[14] Will Knight, Microsoft's anti-piracy plans spark controversy, http://www.newscientist.com/article.ns?id=dn2483[16] Robert Lemos, "Microsoft to nix some Net product activation", http://news.zdnet.com/2100-3513_22-5589504.html[17] Paul Festa, Microsoft yielding to IE standards pressure?, http://news.com.com/Microsoft+yielding+to+IE+standards+pressure/2100-1032_3-5620988.htmlTrusted Computing and Trusted PlatformModules: Technology, Ideology, and EconomicsCS265 ProjectSpring 2005Randy FortThe computing industry has been acutely aware that better means ofauthentication and security have been sorely needed for quite some time.Software alone has failed or proven inadequate in far too many cases. TC(Trusted Computing) is one solution being vigorously pursued by industryheavyweights such as Microsoft, Intel, HP, Infineon and others. This approachutilizes a marriage of hardware and software to eliminate most of the egregiousfailures of software-only solutions.However, the proposed solution, like many proposed security ideas, isaccompanied by a great deal of controversy. There is resistance not only fromconsumer advocates, but also implementation resistance from software vendors.The politics of security are often more important than the technology. This isespecially true in the case of trusted computing. In this paper, I will explore thetechnology, its promises and shortcomings. But even more importantly, I willexamine the market based, and ideological objections.The TechnologyFirst, who is the Trusted Computing Group, and what is a TPM? TheTrusted Computing Group is a non-profit industry consortium, which developshardware and software standards [10]. It is funded by many member companies,including IBM, Intel, AMD, Microsoft, Sony, Sun, and HP [10]. A Trusted PlatformModule, as defined by the Trusted Computing Group, is simply an embedded IC(integrated circuit) built into a platform [6, 10]. Earlier versions of TC were veryPC centric [2]. But a reworking of the standards now encompasses any platformthat has a TPM chip integrated. Since the TPM utilizes an IC embedded into the platform, it has manyadvantages over software-only solutions. For example, the TPM chip couldprevent unauthorized configuration changes, which are the source of muchvulnerability [6]. The storage of software keys, and system configuration hashvalues and passwords in a sealed chip makes unauthorized system modificationprohibitively difficult. Monotonic counters, which cannot be altered like systemclock time, can be factored into cryptographic calculations to prevent replayattacks [3]. Since the encrypted passwords are not visible on the file system, butrather inaccessible in the sealed chip, brute force crack attacks are not feasible.The TPM chip also provides a secure storage area for smart card data, orbiometric data to enable secure two-factor authentication [6]. Future generationsof TPMs, employing Intel's LaGrande technology and Microsoft NGSCB (akaPalladium) software (which will be in the Longhorn release), will have the abilityto prevent screen scraping and keystroke loggers [1, 8]. These capabilities willrequire new compliant hardware, and operating system support. Intel'sLaGrande technology is not expected until late 2005. Microsoft is planningLonghorn for 2006, but is often notoriously late on OS ship dates.The Basic Mechanics of TC and TPM ImplementationOne of the most important concepts of trusted computing is that ofattestation [1, 5]. Attestation essentially means that the originating platformguarantees the accuracy of the information it is providing. Attestation has manydifferent facets beyond the scope of this paper, but they all essentially boil downto verifying the integrity of the information by using the TPM. We should notethat under the current specification a user could not be forced to attest [5, 8].According to version 1.2 of the trusted computing specification, attestation is onlyperformed at the owner's request. But it remains to be seen whether or notvendors will require attestation to use or update software. If a vendor requires aTPM, it essentially becomes “mandatory option” [5].Few of the concepts of trusted computing are new. What TPMs bring tothe table is a secure sealed storage chip for private keys, on-chip cryptoalgorithms and random number generators among others. [5]. "The theory is thatsoftware-based key generation or storage will always be vulnerable to softwareattacks, so private keys should be created, stored, and used by dedicatedhardware [1]". Since the TPM is a separate chip, inaccessible to other systemprocesses, it is more secure than software only. "The TPM represents aseparate trusted coprocessor, whose state cannot be compromised by potentiallymalicious host system software. [4]"IdeologyWhen the history of TC and TPMs is written, its success or failure willprobably hinge upon the ideology of the suspicious more than the technologyitself. Many critics of TPMs fear that cash hungry software companies will utilizeTPMs as a weapon against the users. Since TPMs can be used to enforcelicensing policy, or lock in users, one could reasonably fear that they will be usedto force unwanted upgrades out of customers [7]. Even those with no objectionto DRM schemes have concern over the potential power TPMs give to softwarevendors. Will vendors resist the temptation to use TPMs as a tool for cash flowinstead of security?For example, Microsoft has come under fire for its plans to providesecurity updates only to properly authenticated customers. A program it calls the"Genuine Windows Advantage" [16]. But pundits within the industry havereported that properly licensed owners are often harassed by authentication.Support calls can be required to get keys for OS reinstalls of OEM computers(such as Dell) who have properly licensed Windows. Microsoft may require callsto product activation hotlines even when factory reinstall disks are used on anoriginal unmodified machine [14]. Since users are being already harassed onreinstalls with
View Full Document
Unlocking...