Trusted Computing

Trusted Computing (TC ) is a concept that is defined by Trusted Computing Group ( TCG) developed and promoted. The term is the technical term borrowed Trusted system, but has its own meaning. Trusted Computing means that the operator of a PC system can relinquish control of the hardware and software you use to third parties. This will increase the security, since manipulations are detected. Hailing from the English term trusted is controversial in this context because the concept of trust has an emotional context and allows different interpretations. Furthermore, there is the word trustworthy in English a term which is actually more appropriate. It is not the technology itself should be trust, but it only provides a basis for public confidence. In this sense, the name Predictable Computing would thus be ( predictably ) more unique and suitable to designate the core of the TGC concept. The confidence of the owner or a third party arises only from the predictability of the behavior ( s ) of a computer system.

Trusted computing platforms (PCs, as well as other computer-based systems such as mobile phones, etc.) can be equipped with an additional chip, the Trusted Platform Module ( TPM). This can measure the integrity of the software data structures as well as the hardware and save these values ​​verifiable and tamper-proof means of cryptographic procedures. The operating system of the computer, but also programs or third party can check these values ​​and thus decide whether the hardware or software configuration has been changed if necessary. Possible responses are then, for example, a warning to the user, but also the immediate application termination or termination of the network connection.

Trusted computing needs as vital if a custom bootloader and a corresponding operating system, which abuts these integrity checks and evaluates. Contrary to often expressed guesses the TPM is only passively involved. He can not independently verify or evaluate programs, nor about interrupting the program flow or even restrict the launch of specific operating systems or prevent.

The Trusted Computing Group defines the standards for the involved hardware modules and the corresponding software interfaces for the currently most widely used TC process. The TC operating system, however, is not standardized, compliant implementations are currently being implemented by both the software industry and open- source development groups.

• 5.1 Application of the concept of security

The technical background

Trusted computing systems consist of three main basic components:

The safety chain from the TCG specification

The generic TCG approach yields new system structures: Whereas previously security should be achieved by additional layers of encryption or anti -virus software, TCG starts at the lowest level of the platform and there early in the boot process of such a system. The TPM as a certified hardware security module by trusted vendors, a priori it is familiar. From this lowest layer, a continuous safety chain ( "Chain of Trust") is pulled up to the application at startup. Once each case has the lower level have a stable security reference, the next level can be supported thereon. Each of these domains is based on the previous one and therefore expects that the overall system each transaction, internal connection and device connectivity is trustworthy, reliable, safe and secure.

The TPM as a hardware security reference represents the root ( the "root of trust" ), the entire security chain dar. the beginning is already checked whether the signature ( and ensure that the constellation ) of the platform component has changed, i.e., whether one of the components ( disk space, LAN connection, etc.) has been changed or even removed or replaced. Similar verification mechanisms using the TPM verify then successively for example, the correctness of the BIOS, the boot block and boot itself, and the next higher layers when you start the operating system. During the entire launch, but also later, so is the security and trust state of the system - but only with the consent of the platform owner - queried on the TPM. But this can also be a compromised platform are reliably identified by others and the exchange of data be restricted to the appropriate level. Trusted computing systems can create the conditions that a significant development of modern, networked platform structures also from the standpoint of security and mutual trust is possible.

Applications on the basis of trust and security

The procedure proposed by the TCG Leitanwendung of TC platforms, the use on PCs or secure the support of operating systems ( OS).

Pending the availability of first secure OS but the security functions of the TPM on conventional OS ( eg Windows) can already be used. The security hardware TPM allows it to reliably storing and management of critical data that could be changed in a conventional environment of attack software at any time:

• Secure creation, management and delivery of key material for security applications. All previously used security and encryption programs on PCs store their key material on disk or similar easily accessible and changeable media. With appropriate analysis programs and operating systems, these data can be read out again and thus the security software be undermined. The filing of this critical data in the TPM prevents this.
• Digital certificates for electronic signatures can also be stored and managed securely in the TPM.
• Boot safely with monitoring of the individual boat steps is thus possible. One of the first applications of TC in the Microsoft Vista OS is secure booting with the help of TC and the decryption of the plate at the end of the boot process: This prevents the disk storage of found PCs and notebooks can be " recycled ".
• Secure Implementation of WLAN and network accesses: the corresponding keys and certificates are managed securely in the TPM
• And many other similar functions

Security enhancements for operating systems, Trusted Operating Systems

Although this is the intended main application is still being worked intensively on the implementation:

• The new Microsoft Vista is based on TC a first security application included ( Secure Booting with disk decryption, Bitlocker ) and other functions have been announced.
• The Ruhr-Universität Bochum has already fully developed a secure version of the Linux Boot Loader GRUB as open source TrustedGRUB in EMSCB project.
• In the EU project "Open Trusted Computing " secure versions of various Linux versions are being developed as open source in order to make this technique of secure operating systems and the general public can. Follow-up projects for safe, open operating systems on embedded and other processor platforms are planned.

Application classes for non-PC platforms

Although the TCG began their standardization activities with the aim of PC security. The idea of ​​a secure platform but is transferable to many other devices and applications, and with increasing system complexity and necessary. As part of the TCG there are now working groups for various application areas.

PDAs and Smartphones

PDAs now have similar features and functions such as PCs, are operated continuously on the Internet and are conditioned afflicted by their mobility with a significant risk of loss and theft. The operating systems is typically used usually have no or minimal security features. A device loss usually leads to a compromise of all data contained herein. The safety functions of TPM and its use in the OS can here lead to a significant improvement with implicit authentication and encryption methods.

Mobile applications

Modern devices such as smartphones are, 24/7 in operation and on the Internet, and so far without any special precautions. With TPM, not only can improve the data security, but also significantly expand the potential applications. Especially the ability to securely store certificates in the device, enabling new trusted applications. With a TPM security core can consist of a cell phone is a security terminal for mobile commerce or by use of the existing keyboard and the display, a safe class 3 terminal to sign documents or for e-banking arise. Also, the increasing threat of malicious software ( virus / worm on phones that spreads via the Internet and dial the emergency services number is now quite conceivable ) can be tackled better with a TC -based operating system.

Communication

Especially lately the issue of security for external network access is more and more important. Of particular interest is the protection of WLAN systems. Having now the first-generation systems are replaced by much more extensive protection mechanisms, also appears here, the desire for secure storage of key material and after storing for device certificates for identification and authentication of access points and devices on. Here TPM provides the ability to not only security for the wireless air interface, but also for network accesses ( RADIUS, DIAMETER ) trustworthy to integrate into the devices, along with offered with MAC address filtering and Conventional encryption is usually a very high security can be. Using eg Off- the-Record Messaging can also secure communication between programs are produced without a trusted computing chip is required.

Device Security and Integrity

For the protection of high-value assets against attacks on their integrity or unauthorized changes, offers a wide range of applications. It begins with the protection of product characteristics of cars such as the motor control or of valuable parameters such as Km stands up for the protection of plant controls eg chemical plants. The discussions are still just at the beginning, but also the verification of the integrity of platform opens up new possibilities.

Digital rights management

Digital Rights Management ( DRM) is a technique that can be used both for the management of organizational data ( company records or the safe design of document and workflow management systems ) as well as for the so- called content (music, videos, games ... ). It provides that certain things can be banned, such as the burning of a piece of music on CD. With little effort can arise with TC on terminal servers and security areas, where the distribution and rights management are controllable and understandable implemented for manufacturers.

The ability to use TC for secure DRM system is considered from a user perspective critical. From the manufacturers' point of view, new possibilities arise, as it can be on the one hand the basis for the secure management of personal data ( Privacy ) as well as new business cases and thus for the controllable range of content on the network. More DRM standardization groups, such as the Open Mobile Alliance ( OMA) with DRM2.0 for mobile, can rely on DC functions. TC allowed here the implementation of the manufacturer (not necessarily the user ) comprehensible at all times, yet safe procedure.

Chip card interaction

Many of the aforementioned classes of application smart cards play an important role as a carrier of personal safety- critical data. The defined by the TCG security components, such as TPM or TSS, mainly from a secure computer platform and are therefore statically linked to this system. In contrast, smart cards are portable, store personal data and can be used in various security environments and infrastructures. In many safety critical applications thus an exchange of data between the secure computing environment and a smart card plays an important role. The chip card guarantees the authentication of the persons involved, while the TPM chip can check on the " Trusted Platform " the integrity of the platform and therefore the correct function can be demonstrated.

Smart card technology requires secure platforms

In smart card is a high-security technology that attacks is very safe now. On the other hand (secure banking, digital signing of data, authentication and access control, etc. ) PC platforms are necessary for the execution of corresponding applications with smart cards that are at a much weaker level of security. With well known attacks (eg on the German home banking standard HBCI or certified according to the German Signature Act digital signature schemes ), the platform is therefore attacked and changed by the user. To prevent this levering the security of smart card -based systems, the use of TC technology on the application platform is urgently needed here.

Available Trusted computing systems

For PC platforms that are already equipped with the trusted computing function TC is mainly used to securely store keys and certificates ( In contrast to the potentially unsafe drop such critical data in an easily modifiable standard Save As with normal PCs).

To develop the work to date, complete trusted computing systems, and that are adapted to operating systems, have not yet led to wide usable results due to the high complexity and so far unique security requirements:

• The development of Microsoft, Next Generation Secure Computing Base ( NGSCB ) was canceled due to the security thereby obtained results. On a new approach (Trusted Virtualization ) is worked as part of the operating system Microsoft Windows Vista
• The EU-funded Open Source Open Trusted Computing project developed with 23 partners TC -based secure operating systems for different classes of applications. The resulting code may be used for other applications or operating systems. Trusted with Xen paravirtualization
• Trusted Linux
• Trusted microkernel

Criticism of Trusted Computing

The Federal Office for Security in Information Technology (BSI ) warns against the use of TPM. Microsoft can specify which programs can be installed on the computer, make already established programs subsequently unusable and help intelligence to control other computers. The competent professionals at the Federal Ministry of Economics, in the federal and the BSI warn because even unequivocally against the use of Trusted Computing of the new generation in German authorities. " Due to the loss of full sovereignty over information technology" are " the security objectives ' confidentiality ' and ' integrity ' is no longer guaranteed." ( Time online from August 20, 2013, " Federal Government warns of Windows 8")

Trusted Computing as a general topic (ie not specific to the standardization work of the TCG) is partially discussed very emotional. In most cases here, the variety of assumptions and expectations, especially assumptions about possible implementations of DRM and the integration in the product range of Microsoft operating systems ( NGSCB ) are combined. The first such publication, then took all the critics always reference back to the, was published in 2002 before the publication of the first specifications of Ross Anderson. Immediately afterwards, then there was a correction and rejection (English rebuttal ) by the participating developers.

Critics also fear is expressed that the implementation of the Trusted Computing can prevent or at least hinder the development of free software, open source software, shareware and freeware. This results from the assumption that software would have to be certified on a Trusted Platform by a central entity, and that therefore neither small companies nor individuals can afford the high cost of the official certification of their programs. Such a central certification authority are lacking, however. But appropriate certificates may be obtained by third parties, in turn, to classify the computers with other third parties as safe. This scenario would be conceivable, for example, in web shops or similar network - dominated actions and programs. In any case, Trusted Computing would be another hurdle on the way of the amateur in the software development, what free software projects that are developed by volunteers provides a distinct disadvantage.

Meanwhile, show several public research and development projects in the open source area ( eg Open Trusted Computing or European Multilateral Secure Computing Base ) that Trusted Computing and Open Source Linux can successfully supplement. When GPLv2 no restrictions exist.

One difficulty is that the membership and the ability to influence the Trusted Computing Group is dependent on high fees that small and medium-sized companies the same way precludes like most research groups and projects from the free software scene. So an organization needs to submit before the publication of a standard comments to be allowed to pay at least $ 16,500 annually.

Moreover, it is feared that the quasi- monopoly of Microsoft operating system would strengthened by Trusted Computing and other operating systems would be completely prevented.

A TPM as a core element of a Trusted Platform wants according to the TCG aims to be software -neutral and does not contain any blocking function for specific boat consequences. A source code example implementation for Linux, that wants to show this neutrality, can be found at TrustedGRUB. TrustedGRUB is secured with a TPM version of the GRUB boot loader, which could also be adapted in principle for other operating systems. Critics counter that there is no reason for Microsoft and the other consortium members to be neutral; On the contrary, this 'm massively contrary to the commercial interests of the company.

Also technical causes ( for each new operating system version otherwise you would need a new TPM version) can be mentioned. On the other hand, is also a safe, "trusted" operating system, the main component of a Trusted Platform. It is the operating system (and not the TPM ), which initiates the safety functions of TPM and also evaluates their results and then triggers the necessary follow-up activities.

Use of the concept of security

Trusted Computing advertises not only digital rights management to offer, but also to protect against malware. Technically, it would easily be possible to separate the two tasks from each other. This way of marketing also gives DRM opponents the impression that Trusted Computing would be useful. In fact, digital rights management requires the ability to grant only trusted applications access to. Trustworthy is to remove the digital protection an application that does not allow the user. The possibility of programs to be designated as trustworthy, of course, is also generally for protection against malicious software useful. An untrusted program is then either not even run or only with restricted rights. This allows malicious programs to the computer no longer hurt. But this safety feature requires no digital rights management. Thus, the Trusted Computing Group 's Trusted Computing could share in its actual ingredients: trust -based security and digital rights management.

Trusted Computing and Digital Rights Management

The creation of a "safe" environment is the prerequisite for the establishment of a Digital Rights Management (DRM ) in the pc or "Player " section. With the help of DC functions can be detected, for example, whether playback software or hardware has been tampered with or altered to restrictions the manufacturer ( such as a copy ) to get around. Therefore, TC is connected in some media with the issue of DRM, even if so far there are no corresponding applications.

The AntiTCPA activists doubt it. This took the hacker Lucky Green, at its declaration in 2003 publicity as an opportunity to seek to protect the combination of DRM and TC as a patent allegedly. However, contrary to this notice to find a corresponding patent on any of the international server.

Critics doubt the acceptance of DRM systems, which start from the beginning already from the fact that the customer is dishonest. As long as they do not offer benefits to consumers, they will probably perceived in the opinion of Mark Stefik only as an unpleasant complication.