Trusted Computing
Encyclopedia
Trusted Computing is a technology developed and promoted by the Trusted Computing Group
. The term is taken from the field of trusted system
s and has a specialized meaning. With Trusted Computing, the computer will consistently behave in expected ways, and those behaviors will be enforced by hardware and software. In practice, Trusted Computing uses cryptography to help enforce a selected behavior. The main functionality of TC is to allow someone else to verify that only authorized code runs on a system. This authorization covers initial booting and kernel and may also cover applications and various scripts. Just by itself TC does not protect against attacks that exploit security vulnerabilities introduced by programming bugs.
TC is controversial because it is technically possible not just to secure the hardware for its owner, but also to secure against its owner. Such controversy has led opponents of trusted computing, such as Richard Stallman
, to refer to it instead as treacherous computing, and some academic opponents have begun to place quotation marks around "trusted computing" in scholarly texts.
The "trusted computing" platform need not be used to secure the system against the owner. It is possible to leave to the owner rights of authorization and have no centralized authority. It is also possible to build open source stack of trusted modules, leaving for the security chip only the task to guard against unauthorized modifications. Open source Linux drivers exist to access and use the trusted computing chip. However, uncooperative operating systems can misuse security features to prevent legitimate data exchange.
Trusted Computing proponents such as International Data Corporation
, the Enterprise Strategy Group and Endpoint Technologies Associates claim the technology will make computers safer, less prone to viruses
and malware
, and thus more reliable from an end-user perspective. In addition, they also claim that Trusted Computing will allow computers and server
s to offer improved computer security
over that which is currently available. Opponents often claim this technology will be used primarily to enforce digital rights management
policies and not to increase computer security.
Chip manufacturers Intel and AMD, hardware manufacturers such as Dell
, and operating system
providers such as Microsoft
all plan to include Trusted Computing in coming generations of products. The U.S. Army requires that every new small PC it purchases must come with a Trusted Platform Module
(TPM). As of July 3, 2007, so does virtually the entire United States Department of Defense
.
This key is used to allow the executions of secure transactions: every Trusted Platform Module (TPM) is required to be able sign a random number (in order to allow the owner to show that he has a genuine trusted computer), using a particular protocol created by the Trusted Computing Group (the direct anonymous attestation
protocol) in order to ensure its compliance of the TCG standard and to prove its identity; this makes it impossible for a software TPM emulator with an untrusted endorsement key (for example, a self-generated one) to start a secure transaction with a trusted entity. The TPM should be designed to make the extraction of this key by hardware analysis hard, but tamper-resistance is not a strong requirement.
techniques to provide full isolation of sensitive areas of memory—for example, locations containing cryptographic keys. Even the operating system
does not have full access to curtained memory. The exact implementation details are vendor specific; Intel's Trusted Execution Technology (TXT) already offers this feature.
enforcing. For example, users who keep a song on their computer that has not been licensed to be listened will not be able to play it. Currently, a user can locate the song, listen to it, and send it to someone else, play it in the software of their choice, or back it up (and in some cases, use circumvention software to decrypt it). Alternatively, the user may use software to modify the operating system's DRM routines to have it leak the song data once, say, a temporary license was acquired. Using sealed storage, the song is securely encrypted using a key bound to the trusted platform module so that only the unmodified and untampered music player on his or her computer can play it. In this DRM architecture, this might also prevent people from listening to the song after buying a new computer, or upgrading parts of their current one, except after explicit permission of the vendor of the song.
Remote attestation is usually combined with public-key encryption so that the information sent can only be read by the programs that presented and requested the attestation, and not by an eavesdropper.
To take the song example again, the user's music player software could send the song to other machines, but only if they could attest that they were running a secure copy of the music player software. Combined with the other technologies, this provides a more secured path for the music: secure I/O prevents the user from recording it as it is transmitted to the audio subsystem, memory locking prevents it from being dumped to regular disk files as it is being worked on, sealed storage curtails unauthorized access to it when saved to the hard drive, and remote attestation protects it from unauthorized software even when it is used on other computers. Sending remote attestation data to a trusted third party, however, has been discouraged in favour of Direct Anonymous Attestation
.
This might not be a problem where one wishes to be identified by the other party, e.g., during banking transactions over the Internet. But in many other types of communicating activities people enjoy the anonymity that the computer provides. The TCG acknowledges this, and allegedly have developed a process of attaining such anonymity but at the same time assuring the other party that he or she is communicating with a “trusted” party.
This was done by developing a “trusted third party”. This entity will work as an intermediary between a user and his own computer and between a user and other users. In this essay the focus will be on the latter process, a process referred to as remote attestation.
When a user requires an AIK (Attestation Identity Key) the user wants its key to be certified by a CA (certification Authority). The user through a TPM (Trusted Platform Module) sends three credentials: a public key credential, a platform credential, and a conformance credential. This set of certificates and cryptographic keys will in short be referred to as "EK". The EK can be split into two main parts, the private part "EKpr" and the public part "EKpub". The EKpr never leaves the TPM.
Disclosure of the EKpub is however necessary (version 1.1). The EKpub will uniquely identify the endorser of the platform, model, what kind of software is currently being used on the platform, details of the TPM, and that the platform (PC) complies with the TCG specifications.
If this information is communicated directly to another party as a process of getting trusted status it would at the same time be impossible to obtain an anonymous identity. Therefore this information is sent to the privacy certification authority, (trusted third party). When the C.A (Privacy certification Authority) receives the EKpub sent by the TPM, the C.A verifies the information. If the information can be verified it will create a certified secondary key pair AIK, and sends this credential back to the requestor. This is intended to provide the user with anonymity. When the user has this certified AIK, he or she can use it to communicate with other trusted platforms.
In version 1.2, the TCG have developed a new method of obtaining a certified AIK. This process is called DAA Direct anonymous attestation
. This method does not require the user to disclose his/her EKpub with the TTP. The unique new feature of the DAA is that it has the ability to convince the remote entity that a particular TPM (trusted platform module) is a valid TPM without disclosing the EKpub or any other unique identifier. Before the TPM can send a certification request for an AIK to the remote entity, the TPM has to generate a set of DAA credentials. This can only be done by interacting with an issuer. The DAA credentials are created by the TPM sending a TPM-unique secret that remains within the TPM. The TPM secret is similar but not analogous to the EK. When the TPM has obtained a set of DAA credentials, it can send these to the Verifier. When the Verifier receives the DAA credentials from the TTP, it will verify them and send a certified AIK back to the user. The user will then be able to communicate with other trusted parties using the certified AIK. The Verifier may or may not be a trusted third party (TTP). The Verifier can determine if the DAA credentials are valid, but the DAA credentials do not contain any unique information that discloses the TPM platform. An example would be where a user wants trusted status and sends a request to the Issuer. The Issuer could be the manufacturer of the user’s platform, e.g. Compaq. Compaq would check if the TPM it has produced is a valid one, and if so, issues DAA credentials. In the next step, the DAA credentials are sent by the user to the Verifier. As mentioned this might be a standard TTP, but could also be a different entity. If the Verifier accepts the DAA supplied it will produce a certified AIK. The certified AIK will then be used by the user to communicate with other trusted platforms. In summary the new version introduces a separate entity that will assist in the anonymous attestation process. By introducing the Issuer which supplies a DAA, one will be able to sufficiently protect the user’s anonymity towards the Verifier/TTP. The issuer most commonly will be the platform manufacturer. Without such credentials, it will be probably difficult for a private customer or small business or organisation to convince others that they have a genuine trusted platform.
and Windows 7 make use of a Trusted Platform Module to facilitate BitLocker Drive Encryption
.
system which would be very hard to circumvent, though not impossible. An example is downloading a music file. Sealed storage could be used to prevent the user from opening the file with an unauthorized player or computer. Remote attestation could be used to authorize play only by music players that enforce the record company's rules. The music would be played from curtained memory, which would prevent the user from making an unrestricted copy of the file while it is playing, and secure I/O would prevent capturing what is being sent to the sound system. Circumventing such a system would require either manipulation of the computer's hardware, capturing the analogue (and thus degraded) signal using a recording device or a microphone, or breaking the security of the system.
New business models for use of software (services) over Internet may be boosted by the technology. By strengthening the DRM system, one could base a business model on renting programs for a specific time periods or "pay as you go" models. For instance one could download a music file which you only could play a certain amount of times before it became unusable, or the music file could be used only within a certain time period.
. Some players modify their game copy in order to gain unfair advantages in the game; remote attestation, secure I/O and memory curtaining could be used to determine that all players connected to a server were running an unmodified copy of the software.
file sharing
networks it is important that the clients upload as well as download, but only the download is usually of interest to the users. Because of this some Bittorrent servers for example keep track of how much each user uploads and downloads and users with a poor upload/download ratio are banned. For Direct Connect
, client software is available that "cheats" in one way or another, and some people also use third party software to limit their upload speed. With Trusted Computing it would be possible to write peer-to-peer software/protocols that can not be misused like this. For example the client software could refuse to download anything before the upload/download ratio improves, and there would be nothing the user could do to get around that.
and Free Software Foundation
claim trust in the underlying companies is not deserved and that the technology puts too much power and control into the hands of those who design systems and software. They also believe that it may cause consumers to lose anonymity in their online interactions, as well as mandating technologies Trusted Computing opponents say are unnecessary. They suggest Trusted Computing as a possible enabler for future versions of mandatory access control
, copy protection
, and digital rights management
.
Some security experts have spoken out against Trusted Computing, believing it will provide computer manufacturers and software authors with increased control to impose restrictions on what users are able to do with their computers. There are concerns that Trusted Computing would have an anti-competitive
effect on competition in the IT market.
There is concern amongst critics that it will not always be possible to examine the hardware components on which Trusted Computing relies, the Trusted Platform Module
, which is the ultimate hardware
system where the core 'root' of trust in the platform has to lie. If not implemented correctly, it presents a security risk to overall platform integrity and protected data. The specifications, as published by the Trusted Computing Group
, are open and are available for anyone to review. However, the final implementations by commercial vendors will not necessarily be subjected to the same review process. In addition, the world of cryptography can often move quickly, and that hardware implementations of algorithms might create an inadvertent obsolescence. Trusting networked computers to controlling authorities rather than to individuals may create digital imprimatur
s.
The Cambridge cryptographer Ross Anderson has great concerns that "TC can support remote censorship [...] In general, digital objects created using TC systems remain under the control of their creators, rather than under the control of the person who owns the machine on which they happen to be stored (as at present) [...] So someone who writes a paper that a court decides is defamatory can be compelled to censor it — and the software company that wrote the word processor could be ordered to do the deletion if she refuses. Given such possibilities, we can expect TC to be used to suppress everything from pornography to writings that criticize political leaders." He goes on to state that:
Anderson summarizes the case by saying "The fundamental issue is that whoever controls the TC infrastructure will acquire a huge amount of power. Having this single point of control is like making everyone use the same bank, or the same accountant, or the same lawyer. There are many ways in which this power could be abused."
technology to prevent users from freely sharing and using potentially copyrighted or private files without explicit permission.
An example could be downloading a music file from a band: the band's record company could come up with rules for how the band's music can be used. For example, they might want the user to play the file only three times a day without paying additional money. Also, they could use remote attestation to only send their music to a music player that enforces their rules: sealed storage would prevent the user from opening the file with another player that did not enforce the restrictions. Memory curtaining would prevent the user from making an unrestricted copy of the file while it is playing, and secure output would prevent capturing what is sent to the sound system.
" to the old program. It could also make it impossible for the user to read or modify their data except as specifically permitted by the software.
Remote attestation could cause other problems. Currently web sites can be visited using a number of web browsers, though certain websites may be formatted such that some browsers cannot decipher their code. Some browsers have found a way to get around that problem by emulating
other browsers. With remote attestation a website could check the internet browser being used and refuse to display on any browser other than the specified one (like Internet Explorer
), so even emulating the browser would not work.
Trusted Computing Group
members have refused to implement owner override. Proponents of trusted computing believe that Owner override defeats the trust in other computers since remote attestation can be forged by the owner. Owner override offers the security and enforcement benefits to a machine owner, but does not allow him to trust other computers, because their owners could waive rules or restrictions on their own computers. Under this scenario, once data is sent to someone else's computer, whether it be a diary, a DRM music file, or a joint project, that other person controls what security, if any, their computer will enforce on their copy of those data. This has the potential to undermine the applications of trusted computing to enforce Digital Rights Management, control cheating in online games and attest to remote computations for grid computing
.
Such a capability is contingent on the reasonable chance that the user at some time provides user-identifying information, whether voluntarily or indirectly. One common way that information can be obtained and linked is when a user registers a computer just after purchase. Another common way is when a user provides identifying information to the website of an affiliate of the vendor.
While proponents of TC point out that online purchases and credit transactions could potentially be more secure as a result of the remote attestation capability, this may cause the computer user to lose expectations of anonymity when using the Internet.
Critics point out that this could have a chilling effect on political free speech, the ability of journalists to use anonymous sources, whistle blowing, political blogging and other areas where the public needs protection from retaliation through anonymity.
The TPM specification offers features and suggested implementations that are meant to address the anonymity requirement. By using a third-party Privacy Certification Authority (PCA), the information that identifies the computer could be held by a trusted third party. Additionally, the use of direct anonymous attestation
(DAA), introduced in TPM v1.2, allows a client to perform attestation while not revealing any personally identifiable or machine information.
The kind of data that must be supplied to the TTP in order to get the trusted status is at present not entirely clear, but the TCG itself admits that“ Attestation is an important TPM function with significant privacy implications ”. It is however clear that both static and dynamic information about the user computer may be supplied (Ekpubkey) to the TTP (v1.1b), it is not clear what data will be supplied to the “verifier” under v1.2. The static information will uniquely identify the endorser of the platform, model, details of the TPM, and that the platform (PC) complies with the TCG specifications . The dynamic information is described as software running on the computer. If a program like Windows is registered in the user’s name this in turn will uniquely identify the user. Another dimension of privacy infringing capabilities might also be introduced with this new technology; how often you use your programs might be possible information provided to the TTP. In an exceptional, however practical situation, where a user purchases a pornographic movie on the Internet, the purchaser nowadays, must accept the fact that he has to provide credit card details to the provider, thereby possibly risking being identified. With the new technology a purchaser might also risk someone finding out that he (or she) has watched this pornographic movie 1000 times. This adds a new dimension to the possible privacy infringement. The extent of data that will be supplied to the TTP/Verifiers is at present not exactly known, only when the technology is implemented and used will we be able to assess the exact nature and volume of the data that is transmitted.
in order to allow interoperability between different trusted software stacks. However, even now there are interoperability problems between the TrouSerS trusted software stack (released as open source software by IBM
) and Hewlett-Packard
's stack. Another problem is the fact that the technical specifications are still changing, so it is unclear which is the standard implementation of the trusted stack.
has received a great deal of bad press surrounding their Palladium software architecture, evoking comments such as "Few pieces of vaporware have evoked a higher level of fear and uncertainty than Microsoft's Palladium", "Palladium is a plot to take over cyberspace", and "Palladium will keep us from running any software not personally approved by Bill Gates". The concerns about trusted computing being used to shut out competition exist within a broader framework of consumers being concerned about using bundling
of products to obscure prices of products and to engage in anti-competitive practices
. Trusted Computing is seen as harmful or problematic to small and open source
software developers.
, creation of keys can be done on the local computer and the creator has complete control over who has access to it, and consequentially their own security policies
. In some proposed encryption-decryption chips, a private/public key is permanently embedded into the hardware when it is manufactured, and hardware manufacturers would have the opportunity to record the key without leaving evidence of doing so. With this key it would be possible to have access to data encrypted with it, and to authenticate as it. It would be fairly trivial for a manufacturer to give a copy of this key to the government or the software manufacturers, as the platform must go through steps so that it works with authenticated software. In order to trust anything that is authenticated by or encrypted by a TPM or a Trusted computer, therefore, one has to trust the company that made that chip, the company that designed the chip, those companies allowed to make software for the chip, and the ability and interest of those companies to not compromise the process.
It is also critical that one be able to trust that the hardware manufacturers and software developers properly implement trusted computing standards. Incorrect implementation could be hidden from users, and thus could undermine the integrity of the whole system without users being aware of the flaw.
Trusted Computing Group
The Trusted Computing Group , successor to the Trusted Computing Platform Alliance , is an initiative started by AMD, Hewlett-Packard, IBM, Intel, and Microsoft to implement Trusted Computing...
. The term is taken from the field of trusted system
Trusted system
In the security engineering subspecialty of computer science, a trusted system is a system that is relied upon to a specified extent to enforce a specified security policy...
s and has a specialized meaning. With Trusted Computing, the computer will consistently behave in expected ways, and those behaviors will be enforced by hardware and software. In practice, Trusted Computing uses cryptography to help enforce a selected behavior. The main functionality of TC is to allow someone else to verify that only authorized code runs on a system. This authorization covers initial booting and kernel and may also cover applications and various scripts. Just by itself TC does not protect against attacks that exploit security vulnerabilities introduced by programming bugs.
TC is controversial because it is technically possible not just to secure the hardware for its owner, but also to secure against its owner. Such controversy has led opponents of trusted computing, such as Richard Stallman
Richard Stallman
Richard Matthew Stallman , often shortened to rms,"'Richard Stallman' is just my mundane name; you can call me 'rms'"|last= Stallman|first= Richard|date= N.D.|work=Richard Stallman's homepage...
, to refer to it instead as treacherous computing, and some academic opponents have begun to place quotation marks around "trusted computing" in scholarly texts.
The "trusted computing" platform need not be used to secure the system against the owner. It is possible to leave to the owner rights of authorization and have no centralized authority. It is also possible to build open source stack of trusted modules, leaving for the security chip only the task to guard against unauthorized modifications. Open source Linux drivers exist to access and use the trusted computing chip. However, uncooperative operating systems can misuse security features to prevent legitimate data exchange.
Trusted Computing proponents such as International Data Corporation
International Data Corporation
International Data Corporation is a market research and analysis firm specializing in information technology, telecommunications and consumer technology. IDC is a subsidiary of International Data Group...
, the Enterprise Strategy Group and Endpoint Technologies Associates claim the technology will make computers safer, less prone to viruses
Computer virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...
and malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
, and thus more reliable from an end-user perspective. In addition, they also claim that Trusted Computing will allow computers and server
Server (computing)
In the context of client-server architecture, a server is a computer program running to serve the requests of other programs, the "clients". Thus, the "server" performs some computational task on behalf of "clients"...
s to offer improved computer security
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
over that which is currently available. Opponents often claim this technology will be used primarily to enforce digital rights management
Digital rights management
Digital rights management is a class of access control technologies that are used by hardware manufacturers, publishers, copyright holders and individuals with the intent to limit the use of digital content and devices after sale. DRM is any technology that inhibits uses of digital content that...
policies and not to increase computer security.
Chip manufacturers Intel and AMD, hardware manufacturers such as Dell
Dell
Dell, Inc. is an American multinational information technology corporation based in 1 Dell Way, Round Rock, Texas, United States, that develops, sells and supports computers and related products and services. Bearing the name of its founder, Michael Dell, the company is one of the largest...
, and operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
providers such as Microsoft
Microsoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...
all plan to include Trusted Computing in coming generations of products. The U.S. Army requires that every new small PC it purchases must come with a Trusted Platform Module
Trusted Platform Module
In computing, Trusted Platform Module is both the name of a published specification detailing a secure cryptoprocessor that can store cryptographic keys that protect information, as well as the general name of implementations of that specification, often called the "TPM chip" or "TPM Security...
(TPM). As of July 3, 2007, so does virtually the entire United States Department of Defense
United States Department of Defense
The United States Department of Defense is the U.S...
.
Key concepts
Trusted Computing encompasses six key technology concepts, of which all are required for a fully Trusted system, that is, a system compliant to the TCG specifications:- Endorsement key
- Secure input and output
- Memory curtaining / protected execution
- Sealed storage
- Remote attestation
- Trusted Third Party (TTP)
Endorsement key
- The endorsement key is a 2048-bit RSA public and private key pair, which is created randomly on the chip at manufacture time and cannot be changed. The private key never leaves the chip, while the public key is used for attestation and for encryption of sensitive data sent to the chip, as occurs during the TPM_TakeOwnership command.—David Safford
This key is used to allow the executions of secure transactions: every Trusted Platform Module (TPM) is required to be able sign a random number (in order to allow the owner to show that he has a genuine trusted computer), using a particular protocol created by the Trusted Computing Group (the direct anonymous attestation
Direct anonymous attestation
The Direct Anonymous Attestation is a cryptographic protocol which enables the remote authentication of a trusted platform whilst preserving the user's privacy...
protocol) in order to ensure its compliance of the TCG standard and to prove its identity; this makes it impossible for a software TPM emulator with an untrusted endorsement key (for example, a self-generated one) to start a secure transaction with a trusted entity. The TPM should be designed to make the extraction of this key by hardware analysis hard, but tamper-resistance is not a strong requirement.
Memory curtaining
Memory curtaining extends common memory protectionMemory protection
Memory protection is a way to control memory access rights on a computer, and is a part of most modern operating systems. The main purpose of memory protection is to prevent a process from accessing memory that has not been allocated to it. This prevents a bug within a process from affecting...
techniques to provide full isolation of sensitive areas of memory—for example, locations containing cryptographic keys. Even the operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
does not have full access to curtained memory. The exact implementation details are vendor specific; Intel's Trusted Execution Technology (TXT) already offers this feature.
Sealed storage
Sealed storage protects private information by binding it to platform configuration information including the software and hardware being used. This means the data can be released only to a particular combination of software and hardware. Sealed storage can be used for DRMDigital rights management
Digital rights management is a class of access control technologies that are used by hardware manufacturers, publishers, copyright holders and individuals with the intent to limit the use of digital content and devices after sale. DRM is any technology that inhibits uses of digital content that...
enforcing. For example, users who keep a song on their computer that has not been licensed to be listened will not be able to play it. Currently, a user can locate the song, listen to it, and send it to someone else, play it in the software of their choice, or back it up (and in some cases, use circumvention software to decrypt it). Alternatively, the user may use software to modify the operating system's DRM routines to have it leak the song data once, say, a temporary license was acquired. Using sealed storage, the song is securely encrypted using a key bound to the trusted platform module so that only the unmodified and untampered music player on his or her computer can play it. In this DRM architecture, this might also prevent people from listening to the song after buying a new computer, or upgrading parts of their current one, except after explicit permission of the vendor of the song.
Remote attestation
Remote attestation allows changes to the user's computer to be detected by authorized parties. For example, software companies can identify unauthorized changes to software, including users tampering with their software to circumvent technological protection measures. It works by having the hardware generate a certificate stating what software is currently running. The computer can then present this certificate to a remote party to show that unaltered software is currently executing.Remote attestation is usually combined with public-key encryption so that the information sent can only be read by the programs that presented and requested the attestation, and not by an eavesdropper.
To take the song example again, the user's music player software could send the song to other machines, but only if they could attest that they were running a secure copy of the music player software. Combined with the other technologies, this provides a more secured path for the music: secure I/O prevents the user from recording it as it is transmitted to the audio subsystem, memory locking prevents it from being dumped to regular disk files as it is being worked on, sealed storage curtails unauthorized access to it when saved to the hard drive, and remote attestation protects it from unauthorized software even when it is used on other computers. Sending remote attestation data to a trusted third party, however, has been discouraged in favour of Direct Anonymous Attestation
Direct anonymous attestation
The Direct Anonymous Attestation is a cryptographic protocol which enables the remote authentication of a trusted platform whilst preserving the user's privacy...
.
Trusted third party
One of the main obstacles that had to be overcome by the developers of the TCG technology was how to maintain anonymity while still providing a “trusted platform”. The main object of obtaining “trusted mode” is that the other party (Bob), with whom a computer (Alice) may be communicating, can trust that Alice is running un-tampered hardware and software. This will assure Bob that Alice will not be able to use malicious software to compromise sensitive information on the computer. Unfortunately, in order to do this, Alice has to inform Bob that she is using registered and “safe” software and hardware, thereby potentially uniquely identifying herself to Bob.This might not be a problem where one wishes to be identified by the other party, e.g., during banking transactions over the Internet. But in many other types of communicating activities people enjoy the anonymity that the computer provides. The TCG acknowledges this, and allegedly have developed a process of attaining such anonymity but at the same time assuring the other party that he or she is communicating with a “trusted” party.
This was done by developing a “trusted third party”. This entity will work as an intermediary between a user and his own computer and between a user and other users. In this essay the focus will be on the latter process, a process referred to as remote attestation.
When a user requires an AIK (Attestation Identity Key) the user wants its key to be certified by a CA (certification Authority). The user through a TPM (Trusted Platform Module) sends three credentials: a public key credential, a platform credential, and a conformance credential. This set of certificates and cryptographic keys will in short be referred to as "EK". The EK can be split into two main parts, the private part "EKpr" and the public part "EKpub". The EKpr never leaves the TPM.
Disclosure of the EKpub is however necessary (version 1.1). The EKpub will uniquely identify the endorser of the platform, model, what kind of software is currently being used on the platform, details of the TPM, and that the platform (PC) complies with the TCG specifications.
If this information is communicated directly to another party as a process of getting trusted status it would at the same time be impossible to obtain an anonymous identity. Therefore this information is sent to the privacy certification authority, (trusted third party). When the C.A (Privacy certification Authority) receives the EKpub sent by the TPM, the C.A verifies the information. If the information can be verified it will create a certified secondary key pair AIK, and sends this credential back to the requestor. This is intended to provide the user with anonymity. When the user has this certified AIK, he or she can use it to communicate with other trusted platforms.
In version 1.2, the TCG have developed a new method of obtaining a certified AIK. This process is called DAA Direct anonymous attestation
Direct anonymous attestation
The Direct Anonymous Attestation is a cryptographic protocol which enables the remote authentication of a trusted platform whilst preserving the user's privacy...
. This method does not require the user to disclose his/her EKpub with the TTP. The unique new feature of the DAA is that it has the ability to convince the remote entity that a particular TPM (trusted platform module) is a valid TPM without disclosing the EKpub or any other unique identifier. Before the TPM can send a certification request for an AIK to the remote entity, the TPM has to generate a set of DAA credentials. This can only be done by interacting with an issuer. The DAA credentials are created by the TPM sending a TPM-unique secret that remains within the TPM. The TPM secret is similar but not analogous to the EK. When the TPM has obtained a set of DAA credentials, it can send these to the Verifier. When the Verifier receives the DAA credentials from the TTP, it will verify them and send a certified AIK back to the user. The user will then be able to communicate with other trusted parties using the certified AIK. The Verifier may or may not be a trusted third party (TTP). The Verifier can determine if the DAA credentials are valid, but the DAA credentials do not contain any unique information that discloses the TPM platform. An example would be where a user wants trusted status and sends a request to the Issuer. The Issuer could be the manufacturer of the user’s platform, e.g. Compaq. Compaq would check if the TPM it has produced is a valid one, and if so, issues DAA credentials. In the next step, the DAA credentials are sent by the user to the Verifier. As mentioned this might be a standard TTP, but could also be a different entity. If the Verifier accepts the DAA supplied it will produce a certified AIK. The certified AIK will then be used by the user to communicate with other trusted platforms. In summary the new version introduces a separate entity that will assist in the anonymous attestation process. By introducing the Issuer which supplies a DAA, one will be able to sufficiently protect the user’s anonymity towards the Verifier/TTP. The issuer most commonly will be the platform manufacturer. Without such credentials, it will be probably difficult for a private customer or small business or organisation to convince others that they have a genuine trusted platform.
Hard drive encryption
The Microsoft products Windows VistaWindows Vista
Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...
and Windows 7 make use of a Trusted Platform Module to facilitate BitLocker Drive Encryption
BitLocker Drive Encryption
BitLocker Drive Encryption is a full disk encryption feature included with the Ultimate and Enterprise editions of Microsoft's Windows Vista and Windows 7 desktop operating systems, as well as the Windows Server 2008 and Windows Server 2008 R2 server platforms. It is designed to protect data by...
.
Digital rights management
Trusted Computing would allow companies to create a Digital rights managementDigital rights management
Digital rights management is a class of access control technologies that are used by hardware manufacturers, publishers, copyright holders and individuals with the intent to limit the use of digital content and devices after sale. DRM is any technology that inhibits uses of digital content that...
system which would be very hard to circumvent, though not impossible. An example is downloading a music file. Sealed storage could be used to prevent the user from opening the file with an unauthorized player or computer. Remote attestation could be used to authorize play only by music players that enforce the record company's rules. The music would be played from curtained memory, which would prevent the user from making an unrestricted copy of the file while it is playing, and secure I/O would prevent capturing what is being sent to the sound system. Circumventing such a system would require either manipulation of the computer's hardware, capturing the analogue (and thus degraded) signal using a recording device or a microphone, or breaking the security of the system.
New business models for use of software (services) over Internet may be boosted by the technology. By strengthening the DRM system, one could base a business model on renting programs for a specific time periods or "pay as you go" models. For instance one could download a music file which you only could play a certain amount of times before it became unusable, or the music file could be used only within a certain time period.
Preventing cheating in online games
Trusted Computing could be used to combat cheating in online gamesCheating in online games
Cheating in online games is an activity that modifies the game experience to give one player an advantage over others. Depending on the game, different activities constitute cheating and it is either a matter of game policy or consensus opinion as to whether a particular activity is considered to...
. Some players modify their game copy in order to gain unfair advantages in the game; remote attestation, secure I/O and memory curtaining could be used to determine that all players connected to a server were running an unmodified copy of the software.
Ensuring that people upload in peer-to-peer file sharing networks
In peer-to-peerPeer-to-peer
Peer-to-peer computing or networking is a distributed application architecture that partitions tasks or workloads among peers. Peers are equally privileged, equipotent participants in the application...
file sharing
File sharing
File sharing is the practice of distributing or providing access to digitally stored information, such as computer programs, multimedia , documents, or electronic books. It may be implemented through a variety of ways...
networks it is important that the clients upload as well as download, but only the download is usually of interest to the users. Because of this some Bittorrent servers for example keep track of how much each user uploads and downloads and users with a poor upload/download ratio are banned. For Direct Connect
Direct Connect (file sharing)
Direct connect is a peer-to-peer file sharing protocol. Direct connect clients connect to a central hub and can download files directly from one another. Advanced Direct Connect can be considered a successor protocol....
, client software is available that "cheats" in one way or another, and some people also use third party software to limit their upload speed. With Trusted Computing it would be possible to write peer-to-peer software/protocols that can not be misused like this. For example the client software could refuse to download anything before the upload/download ratio improves, and there would be nothing the user could do to get around that.
Verification of remote computation for grid computing
Trusted Computing could be used to guarantee participants in a grid computing system are returning the results of the computations they claim to be instead of forging them. This would allow large scale simulations to be run (say a climate simulation) without expensive redundant computations to guarantee malicious hosts are not undermining the results to achieve the conclusion they want.Criticism
Trusted Computing opponents such as the Electronic Frontier FoundationElectronic Frontier Foundation
The Electronic Frontier Foundation is an international non-profit digital rights advocacy and legal organization based in the United States...
and Free Software Foundation
Free Software Foundation
The Free Software Foundation is a non-profit corporation founded by Richard Stallman on 4 October 1985 to support the free software movement, a copyleft-based movement which aims to promote the universal freedom to create, distribute and modify computer software...
claim trust in the underlying companies is not deserved and that the technology puts too much power and control into the hands of those who design systems and software. They also believe that it may cause consumers to lose anonymity in their online interactions, as well as mandating technologies Trusted Computing opponents say are unnecessary. They suggest Trusted Computing as a possible enabler for future versions of mandatory access control
Mandatory access control
In computer security, mandatory access control refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target...
, copy protection
Copy protection
Copy protection, also known as content protection, copy obstruction, copy prevention and copy restriction, refer to techniques used for preventing the reproduction of software, films, music, and other media, usually for copyright reasons.- Terminology :Media corporations have always used the term...
, and digital rights management
Digital rights management
Digital rights management is a class of access control technologies that are used by hardware manufacturers, publishers, copyright holders and individuals with the intent to limit the use of digital content and devices after sale. DRM is any technology that inhibits uses of digital content that...
.
Some security experts have spoken out against Trusted Computing, believing it will provide computer manufacturers and software authors with increased control to impose restrictions on what users are able to do with their computers. There are concerns that Trusted Computing would have an anti-competitive
Anti-competitive practices
Anti-competitive practices are business or government practices that prevent or reduce competition in a market .- Anti-competitive practices :These can include:...
effect on competition in the IT market.
There is concern amongst critics that it will not always be possible to examine the hardware components on which Trusted Computing relies, the Trusted Platform Module
Trusted Platform Module
In computing, Trusted Platform Module is both the name of a published specification detailing a secure cryptoprocessor that can store cryptographic keys that protect information, as well as the general name of implementations of that specification, often called the "TPM chip" or "TPM Security...
, which is the ultimate hardware
Hardware
Hardware is a general term for equipment such as keys, locks, hinges, latches, handles, wire, chains, plumbing supplies, tools, utensils, cutlery and machine parts. Household hardware is typically sold in hardware stores....
system where the core 'root' of trust in the platform has to lie. If not implemented correctly, it presents a security risk to overall platform integrity and protected data. The specifications, as published by the Trusted Computing Group
Trusted Computing Group
The Trusted Computing Group , successor to the Trusted Computing Platform Alliance , is an initiative started by AMD, Hewlett-Packard, IBM, Intel, and Microsoft to implement Trusted Computing...
, are open and are available for anyone to review. However, the final implementations by commercial vendors will not necessarily be subjected to the same review process. In addition, the world of cryptography can often move quickly, and that hardware implementations of algorithms might create an inadvertent obsolescence. Trusting networked computers to controlling authorities rather than to individuals may create digital imprimatur
Digital imprimatur
The Digital Imprimatur is an article written in 2003 by John Walker, and hence "digital imprimatur" is a term widely associated with him. In the Roman Catholic Church, an imprimatur is a censor's official declaration that a work is free from doctrinal or moral error, but Walker uses the term...
s.
The Cambridge cryptographer Ross Anderson has great concerns that "TC can support remote censorship [...] In general, digital objects created using TC systems remain under the control of their creators, rather than under the control of the person who owns the machine on which they happen to be stored (as at present) [...] So someone who writes a paper that a court decides is defamatory can be compelled to censor it — and the software company that wrote the word processor could be ordered to do the deletion if she refuses. Given such possibilities, we can expect TC to be used to suppress everything from pornography to writings that criticize political leaders." He goes on to state that:
- [...] software suppliers can make it much harder for you to switch to their competitors' products. At a simple level, Word could encrypt all your documents using keys that only Microsoft products have access to; this would mean that you could only read them using Microsoft products, not with any competing word processor. [...]
- The [...] most important benefit for Microsoft is that TC will dramatically increase the costs of switching away from Microsoft products (such as Office) to rival products (such as OpenOffice). For example, a law firm that wants to change from Office to OpenOffice right now merely has to install the software, train the staff and convert their existing files. In five years' time, once they have received TC-protected documents from perhaps a thousand different clients, they would have to get permission (in the form of signed digital certificates) from each of these clients in order to migrate their files to a new platform. The law firm won't in practice want to do this, so they will be much more tightly locked in, which will enable Microsoft to hike its prices.
Anderson summarizes the case by saying "The fundamental issue is that whoever controls the TC infrastructure will acquire a huge amount of power. Having this single point of control is like making everyone use the same bank, or the same accountant, or the same lawyer. There are many ways in which this power could be abused."
Digital rights management
One of the early motivations behind trusted computing was a desire by media and software corporations for stricter digital rights managementDigital rights management
Digital rights management is a class of access control technologies that are used by hardware manufacturers, publishers, copyright holders and individuals with the intent to limit the use of digital content and devices after sale. DRM is any technology that inhibits uses of digital content that...
technology to prevent users from freely sharing and using potentially copyrighted or private files without explicit permission.
An example could be downloading a music file from a band: the band's record company could come up with rules for how the band's music can be used. For example, they might want the user to play the file only three times a day without paying additional money. Also, they could use remote attestation to only send their music to a music player that enforces their rules: sealed storage would prevent the user from opening the file with another player that did not enforce the restrictions. Memory curtaining would prevent the user from making an unrestricted copy of the file while it is playing, and secure output would prevent capturing what is sent to the sound system.
Users unable to modify software
A user who wanted to switch to a competing program might find that it would be impossible for that new program to read old data, as the information would be "locked inVendor lock-in
In economics, vendor lock-in, also known as proprietary lock-in or customer lock-in, makes a customer dependent on a vendor for products and services, unable to use another vendor without substantial switching costs...
" to the old program. It could also make it impossible for the user to read or modify their data except as specifically permitted by the software.
Remote attestation could cause other problems. Currently web sites can be visited using a number of web browsers, though certain websites may be formatted such that some browsers cannot decipher their code. Some browsers have found a way to get around that problem by emulating
Emulator
In computing, an emulator is hardware or software or both that duplicates the functions of a first computer system in a different second computer system, so that the behavior of the second system closely resembles the behavior of the first system...
other browsers. With remote attestation a website could check the internet browser being used and refuse to display on any browser other than the specified one (like Internet Explorer
Internet Explorer
Windows Internet Explorer is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year...
), so even emulating the browser would not work.
Users have no control over data
Sealed storage could prevent users from moving sealed files to the new computer. This limitation might exist either through poor software design or deliberate limitations placed by publishers of works. The migration section of the TPM specification requires that it be impossible to move certain kinds of files except to a computer with the identical make and model of security chip.Users unable to override
Some opponents of Trusted Computing advocate "owner override": allowing an owner who is confirmed to be physically present to allow the computer to bypass restrictions and use the secure I/O path. Such an override would allow remote attestation to a user's specification, e.g., to create certificates that say Internet Explorer is running, even if a different browser is used. Instead of preventing software change, remote attestation would indicate when the software has been changed without owner's permission.Trusted Computing Group
Trusted Computing Group
The Trusted Computing Group , successor to the Trusted Computing Platform Alliance , is an initiative started by AMD, Hewlett-Packard, IBM, Intel, and Microsoft to implement Trusted Computing...
members have refused to implement owner override. Proponents of trusted computing believe that Owner override defeats the trust in other computers since remote attestation can be forged by the owner. Owner override offers the security and enforcement benefits to a machine owner, but does not allow him to trust other computers, because their owners could waive rules or restrictions on their own computers. Under this scenario, once data is sent to someone else's computer, whether it be a diary, a DRM music file, or a joint project, that other person controls what security, if any, their computer will enforce on their copy of those data. This has the potential to undermine the applications of trusted computing to enforce Digital Rights Management, control cheating in online games and attest to remote computations for grid computing
Grid computing
Grid computing is a term referring to the combination of computer resources from multiple administrative domains to reach a common goal. The grid can be thought of as a distributed system with non-interactive workloads that involve a large number of files...
.
Loss of anonymity
Because a Trusted Computing equipped computer is able to uniquely attest to its own identity, it will be possible for vendors and others who possess the ability to use the attestation feature to zero in on the identity of the user of TC-enabled software with a high degree of certainty.Such a capability is contingent on the reasonable chance that the user at some time provides user-identifying information, whether voluntarily or indirectly. One common way that information can be obtained and linked is when a user registers a computer just after purchase. Another common way is when a user provides identifying information to the website of an affiliate of the vendor.
While proponents of TC point out that online purchases and credit transactions could potentially be more secure as a result of the remote attestation capability, this may cause the computer user to lose expectations of anonymity when using the Internet.
Critics point out that this could have a chilling effect on political free speech, the ability of journalists to use anonymous sources, whistle blowing, political blogging and other areas where the public needs protection from retaliation through anonymity.
The TPM specification offers features and suggested implementations that are meant to address the anonymity requirement. By using a third-party Privacy Certification Authority (PCA), the information that identifies the computer could be held by a trusted third party. Additionally, the use of direct anonymous attestation
Direct anonymous attestation
The Direct Anonymous Attestation is a cryptographic protocol which enables the remote authentication of a trusted platform whilst preserving the user's privacy...
(DAA), introduced in TPM v1.2, allows a client to perform attestation while not revealing any personally identifiable or machine information.
The kind of data that must be supplied to the TTP in order to get the trusted status is at present not entirely clear, but the TCG itself admits that“ Attestation is an important TPM function with significant privacy implications ”. It is however clear that both static and dynamic information about the user computer may be supplied (Ekpubkey) to the TTP (v1.1b), it is not clear what data will be supplied to the “verifier” under v1.2. The static information will uniquely identify the endorser of the platform, model, details of the TPM, and that the platform (PC) complies with the TCG specifications . The dynamic information is described as software running on the computer. If a program like Windows is registered in the user’s name this in turn will uniquely identify the user. Another dimension of privacy infringing capabilities might also be introduced with this new technology; how often you use your programs might be possible information provided to the TTP. In an exceptional, however practical situation, where a user purchases a pornographic movie on the Internet, the purchaser nowadays, must accept the fact that he has to provide credit card details to the provider, thereby possibly risking being identified. With the new technology a purchaser might also risk someone finding out that he (or she) has watched this pornographic movie 1000 times. This adds a new dimension to the possible privacy infringement. The extent of data that will be supplied to the TTP/Verifiers is at present not exactly known, only when the technology is implemented and used will we be able to assess the exact nature and volume of the data that is transmitted.
Practicality
Any hardware component, including the TC hardware itself, has the potential to fail, or be upgraded and replaced. A user might rightly conclude that the mere possibility of being irrevocably cut-off from access to his or her own information, or to years' worth of expensive work-products, with no opportunity for recovery of that information, is unacceptable. The concept of basing ownership or usage restrictions upon the verifiable identity of a particular piece of computing hardware may be perceived by the user as problematic if the equipment in question malfunctions.TCG Specification Interoperability Problems
Trusted Computing requests that all software and hardware vendors will follow the technical specifications released by the Trusted Computing GroupTrusted Computing Group
The Trusted Computing Group , successor to the Trusted Computing Platform Alliance , is an initiative started by AMD, Hewlett-Packard, IBM, Intel, and Microsoft to implement Trusted Computing...
in order to allow interoperability between different trusted software stacks. However, even now there are interoperability problems between the TrouSerS trusted software stack (released as open source software by IBM
IBM
International Business Machines Corporation or IBM is an American multinational technology and consulting corporation headquartered in Armonk, New York, United States. IBM manufactures and sells computer hardware and software, and it offers infrastructure, hosting and consulting services in areas...
) and Hewlett-Packard
Hewlett-Packard
Hewlett-Packard Company or HP is an American multinational information technology corporation headquartered in Palo Alto, California, USA that provides products, technologies, softwares, solutions and services to consumers, small- and medium-sized businesses and large enterprises, including...
's stack. Another problem is the fact that the technical specifications are still changing, so it is unclear which is the standard implementation of the trusted stack.
Shutting out of competing products
People have voiced concerns that trusted computing could be used to keep or discourage users from running software created by companies outside of a small industry group. MicrosoftMicrosoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...
has received a great deal of bad press surrounding their Palladium software architecture, evoking comments such as "Few pieces of vaporware have evoked a higher level of fear and uncertainty than Microsoft's Palladium", "Palladium is a plot to take over cyberspace", and "Palladium will keep us from running any software not personally approved by Bill Gates". The concerns about trusted computing being used to shut out competition exist within a broader framework of consumers being concerned about using bundling
Product bundling
Product bundling is a marketing strategy that involves offering several products for sale as one combined product. This strategy is very common in the software business , in the cable television industry Product bundling is a marketing strategy that involves offering several products for sale as...
of products to obscure prices of products and to engage in anti-competitive practices
Anti-competitive practices
Anti-competitive practices are business or government practices that prevent or reduce competition in a market .- Anti-competitive practices :These can include:...
. Trusted Computing is seen as harmful or problematic to small and open source
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...
software developers.
Trust
In the widely used public-key cryptographyPublic-key cryptography
Public-key cryptography refers to a cryptographic system requiring two separate keys, one to lock or encrypt the plaintext, and one to unlock or decrypt the cyphertext. Neither key will do both functions. One of these keys is published or public and the other is kept private...
, creation of keys can be done on the local computer and the creator has complete control over who has access to it, and consequentially their own security policies
Security policy
Security policy is a definition of what it means to be secure for a system, organization or other entity. For an organization, it addresses the constraints on behavior of its members as well as constraints imposed on adversaries by mechanisms such as doors, locks, keys and walls...
. In some proposed encryption-decryption chips, a private/public key is permanently embedded into the hardware when it is manufactured, and hardware manufacturers would have the opportunity to record the key without leaving evidence of doing so. With this key it would be possible to have access to data encrypted with it, and to authenticate as it. It would be fairly trivial for a manufacturer to give a copy of this key to the government or the software manufacturers, as the platform must go through steps so that it works with authenticated software. In order to trust anything that is authenticated by or encrypted by a TPM or a Trusted computer, therefore, one has to trust the company that made that chip, the company that designed the chip, those companies allowed to make software for the chip, and the ability and interest of those companies to not compromise the process.
It is also critical that one be able to trust that the hardware manufacturers and software developers properly implement trusted computing standards. Incorrect implementation could be hidden from users, and thus could undermine the integrity of the whole system without users being aware of the flaw.
Hardware and software support
- Since 2004, most major manufacturers have shipped systems that have included Trusted Platform ModuleTrusted Platform ModuleIn computing, Trusted Platform Module is both the name of a published specification detailing a secure cryptoprocessor that can store cryptographic keys that protect information, as well as the general name of implementations of that specification, often called the "TPM chip" or "TPM Security...
s, with associated BIOSBIOSIn IBM PC compatible computers, the basic input/output system , also known as the System BIOS or ROM BIOS , is a de facto standard defining a firmware interface....
support. In accordance with the TCG specifications, the user must enable the Trusted Platform Module before it can be used. - The Linux kernelLinux kernelThe Linux kernel is an operating system kernel used by the Linux family of Unix-like operating systems. It is one of the most prominent examples of free and open source software....
has included trusted computing support since version 2.6.13, and there are several projects to implement trusted computing for Linux. In January 2005, members of Gentoo LinuxGentoo LinuxGentoo Linux is a computer operating system built on top of the Linux kernel and based on the Portage package management system. It is distributed as free and open source software. Unlike a conventional software distribution, the user compiles the source code locally according to their chosen...
's "crypto herd" announced their intention of providing support for TC—in particular support for the Trusted Platform Module. There is also a TCG-compliant software stack for Linux named TrouSerS, released under an open source license. - Some limited form of trusted computing can be implemented on current versions of Microsoft WindowsMicrosoft WindowsMicrosoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
with third party software. - The Intel Classmate PCClassmate PCThe Classmate PC, formerly known as Eduwise, is Intel's entry into the market for low-cost personal computers for children in the developing world. It is in some respects similar to the One Laptop Per Child trade association's Children's Machine , which has a similar target market...
(a competitor to the One Laptop Per Child) includes a Trusted Platform Module - Intel's Core 2 DuoIntel Core 2Core 2 is a brand encompassing a range of Intel's consumer 64-bit x86-64 single-, dual-, and quad-core microprocessors based on the Core microarchitecture. The single- and dual-core models are single-die, whereas the quad-core models comprise two dies, each containing two cores, packaged in a...
processors. - AMD's Athlon 64Athlon 64The Athlon 64 is an eighth-generation, AMD64-architecture microprocessor produced by AMD, released on September 23, 2003. It is the third processor to bear the name Athlon, and the immediate successor to the Athlon XP...
processors using the AM2 socketSocket AM2The Socket AM2, renamed from Socket M2 , is a CPU socket designed by AMD for desktop processors, including the performance, mainstream and value segments...
. - IBMIBMInternational Business Machines Corporation or IBM is an American multinational technology and consulting corporation headquartered in Armonk, New York, United States. IBM manufactures and sells computer hardware and software, and it offers infrastructure, hosting and consulting services in areas...
/Lenovo ThinkPadThinkPadThinkPad is line of laptop computers originally sold by IBM but now produced by Lenovo. They are known for their boxy black design, which was modeled after a traditional Japanese lunchbox...
s. - Dell OptiPlex GX620Dell OptiPlexDell, Inc. targets its OptiPlex line of desktop computers for sale into the corporate, government and education markets. These systems typically contain Intel CPUs, beginning with the Pentium and with the Core i7 , although Dell sells some models with AMD CPUs as well...
.
See also
- Trusted Computing GroupTrusted Computing GroupThe Trusted Computing Group , successor to the Trusted Computing Platform Alliance , is an initiative started by AMD, Hewlett-Packard, IBM, Intel, and Microsoft to implement Trusted Computing...
- Trusted Platform ModuleTrusted Platform ModuleIn computing, Trusted Platform Module is both the name of a published specification detailing a secure cryptoprocessor that can store cryptographic keys that protect information, as well as the general name of implementations of that specification, often called the "TPM chip" or "TPM Security...
- Trusted Network ConnectTrusted Network ConnectTrusted Network Connect or TNC is an open architecture for Network Access Control, promulgated by the Trusted Network Connect Work Group of the Trusted Computing Group . -History:...
- Next-Generation Secure Computing BaseNext-Generation Secure Computing BaseThe Next-Generation Secure Computing Base , formerly known as Palladium, is a software architecture designed by Microsoft which is expected to implement parts of the controversial "Trusted Computing" concept on future versions of the Microsoft Windows operating system. NGSCB is part of...
(formerly known as Palladium) - Hardware restrictionsHardware restrictionsHardware restrictions refers to restrictions in any device that places technical restrictions on what content can run/play on said device or what users can do with certain content. Hardware restrictions can be used with software DRM and digital signatures...
- Glossary of legal terms in technology
Official sites
- Trusted Computing Group (TCG)—Trusted Computing standards body, previously known as the TCPA
- TCG solutions page information on TCG Members' TCG-related products and services
Software applications
- openTC ─ Public research and development project (esp. trusted operating systems) funded by the European Union to create open source trusted and secure computing systems.
- EMSCB ─ European Multilaterally Secure Computing Base, Public research and development project for trusted computing applications on open source software.
- Forum for Open SW based on TC ─ TPM drivers and support forum for LINUX etc.
- Enforcer ─ Linux module that use Trusted Computing to ensure no tampering of the file system.
- Next-Generation Secure Computing Base (NGSCB)—Microsoft's trusted computing architecture (codename Palladium)
- TrouSerS ─ The open-source TCG Software Stack with FAQ explaining possible problems using a TPM
- Trusted Java ─ API Java for TrouSerS
- TPM Emulator ─ Software-based TPM emulator
Criticism
- Trusted Computing and NGSCB ─ by Mark D. Ryan, University of Birmingham
- Trusted Computing: An Animated Short Story ─ by Benjamin Stephan and Lutz Vogel
- Can You Trust Your Computer? ─ by Richard StallmanRichard StallmanRichard Matthew Stallman , often shortened to rms,"'Richard Stallman' is just my mundane name; you can call me 'rms'"|last= Stallman|first= Richard|date= N.D.|work=Richard Stallman's homepage...
- Who Owns Your Computer? ─ by Bruce SchneierBruce SchneierBruce Schneier is an American cryptographer, computer security specialist, and writer. He is the author of several books on general security topics, computer security and cryptography, and is the founder and chief technology officer of BT Managed Security Solutions, formerly Counterpane Internet...
- DRM.info ─ What you should know about Digital Restrictions Management (and “Technological Protection Measures” (TPM))
- 'Trusted Computing' Frequently Asked Questions - by Ross Anderson