Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

Trusted Computing - Computer Networking - Synopsis | ECPE 177, Papers of Computer Systems Networking and Telecommunications

University of the Pacific (UOP)Computer Systems Networking and Telecommunications

Material Type: Paper; Class: Computer Networking; Subject: Electrcl & Computer Engr; University: University of the Pacific; Term: Unknown 1989;

Typology: Papers

Pre 2010

Uploaded on 08/16/2009

koofers-user-9wq
koofers-user-9wq 🇺🇸

5

(1)

10 documents

1 / 6

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Trusted Computing
Synopsis
The basic system concepts in trusted computing are:
1. Unique machine/CPU is identified using certificates;
2. Encryption is performed in the hardware;
3. Data can be signed with the machine's identification;
4. Data can be encrypted with the machine's secret key.
The nature of trust
Trust means something different to security experts than the meaning laypersons often assign.
For example, the United States Department of Defense's definition of a trusted system is one that
can break your security policy; i.e., "a system that you are forced to trust because you have no
choice." Cryptographer Bruce Schneier observes "A 'trusted' computer does not mean a
computer that is trustworthy." According to those definitions a video card is trusted by its users
to correctly display images. Trust in security parlance is always a kind of compromise or
weakness—sometimes inevitable, but never desirable as such.
The main controversy around trusted computing is around this meaning of trust. Critics
characterize a trusted system as a system you are forced to trust rather than one which is
particularly trustworthy. In contrast, Microsoft, in adopting its term trustworthy computing
presumably intends to focus consumers' attention on the allegedly trustworthy aspects of trusted
computing systems.
Critics of trusted computing are further concerned that they are not able to look inside trusted
computing hardware to see if it is properly implemented or if there are backdoors. The trusted
computing specifications are open and available for anyone to review, but implementations are
generally not. As well, many are concerned that cryptographic designs and algorithms become
obsolete. This may result in the forced obsolescence of TC-enabled computers. For example,
recent versions of trusted computing specifications added, and require, the AES encryption
algorithm.
While proponents claim trusted computing increases security, critics counter that not only will
security not be helped, but trusted computing will facilitate mandatory digital rights management
(DRM), harm privacy, and impose other restrictions on users. Trusting networked computers to
controlling authorities rather than to individuals may create digital imprimaturs. Contrast trusted
computing with secure computing in which anonymity, not disclosure, is the main concern.
Advocates of secure computing argue that the additional security can be achieved without
relinquishing control over computer from users to superusers.
Proponents of trusted computing argue that privacy complaints are baseless since consumers will
retain a choice between systems, based on their individual needs. Moreover, trusted computing
1
pf3
pf4
pf5

Partial preview of the text

Download Trusted Computing - Computer Networking - Synopsis | ECPE 177 and more Papers Computer Systems Networking and Telecommunications in PDF only on Docsity!

Trusted Computing

Synopsis

The basic system concepts in trusted computing are:

  1. Unique machine/CPU is identified using certificates;
  2. Encryption is performed in the hardware;
  3. Data can be signed with the machine's identification;
  4. Data can be encrypted with the machine's secret key.

The nature of trust

Trust means something different to security experts than the meaning laypersons often assign. For example, the United States Department of Defense's definition of a trusted system is one that can break your security policy; i.e., "a system that you are forced to trust because you have no choice." Cryptographer Bruce Schneier observes "A 'trusted' computer does not mean a computer that is trustworthy." According to those definitions a video card is trusted by its users to correctly display images. Trust in security parlance is always a kind of compromise or weakness—sometimes inevitable, but never desirable as such. The main controversy around trusted computing is around this meaning of trust. Critics characterize a trusted system as a system you are forced to trust rather than one which is particularly trust worthy. In contrast, Microsoft, in adopting its term trustworthy computing presumably intends to focus consumers' attention on the allegedly trustworthy aspects of trusted computing systems. Critics of trusted computing are further concerned that they are not able to look inside trusted computing hardware to see if it is properly implemented or if there are backdoors. The trusted computing specifications are open and available for anyone to review, but implementations are generally not. As well, many are concerned that cryptographic designs and algorithms become obsolete. This may result in the forced obsolescence of TC-enabled computers. For example, recent versions of trusted computing specifications added, and require, the AES encryption algorithm. While proponents claim trusted computing increases security, critics counter that not only will security not be helped, but trusted computing will facilitate mandatory digital rights management (DRM), harm privacy, and impose other restrictions on users. Trusting networked computers to controlling authorities rather than to individuals may create digital imprimaturs. Contrast trusted computing with secure computing in which anonymity, not disclosure, is the main concern. Advocates of secure computing argue that the additional security can be achieved without relinquishing control over computer from users to superusers. Proponents of trusted computing argue that privacy complaints are baseless since consumers will retain a choice between systems, based on their individual needs. Moreover, trusted computing

advocates claim that some needs require changes to the current systems at the hardware level to enable a computer to act as a trusted client.

Related terms

The TCG project is known by a number of names. Trusted computing was the original one, and is still used by the Trusted Computing Group (TCG) and IBM. The hardware device they developed is called the TPM the Trusted Platform Module. Microsoft calls it trustworthy computing. Intel has just started calling it safer computing. Prior to May 2004, the TCG was known as the TCPA. Richard Stallman of the FSF has adopted the name Treacherous computing.

Background

A variety of initiatives fall under the heading of trusted computing: Microsoft is working on a project called NGSCB. An industry consortium including Microsoft, Intel, IBM, HP and AMD, have formed the Trusted Computing Platform Alliance (TCPA), which has a Trusted Computing Group (TCG), designing a Trusted Platform Module (TPM). Intel is working on a form called LaGrande Technology (LT), while AMD's is called Secure Execution Mode (SEM) or also known as Presidio. But essentially, there are proposals for four new features provided by new hardware, which require new software (including new operating systems and applications) to be taken advantage of. Each feature has a different reason, although they can be used together. The features are:

  1. Secure I/O
  2. Memory curtaining
  3. Sealed storage
  4. Remote attestation

Secure I/O

Secure input and output (I/O) is attested to by using checksums to verify that the software used to do the I/O has not been tampered with. Malicious software injecting itself in this path could be identified. This would not be able to defend against a hardware based attack such as a key capture device physically between the user's keyboard and the computer.

Memory curtaining

Memory curtaining has the hardware keep programs from reading or writing each other's memory (the space where the programs store information they're currently working on). Even the operating system doesn't have access to curtained memory, so the information would be secure from an intruder who took control of the OS.

ordered to do the deletion if she refuses. Given such possibilities, we can expect TC to be used to suppress... writings that criticise political leaders." He goes on to state that: "... software suppliers can make it much harder for you to switch to their competitors' products. At a simple level, Word could encrypt all your documents using keys that only Microsoft products have access to; this would mean that you could only read them using Microsoft products, not with any competing word processor. "The... most important, benefit for Microsoft is that TC will dramatically increase the costs of switching away from Microsoft products (such as Office) to rival products (such as OpenOffice). For example, a law firm that wants to change from Office to OpenOffice right now merely has to install the software, train the staff and convert their existing files. In five years' time, once they have received TC-protected documents from perhaps a thousand different clients, they would have to get permission (in the form of signed digital certificates) from each of these clients in order to migrate their files to a new platform. The law firm won't in practice want to do this, so they will be much more tightly locked in, which will enable Microsoft to hike its prices." Anderson summarizes the case by saying "The fundamental issue is that whoever controls the TC infrastructure will acquire a huge amount of power. Having this single point of control is like making everyone use the same bank, or the same accountant, or the same lawyer. There are many ways in which this power could be abused."

Users can't change software

In the diary example, sealed storage protects the diary from malicious programs like viruses, but it doesn't distinguish between those and useful programs, like ones that might be used to convert the diary to a new format, or provide new methods for searching within the diary. A user who wanted to switch to a competing diary program might find it would be impossible for that new program to read the old diary, as the information would be "locked in" to the old program. It could also make it impossible for the user to read or modify his diary except as specifically permitted by the diary software. If he were using diary software with no edit or delete option then it could be impossible to change or delete previous entries. Remote attestation could cause other problems. Currently web sites can be visited using a number of web browsers, though certain websites may be formatted (intentionally or not) such that some browsers cannot decipher their code. Some browsers have found a way to get around that problem by emulating other browsers. For example, when Microsoft's MSN website briefly refused to serve pages to non-Microsoft browsers, users could access those sites by instructing their browsers to emulate a Microsoft browser. Remote attestation could make this kind of emulation irrelevant, as sites like MSN could demand a certificate stating the user was actually running an Internet Explorer browser.

Users don't control information they receive

One of the early motivations behind trusted computing was a desire to support stricter Digital Rights Management (DRM): technology to prevent users from sharing and using copyrighted or

private files without permission. Microsoft has announced a DRM technology that it says will make use of trusted computing. Trusted computing can be used for DRM. An example could be downloading a music file from a band: the band could come up with rules for how their music can be used. For example, they might only want the user to play the file three times a day without paying more money. Also, they could use remote attestation to only send their music to a music player that enforces their rules: sealed storage would prevent the user from opening the file with another player that did not enforce the restrictions. Memory curtaining would prevent the user from making an unrestricted copy of the file while it's playing, and secure output would prevent capturing what is sent to the sound system. Once digital recordings are converted to analog signals, that (perhaps degraded) signal could be recorded by conventional means, such as by connecting an audio recorder, instead of speakers, to the card, or by recording the produced sound with a microphone. Without remote attestation, this problem would not exist. The user could simply download the song with a player that did not enforce the band's restrictions, or one that lets him convert the song to an "unrestricted" format such as MP3.

Users don't control their data

If a user upgrades her computer, sealed storage could prevent her from moving her music files to the new computer. It could also enforce spyware, with music files only given to users whose machines attest to telling the artist or record company every time the song is played. In a similar vein, a news magazine could require that to download their news articles, a user's machine would need to attest to using a specific reader. The mandated reader software could then be programmed not to allow viewing of original news stories to which changes had been made on the magazine's website. Such "newest version" enforcement would allow the magazine to "rewrite history" by changing or deleting articles. Even if a user saved the original article on his computer, the software might refuse to view it once a change had been announced.

Loss of Internet Anonymity

Because a TC-equipped computer is able to uniquely attest to its own identity, it will be possible for vendors and others who possess the ability to use the attestation feature to zero-in on the identity of the user of that computer with a high degree of certainty. Such a capability is contingent on the reasonable chance that the user at some time provides user- identifying information, whether voluntarily or indirectly. One common way that information can be obtained and linked is when a user registers a computer just after purchase. Another common way is when a user provides identifying information to the website of an affiliate of the vendor. As new identification technologies such as biometrics and RFID become widespread, it is expected that computer users will be identified with still greater certainty, and that ever