Trusted Computing

1
Trusted Computing

• BY Sam Ranjbari
• Billy J. Garcia

2
What is it?

• Trusted Computing (TC) is an open standard for
  hardware enabled trusted computing and security
  technologies.
• This means a more secure PC that only trusts the
  software creators not the owner

3
Trusted Computing

• TC was created by the non-for-profit organization
  Trusted Computing Group (TCG)
• An alliance of Microsoft, Intel, IBM, HP, AMD and
  
• A list can be found at this link
  https//www.trustedcomputinggroup.org/about/member
  s/

4
What does Trust mean?

• Trust means that something does as it is intended
  to do
• TCG defines trust as an entity can be trusted if
  it always behaves in the expected manner for the
  intended purpose.
• For example, when you save or read something from
  your hard drive, you want the data to be written
  and read accurately like it is intended to be,
  but you have to trust it to write and read
  without errors.

5
Who do I trust? Me!

• Today a computer trusts one of two entities in a
  user and hacker model.
• The user is trusted and the hacker is not.

6
Continue

• But when does a computer know that the user is
  not doing something harmful?
• With TC the user and the hacker are both not
  trusted. This ensures that nothing is done that
  can compromise the security of the PC.

7
So How does TC work?

• For TC to work you have to use the Trusted
  Computing Module (TPM) which is a hardware system
  where the core (root) of trust in the platform
  will reside.
• TPM will be implemented using a security
  microchip that handles security with encryption.

8
Groups of secure hardware

• They are memory curtaining, secure input and
  output, sealed storage, and remote attestation.
• It is also important to mention the concept of
  the endorsement key.
• The endorsement key is a 1,048 bit RSA private
  and public key that is created randomly on a
  microchip during the manufacturing of the chip.
  The private key is only used by the chip while
  the public key is used for attestation and for
  the encryption of sensitive data sent to the
  chip.

9
endorsement key

• The key is used to allow secure transactions by
  the TPM using a protocol created by TCG. This
  prevents a TPM emulator from starting a trusted
  entity. TPM is also designed to prevent
  extraction of the key from hardware analysis

10
Groups of secure Hardware

• Memory curtaining is hardware enforced memory
  isolation that will prevent software from being
  able to read or write to other softwares memory.
• Today hackers can read memory and alter
  applications memory to do evil deeds that are
  not intended.

11
Groups of secure Hardware

• Secure input and output will prevent threats from
  key loggers or screen grabbers from intruders.
• Using encrypted input and output will prevent the
  intruders from being able to see what the user
  types or what is on the users screen because the
  input from the keyboard to the software and the
  output from the software to the screen are
  encrypted.

12
Groups of secure Hardware

• Today hard drives are insecure by storing
  cryptographic keys on a hard drive that intruders
  can access.
• Users passwords, documents, and other
  information are also unprotected on todays
  storage.

13
Groups of secure Hardware

• With sealed storage the keys are generated using
  the hardware and the software
• For example, when you install a email client on a
  set of hardware a key is generated and used for
  the data that is saved and read from the email
  client.
• If a virus is running on the PC it will not be
  able to read the email because the virus and the
  hardware combo generate a different key!

14
Groups of secure Hardware

• With remote attestation a certificate is
  generated in hardware of the software installed
  and running on a computer.
• This allows software writers to check and ensure
  that their software is unmodified and has not
  been hacked.
• Identity of the software is verified with a hash
  that will change if the software has been
  changed.
• Since the hash is compared to a remote hash the
  intruder has no way of forging altered software.

15
Trusted Computing

• Not only TC is used for PCs but it is also going
  to be used for more hardware such as set top
  boxes, mobile phones, servers, storage devices,
  networks and more.

16
Trusted Computing

• So when will we see TC being used?
• For TC to work you have to have hardware with the
  TPM, and software to work with the TPM. Windows
  Vista is the next generation operating system by
  Microsoft that will make use of TC, although
  Microsoft likes to call it Trustworthiness.

17
Trusted Computing

• So far both AMD and Intel are working on a new
  processor to use TPM.
• Well, who would want to use TC?
• So far the computer industry is supporting TC and
  the Army wants all of their computers by 2010 to
  use a secure model such as TC.

18
Use of Trusted Computing

• Other software that uses TC are openTC, EMSCB,
  Forum for Open SW based TC, Enforcer,
  Next-Generation Secure Computing Base (NGSCB),
  TruoSerS The open-source TCG Software Stack,
  and Trusted Java.

19
Conclusion

• Trusted Computing is an industry standard created
  to protect a user from intruders and unsafe
  actions.
• With Trusted Computing the PC will decide who
  should be trusted and what is safe and unsafe
  using the Trusted Platform Module.
• By default no one is trusted except the hardware
  and the software publishers. Not even the PC
  users are trusted. TC was created for our
  benefits for sure

20
Trusted-Platform-Module