Making Open Work
May 8–9, 2017: Training & Tutorials
May 10–11, 2017: Conference
Austin, TX

Enhancing cloud security with the TPM

James Bottomley (IBM Research)
1:45pm2:25pm Wednesday, May 10, 2017
Location: Meeting Room 10 A/B
Level: Intermediate
Average rating: *****
(5.00, 3 ratings)

Who is this presentation for?

  • Engineers and cloud software developers

Prerequisite knowledge

  • Basic programming skills
  • A general knowledge of C (must at least be familiar with the C API)

What you'll learn

  • Learn what a TPM is and how you get access to and use it on Linux, how you place private keys into it and the methodology for doing this, and how you can use the same techniques to transfer all your ssh and GPG keys into the TPM on your laptop


Thanks to work by Intel and Microsoft, TPMs are ubiquitous in today’s hardware, from tablets all the way to servers, meaning that if you want to make use of them in the cloud, it’s likely you don’t have to buy anything else because they’re already present. TPMs can perform four essential functions: secure measurement and logging, secure signing, encryption, and private key escrow, data sealing, and attestation. (TPMs can be divided into two classes: the modern 2.0 incarnation required by Microsoft and used in the Surface and newer systems and the older (and much more common) 1.2. This talk will stick to 1.2.)

Most people have heard (at length) about measurement and all its problems. Here, James Bottomley explains how secure signing can be made to function where an external key is irretrievably (so that neither hackers nor the cloud service provider can get it) placed into a TPM and used to perform a variety of RSA authentication operations. The useful target for this is VPN, but there are a variety of other authentication systems for which this can be made to work.

James demonstrates how an existing RSA key can be wrapped for secure transmission to the TPM and then used via the OpenSSL engine functions, how an agreed PCR timer can make this key expire after an agreed interval, why it cannot ever be retrieved, and how the trust model actually works. And for the paranoid who don’t trust their own cloud provider, James covers how the TPM attestation functions can be used to verify exactly that you weren’t tricked into wrapping the key for a software-based TPM, which could allow the trickster to steal your private key. James then explains how sequestered trust models like the TPM can be used in the industry to enhance cloud security even in an apparently insecure environment.

Photo of James Bottomley

James Bottomley

IBM Research

James Bottomley is a distinguished engineer at IBM Research, where he works on cloud and container technology. James is also Linux kernel maintainer of the SCSI subsystem. He has served as a director on the board of the Linux Foundation and chair of its Technical Advisory Board. Previously, he was CTO of server virtualization at Parallels (later Odin); was a distinguished engineer at Novell’s SUSE Labs; helped found SteelEye Technology, a high-availability company for Linux and Windows, where he was vice president and CTO; and worked on distributed lock manager technology for clustering at AT&T Bell labs. James holds undergraduate and doctoral degrees from the University of Cambridge.