Trusted Computing

From Wikipedia, the free encyclopedia

Jump to: navigation, search

Trusted Computing (TC) is a technology developed and promoted by the Trusted Computing Group.[1] The term is taken from the field of trusted systems and has a specialized meaning. With Trusted Computing, the computer will consistently behave in specific ways, and those behaviors will be enforced by hardware and software.[1] Enforcing this Trusted behavior is achieved by loading the hardware with a unique ID and unique master key and denying even the owner of a computer knowledge and control of their own master key. Trusted Computing is extremely controversial as the hardware is not only secured for the owner, but also secured against the owner as well. Such controversy has led opponents of trusted computing, such as Richard Stallman, to refer to it instead as treacherous computing, even to the point where some scholarly articles have begun to place quotes around "trusted computing".[2][3]

Trusted Computing proponents such as International Data Corporation,[4] the Enterprise Strategy Group[5] and Endpoint Technologies Associates[6] claim the technology will make computers safer, less prone to viruses and malware, and thus more reliable from an end-user perspective. In addition, they also claim that Trusted Computing will allow computers and servers to offer improved computer security over that which is currently available. Opponents often claim this technology will be used primarily to enforce digital rights management policies and not to increase computer security.[7]

Chip manufacturers Intel and AMD, hardware manufacturers such as Dell, and operating system providers such as Microsoft all plan to include Trusted Computing into coming generations of products.[8][9]a[›] The U.S. Army requires that every new small PC it purchases must come with a Trusted Platform Module (TPM).[10][11] As of July 3, 2007, so does virtually the entire Department of Defense.[12] According to the International Data Corporation, by 2010 essentially all portable PCs and the vast majority of desktops will include a TPM chip.[13]


[edit] Key concepts

Trusted computing encompasses five key technology concepts, of which all are required for a fully Trusted system, that is, a system compliant to the TCG specifications:

  1. Endorsement key
  2. Secure input and output
  3. Memory curtaining / protected execution
  4. Sealed storage
  5. Remote attestation

[edit] Endorsement key

The endorsement key is a 2048-bit RSA public and private key pair, which is created randomly on the chip at manufacture time and cannot be changed. The private key never leaves the chip, while the public key is used for attestation and for encryption of sensitive data sent to the chip, as occurs during the TPM_TakeOwnership command. — David Safford[14]

This key is used to allow the executions of secure transactions: every Trusted Platform Module (TPM) is required to sign a random number, using a particular protocol created by the trusted computing group (the direct anonymous attestation protocol) in order to ensure its compliance of the TCG standard and to prove its identity; this makes it impossible for a software TPM emulator, with a self-generated Endorsement Key, to start a secure transaction with a trusted entity. The TPM should be designed to make the extraction of this key by hardware analysis hard, but tamper-resistance is not a strong requirement.

[edit] Secure I/O

Secure input and output (I/O) refers to a protected path between the computer user and the software with which they believe they are interacting. On current computer systems there are many ways for malicious software to intercept data as it travels between a user and a software process — for example keyboard loggers and screen-scrapers. Secure I/O reflects a hardware and software protected and verified channel, using checksums stored in the Trusted Platform Module to verify that the software drivers used to do the I/O has not been tampered with. Malicious software injecting itself in this path could be identified. Secure I/O is traditionally known as a Trusted path.

[edit] Memory curtaining

Memory curtaining extends common memory protection techniques to provide full isolation of sensitive areas of memory — for example, locations containing cryptographic keys. Even the operating system does not have full access to curtained memory, so the information would be secure from an intruder who took control of the OS, because of the use of separate protected execution environments. The exact implementation details are vendor specific; Intel's Trusted Execution Technology already offers this feature.

[edit] Sealed storage

Sealed storage protects private information by binding it to platform configuration information including the software and hardware being used. This means the data can be read only by the same combination of software and hardware. For example, users who keep a song on their computer that has not been licensed to be listened will not be able to play it. Currently, a user can locate the song, listen to it, and send it to someone else, play it in the software of their choice, or back it up (and in some cases, use circumvention software to decrypt it). Alternately the user may use software to modify the operating system's DRM routines to have it leak the song data once, say, a temporary license was acquired. Using sealed storage, the song is securely encrypted using a key bound to the trusted platform module so that only the unmodified and untampered music player on his or her computer can play it.

[edit] Remote attestation

Remote attestation allows changes to the user's computer to be detected by authorized parties. For examples, software companies can avoid users tampering with their software to circumvent technological protection measures. It works by having the hardware generate a certificate stating what software is currently running. The computer can then present this certificate to a remote party to show that its software has not been tampered with.

Remote attestation is usually combined with public-key encryption so that the information sent can only be read by the programs that presented and requested the attestation, and not by an eavesdropper, such as the computer owner.

To take the song example again, the user's music player software could send the song to other machines, but only if they could attest that they were running a secure copy of the music player software. Combined with the other technologies, this provides a more secured path for the music: secure I/O prevents the user from recording it as it is heard on the speakers, memory curtaining prevents it from being dumped to regular disk files as it is being worked on, sealed storage curtails unauthorized access to it when saved to the hard drive, and remote attestation protects it from unauthorized software even when it is used on other computers. Remote Attestation use, however, has been discouraged in favour of Direct anonymous attestation.

[edit] Known applications of Trusted Computing

[edit] Protecting hard-drive data

Windows Vista Ultimate and Enterprise make use of a Trusted Platform Module to facilitate BitLocker Drive Encryption.[15]

[edit] Possible applications of Trusted Computing

[edit] Digital rights management

Trusted Computing would allow companies to create a Digital rights management system which would be very hard to circumvent, though not impossible. An example is downloading a music file. Remote attestation could be used so that the music file would refuse to play except on a specific music player that enforces the record company's rules. Sealed storage would prevent the user from opening the file with another player or another computer. The music would be played in curtained memory, which would prevent the user from making an unrestricted copy of the file while it is playing, and secure I/O would prevent capturing what is being sent to the sound system. Circumventing such a system would require either manipulation of the computer's hardware, capturing the analogue (and possibly degraded) signal using a recording device or a microphone, or breaking the encryption algorithm.

[edit] Identity theft protection

Trusted Computing could be used to help prevent identity theft. Taking online banking as an example, remote attestation could be used when the user is connecting to the bank's server and would only serve the page if the server could produce the correct certificates. Then the user can send his encrypted account number and PIN, with some assurance that the information is private to him and the bank.

[edit] Preventing cheating in online games

Trusted computing could be used to combat cheating in online games. Some players modify their game copy in order to gain unfair advantages in the game; remote attestation, secure I/O and memory curtaining could be used to verify that all players connected to a server were running an unmodified copy of the software.

This is especially true with game modifications designed to enhance player ability or automate certain task. For example, a user might want to install an auto aiming bot in shooter games, or a harvesting bot in a strategy game. Since there is no way for the game server to remotely determine if the commands are given by a human being or a program, the proposed solution is to certify the code the player's computer is running.

[edit] Protection from viruses and spyware

Digital signature of software will allow users to identify applications modified by third parties that could add spyware to the software. For example, a website offers a modified version of a popular instant messenger that contains spyware as a drive-by download. The operating system could notice the lack of a valid signature for these versions and inform the user that the program has been modified, although this leaves open the question of who determines if a signature is valid.

Trusted computing might allow increased protection from viruses. However, Microsoft has denied that this functionality will be present in its NGSCB architecture. A possible improvement in virus protection would be to allow antivirus vendors to write software that could not be corrupted by virus attacks. However, as with most advanced uses of Trusted Computing technology, preventing software corruption necessitates a Trusted Operating System, such as Trusted Gentoo In practice any operating system which aims to be backwards compatible with existing software will not be able to protect against viruses in this way.

Biometrics ATM in South Korea

[edit] Protection of biometric authentication data

Biometric devices used for authentication could use trusted computing technologies (memory curtaining, secure I/O) to assure the user that no spyware installed on his/her PC is able to steal sensitive biometric data. The theft of this data could be extremely harmful to the user because while a user can change a password if he or she knows that the password is no longer secure, a user cannot change the data generated by a biometric device.

[edit] Verification of remote computation for grid computing

Trusted computing could be used to guarantee participants in a grid computing system are returning the results of the computations they claim to be instead of forging them. This would allow large scale simulations to be run (say a climate simulation) without expensive redundant computations to guarantee malicious hosts are not undermining the results to achieve the conclusion they want.[16]

[edit] Criticism of Trusted Computing

Trusted Computing opponents such as the Electronic Frontier Foundation and Free Software Foundation claim trust in the underlying companies is not deserved and that the technology puts too much power and control into the hands of those who design systems and software. They also believe that it may cause consumers to lose anonymity in their online interactions, as well as mandating technologies Trusted Computing opponents deem unnecessary. They suggest Trusted Computing as a possible enabler for future versions of mandatory access control, copy protection, and digital rights management.

Some security experts[17][18] have spoken out against Trusted Computing, believing it will provide computer manufacturers and software authors with increased control to impose restrictions on what users are able to do with their computers. There are concerns that Trusted Computing would have an anti-competitive effect on competition in the IT market.

There is concern amongst critics that it will not always be possible to examine the hardware components on which Trusted Computing relies, the Trusted Platform Module, which is the ultimate hardware system where the core 'root' of trust in the platform has to lie. If not implemented correctly, it presents a security risk to overall platform integrity and protected data. The specifications, as published by the Trusted Computing Group, are open and are available for anyone to review. However, the final implementations by commercial vendors will not necessarily be subjected to the same review process. In addition, the world of cryptography can often move quickly, and that hardware implementations of algorithms might create an inadvertent obsolescence. Trusting networked computers to controlling authorities rather than to individuals may create digital imprimaturs.

The Cambridge cryptographer Ross Anderson has great concerns that "TC can support remote censorship [...] In general, digital objects created using TC systems remain under the control of their creators, rather than under the control of the person who owns the machine on which they happen to be stored (as at present) [...] So someone who writes a paper that a court decides is defamatory can be compelled to censor it — and the software company that wrote the word processor could be ordered to do the deletion if she refuses. Given such possibilities, we can expect TC to be used to suppress everything from pornography to writings that criticize political leaders."[19] He goes on to state that:

[...] software suppliers can make it much harder for you to switch to their competitors' products. At a simple level, Word could encrypt all your documents using keys that only Microsoft products have access to; this would mean that you could only read them using Microsoft products, not with any competing word processor. [...]
The [...] most important benefit for Microsoft is that TC will dramatically increase the costs of switching away from Microsoft products (such as Office) to rival products (such as OpenOffice). For example, a law firm that wants to change from Office to OpenOffice right now merely has to install the software, train the staff and convert their existing files. In five years' time, once they have received TC-protected documents from perhaps a thousand different clients, they would have to get permission (in the form of signed digital certificates) from each of these clients in order to migrate their files to a new platform. The law firm won't in practice want to do this, so they will be much more tightly locked in, which will enable Microsoft to hike its prices.[19]

Anderson summarizes the case by saying "The fundamental issue is that whoever controls the TC infrastructure will acquire a huge amount of power. Having this single point of control is like making everyone use the same bank, or the same accountant, or the same lawyer. There are many ways in which this power could be abused."[19]

[edit] Digital rights management

One of the early motivations behind trusted computing was a desire by media and software corporations for stricter digital rights management technology to prevent users from freely sharing and using potentially copyrighted or private files without explicit permission. Microsoft has announced a DRM technology, PVP-OPM, that says it will make use of hardware encryption.

An example could be downloading a music file from a band: the band's record company could come up with rules for how the band's music can be used. For example, they might want the user to play the file only three times a day without paying additional money. Also, they could use remote attestation to only send their music to a music player that enforces their rules: sealed storage would prevent the user from opening the file with another player that did not enforce the restrictions. Memory curtaining would prevent the user from making an unrestricted copy of the file while it is playing, and secure output would prevent capturing what is sent to the sound system.

Once digital recordings are converted to analog signals, the (possibly degraded) signals could be recorded by conventional means, such as by connecting an audio recorder to the card instead of speakers, or by recording the speaker sounds with a microphone. Trusted computing cannot guard noninteractive works from analog reconversion.

[edit] Users unable to modify software

A user who wanted to switch to a competing program might find that it would be impossible for that new program to read old data, as the information would be "locked in" to the old program. It could also make it impossible for the user to read or modify their data except as specifically permitted by the software.

Remote attestation could cause other problems. Currently web sites can be visited using a number of web browsers, though certain websites may be formatted such that some browsers cannot decipher their code. Some browsers have found a way to get around that problem by emulating other browsers. With remote attestation a website could check the internet browser being used and refuse to display on any browser other than the specified one (like Internet Explorer), so even emulating the browser would not work.

[edit] Users have no control over data

Sealed storage could prevent users from moving sealed files to the new computer. This limitation might exist either through poor software design or deliberate limitations placed by publishers of works. The migration section of the TPM specification requires that it be impossible to move certain kinds of files except to a computer with the identical make and model of security chip.

[edit] Users unable to override

Some opponents of Trusted Computing advocate allowing owner overrides to allow the computer to use the secure I/O path to make sure the owner is physically present, to then bypass restrictions. Such an override would allow remote attestation to a user's specification, e.g., to create certificates that say Internet Explorer is running, even if a different browser is used. Instead of preventing software change, remote attestation would indicate when the software has been changed without owner's permission.

Trusted Computing Group members have refused to implement owner override.[20] Proponents of trusted computing believe that Owner override defeats the trust in other computers since remote attestation can be forged by the owner. Owner override offers the security and enforcement benefits to a machine owner, but does not allow him to trust other computers, because their owners could waive rules or restrictions on their own computers. Under this scenario, once data is sent to someone else's computer, whether it be a diary, a DRM music file, or a joint project, that other person controls what security, if any, their computer will enforce on their copy of those data. This has the potential to undermine the applications of trusted computing to enforce Digital Rights Management, control cheating in online games and attest to remote computations for grid computing.

[edit] Loss of anonymity

Because a Trusted Computing equipped computer is able to uniquely attest to its own identity, it will be possible for vendors and others who possess the ability to use the attestation feature to zero in on the identity of the user of TC-enabled software with a high degree of certainty.

Such a capability is contingent on the reasonable chance that the user at some time provides user-identifying information, whether voluntarily or indirectly. One common way that information can be obtained and linked is when a user registers a computer just after purchase. Another common way is when a user provides identifying information to the website of an affiliate of the vendor.

While proponents of TC point out that online purchases and credit transactions could potentially be more secure as a result of the remote attestation capability, this may cause the computer user to lose expectations of anonymity when using the Internet.

Critics point out that this could have a chilling effect on political free speech, the ability of journalists to use anonymous sources, whistle blowing, political blogging and other areas where the public needs protection from retaliation through anonymity.

In response to privacy concerns, researchers developed direct anonymous attestation (DAA) which allows a client to perform attestation while limiting the amount of identifying information that is provided to the verifier. DAA also supports an anonymity revocation system[21] wherein a third party has the information necessary to uniquely identify the TPM associated with a particular attestation.

[edit] Practicality

Any hardware component, including the TC hardware itself, has the potential to fail, or be upgraded and replaced. A user might rightly conclude that the mere possibility of being irrevocably cut-off from access to his or her own information, or to years' worth of expensive work-products, with no opportunity for recovery of that information, is unacceptable.[22] The concept of basing ownership or usage restrictions upon the verifiable identity of a particular piece of computing hardware may be perceived by the user as problematic if the equipment in question malfunctions.

[edit] Interoperability

Trusted Computing requests that all software and hardware vendors will follow the technical specifications released by the Trusted Computing Group in order to allow interoperability between different trusted software stacks. However, even now there are interoperability problems between the TrouSerS trusted software stack (released as open source software by IBM) and Hewlett-Packard's stack.[23] Another problem is the fact that the technical specifications are still changing, so it is unclear which is the standard implementation of the trusted stack.

[edit] Shutting out of competing products

People have voiced concerns that trusted computing could be used to keep or discourage users from running software created by companies outside of a small industry group. Microsoft has received a great deal of bad press surrounding their Palladium software architecture, evoking comments such as "Few pieces of vaporware have evoked a higher level of fear and uncertainty than Microsoft's Palladium", "Palladium is a plot to take over cyberspace", and "Palladium will keep us from running any software not personally approved by Bill Gates".[24] The concerns about trusted computing being used to shut out competition exist within a broader framework of consumers being concerned about using bundling of products to obscure prices of products and to engage in anti-competitive practices.[2] Trusted computing is seen as harmful or problematic to small and open source software developers.[25]

[edit] Trust

In the widely used public-key cryptography, creation of keys can be done on the local computer and the creator has complete control over who has access to it.[26] In some proposed encryption-decryption chips, a private/public key is permanently embedded into the hardware when it is manufactured,[27] and hardware manufactures would have the opportunity to record the key without leaving evidence of doing so. With this key it would be possible to have access to data encrypted with it, and to authenticate as it.[28] It would be fairly trivial for manufactures to give a copy of this key to the government or the software manufactures, as the platform must go through steps so that it works with authenticated software.[citation needed] In order to trust anything that is authenticated by or encrypted by a TPM or a Trusted computer, therefore, one has to trust the company that made that chip, the company that designed the chip, those companies allowed to make software for the chip, and the ability and interest of those companies to not compromise the process.[citation needed]

It is also critical that one be able to trust that the hardware manufacturers and software developers properly implement trusted computing standards. Incorrect implementation could be hidden from users, and thus could undermine the integrity of the whole system without users being aware of the flaw.[29]

[edit] Hardware and software support

  • Since 2004, most major manufacturers have shipped systems that have included Trusted Platform Modules, with associated BIOS support.[30] In accordance with the TCG specifications, the user must enable the Trusted Platform Module before it can be used.
  • The Linux kernel has included trusted computing support since version 2.6.13, and there are several projects to implement trusted computing for Linux. In January 2005, members of Gentoo Linux's "crypto herd" announced their intention of providing support for TC — in particular support for the Trusted Platform Module.[31] There is also a TCG-compliant software stack for Linux named TrouSerS, released under an open source license.
  • Some limited form of trusted computing can be implemented on current versions of Microsoft Windows with third party software.
  • The Intel Classmate PC (a competitor to the One Laptop Per Child) includes a Trusted Platform Module[32]

[edit] See also

[edit] References

  1. ^ a b Chris Mitchell, Trusted Computing, Institution of Electrical Engineers, 2005.
  2. ^ a b Ross Anderson, "Cryptography and Competition Policy - Issues with ‘Trusted Computing’ ", in Economics of Information Security, from series Advances in Information Security, Vol. 12, April 11, 2006.
  3. ^ F. Stajano, "Security for whom? The shifting security assumptions of pervasive computing", Lecture notes in computer science, vol. 2609, pp. 16-27, 2003.
  4. ^ Rau, Shane (February 2006). "The Trusted Computing Platform Emerges as Industry's First Comprehensive Approach to IT Security" (PDF). IDC Executive Brief. International Data Corporation. Retrieved on 2007-02-07. 
  5. ^ Oltsik, Jon (January 2006). "Trusted Enterprise Security: How the Trusted Computing Group (TCG) Will Advance Enterprise Security" (PDF). White Paper. Enterprise Strategy Group. Retrieved on 2007-02-07. 
  6. ^ Kay, Roger L. (2006). "How to Implement Trusted Computing: A Guide to Tighter Enterprise Security" (PDF). Endpoint Technologies Associates. Retrieved on 2007-02-07. 
  7. ^ Richard Stallman. "Can You Trust Your Computer?".
  8. ^ "Enhancing IT Security with Trusted Computing Group standards" (PDF). Dell Power Solutions. November 2006. 14. Retrieved on 2006-02-07. "TPMs [Trusted Platform Modules] from various semiconductor vendors are included on enterprise desktop and notebook systems from Dell and other vendors" 
  9. ^ "Trusted Platform Module Services in Windows Vista". Windows Hardware Development Central. Microsoft. 2005-04-25. Retrieved on 2007-02-07. "Windows Vista provides a set of services for applications that use TPM technologies." 
  10. ^ Lemos, Robert (2006-07-28). "U.S. Army requires trusted computing". Security Focus. Retrieved on 2007-02-07. 
  11. ^ "Army CIO/G-6 500-day plan" (PDF). U.S. Army. October 2006. Retrieved on 2007-02-07. "Strategic goal n. 3 , 'deliver a joint netcentric information that enables warfighter decision superiority'" 
  12. ^ encryption of unclassified data
  13. ^ Evers, Joris (2005-08-29). "Microsoft's leaner approach to Vista security". CNET News. Retrieved on 2007-02-07. 
  14. ^ Safford, David (2006-10-27). "Take Control of TCPA". Linux Journal. Retrieved on 2007-02-07. 
  15. ^ Ferguson, Niels (August 2006). "AES-CBC + Elephant: A Disk Encryption Algorithm for Windows Vista" (PDF). Microsoft TechNet. Retrieved on 2007-02-07. 
  16. ^ Mao, Wenbo Jin, Hai and Martin, Andrew (2005-06-07). "Innovations for Grid Security From Trusted Computing" (PDF). Retrieved on 2007-02-07. 
  17. ^ Marson, Ingrid (2006-01-27). "Trusted Computing comes under attack". ZDNet.,39020375,39249368,00.htm. Retrieved on 2007-02-07. 
  18. ^ Schneier, Bruce (2002-08-15). "Palladium and the TCPA". Crypto-Gram Newsletter. Retrieved on 2007-02-07. 
  19. ^ a b c Anderson, Ross (August 2003). [ "`Trusted Computing' Frequently Asked Questions: TC / TCG / LaGrande / NGSCB / Longhorn / Palladium / TCPA Version 1.1"]. Retrieved on 2007-02-07. 
  20. ^ Schoen, Seth (2003-12-01). "Give TCPA an Owner Override". Linux Journal. Retrieved on 2007-02-07. 
  21. ^
  22. ^ Trousers FAQ
  23. ^ "1.7 - I've taken ownership of my TPM under another OS...". TrouSerS FAQ. Retrieved on 2007-02-07. 
  24. ^ E.W. Felten, "Understanding trusted computing: will its benefits outweigh its drawbacks?", Security & Privacy, IEEE, Vol. 1, No. 3, pp. 60-62,
  25. ^ R. Oppliger, R. Rytz, "Does trusted computing remedy computer security problems?", Security & Privacy, IEEE, Vol. 3, No. 2, pp. 16-19, 2005.
  26. ^ "IEEE P1363: Standard Specifications For Public-Key Cryptography", Retrieved March 9, 2009.
  27. ^ Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel Rosenblum, Dan Boneh, "Terra: a virtual machine-based platform for trusted computing", ACM SIGOPS Operating Systems Review, Vol. 37, No. 5, pp. 193-206, 2003.
  28. ^ These are the functions of the private key in the RSA algorithm
  29. ^ Seth Schoen, "Trusted Computing: Promise and Risk", COSPA Knowledge Base: Comparison, selection, & suitability of OSS, April 11th, 2006.
  30. ^ Tony McFadden (March 26, 2006). "TPM Matrix". Retrieved on 2006-05-05. 
  31. ^ "Trusted Gentoo". Gentoo Weekly Newsletter. January 31, 2005. Retrieved on 2006-05-05. 
  32. ^ Intel (December 6, 2006). "Product Brief: Classmate PC". Retrieved on 2007-01-13. 

[edit] External links

[edit] Official sites

  • Trusted Computing Group (TCG) — Trusted computing standards body, previously known as the TCPA
  • Trusted Mobile Platform ─ a set of specifications that define security features for mobile devices, jointly developed by IBM, Intel, and NTT DoCoMo
  • TCG products page  :information on TCG Member's TCG-related products and services

[edit] Software utilizing Trusted Computing

[edit] Sites criticizing Trusted Computing

Personal tools