface
  • Direct Memory Access to Host Memory
  • References
  • Chapter 4: The Engine: Safeguarding Itself before Safeguarding Others
  • Access to Host Memory
  • Communication with the CPU
  • Triggering Power Flow
  • Security Requirements
  • Confidentiality
  • Integrity
  • Availability
  • Threat Analysis and Mitigation
  • Load Integrity
  • Memory Integrity
  • Memory Encryption
  • Task Isolation
  • Asset Protection
  • Memory Manager
  • Thread Manager
  • Memory Protection Control
  • Loader
  • Inter-Task Call Management
  • Exception Handler
  • Nonprivileged Tasks
  • Firmware Update and Downgrade
  • Published Attacks
  • "Introducing Ring -3 Rootkits "
  • References
  • Chapter 5: Privacy at the Next Level: Intel's Enhanced Privacy Identification (EPID) Technology
  • Redefining Privacy for the Mobile Age
  • Passive Anonymity
  • Active Anonymity
  • Processor Serial Number
  • EPID
  • Key Structures and Provisioning
  • Revocation
  • Private Key-Based Revocation
  • Signature-Based Revocation
  • Group-Based Revocation
  • Signature Generation and Verification
  • Signature Generation
  • Base Name
  • Signature Verification
  • SIGMA
  • Verifier's Certificate
  • Messages Breakdown
  • Implementation of EPID
  • Key Recovery
  • Attack Mitigation
  • Applications of EPID
  • Next Generation of EPID
  • Two-way EPID
  • Optimization
  • References
  • Chapter 6: Boot with Integrity, or Don't Boot
  • Boot Attack
  • Evil Maid
  • BIOS and UEFI
  • BIOS Alteration
  • Software Replacement
  • Jailbreaking
  • Trusted Platform Module (TPM).
  • Platform Configuration Register
  • Field Programmable Fuses
  • Field Programmable Fuses vs. Flash Storage
  • Field Programmable Fuse Task
  • Intel Boot Guard
  • Operating System Requirements for Boot Integrity
  • OEM Configuration
  • Measured Boot
  • Verified Boot
  • Manifests
  • Verification Flow
  • References
  • Chapter 7: Trust Computing, Backed by the Intel Platform Trust Technology
  • TPM Overview
  • Cryptography Subsystem
  • Storage
  • Endorsement Key
  • Attestation
  • Binding and Sealing
  • Intel Platform Trust Technology
  • Cryptography Algorithms
  • Endorsement Key Storage
  • Endorsement Key Revocation
  • Endorsement Certificate
  • Supporting Security Firmware Applications
  • Integrated vs. Discrete TPM
  • References
  • Chapter 8: Unleashing Premium Entertainment with Hardware-Based Content Protection Technology
  • Rights Protection
  • DRM Schemes
  • Device Key Management
  • Rights Management
  • Playback
  • UltraViolet
  • End-to-End Content Protection
  • Content Server
  • License Server
  • Software Stack
  • External Display
  • Weak Points
  • Intel's Hardware-Based Content Protection
  • Protected Audio and Video Path (PAVP)
  • Device Key Provisioning
  • Rights Management
  • Intel Wireless Display
  • Authentication and Key Exchange
  • Content Protection on TrustZone
  • References
  • Chapter 9: Breaking the Boundaries with Dynamically Loaded Applications
  • Closed-Door Model
  • DAL Overview
  • DAL Architecture
  • Loading an Applet
  • Secure Timer
  • Host Storage Protection
  • Security Considerations
  • Reviewing and Signing Process
  • References
  • Chapter 10: Intel Identity Protection Technology: the Robust, Convenient, and Cost-Effective Way to Deter Identity Theft
  • One-Time Password
  • HOTP
  • TOTP
  • Transaction Signing
  • OTP Tokens
  • Embedded OTP and OCRA
  • Token Installation
  • TOTP and OCRA Generation
  • Highlights and Lowlights.
  • Protected Transaction Display
  • Drawing a Sprite
  • Gathering the User's PIN Input
  • Firmware Architecture
  • Embedded PKI and NFC
  • References
  • Chapter 11: Looking Ahead: Tomorrow's Innovations Built on Today's Foundation
  • Isolated Computing Environment
  • Security-Hardening Measures
  • Basic Utilities
  • Anonymous Authentication and Secure Session Establishment
  • Protected Input and Output
  • Dynamic Application Loader
  • Summary of Firmware Ingredients
  • Software Guard Extensions
  • More Excitement to Come
  • References
  • Index.

Similar Items