Trusted Computing

1
Trusted Computing

• Chandana Praneeth Wanigasekera

2
Introduction

• jetBlue
• The need for systems that can be trusted
• Embedding Privacy Policy into the applications
  that use Sensitive Information
• Credit card machines

3
PII

• You can still retain control
• Expiration
• Remote destruction with little effort by the
  corporation who has the data
• Force privacy policies

4
Descartes (1641)

• Meditations on First Philosophy
• Can we trust our senses?
• What if everything we experience is a delusion
  created by an evil demon bent on deceiving us?

5
The Matrix?
6
Interest

• This is a question that has been weighing on
  Several computer companies
• How do you know that your computer is actually
  what it seems?
• Hackers and imitative programs
• Sensitive information, keystrokes and complete
  control

7
Trust in other software

• How can one program running on your computer
  trust another one?
• What if the operating system has been subverted
• Anti Virus
• How would you warn the user?

8
Trust in you

• Movie studios, recording companies, Health care
  providers legitimate right
• Some information is given based on trust in you
• Do you have control?
• Real issues
• Viruses
• Trojans
• Spyware
• P2P networks

9
Implications

• Implications for a P3P client
• Alterations of policy
• Lack of enforcement
• Advantages of a trusted client and a trusted
  website component
• Many implications on privacy of sensitive
  information

10
Trusted Computing Initiatives

• Trusted Computing Platform Alliance
• Trusted Computing Group
• Microsoft, Intel, IBM, HP, AMD
• Hardware Software
• Attempt to build a trusted platform

11
Foundation of Trust

• Descartes
• A secure reliable bootstrap architecture (1997)
• Bill Arbaugh, Dave Farber, Jonathan Smith
• Booting a machine into a known state
• Early PCs ROM BIOS and no HDD
• Digital Rights Management OS Patent by Microsoft
• Paul England (Secure PC team leader)

12
Foundation of Trust

• Ultimate aim is to end up in a known state
• Need for a core root of trust module

Known State
Post boot
Pre boot
Core Root of Trust
13
Trusted Computing Platform Alliance

• MissionThrough the collaboration of HW, SW,
  communications, and technology vendors, drive and
  implement TCPA specifications for an enhanced HW
  and OS based trusted computing platform that
  implements trust into client, server, networking,
  and communication platforms.
• Replaced by Trusted Computing Group, but the TCPA
  specification was adopted by TCG as their
  specification.
• Patent licensing policy of TCG, all new work
• Compaq, HP, IBM, Intel, Microsoft

14
Trusted Platform Module (TPM) v1.1

• The TPM is a collection of hardware, firmware
  and/or software that support the following
  protocols and algorithms
• Algorithms RSA, SHA-1, HMAC
• Random number generation
• Key generation
• Self Tests
• The TPM provides storage for an unlimited number
  of private keys or other data using RSA

15
PC Specific block diagram of TCG
16
Secure storage in TPM

• Seal and Unseal which are simply front-ends to
  RSA encrypt and decrypt
• But sealing encrypts the platform configuration
  register (PCR) values with the data. Unique
  identifier tpmProof.
• Conditions for unsealing data
• Appropriate key is available
• TPM PCRs must contain the same values as during
  sealing (implicit key in PCRs)
• tpmProof must be the same as during encryption
• Allows software to state the future configuration
  the platform must be for unsealing.

17
Additional operation Unbind

• Unbind decrypts a blob created outside the TPM
  where the private key is stored inside the TPM.
• A blob is data header information encrypted.
• Seal jet Blue customer data
• Can only be decrypted on the same platform
• Removes the possibility of data being accessed by
  different machines

18
Types of keys

• Storage Root Key one for each TPM created at
  the request of the owner, migratable,
  unmigratable data
• Signing keys leaves of the storage root key
  hierarchy
• Storage keys used for the protected storage
  hierarchy only and Binding keys
• Identity keys used for TPM identity
• Endorsement key pair asymmetric key pair
  generated by or inserted in the TPM as proof that
  it is genuine.
• One to one relationship between TPM and
  endorsement key
• One to one relationship between TPM and platform
• Endorsement key and platform

19
Encryption Algorithms

• RSA algorithm (must)
• RSA key sizes of 512, 1024, and 2048 bits.
• The RSA public exponent must be e, where e
  2161
• TPM storage keys must be equivalent to a 2048 bit
  RSA key
• Secure Hash Algorithm (SHA) -1 hash algorithm(160
  bits) used in the early stages of the boot
  process (more complicated later?)
• RSA for signature and verification
• RNG capabilities -gt only accessible to TPM
  commands
• Key generation capabilities -gt protected by a
  private key held in a shielded location

20
Self tests

• Checks RNG
• Checks Integrity Registers
• Checks integrity of endorsement key pair by
  making it sign and verify a known value
• Self checks the TPM microcode
• Checks Tamper-resistance markers
• On failure the part that failed enters shut down
  mode

21
Self test procedure
22
Target of evaluation (TOE)

• The new version of TCG will have TPM as a
  monitoring module and doesnt actually control
  the boot process
• Hardware, software and firmware that comprise the
  TPM
• Identifies threats to the TOE T.Attack,
  T.Bypass, T.Imperson, T.Malfunction etc.
• Each threat is explained and the objective is
  explained in the specification, eg. O.Attack
• An example

23
T.Export

• Threat description A user or an attacker may
  export data without security attributes or with
  unsecure security attributes, causing the data
  exported to be erroneous and unusable, to allow
  erroneous data to be added or substituted for the
  original data, and/or to reveal secrets.
• Objective (O.Export) When data are exported
  outside the TPM, the TOE shall ensure that the
  data security attributes being exported are
  unambiguously associated with the data.
• Interesting use of user or an attacker here

24
T.Replay

• Threat description An unauthorized individual
  may gain access to the system and sensitive data
  through a replay or man-in-the-middle attack
  that allows the individual to capture
  identification and authentication data.
• T.Replay is countered by O.Single_Auth, which
  states The TOE shall provide a single use
  authentication mechanism and require
  re-authentication to prevent replay and
  man-in-the-middle attacks.

25
TPM Block diagram
26
Software

• Palladium - After the mythological statue that
  defended ancient Athens against invaders
• Microsoft has discontinued use of the code name
  "Palladium." The new components being developed
  for the Microsoft Windows Operating System, are
  now referred to as the Next-Generation Secure
  Computing Base for Windows (NGSCB).

27
Next-Generation Secure Computing Base for Windows
28
NGSCB

• Seal and Unseal explained
• Nexus Computing Agents(NCA)

29
Microsoft on applications

• Bryan Willman Suppose you run a pharmacy
  company. When you test a new drug, of course it's
  bad if someone has a bad reaction to the drug,
  but it's much worse if someone tampers with that
  data so that your results are skewed. That means
  it's critical that all test data is entered
  accurately and no one tampers with it. NGSCB
  ensures that those files can't be breached or
  modified in any way.
• Here's another example. If you and your doctor
  and your pharmacist are communicating about a
  medical condition you have, you want to be sure
  that the information you exchange is confidential
  and true. Today you probably wouldn't want to do
  that online from your home computer because with
  all that software that you and your kids have
  loaded onto it, somewhere along they way it may
  have picked up a virus or two, so there's no way
  to know for sure how safe your information is.
  With NGSCB you use the right-hand side, and no
  matter what is happening on the left-hand side,
  you can be sure that the data passed between you
  and your doctor and your pharmacist hasn't been
  tampered with.
• Microsoft has a separate research area called
  Trustworthy Computing which is more towards what
  we define as trust

30
Features described by Microsoft

• Memory Curtaining
• Secure Input and Output
• Sealed Storage
• Remote Attestation lt- the scariest

31
Memory Curtaining

• Strong hardware enforced memory isolation
• Programs are not able to read or write each
  others memory
• Not even the OS
• Intruders have no access
• Implementation in hardware permits the greatest
  backward compatibility with existing software,
  which is a goal

32
Secure I/O

• Key loggers, screen grabbers
• Music and movie industry would like this a lot
• It will allow programs to determine if the input
  came from a user or from a different program
• Would take out the case of a virus taking over
  the output from Anti Virus software
• Good for privacy of data

33
Secure Storage

• Similar to what we saw in the TCG specification
• Addresses the failure of PCs to store keys
  securely
• No more .pwls
• How can they be stored so that its only
  accessible to legitimate users?
• Generates the key based on the software
  requesting the key and the platform that its
  running on at the time
• No need to store the key, as the key can simply
  be recreated when it is needed
• Imposes that sealed data can only be decrypted on
  one particular user platform software
  combination
• Is this a good thing?

34
Do you have control?

• Moving files from your computer
• What if you dont like Excel anymore
• Exporting Data to a different application is very
  hard
• Adversary is the owner
• License fees
• Upgrades/Downgrades
• Do you have a choice?

35
Remote Attestation

• Most revolutionary of the features
• Aims to allow detection of unauthorized changes
  to Software
• Others need to be able to tell if your system is
  compromised
• Protect a computer against its owner
• A cryptographic certificate of the software
  running
• Remote party can say if the version of software
  has been altered
• Windows XP, Warcraft
• No more cheating in Network Games

36
Advantages

• Each feature can be used to prevent or mitigate
  real attacks on computers
• Coding flaws in one application will not result
  in private data being accessed by a different
  application
• P2P client MS Word
• Does not stop you from running harmful programs,
  just contains the area it runs in
• NGSCB itself will not inherently prevent a user
  from using a particular operating system or
  hardware
• Spyware will become extinct (No more Gator!)

37
Problems

• Risks of anti-competitive or anti-consumer
  behavior
• Deliberate manufacturer mistakes in
  implementation handled by open source?
• Threat model supports that the owner is a threat
• Attestation cannot differentiate between changes
  to software with owners consent and changes in
  software by unauthorized intruders
• No legal backing to this, users have a legitimate
  right to reverse-engineer for improvement of a
  program
• Third parties can compel you to choices which you
  wouldnt have made otherwise

38
More problems

• Websites that demand attestation
• The user cant give an attestation that hes using
  IE if hes using Mozilla instead
• MSN not serving webpages to non Microsoft
  browsers
• Can be used to subject you to advertising
  (approved client)
• Web servers/File servers that demand fees from
  client developers
• Greatly increases costs of switching to rival
  software
• Samba -gt interoperable file system created
  through reverse engineering (Microsoft could
  permanently lock out Samba from Windows File
  servers)

39
Interoperability

• Current issues with third party MSN Messenger
  Clients
• General lock-in problem
• Sealed storage Attestation

40
Digital Rights Management

• Microsoft and the TCG have made several attempts
  to say that Trusted Computing is not designed to
  enforce DRM
• Easy for DRM enforcers to enforce policies on
  users
• Trusted Computing maintains the rights of the
  owner of the document at all costs
• Destroying documents (court order?)
• Privacy issues, back to the days when books could
  be burned
• Attestation causes problems

41
Links between DRM and NGSCB

• Curtaining prevents information in decrypted form
  from being copied
• Secure output (no screen grabbing)
• Sealed storage allows files to be stored so that
  only the DRM client that stored them can access
  them
• Remote attestation makes sure only the above DRM
  client is run
• Easy to implement DRM over NGSCB
• Microsoft filed a patent for a DRM OS -gt possible
  link here (same individuals involved)

42
Computer User as Adversary

• Seth Schoen of the Electronic Frontier Foundation
• A possible solution Owner override
• The owner can attest anything
• Takes away some of the advantages but we still
  have a free world!
• Will opt-in be real?
• Trusted computing aims to enable others to trust
  your computer
• Is this relavent?
• Movies released with remote attestation

43
Troubling implications

• Just a way for Microsoft to make sure pirated
  software wont run?
• Switch off all the computers in China?
• Remote control
• Deleting pirated music
• Digital objects created under TC remain under
  ownership of the author, even if legal control
  has been handed to the user
• Media Control

44
Related Legislation

• Fritz Hollings
• (a) SHORT TITLE. -- This Act may be cited as the
  "Consumer Broadband and Digital Television
  Promotion Act".
• SEC. 2. FINDINGS.
• The Congress finds
• (1) The lack of high quality digital content
  continues to hinder consumer adoption of
  broadband Internet service and digital television
  products.
• (2) Owners of digital programming and content are
  increasingly reluctant to transmit their products
  unless digital media devices incorporate
  technologies that recognize and respond to
  content security measures designed to prevent
  theft.
• (3) Because digital content can be copied
  quickly, easily, and without degradation, digital
  programming and content owners face an
  exponentially increasing piracy threat in a
  digital age.
• .

45
Hollings Bill

• (18) Piracy poses a substantial economic threat
  to America's content industries.
• (19) A solution to this problem is
  technologically feasible but will require
  government action, including a mandate to ensure
  its swift and ubiquitous adoption.
• (20) Providing a secure, protected environment
  for digital content should be accompanied by a
  preservation of legitimate consumer expectations
  regarding use of digital content in the home.
• (21) Secure technological protections should
  enable owners to disseminate digital content over
  the Internet without frustrating consumers'
  legitimate expectations to use that content in a
  legal manner.
• (22) Technologies used to protect digital content
  should facilitate legitimate home use of digital
  content.
• (23) Technologies used to protect digital content
  should facilitate individuals' ability to engage
  in legitimate use of digital content for
  educational or research purposes.
• Basic idea -gt Digital Rights Management enforced!
  TCPA Mandated?
• Thankfully this Bill was not passed ?

46
Related Legislation

• Feinstein wanted DRM
• This is Napster times 10
• Shrek
• Paul Boutin A little knowledge is a dangerous
  thing (in regard to the hollings bill)
• The decision to play or not to play must be made
  by the content, not the player, DRM experts warn.
  It's tricky, but they'll get to it -- if the
  industry isn't forced to accept a compromise
  standard first.

47
Why TCG?

• Controversial
• All the manufactures involved in the process
  would profit greatly if the computer is accepted
  as a general entertainment platform for the home
• Microsoft has been trying
• The patents on DRM OS are remarkably similar to
  the current work on TCG
• Implications on the GNU Public License (GPL)

48
Importance of Open Source

• User Invention
• Right to reverse engineering
• Controversial DMCA
• Are after purchase restrictions legal?
• Cell phones that drain generic batteries
• Printers that refuse to accept cartridges that
  have been refilled
• Trusted Computing could add a few for computers
  here
• Sony would want our computers to behave like
  closed DVD players do we want that?

49
Will it work for us?

• jetBlue, enforcing P3P
• Yes.
• Customers can even revoke information they
  submitted and that would be destroyed from the
  jetBlue database
• The trusted computing base will make it
  impossible to just copy data from one place to
  another
• Is this a good corporate solution?

50
Limiting the Scope

• If we can limit the scope of the initiative to
  personally identifiable information instead of
  programs in general.
• We have a good solution for the problem of
  sensitive information in a wired world
• People can submit data with policys so that they
  will be destroyed on a later date
• Should not be applied generally
• Enron

51
The Law and Economics of Reverse Engineering

• Yale Law Journal (Pamela Samuelson and Suzanne
  Scotchmer)

52
Interoperability Debate

• Reasons a firm would not want to make their
  software interoperable
• Example from IBM
• Reverse engineering challenges interoperability
• Microsofts APIs are trade secrets

53
Open Source Software Projects as User Innovation
Networks

• Study by Eric von Hippel MIT Sloan School of
  Management (2002)
• Clearly shows the advantages of user innovation
• User innovation is thwarted by the current model
  towards Trusted Computing

54
von Hippels Results
55
von Hippels Results continued
56
Conclusion

• As developed currently, Trusted Computing
  seriously challenges user privacy and freedom.
• Programs that call home and report how they are
  being used would be a significant threat to
  privacy.
• Reverse engineering and open source software can
  not coexist with the current model for Trusted
  Computing.
• The current model thwarts invention and is more
  suitable as a basis for DRM (if we need that?)
• The concept of trust is based on others trusting
  your computing, not you trusting your computer.
• This is a flawed concept.

57
Lessons

• Some of the concepts in the TCG platform can be
  very useful in implementing effective privacy and
  security.
• Certain features such as attestation should be
  removed from the specification or a user override
  feature should be provided for attestation
• Not everything that is open source is good for
  you!

58
The Battle has begun!