TCPA/TCG - Trusted or Treacherous
TC - Trusted Computing
Recently, the number of known security incidents has been dramatically increasing. Thus, security issues in computer industry have been pushed forward. So far, digital content on computers couldn't be efficiently protected since every security mechanism accessible by software could always be circumvent by software.
The idea of Trusted Computing is to provide a hardware layer that cares for
- storage of security related data like keys, certificates and checksums
- encryption and decryption
- validation of certificates
- (Remote) Platform Attestation (meaning that somebody can check the state of your personal computer over the internet)
- Sealing (meaning binding data to a specific platform and application)
Since this way the hardware can handle security management without any software being able to access the security data (like a Black Box). Moreover, the whole software layer can be 'monitored' by the hardware through the use of checksums. Hence the TCPA layer can recognise changes to the software layer and block the whole system from starting, this way keeping malicious software from running at all.
A short history of TCPA, TCG, Palladium and NSCB:
- 1999: The Trusted Computing Platform Alliance (TCPA) is founded by Intel, Microsoft, HP, Compaq and IBM.
- February 2002: The TCPA Main Specification Version 1.1b is being published.
- Early 2003: In the beginning of 2003 the name of Microsofts own TC-Projekt "Palladium" is changed to "next-generation secure computing base" (NGSCB).
- April 2003: The Trusted Computing Group (TCG) is founded by AMD, HP, IBM, Intel and Microsoft.
- Summer 2004: Microsoft seems to have stopped their "NGSCB"-effort.
Founded 1999 by Compaq, HP, IBM, Intel and Microsoft, the TCPA counts around 200 members by now, among them Adobe, AMD, Fujitsu-Siemens, Gateway, Motorola, Samsung, Toshiba and many others.
As successor of the TCPA, the TCG was founded by AMD, HP, IBM, Intel and Microsoft in April 2004.
TCG Hardware Architecture
The Trusted Platform Module (TPM) (a.k.a. "Fritz"-Chip) is the central element of the TCG architecture. Imagine a hardwired smart card for a abstract picture of this architecture.
The integration of the whole functionality into the CPU is also discussed, which would increase resistance against tampering attacks (see also Intel "LaGrande").
Regarding the hardware security of the "Trusted Platform Modules (TPM)", there were two important critiques:
- The first one has been the insuficient security certification against hardware attacks. In TCG 1.2 this critique has been addressed by an improvement of the hardware requirements. It has to be seen how strong the resistance against sophisticated attacks at intensively daily usage will be.
- The second one addreses the 'black box'-characterisitcs and risk 'hidden channels' in the TCG-Hardware, which can be easily implemented and used to send secret information to third parties.
TC - Treacherous Computing?
Generally, there are good arguments that these features can be used to improve the security of computer systems. Trusted Computing offers a lot of features which can be used to protect the personal computer against malicious software and users.
But according to a lot of technical analysis, most researchers have fundamental critics on the main design considerations. The new infrastructure will offer only minor protection against worms and viruses, although TCG is telling something completely different. Furthermore, some of these features can already be established by todays smart card supported systems, so where is the need for TCG 1.1?
We recognize that hardware enhancements might be one way to improve computer security. But treating computer owners as adversaries is not progress in computer security. The interoperability, competition, owner control, and similar problems inherent in the TCG and NCSCB approach are serious enough that we recommend against adoption of these trusted computing technologies until these problems have been addressed. Fortunately, we believe these problems are not insurmountable, and we look forward to working with the industry to resolve them."
Source: Electronic Frontier Foundation, bold emphasis by Pitsche
There are a lot of drawbacks to this kind of security implementation:
- The concept prevents even the device owner from certain operations.
- Remote Attestation is a good feature to remotely detect tampering of the computer, as long as this 'somebody' is the owner of the platform. But if this Remote Attestation is used by third parties, serious privacy and market domination issues arise.
- There are certainly legitimate reasons for Sealing. But the main use case seems to be consumer-unfriendly new 'business cases' for content dealers which involve locking down content to a single platform, based on connecting content to a specific device without any migration options.
Additionally, the market domination of Microsoft, obscurities regarding the needed trust infrastructure and a heap of patents have lead to critical evaluations from cryptographers, privacy organizations and European institutions.
Because of this pressure the Trusted Computing Group has modifed its proposal. The recent specification is "TCG 1.2".
DRM - Digital Rights Management
The philosophy behind Remote Platform Attestation and Sealing seems to be a protection of the computer system like a ThinkPad or electronic device like a MP3-Player against its user and owner.
What will do this to the use of digital media content on computers or other electronic devices? The answer of the IT- and the Entertainment-Industry is "Digital Rights Management" or just shortly "DRM".
The DRM component takes control over the rest of the user's device which they rightfully own (e.g. MP3-Player or a ThinkPad) and restricts how it may act, regardless of the user's wishes (e.g. preventing the user from copying a song). All forms of DRM depend on the device imposing restrictions that cannot be legally disabled or modified by the user. In other words, the user has no choice. Bold emphasised by User:Pitsche.
So a new 'name' for DRM came up: Digital Restrictions Management instead of Digital Rights Management.
Read more at Wikipedia:Digital rights management.
Censorship and Avoiding Whistle Blowers
The Siamese twin of Digital Restriction Management is censorship. The same techniques which avoid copying music songs can be used to limit the access to all kinds of documents. The combination of DRM and observation hardware like TCG leads to very dangerous implications.
Giving a real world example, the Chinese government could easily block the use of all documents containing the words "Dalai Lama" on 'trusted' computer systems.
Another application is the fight against whistle blowers. E.g. government documents about the deportation of own citizens to countries with a doubtful law system or about supporting illegal wars could be made readable for government computers only and combined with a expiration date. This might make it very dificult for the society or following generations to disclose these breaches of humanity.
There are still a lot of critical questions, even though TCG 1.2 contains many steps into the right direction.
TCPA/TCG in ThinkPads
Embedded Security Chip
IBM introduced it's TCPA/TCG features with some of the T23 models. The earlier of them didn't yet have the Embedded Security Subsystem, but a kind of pre 1.0 version called the Embedded Security Chip. This chip had the following capabilities:
- Data communications authentication and encryption
- Storage of encrypted passwords
Embedded Security System (1.0)
Embedded Security System (in IBM documents there is no use of the additive version-nummer 1.0) is using the heayvily disputed "TCG 1.1"-specification.
The Embedded Security Subsystem has the following features:
- hardware key storage
- multi-factor authentication
- local file encryption
- enhances VPN security
Embedded Security System 2.0
The recent TCG-specification is "TCG 1.2" and Embedded Security System 2.0 is supposed to use this newer specification.
The Embedded Security Subsystem 2.0 has the following features:
- hardware key storage
- multi-factor authentication
- local file encryption
- enhances VPN security
- TCG compliant
Thinkpads with and without TCPA/TCG
If you want to know, which ThinkPads are equipped with TCPA Technology like IBM Embedded Security Subsystem or IBM Embedded Security Subsystem 2.0 and which of them are TCPA/TCG clean models, please see the complete list of models at the article about Embedded Security Subsystem.
OpenSource Software and TCG
TCG has huge implication for the development of free software. Following a possibly expensive evaluation there will be a signature for one program version. Even if the program is licensed under the GPL every change to the code will make the signature invalid. This seems to be a strong violation of the main philosophy of OpenSource software.
Since Microsoft controls an overwhelming part of the OS market, it seems to be rather difficult to evaluate the TCG proposal separated from the Palladium project.
TCG versus GPL: At least two companies are researching on "TCG-enhanced" versions of GNU/Linux. According most security researchers it seems to be necessary to evaluate programs which have access to the 'trusted part'.
- 'Trusted Computing' Frequently Asked Questions - Anti-TC FAQ by Cambridge University security director and professor Ross Anderson.
- Interesting Uses of Trusted Computing
- Can you trust your computer? essay by the FSF
- The civil rights organisation Protect Privacy
Read more at Wikipedia, the free encyclopedia:
- Trusted Computing
- Trusted Computing Group (formerly known as TCPA)
- Wikipedia-Category: Cryptography
- Wikipedia-Category: Copyright Law
- Wikipedia-Category: Digital Rights Management