| Trusted Computing |
Article Index for Trusted |
Articles about Trusted Computing |
Website Links For Computing |
Information AboutTrusted Computing |
| CATEGORIES ABOUT TRUSTED COMPUTING | |
| cryptography | |
| copyright law | |
| digital rights management | |
| business law | |
|
Trusted Computing (also abbreviated '''TC''') is a technology developed and promoted by the Trusted Computing Group . The term is taken from the field of Trusted System s and has a specialized meaning. Trusted Computing means that the computer will consistently behave in specific ways, and those behaviors will be enforced by hardware and software. Trusted Computing proponents such as International Data Corporation ,1 the Enterprise Strategy Group2 and Endpoint Technologies Associates3 claim that it will make computers safer, less prone to Viruses and Malware , and thus more reliable from an end-user perspective. In addition, they also claim that Trusted Computing will allow Computers and Server s to offer improved Computer Security over that which is currently available. Chip manufacturers , by 2010 essentially all portable PCs and the vast majority of desktops will include a TPM chip.8 Trusted Computing has proved controversial with opponents believing that trust in the underlying companies is not deserved and that the technology puts too much power and control into the hands of those who design systems and software. Many see trusted computing as an anti-competative practice. It is also seen by them as a possible enabler for future versions of mandatory access control, copy protection, and Digital Rights Management, all critized for undue censorship. THE NATURE OF TRUST Security experts define a trusted system to be one which is required to be trusted for the security of a larger system to hold. For example, the United States Department Of Defense's definition of a trusted system is one which could break security policy if it misbehaved; i.e., ''"a system that you have chosen to trust, possibly out of necessity."'' Cryptographer Bruce Schneier observes ''"A 'trusted' computer does not mean a computer that is trustworthy."'' Using these definitions a Hard Drive Controller must be trusted by its users that it genuinely saves to the drive, in every case, the data it is intended to be saving, and a secure website must be trusted that it is secure because a user cannot verify this for themselves. Trust in security parlance is always a kind of compromise or weakness—sometimes inevitable, but never desirable as such. Controversial in Trusted Computing is this definition of trust; the Trusted Computing group describes Technical Trust as ''"an entity can be trusted if it always behaves in the expected manner for the intended purpose"''. Critics characterize a Trusted System as a system you are ''forced to trust'' rather than one which is particularly trustworthy. KEY CONCEPTS Trusted computing encompasses five key technology concepts, of which all are required for a fully trusted system. # Endorsement Key # Secure Input and Output # Memory curtaining / Protected execution # Sealed storage # Remote attestation Endorsement Key "The endorsement key is a 2,048-bit RSA public and private key pair, which is created randomly on the chip at manufacture time and cannot be changed. The private key never leaves the chip, while the public key is used for attestation and for encryption of sensitive data sent to the chip, as occurs during the TPM_TakeOwnership command." This key is used to allow the executions of secure transactions: every TPM is required to sign a random number, using a particular protocol created by the trusted computing group (the Direct Anonymous Attestation protocol) in order to ensure its compliance of the TCG standard and to prove its identity; this makes it impossible for a software TPM emulator to start a secure transaction with a trusted entity. The TPM should be designed to make the extraction of this key by hardware analysis hard, but tamper-resistance is not a strong requirement. Secure I/O Secure input and output ( I/O ) refers to a protected path between the computer user and the software with which they believe they are interacting. On current computer systems there are many ways for malicious software to intercept data as it travels between a user and a software process - for example Keyboard Loggers and Screen-scrapers . Secure I/O reflects a hardware and software protected and verified channel, using Checksum s to verify that the software used to do the I/O has not been tampered with. Malicious software injecting itself in this path could be identified. Secure I/O is traditionally known as a Trusted Path Memory curtaining Memory curtaining extends the current memory protection techniques to provide full isolation of sensitive areas of memory — for example locations containing cryptographic keys. Even the Operating System doesn't have full access to curtained memory, so the information would be secure from an intruder who took control of the OS. Sealed storage Sealed storage protects private information by binding it to platform configuration information including the software and hardware being used. This means the data can be read only by the same combination of software and hardware. For example, users who keep a song on their computer that hasn't been licensed to be listened won't be able to play it. Currently, a user can locate the song, listen to it, and send it to someone else, play it in the software of their choice, or for backup (in some cases, using circumvention software to decrypt it, such as hymn ). Alternately the user may use software to modify the operating system's DRM routines to have it leak the song data once, say, a temporary license was acquired. Using sealed storage, the song is securely encrypted so that only the unmodified and untampered music player on his or her computer can play it. Remote attestation Remote attestation allows changes to the user's computer to be detected by authorized parties. That way, software companies can avoid users tampering with their software to circumvent technological protection measures. It works by having the hardware generate a certificate stating what software is currently running. The computer can then present this certificate to a remote party to show that its software hasn't been tampered with. Remote attestation is usually combined with public-key encryption so that the information sent can only be read by the programs that presented and requested the attestation, and not by an eavesdropper, such as the computer owner. To take the song example again, the user's music player software could send the song to other machines, but only if they could attest that they were running a secure copy of the music player software. Combined with the other technologies, this provides a more secured path for the music: secure I/O prevents the user from recording it as it is heard on the speakers, memory curtaining prevents it from being dumped to regular disk files as it is being worked on, sealed storage curtails unauthorized access to it when saved to the hard drive, and remote attestation protects it from unauthorized software even when it is used on other computers. APPLICATIONS FOR TRUSTED COMPUTING Protecting hard-drive data after theft Windows Vista Ultimate and Enterprise make use of a Trusted Platform Module to facilitate BitLocker Drive Encryption .10 The Trusted Platform Module is used to securely bootstrap and access decryption keys for volume level hard drive encryption. This is done via the Trusted Platform Module's Platform Configuration Registers. As the computer starts up a series of validations occur on the BIOS, the master boot record, the boot sector and so on until the decryption keys can be retrieved from the Trusted Platform Module and used to decrypt the hard drive as needed. This use of the TPM mitigates some attacks on accessing the data on a stolen or lost laptop; such as just plugging in the hard drive in a different system, booting to a different operating system or attempting to modify the boot code. The Enforcer is a Linux Security Module designed to improve integrity of a computer running Linux by ensuring no tampering of the file system. It can interact with 'trusted' hardware to provide higher levels of assurance for software and sensitive data. The Enforcer can also work with the TPM to store the secret to an encrypted loopback file system, and unmount this file system when a tampered file is detected; the secret will not be accessible to mount the loopback file system until the machine has been rebooted with untampered files. This allows sensitive data to be protected from an attacker. POSSIBLE APPLICATIONS FOR TRUSTED COMPUTING Digital Rights Management Trusted Computing would allow companies to create an almost unbreakable DRM system. An example is downloading a music file. Remote attestation could be used so that the music file would refuse to play except on a specific music player that enforces the record company's rules. Sealed storage would prevent the user from opening the file with another player or another computer. The music would be played in curtained memory, which would prevent the user from making an unrestricted copy of the file while it's playing, and secure I/O would prevent capturing what is being sent to the sound system. Preventing cheating in on-line games Trusted computing could be used to combat Cheating In Online Games . Some players modify their game copy in order to gain unfair advantages in the game; remote attestation, secure I/O and memory curtaining could be used to verify that all players connected to a server were running an unmodified copy of the software. Protection from identity theft Trusted Computing could be used to prevent Identity Theft . Take for example, online banking. Remote attestation could be used when the user is connecting to the bank's server and would only serve the page if the server could produce the correct certificates. Then the user can send his encrypted account number and PIN, with some assurance that the information is private to him and the bank. Protection from viruses and spyware Digital signature of software will allow users to identify applications modified by third parties that could add Spyware to the software. For example, a website offers a modified version of a popular Instant Messenger that contains spyware as a Drive-by Download . The operating system could notice the lack of a valid signature for these versions and inform the user that the program has been modified. Of course this leaves open the question of who determines if a signature is valid. Trusted computing might allow increased protection from viruses. However, Microsoft has denied that this functionality will be present in its NGSCB architecture. A possible improvement in Virus protection would be to allow Antivirus vendors to write software that couldn't be corrupted by virus attacks. However, as with most advanced uses of Trusted Computing technology, preventing software corruption necessitates a Trusted Operating System, such as Trusted Gentoo In practice any operating system which aims to be backwards compatible with existing software will not be able to protect against viruses in this way. Protection of biometric authentication data Biometric Devices used for authentication could use trusted computing technologies (memory curtaining, secure I/O) to assure the user that no spyware installed on his/her PC is able to steal sensitive biometric data. The theft of this data could be extremely harmful to the user because while a user can change a password if he or she knows that the password is no longer secure, a user cannot change the data generated by a biometric device. Verification of remote computation for grid computing Trusted computing could be used to guarantee participants in a grid computing system are returning the results of the computations they claim to be instead of forging them. This would allow large scale simulations to be run (say a climate simulation) without expensive redundant computations to guarantee malicious hosts aren't undermining the results to achieve the conclusion they want.11 CRITICISM OF TRUSTED COMPUTING Trusted Computing opponents such as the Electronic Frontier Foundation and the Free Software Foundation believe that trust in the underlying companies is not deserved and that the technology puts too much power and control into the hands of those who design systems and software. They also believe that it may cause consumers to lose anonymity in their online interactions, as well as mandating technologies Trusted Computing opponents deem as unnecessary. Finally, Trusted Computing is seen by them as a possible enabler for future versions of Mandatory Access Control , Copy Protection , and Digital Rights Management , all critized for undue Censorship . Some security experts1213 have spoken out against Trusted Computing, believing it will provide computer manufacturers and software authors with increased control to impose restrictions on what users are able to do with their computers. There are concerns that Trusted Computing would have an Anti-competitive effect on competition in the IT market. There is concern amongst critics that it will not always be possible to examine the hardware components on which Trusted Computing relies, the Trusted Platform Module , which is the ultimate Hardware system where the core 'root' of trust in the platform has to lie. If not implemented correctly, it presents a security risk to overall platform integrity and protected data. The specifications, as published by the Trusted Computing Group , are open and are available for anyone to review. However, the final implementations by commercial vendors will not necessarily be subjected to the same review process. In addition, the world of cryptography can often move quickly, and that hardware implementations of algorithms might create an inadvertent obsolescence. While the promise of Trusted Computing is to increase security, critics counter not only will security not be helped, but Trusted Computing will facilitate mandatory Digital Rights Management , invade privacy, and impose other restrictions on users. Trusting networked computers to controlling authorities rather than to individuals may create Digital Imprimatur s. Contrast Trusted Computing with Secure Computing in which Anonymity , not disclosure, is the main concern. Advocates of secure computing argue that the additional security can be achieved without relinquishing control of computers from users to Superuser s. |
|
|