Trusted Computing Base

Question 1

What is the definition of trust according to the US Department of Defense as presented in the slides?

A) A system that guarantees security

B) A system you are forced to trust because you have no choice

C) A system that is inherently trustworthy

D) A system with no vulnerabilities

Answer 1

Answer: B

Explanation:
US DoD stating, “A system that you are forced to trust because you have no choice,” emphasizing that trust is often imposed due to lack of alternatives, not because the system is inherently secure.

Question 2

According to Bruce Schneier, what does a “trusted” computer imply?

A) It is completely secure

B) It does not necessarily mean it is trustworthy

C) It has no software vulnerabilities

D) It is immune to hardware attacks

Answer 2

Answer: B

Explanation:
Schneier’s statement, “A ‘trusted’ computer does not mean a computer is trustworthy,” highlighting the distinction between being labeled as trusted and actually being reliable or secure.

Question 3

What is the Trusted Computing Base (TCB)?

A) The entire operating system

B) The combination of hardware, firmware, and operating system components that must be trusted

C) A software-only security layer

D) A network protocol for secure communication

Answer 3

Answer: B

Explanation:
TCB encompasses hardware, firmware, operating system, etc., represents the critical components that a system relies on for security.

Question 4

What is one way to enhance the security of the Trusted Computing Base?

A) Increase its size

B) Shrink the TCB

C) Remove all hardware components

D) Disable firmware updates

Answer 4

Answer: B

Explanation:
“How can we shrink the TCB?” indicates that reducing the TCB’s size minimizes the attack surface and enhances security.

Question 5

What was Microsoft’s Palladium initiative also known as?

A) Trusted Platform Module

B) Next Generation Secure Computing Base (NGSCB)

C) Windows Defender

D) Secure Boot Architecture

Answer 5

Answer: B

Explanation:
Palladium is codenamed and also known as the Next Generation Secure Computing Base (NGSCB).

Question 6

What was the primary goal of Microsoft’s NGSCB?

A) To enhance gaming performance

B) To provide better privacy, security, and system integrity

C) To simplify software installation

D) To reduce hardware costs

Answer 6

Answer: B

Explanation:
NGSCB aims to improve privacy, security, and system integrity for Windows users.

Question 7

What hardware group designed components relied upon by NGSCB?

A) Open Source Initiative

B) Trusted Computing Group

C) IEEE Standards Association

D) Internet Engineering Task Force

Answer 7

Answer: B

Explanation:
NGSCB relied on hardware designed by the Trusted Computing Group.

Question 8

Which component of Trusted Computing ensures that data is only accessible in a specific system state?

A) Secure I/O

B) Sealed Storage

C) Memory Curtaining

D) Remote Attestation

Answer 8

Answer: B

Explanation:
Sealed storage is a Trusted Computing component, which protects data by tying access to specific system states (e.g., PCR values).

Question 9

What does the Trusted Platform Module (TPM) primarily provide hardware support for?

A) Graphics processing

B) Sealed storage and remote attestation

C) Network connectivity

D) Real-time system monitoring

Answer 9

Answer: B

Explanation:
TPM provides hardware support for sealed storage and remote attestation.

Question 10

11. What is the most common purpose of a TPM, as per the slides?

A) Real-time virus scanning

B) Measured boot

C) User authentication

D) Network encryption

Answer 10

Answer: B

Explanation:
The most common purpose of a TPM is measured boot, verifying the integrity of boot components.

Question 11

How does a TPM detect an “evil maid” attack?

A) By monitoring network traffic

B) By verifying the integrity of BIOS and firmware

C) By scanning for malware

D) By tracking user logins

Answer 11

Answer: B

Explanation:
TPM verifies the integrity of BIOS, option ROMs, and other boot components to detect modifications, such as those from an evil maid attack.

Question 12

What happens if the hashes of firmware components do not match known values during a TPM measured boot?

A) The system reboots automatically

B) The TPM does not unseal, preventing access to encryption keys

C) The system ignores the mismatch

D) The TPM generates new hashes

Answer 12

Answer: B

Explanation:
If hashes don’t match, the TPM will not unseal, blocking access to keys like those for disk encryption.

Question 13

Which TPM component is responsible for communicating with the rest of the system?

A) Random Number Generator

B) Input/Output (I/O)

C) SHA-1 Engine

D) Non-Volatile Storage

Answer 13

Answer: B

Explanation:
Input/Output (I/O) is the TPM component that enables communication with the system.

Question 14

What is stored in a TPM’s Platform Configuration Registers (PCRs)?

A) User passwords

B) System state hashes

C) Encryption algorithms

D) Network configurations

Answer 14

Answer: B

Explanation:
PCRs store hashes representing the system’s state, used for integrity verification.

Question 15

How can a PCR’s state be modified?

A) By direct user input

B) Through the Extend operation

C) By rebooting the system

D) By updating the BIOS

Answer 15

Answer: B

Explanation:
PCR can only be modified via the Extend operation, which updates the PCR with a new hash.

Question 16

What is the main difference between secure boot and authenticated boot?

A) Secure boot measures states, while authenticated boot stops execution

B) Secure boot stops execution if measurements are incorrect, while authenticated boot records states

C) Secure boot uses TPM, while authenticated boot does not

D) Secure boot is software-based, while authenticated boot is hardware-based

Answer 16

Answer: B

Explanation:
Secure boot halts if measurements are wrong, whereas authenticated boot records states for remote verification.

Question 17

What is the purpose of the Endorsement Key (EK) in a TPM?

A) To encrypt user data

B) To identify the TPM for its lifetime

C) To manage sealed storage

D) To generate random numbers

Answer 17

Answer: B

Explanation:
EK is a unique key pair set by the manufacturer, identifying the TPM throughout its lifetime.

Question 18

Where is the private portion of the Storage Root Key (SRK) stored?

A) On the system’s hard drive

B) In the TPM, never leaving it

C) In cloud storage

D) In the BIOS

Answer 18

Answer: B

Explanation:
The private portion of the SRK never leaves the TPM, ensuring its security.

Question 19

What is required before remote attestation can occur?

A) A valid user password

B) Knowledge of the public portion of an Attestation Identity Key (AIK) or a CA’s public key

C) A system reboot

D) A network firewall

Answer 19

Answer: B

Explanation:
Remote attestation requires the challenger to know the AIK’s public portion or a CA’s public key.

Question 20

What does Direct Anonymous Attestation (DAA) use to verify a TPM’s authenticity?

A) A password-based system

B) A zero-knowledge proof

C) A public database

D) A physical token

Answer 20

Answer: B

Explanation:
DAA uses a zero-knowledge proof to confirm a TPM is real without revealing sensitive information.

Question 21

What is the primary function of the Linux Integrity Measurement Architecture (IMA)?

A) To encrypt network traffic

B) To collect and verify file hashes

C) To manage user permissions

D) To optimize system performance

Answer 21

Answer: B

Explanation:
IMA is responsible for collecting file hashes and enabling their verification.

Question 22

What does the Extended Verification Module (EVM) aim to detect?

A) Online hacking attempts

B) Offline tampering of security attributes

C) Software bugs

D) Hardware failures

Answer 22

Answer: B

Explanation:
EVM detects offline tampering, such as modifications to security extended attributes.

Question 23

Which of the following is NOT a main function of a TPM?

A) Cryptographic key generation

B) Hardware authentication

C) Altering the system’s execution flow

D) Sealed storage

Answer 23

Answer: C

Explanation:
TPM cannot alter the system’s execution flow, ruling it out as a function.

Question 24

What is a common misconception about TPMs?

A) They prevent the use of open-source software

B) They improve system performance

C) They eliminate all security risks

D) They require constant internet access

Answer 24

Answer: A

Explanation:
TPM prevents open-source software use, clarifying that they only support authenticated boot.

Question 25

How does the Trusted Computing Group architecture handle boot processes? A) It uses secure boot exclusively B) It uses authenticated boot C) It disables booting if TPM is present D) It requires manual user verification

Answer 25

Answer: B Explanation: TCG architecture uses authenticated boot, measuring states without halting execution.

Question 26

What is a potential benefit of using a TPM for Digital Rights Management (DRM)? A) It simplifies software installation B) It can restrict access to content based on system state C) It eliminates the need for licenses D) It enhances graphics performance

Answer 26

Answer: B Explanation: TPM could aid DRM by controlling access to content via sealed storage tied to system states.

Question 27

What challenge does the heterogeneity of operating systems pose for Trusted Computing? A) It increases hardware costs B) It complicates verifying the correct OS state C) It prevents TPM integration D) It reduces system performance

Answer 27

Answer: B Explanation: "How do you verify this state in a heterogeneous environment?" indicating that diverse OS environments make state verification difficult.

Question 28

What does the SHA-1 Engine in a TPM do? A) Generates random numbers B) Computes signatures and key blocks C) Manages user authentication D) Stores encryption keys

Answer 28

Answer: B Explanation: SHA-1 Engine is responsible for computing signatures and creating key blocks.

Question 29

What is a key privacy concern regarding Trusted Computing? A) Exposure of user passwords B) Whether remote systems must know the state of a user’s machine C) Lack of encryption standards D) Inability to update software

Answer 29

Answer: B Explanation: "Must they know the state of my machine?" highlights privacy concerns about remote state disclosure.

Question 30

What is the primary function of the Random Number Generator (RNG) in a TPM? A) To encrypt user data B) To generate keys and nonces C) To store system state hashes D) To authenticate remote users

Answer 30

Answer: B Explanation: Random Number Generator (RNG) is a TPM component used for key generation, nonce creation, and similar cryptographic tasks, ensuring secure random values for these processes.

Question 31

What is a key benefit of the Linux Extended Verification Module (EVM) in combating physical attacks? A) It encrypts network communications B) It detects offline tampering of security attributes C) It optimizes boot performance D) It manages cryptographic keys

Answer 31

Answer: B Explanation: EVM detects offline tampering, such as modifications to security extended attributes, which helps mitigate physical attacks like those in an evil maid scenario.

Question 32

Define the Trusted Computing Base (TCB).

Answer 32

Answer: The TCB includes hardware, firmware, operating system, and other components that a system must rely on for security.

Question 33

Why is shrinking the TCB important?

Answer 33

Answer: Shrinking the TCB reduces the attack surface, making the system more secure by minimizing components that must be trusted.

Question 34

What was the codename for Microsoft’s NGSCB?

Answer 34

Answer: Palladium.

Question 35

Name one goal of Microsoft’s NGSCB initiative.

Answer 35

Answer: To provide better privacy, security, or system integrity.

Question 36

What is sealed storage in Trusted Computing?

Answer 36

Answer: Sealed storage protects data by only allowing access when the system is in a specific state, verified by the TPM.

Question 37

What is the primary role of the Trusted Platform Module (TPM)?

Answer 37

Answer: To provide hardware support for sealed storage and remote attestation.

Question 38

What is a measured boot?

Answer 38

Answer: A process where the TPM verifies the integrity of boot components (e.g., BIOS, bootloader) by comparing their hashes to known values.

Question 39

How does a TPM help detect an evil maid attack?

Answer 39

Answer: It verifies the integrity of firmware and boot components, detecting unauthorized modifications.

Question 40

What is stored in a TPM’s Platform Configuration Registers (PCRs)?

Answer 40

Answer: Hashes represent the system’s state.

Question 41

What operation modifies a PCR’s state?

Answer 41

Answer: The Extend operation. PCRs are updated only via Extend, combining new values with existing hashes.

Question 42

Differentiate between secure boot and authenticated boot.

Answer 42

Answer: Secure boot stops execution if measurements are incorrect; authenticated boot records states for remote verification.

Question 43

What is the Endorsement Key (EK) in a TPM?

Answer 43

Answer: A unique key pair set by the manufacturer, identifying the TPM for its lifetime.

Question 44

Where is the private portion of the Storage Root Key (SRK) kept?

Answer 44

Answer: Inside the TPM, never leaving it.

Question 45

What is the purpose of Attestation Identity Keys (AIKs)?

Answer 45

Answer: They are used for remote attestation to verify a system’s state.

Question 46

What is Direct Anonymous Attestation (DAA)?

Answer 46

Answer: A method using zero-knowledge proofs to verify a TPM’s authenticity anonymously.

Question 47

What does the Linux Integrity Measurement Architecture (IMA) do?

Answer 47

Answer: It collects file hashes and allows verification of their integrity.

Question 48

What is the Extended Verification Module (EVM) designed to detect?

Answer 48

Answer: Offline tampering of security extended attributes.

Question 49

How might a TPM be used for Digital Rights Management (DRM)?

Answer 49

Answer: By sealing access to content to specific system states, ensuring only authorized systems can access it.

Question 50

Name one false claim about TPMs.

Answer 50

Answer: One false claim is that TPM prevents the use of open-source software. The truth is that TPM does not block open-source OSes, only measure boot states.

Question 51

Explain the concept of the Trusted Computing Base (TCB) and discuss why minimizing its size is critical for system security. Provide examples.

Answer 51

Answer: 1. The TCB comprises hardware, firmware, operating system, and other components critical to a system’s security. 2. Minimizing its size reduces the number of components that must be trusted, lowering the attack surface. 3. For example, a large TCB might include unnecessary drivers or bloated OS features, increasing vulnerability points. 4. "How can we shrink the TCB?" suggesting that a smaller TCB, such as a minimal OS kernel with essential firmware, is harder to compromise. This enhances security by limiting exploitable code.

Question 52

Describe Microsoft’s Next Generation Secure Computing Base (NGSCB), including its goals, components, and eventual outcome.

Answer 52

Answer: 1. NGSCB, codenamed Palladium, was a Microsoft initiative to enhance Windows security, privacy, and integrity, part of the Trustworthy Computing initiative. 2. Its goals included hardware-based process isolation, data encryption, and secure authentication, relying on Trusted Computing Group hardware. 3. It used a hypervisor-like "Nexus" for a parallel secure environment. 4. NGSCB was planned for Windows Vista but do not confirm its success, suggesting it may not have been fully implemented.

Question 53

Discuss the role of the Trusted Platform Module (TPM) in ensuring system integrity, particularly through measured boot. How does it mitigate attacks like the evil maid attack?

Answer 53

Answer: 1. The TPM is a hardware crypto-processor that supports system integrity via functions like measured boot, which verifies the hashes of boot components (BIOS, bootloader) against known values, storing results in PCRs. 2. If hashes match, the TPM unseals encryption keys; if not, it prevents access, halting unauthorized boots. 3. For an evil maid attack, where an adversary modifies firmware physically, the TPM detects altered hashes, preventing the system from unlocking sensitive data.

Question 54

Compare and contrast secure boot and authenticated boot. Why does the Trusted Computing Group favor authenticated boot?

Answer 54

Answer: 1. Secure boot halts system execution if boot measurements deviate from expected values, ensuring only authorized software runs. 2. Authenticated boot, however, measures and records boot states in PCRs without stopping execution, allowing remote systems to verify integrity later. 3. The TCG favors authenticated boot, because it supports flexibility in diverse environments, enabling verification without restricting software (e.g., open-source OSes). This avoids dictating what can run, balancing security and usability.

Question 55

Explain how sealed storage works in a TPM and its significance for data protection. Provide an example scenario.

Answer 55

Answer: 1. Sealed storage encrypts data such that it can only be accessed when the system’s PCRs reflect a specific state, verified by the TPM. 2. Keys are stored on the system but encrypted by a TPM storage key (e.g., SRK). 3. If the system state changes (e.g., due to malware), the TPM denies access. 4. For example, a laptop’s disk encryption key might be sealed to a clean OS state, preventing data access if the bootloader is tampered with. The is a core TPM feature for secure data access control.

Question 56

Discuss the concept of remote attestation in Trusted Computing. How does Direct Anonymous Attestation (DAA) address privacy concerns?

Answer 56

Answer: 1. Remote attestation allows a system to prove its state to a remote party using TPM-generated evidence, typically via Attestation Identity Keys (AIKs). The challenger verifies PCR values or AIK signatures. Privacy concerns arise if the TPM’s identity is exposed. 2. DAA, as noted in the slides, uses zero-knowledge proofs to confirm a TPM’s authenticity without revealing its Endorsement Key, ensuring anonymity. 3. This balances attestation’s security benefits with user privacy, critical in open environments.

Question 57

Describe the Linux kernel’s Integrity Measurement Architecture (IMA) and Extended Verification Module (EVM). How do they complement TPM functionality?

Answer 57

Answer: 1. IMA collects hashes of software and configuration files, storing them securely in kernel memory for local or remote verification, ensuring file integrity. 2. EVM detects offline tampering of security attributes, mitigating physical attacks. 3. Together, they complement TPMs by extending integrity checks beyond boot (IMA) and detecting physical modifications (EVM), while TPMs handle hardware-based measurements and key protection.

Question 58

Evaluate the potential of TPMs in supporting Digital Rights Management (DRM). What are the ethical implications of this use?

Answer 58

Answer: 1. TPMs can support DRM by sealing content access to specific system states, ensuring only authorized devices or software access protected media (e.g., movies playable only on verified platforms). 2. TPMs can restrict key access based on PCRs. Ethically, this raises concerns about user freedom, as it could limit software choice or enforce restrictive licensing, potentially undermining open-source ecosystems. 3. However, it protects content creators’ rights, balancing security with control.

Question 59

Address common misconceptions about TPM. Why do these myths persist?

Answer 59

Answer: 1. TPM prevents open-source software use, equating TPM with DRM, or causing loss of anonymity. 2. These are false because TPM uses authenticated boot, not secure boot, and supports privacy via DAA. 3. Myths persist due to early fears about initiatives like Palladium, which promised tight control, and public misunderstanding of TPM’s limited role as a hardware enabler, not a policy enforcer. Lack of clear communication fuels suspicion.

Question 60

Discuss the challenges of implementing Trusted Computing in a heterogeneous environment. Propose a potential solution.

Answer 60

Answer: 1. Challenges like verifying the correct OS state across diverse systems and ensuring security updates don’t disrupt functionality. 2. In a heterogeneous environment, varying hardware and OS versions complicate standardizing PCR values. 3. Privacy concerns also arise if systems must expose states. 4. A solution could be a universal attestation framework where systems report abstract integrity metrics (e.g., compliance with a security baseline) rather than specific states, using DAA for anonymity. This balances verification with flexibility.