Title: Trusted Computing
1Trusted Computing
- Chandana Praneeth Wanigasekera
2Introduction
- jetBlue
- The need for systems that can be trusted
- Embedding Privacy Policy into the applications
that use Sensitive Information - Credit card machines
3PII
- You can still retain control
- Expiration
- Remote destruction with little effort by the
corporation who has the data - Force privacy policies
4Descartes (1641)
- Meditations on First Philosophy
- Can we trust our senses?
- What if everything we experience is a delusion
created by an evil demon bent on deceiving us?
5The Matrix?
6Interest
- This is a question that has been weighing on
Several computer companies - How do you know that your computer is actually
what it seems? - Hackers and imitative programs
- Sensitive information, keystrokes and complete
control
7Trust in other software
- How can one program running on your computer
trust another one? - What if the operating system has been subverted
- Anti Virus
- How would you warn the user?
8Trust in you
- Movie studios, recording companies, Health care
providers legitimate right - Some information is given based on trust in you
- Do you have control?
- Real issues
- Viruses
- Trojans
- Spyware
- P2P networks
9Implications
- Implications for a P3P client
- Alterations of policy
- Lack of enforcement
- Advantages of a trusted client and a trusted
website component - Many implications on privacy of sensitive
information
10Trusted Computing Initiatives
- Trusted Computing Platform Alliance
- Trusted Computing Group
- Microsoft, Intel, IBM, HP, AMD
- Hardware Software
- Attempt to build a trusted platform
11Foundation of Trust
- Descartes
- A secure reliable bootstrap architecture (1997)
- Bill Arbaugh, Dave Farber, Jonathan Smith
- Booting a machine into a known state
- Early PCs ROM BIOS and no HDD
- Digital Rights Management OS Patent by Microsoft
- Paul England (Secure PC team leader)
12Foundation of Trust
- Ultimate aim is to end up in a known state
- Need for a core root of trust module
Known State
Post boot
Pre boot
Core Root of Trust
13Trusted Computing Platform Alliance
- MissionThrough the collaboration of HW, SW,
communications, and technology vendors, drive and
implement TCPA specifications for an enhanced HW
and OS based trusted computing platform that
implements trust into client, server, networking,
and communication platforms. - Replaced by Trusted Computing Group, but the TCPA
specification was adopted by TCG as their
specification. - Patent licensing policy of TCG, all new work
- Compaq, HP, IBM, Intel, Microsoft
14Trusted Platform Module (TPM) v1.1
- The TPM is a collection of hardware, firmware
and/or software that support the following
protocols and algorithms - Algorithms RSA, SHA-1, HMAC
- Random number generation
- Key generation
- Self Tests
- The TPM provides storage for an unlimited number
of private keys or other data using RSA
15PC Specific block diagram of TCG
16Secure storage in TPM
- Seal and Unseal which are simply front-ends to
RSA encrypt and decrypt - But sealing encrypts the platform configuration
register (PCR) values with the data. Unique
identifier tpmProof. - Conditions for unsealing data
- Appropriate key is available
- TPM PCRs must contain the same values as during
sealing (implicit key in PCRs) - tpmProof must be the same as during encryption
- Allows software to state the future configuration
the platform must be for unsealing.
17Additional operation Unbind
- Unbind decrypts a blob created outside the TPM
where the private key is stored inside the TPM. - A blob is data header information encrypted.
- Seal jet Blue customer data
- Can only be decrypted on the same platform
- Removes the possibility of data being accessed by
different machines
18Types of keys
- Storage Root Key one for each TPM created at
the request of the owner, migratable,
unmigratable data - Signing keys leaves of the storage root key
hierarchy - Storage keys used for the protected storage
hierarchy only and Binding keys - Identity keys used for TPM identity
- Endorsement key pair asymmetric key pair
generated by or inserted in the TPM as proof that
it is genuine. - One to one relationship between TPM and
endorsement key - One to one relationship between TPM and platform
- Endorsement key and platform
19Encryption Algorithms
- RSA algorithm (must)
- RSA key sizes of 512, 1024, and 2048 bits.
- The RSA public exponent must be e, where e
2161 - TPM storage keys must be equivalent to a 2048 bit
RSA key - Secure Hash Algorithm (SHA) -1 hash algorithm(160
bits) used in the early stages of the boot
process (more complicated later?) - RSA for signature and verification
- RNG capabilities -gt only accessible to TPM
commands - Key generation capabilities -gt protected by a
private key held in a shielded location
20Self tests
- Checks RNG
- Checks Integrity Registers
- Checks integrity of endorsement key pair by
making it sign and verify a known value - Self checks the TPM microcode
- Checks Tamper-resistance markers
- On failure the part that failed enters shut down
mode
21Self test procedure
22Target of evaluation (TOE)
- The new version of TCG will have TPM as a
monitoring module and doesnt actually control
the boot process - Hardware, software and firmware that comprise the
TPM - Identifies threats to the TOE T.Attack,
T.Bypass, T.Imperson, T.Malfunction etc. - Each threat is explained and the objective is
explained in the specification, eg. O.Attack - An example
23T.Export
- Threat description A user or an attacker may
export data without security attributes or with
unsecure security attributes, causing the data
exported to be erroneous and unusable, to allow
erroneous data to be added or substituted for the
original data, and/or to reveal secrets. - Objective (O.Export) When data are exported
outside the TPM, the TOE shall ensure that the
data security attributes being exported are
unambiguously associated with the data. - Interesting use of user or an attacker here
24T.Replay
- Threat description An unauthorized individual
may gain access to the system and sensitive data
through a replay or man-in-the-middle attack
that allows the individual to capture
identification and authentication data. - T.Replay is countered by O.Single_Auth, which
states The TOE shall provide a single use
authentication mechanism and require
re-authentication to prevent replay and
man-in-the-middle attacks.
25TPM Block diagram
26Software
- Palladium - After the mythological statue that
defended ancient Athens against invaders - Microsoft has discontinued use of the code name
"Palladium." The new components being developed
for the Microsoft Windows Operating System, are
now referred to as the Next-Generation Secure
Computing Base for Windows (NGSCB).
27Next-Generation Secure Computing Base for Windows
28NGSCB
- Seal and Unseal explained
- Nexus Computing Agents(NCA)
29Microsoft on applications
- Bryan Willman Suppose you run a pharmacy
company. When you test a new drug, of course it's
bad if someone has a bad reaction to the drug,
but it's much worse if someone tampers with that
data so that your results are skewed. That means
it's critical that all test data is entered
accurately and no one tampers with it. NGSCB
ensures that those files can't be breached or
modified in any way. - Here's another example. If you and your doctor
and your pharmacist are communicating about a
medical condition you have, you want to be sure
that the information you exchange is confidential
and true. Today you probably wouldn't want to do
that online from your home computer because with
all that software that you and your kids have
loaded onto it, somewhere along they way it may
have picked up a virus or two, so there's no way
to know for sure how safe your information is.
With NGSCB you use the right-hand side, and no
matter what is happening on the left-hand side,
you can be sure that the data passed between you
and your doctor and your pharmacist hasn't been
tampered with. - Microsoft has a separate research area called
Trustworthy Computing which is more towards what
we define as trust
30Features described by Microsoft
- Memory Curtaining
- Secure Input and Output
- Sealed Storage
- Remote Attestation lt- the scariest
31Memory Curtaining
- Strong hardware enforced memory isolation
- Programs are not able to read or write each
others memory - Not even the OS
- Intruders have no access
- Implementation in hardware permits the greatest
backward compatibility with existing software,
which is a goal
32Secure I/O
- Key loggers, screen grabbers
- Music and movie industry would like this a lot
- It will allow programs to determine if the input
came from a user or from a different program - Would take out the case of a virus taking over
the output from Anti Virus software - Good for privacy of data
33Secure Storage
- Similar to what we saw in the TCG specification
- Addresses the failure of PCs to store keys
securely - No more .pwls
- How can they be stored so that its only
accessible to legitimate users? - Generates the key based on the software
requesting the key and the platform that its
running on at the time - No need to store the key, as the key can simply
be recreated when it is needed - Imposes that sealed data can only be decrypted on
one particular user platform software
combination - Is this a good thing?
34Do you have control?
- Moving files from your computer
- What if you dont like Excel anymore
- Exporting Data to a different application is very
hard - Adversary is the owner
- License fees
- Upgrades/Downgrades
- Do you have a choice?
35Remote Attestation
- Most revolutionary of the features
- Aims to allow detection of unauthorized changes
to Software - Others need to be able to tell if your system is
compromised - Protect a computer against its owner
- A cryptographic certificate of the software
running - Remote party can say if the version of software
has been altered - Windows XP, Warcraft
- No more cheating in Network Games
36Advantages
- Each feature can be used to prevent or mitigate
real attacks on computers - Coding flaws in one application will not result
in private data being accessed by a different
application - P2P client MS Word
- Does not stop you from running harmful programs,
just contains the area it runs in - NGSCB itself will not inherently prevent a user
from using a particular operating system or
hardware - Spyware will become extinct (No more Gator!)
37Problems
- Risks of anti-competitive or anti-consumer
behavior - Deliberate manufacturer mistakes in
implementation handled by open source? - Threat model supports that the owner is a threat
- Attestation cannot differentiate between changes
to software with owners consent and changes in
software by unauthorized intruders - No legal backing to this, users have a legitimate
right to reverse-engineer for improvement of a
program - Third parties can compel you to choices which you
wouldnt have made otherwise
38More problems
- Websites that demand attestation
- The user cant give an attestation that hes using
IE if hes using Mozilla instead - MSN not serving webpages to non Microsoft
browsers - Can be used to subject you to advertising
(approved client) - Web servers/File servers that demand fees from
client developers - Greatly increases costs of switching to rival
software - Samba -gt interoperable file system created
through reverse engineering (Microsoft could
permanently lock out Samba from Windows File
servers)
39Interoperability
- Current issues with third party MSN Messenger
Clients - General lock-in problem
- Sealed storage Attestation
40Digital Rights Management
- Microsoft and the TCG have made several attempts
to say that Trusted Computing is not designed to
enforce DRM - Easy for DRM enforcers to enforce policies on
users - Trusted Computing maintains the rights of the
owner of the document at all costs - Destroying documents (court order?)
- Privacy issues, back to the days when books could
be burned - Attestation causes problems
41Links between DRM and NGSCB
- Curtaining prevents information in decrypted form
from being copied - Secure output (no screen grabbing)
- Sealed storage allows files to be stored so that
only the DRM client that stored them can access
them - Remote attestation makes sure only the above DRM
client is run - Easy to implement DRM over NGSCB
- Microsoft filed a patent for a DRM OS -gt possible
link here (same individuals involved)
42Computer User as Adversary
- Seth Schoen of the Electronic Frontier Foundation
- A possible solution Owner override
- The owner can attest anything
- Takes away some of the advantages but we still
have a free world! - Will opt-in be real?
- Trusted computing aims to enable others to trust
your computer - Is this relavent?
- Movies released with remote attestation
43Troubling implications
- Just a way for Microsoft to make sure pirated
software wont run? - Switch off all the computers in China?
- Remote control
- Deleting pirated music
- Digital objects created under TC remain under
ownership of the author, even if legal control
has been handed to the user - Media Control
44Related Legislation
- Fritz Hollings
- (a) SHORT TITLE. -- This Act may be cited as the
"Consumer Broadband and Digital Television
Promotion Act". - SEC. 2. FINDINGS.
- The Congress finds
- (1) The lack of high quality digital content
continues to hinder consumer adoption of
broadband Internet service and digital television
products. - (2) Owners of digital programming and content are
increasingly reluctant to transmit their products
unless digital media devices incorporate
technologies that recognize and respond to
content security measures designed to prevent
theft. - (3) Because digital content can be copied
quickly, easily, and without degradation, digital
programming and content owners face an
exponentially increasing piracy threat in a
digital age. - .
45Hollings Bill
- (18) Piracy poses a substantial economic threat
to America's content industries. - (19) A solution to this problem is
technologically feasible but will require
government action, including a mandate to ensure
its swift and ubiquitous adoption. - (20) Providing a secure, protected environment
for digital content should be accompanied by a
preservation of legitimate consumer expectations
regarding use of digital content in the home. - (21) Secure technological protections should
enable owners to disseminate digital content over
the Internet without frustrating consumers'
legitimate expectations to use that content in a
legal manner. - (22) Technologies used to protect digital content
should facilitate legitimate home use of digital
content. - (23) Technologies used to protect digital content
should facilitate individuals' ability to engage
in legitimate use of digital content for
educational or research purposes. - Basic idea -gt Digital Rights Management enforced!
TCPA Mandated? - Thankfully this Bill was not passed ?
46Related Legislation
- Feinstein wanted DRM
- This is Napster times 10
- Shrek
- Paul Boutin A little knowledge is a dangerous
thing (in regard to the hollings bill) - The decision to play or not to play must be made
by the content, not the player, DRM experts warn.
It's tricky, but they'll get to it -- if the
industry isn't forced to accept a compromise
standard first.
47Why TCG?
- Controversial
- All the manufactures involved in the process
would profit greatly if the computer is accepted
as a general entertainment platform for the home - Microsoft has been trying
- The patents on DRM OS are remarkably similar to
the current work on TCG - Implications on the GNU Public License (GPL)
48Importance of Open Source
- User Invention
- Right to reverse engineering
- Controversial DMCA
- Are after purchase restrictions legal?
- Cell phones that drain generic batteries
- Printers that refuse to accept cartridges that
have been refilled - Trusted Computing could add a few for computers
here - Sony would want our computers to behave like
closed DVD players do we want that?
49Will it work for us?
- jetBlue, enforcing P3P
- Yes.
- Customers can even revoke information they
submitted and that would be destroyed from the
jetBlue database - The trusted computing base will make it
impossible to just copy data from one place to
another - Is this a good corporate solution?
50Limiting the Scope
- If we can limit the scope of the initiative to
personally identifiable information instead of
programs in general. - We have a good solution for the problem of
sensitive information in a wired world - People can submit data with policys so that they
will be destroyed on a later date - Should not be applied generally
- Enron
51The Law and Economics of Reverse Engineering
- Yale Law Journal (Pamela Samuelson and Suzanne
Scotchmer)
52Interoperability Debate
- Reasons a firm would not want to make their
software interoperable - Example from IBM
- Reverse engineering challenges interoperability
- Microsofts APIs are trade secrets
53Open Source Software Projects as User Innovation
Networks
- Study by Eric von Hippel MIT Sloan School of
Management (2002) - Clearly shows the advantages of user innovation
- User innovation is thwarted by the current model
towards Trusted Computing
54von Hippels Results
55von Hippels Results continued
56Conclusion
- As developed currently, Trusted Computing
seriously challenges user privacy and freedom. - Programs that call home and report how they are
being used would be a significant threat to
privacy. - Reverse engineering and open source software can
not coexist with the current model for Trusted
Computing. - The current model thwarts invention and is more
suitable as a basis for DRM (if we need that?) - The concept of trust is based on others trusting
your computing, not you trusting your computer. - This is a flawed concept.
57Lessons
- Some of the concepts in the TCG platform can be
very useful in implementing effective privacy and
security. - Certain features such as attestation should be
removed from the specification or a user override
feature should be provided for attestation - Not everything that is open source is good for
you!
58The Battle has begun!