Getting Started With Trusted Computing
by Steven Sprague
It's a fact of business life that IT managers in enterprise and government, driven by new asset protection requirements, customer demand and regulatory compliance issues, are continuously searching for ways to make data more secure. From boardrooms to legislative chambers, leaders continue to assess the impact of recent spectacular cases of financial cyber-fraud, identity theft, data leakages and losses from Fortune 500 companies (such as Time Warner, Bank of America, Wachovia, Citigroup and ChoicePoint) - with new examples continuing to be disclosed.
Data disasters include the loss of sensitive employee and customer profiles, social security data and credit information. This information is lost through mishandling, theft, unauthorized access to IT networks and malicious attacks. The inability to reliably determine authentic digital identities continues to undermine many transactions - even as Internet commerce increases, both for businesses and consumers.
In June, the CEO of Microsoft warned in Washington that complacency could cause Internet users to underestimate the ongoing dangers of digital fraud and identity theft. Both federal and state governments are getting increasingly involved through existing and proposed legislation to protect data privacy rights. In 2002, California enacted the Information Practices Act (SB-1386), which requires companies to notify consumers of data loss. In this highly charged environment, enterprises and government need a computing environment that is more trusted, private, safe and secure.
The information technology industry is responding to these significant challenges by encouraging the development and delivery of a range of new open standard, hardware-based security solutions. Important progress is being stimulated by the formation of the Trusted Computing Group (TCG), an association of more than 100 global IT leaders.
The TCG is a not-for-profit organization formed to develop, define, and promote open standards for hardware-enabled trusted computing and security technologies, including hardware building blocks and software interfaces, across multiple platforms, peripherals, and devices. TCG specifications will enable more secure computing environments without compromising functional integrity, privacy, or individual rights. The primary goal is to help users protect their information assets (data, passwords, keys, etc.) from compromise due to external software attack and physical theft and on platforms including not only PCs but servers, peripherals, mobile devices, the network and related infrastructure. Leading members of the TCG include AMD, Dell, HP, IBM, Intel, Microsoft, Motorola, Sony, Sun Microsystems, STMicroelectronics and Wave Systems. There are now more than 100 members spanning the IT industry from silicon vendors like Atmel to PC OEMs like Gateway to security software developers and mobile phone makers and network services providers like Nokia, Vodaphone and France Telecom.
Industry developers, manufacturers and service providers use TCG specifications to build products that protect and strengthen computing platforms against software-based attacks. In contrast, traditional older generation security approaches have taken a "moat" approach, which attempted to create electronic boundaries or firewalls that mirrored organizational boundaries. However, today's new Web services are aimed at making boundaries virtual so that customers and suppliers can have ready access to important information that resides inside corporate information systems. In addition, the security of today's systems is based almost exclusively on software, which has proven to make them highly vulnerable to malicious attacks from the network. Finally, with the increased mobility of devices for access at all times in all places, the threat of physical theft and loss has seen a corresponding increase
A Root of Trust within Hardware Delivering Enhanced Security
TCG standards today are based on a special purpose security chip, placed in a PC, called a Trusted Platform Module (TPM). These security chips use an open standards approach to ensure interoperability across vendor platforms, operating systems and product lines. A TPM, a secure key generator and key cache management component, enables protected storage of encryption keys and authentication credentials for enhanced security capabilities. This is in contrast to today's weaker security solutions that rely on firewalls, encryption keys and digital certificates that store secrets on insecure hard drives and in unprotected memory wide open to malicious attack.
TPM chips store encryption keys and digital signature keys to ensure confidentiality and integrity. This helps protect Trusted PCs from typical software-based attacks so common today. Importantly, the keys and other critical security information are stored in non-volatile memory with the chip. Unlike software-only based security solutions most rely on today, the private encryption keys stored within the chip are protected by the chip even when in use. The root of trust is stored in the hardware and is far less vulnerable to attack.
Additionally, the TPM has the ability to perform measurements of the software which is installed on the machine. These measurements are then compared against known values to determine if the software or configuration has been changed or altered in some unauthorized manner. For instance, when the PC boots a measurement can be taken of its configuration and boot firmware to assure that no low level viruses or Trojan horses have been installed, or that all the intended security software such as firewalls and antivirus have been successfully installed. These measurements can provide the root of trust to audit the platform metrics to make sure that it is in a known, trusted configuration.
With encryption keys protection in the hardware of the Trusted PC, what can Trusted Computing do for you? First of all, you can solve several of the most nagging issues in data security today, strong user authentication and strong device validation.
Corporations and government agencies remain vulnerable to malicious attack when unauthorized users authenticate and spoof themselves and their PC platforms into insecure IT networks. Software-only login and sign-in processes have proven to be easily breached. Strong user authentication and platform validation make malicious access attack far more difficult.
With your private encryption keys stored in a security chip, users may now be strongly authenticated and the risk of spoofing is dramatically lessened. Protected storage of keys allows for the creation of strong, complex passwords to further strengthen the authentication process.
Besides strongly authenticating who you are, the TPM security chip can also strong authenticate and validate the device you are using, now Trusted PCs, but eventually mobile devices such as cell phones and PDAs.
A common problem today is Trojan Horse attacks, where a PC user is tricked into downloading unauthorized configuration changes. This practically guarantees the malicious use of the platform and its contents and well as fraudulent access to networks to which the device is connected. In Trusted PCs that use TPM security chips, platform integrity is delivered by secure storage of platform configuration values and by secure reporting of the values. This enables attestation of the platform by verification of intact configuration.
In most insecure systems today, configuration settings are stored in system memory and are vulnerable to attack. With Trusted PCs, the settings are used to create attestation identity keys that cannot be used unless a value is the same at the time of use as when the key was created. This helps to determine the trusted state configuration has been altered. If it has been changed, network administrators can deny access.
Other end point integrity capability offered by the Trusted Computing Group is the Trusted Network Connect architecture. Products based on the architecture, announced in May, will determine the security and compliance of clients attempting to connect to a network and will provide a level of network access based on the configuration and integrity of the client. With the enforcement of IT security and system requirements, network administrators are expected to decrease security vulnerabilities, support costs and downtime associated with misconfigured or infected systems.
Trusted Network Connect has been developed by more than 60 networking and technology industry TCG member companies representing client and network security; switches; routers and hubs; systems and systems management; and operating systems.
The architecture provides a common framework for the collection and exchange of end point integrity data in heterogeneous networking environments. Products based on the architecture will enable clients trying to connect to a network to be evaluated against a set of policies and pre-determined platform configurations established by their organization's IT department. Clients not meeting policies, such as those for patch levels, anti-virus software or operating system configuration, can be quarantined for remediation.
When Trusted PCs using a TPM chip are used, Trusted Network Connect can be enabled to provide a trusted boot mechanism that uniquely helps thwart root kits, stealthy infections that are almost impossible to detect, and other similar attacks.
Working with this dramatically improved secure hardware environment, companies are beginning to offer a range of services for Trusted PCs that provide immediate value and return on investment to address pressing security concerns. Additionally, companies are beginning to provide key management services and infrastructure that IT professionals require for managing Trusted PCs in an enterprise or government environment.
How to Identify and Buy a Trusted Computer
The good news is that the computer industry is offering an increasingly wide variety of Trusted PCs and desktop boards equipped with a TPM security chip - ready for service in your network. As of this writing, models with this capability include:
- Dell LatitudeT D410, D610, D810, X1 notebooks and Dell Precision MobileT Workstations M20, M70
- Dell Precision Mobile Workstations M20, M70
- Dell Precision 380 workstation
- Dell OptiPlex GX620 corporate desktop
- IBM ThinkPad notebooks (with IBM Client Security Software v5.4)
- IBM NetVista desktops (with IBM Client Security Software v5.4)
- HP d530 and dc7100 desktops
- HP nc4010, nc6000, nc8000, and nw8000 notebooks
- Intel D865GRH, D915GEV, and D915GUX desktop boards
- Intel D945GNT Executive Series, D945GTP Executive Series and D945GCZ Executive Series motherboards
- Fujitsu Lifebook S7000 and E8000 Series notebooks
More vendors are likely to be added in the coming months. Industry analysts estimate that tens of millions of trusted PCs have, indeed, already shipped to date, with the market growing rapidly in the coming years. In fact, industry experts are now predicting a trusted computing tidal wave. IDC, for instance, estimates that by 2007, more than half of personal computers shipping worldwide could contain security chips. Next year, Microsoft is expected to release its next generation OS, codenamed Longhorn, which is planned to be optimized to work with the latest generation of TPM security chips. Since computers are available today ready to work with this new OS, there is actually no reason to wait. You can start better protection your data today.
A Range of Services Available From Multiple Vendors
After you have verified with your PC manufacturer that your new or existing PC contains a TPM security chip, you will have two alternatives. Your Trusted PC may have a pre-installed set of basic trusted software services already available. For example, if you are using PCs that use Intel's secure desktop board solutions, you are ready to start using the bundled secure software. Or your IT department supplied you with one of the several Trusted PCs from Dell, there is an option, at additional cost, to download from the Dell web site additional trusted PC software optimized to work the new Dell Trusted PC.
We have already discussed strong authentication and attestation as immediate benefits from using a Trusted PC. But the keys that enable authentication also help in the delivery of a range of easy-to-use trusted services that are useful in everyday business applications. For instance, client based single log-in allows users to auto fill username and password with the use of only one password and register others in the TPM security chip for auto fill as needed.
Users may also help set the policies of how TPM security chip interacts with the user, such as the use of biometric authentication, through TPM and user management applications.
Earlier we outlined many embarrassing examples of data losses by high profile companies and organizations. A Trusted Computing application such as file and folder encryption could have eliminated several high profile cases of data theft that have been recently reported. A stolen or lost laptop can be protected using this application. Protection your file and folders can be as easy as dragging and dropping your data into a TPM protected vault.
Once a user or organization commits to Trusted Computing, the backup and recovery of keys in case of platform failure, computer replacement or hard drive failure is addressed by companies offering key recovery applications.
Making a commitment to Trusted Computing can be extremely easy. It is mainly a matter of replacing your existing PCs, on their typical three or four year replacement cycle, with generally available Trusted PCs, with associated secure software.
From a positive perspective, your enterprise or government agency will be more secure from the first day's use of Trusted PCs, with better authentication of users, more secure data assets and better management of secure data.
From a negative perspective, wouldn't it be better to not be a part of the next big data loss story in the media, especially when it is so easy to address one of your most vulnerable security weaknesses?
Yes, getting started is that easy. Let your next computers purchases be Trusted PC purchases and get on the road to better security in your organization.
Reasons to Buy PCs That Contain a Trusted Platform Module Identity Protection and Strong Authentication
- Strong, multifactor authentication for user identities can be an integrated feature
- Alternative to separate hardware tokens for access control
- Strong authentication can reduce identity fraud
- Highly sensitive data such as identities, passwords and credentials protected in hardware vaults for strong protection
- Reduced identity theft exposures
- Password management tools can increase both security and productivity.
- Data protection using encryption keys generated and stored by the TPM
- Disk drives can be securely linked to and only accessible from a single, unique platform for protection against stolen PCs drives
- Digital signatures for documents and files can be applied from trusted hardware
- Encryption of email to protect against unauthorized exposure
- Prevents access to critical data on lost, stolen, or hacked PCs
- VPN remote access platform identity credentials to can be hardware protected
- Strengthening client PCs, which are most the vulnerable devices for network attacks
- Network access can be controlled based on meeting trustworthiness metrics
- Secure access for communications , both wired and wireless networks
Legal and Regulatory Compliance
- Conform to data security regulations for protecting data on client PCs
- Ability to provide audit, access control, and non-repudiation of transactions
Platform Integrity and Trustworthiness
- Laptop and mobile devices specifically require more security
- Platform and configuration trustworthiness can be verified by the TPM
- True random number generator (for generating session keys) provides cryptographically high quality keys which means increased level of protection combined with improved ROI for the security product
- By use of TPM hardware, resistance against dictionary attacks (compared to software only solutions)
- Trustworthiness of software and hardware configurations, including the boot image, operating system, and key application software can be measured locally by the TPM
- Integrated hardware security is becoming a platform requirement
- Security hardware provides the platform with a root of trust as the anchor for future proofing overall platform security
- TPMs are one of the most cost effective security features available today.
- Regulatory compliance to new audit and certification laws based on improved security
- All TPM related documentation is available to the public which means transparency for the user combined with increased convenience for the software development engineers.
- Standards based programming interface (even on BIOS level) is provided. This enables software developers to develop high-quality products with short time-to-market.
About the Author
Steven Sprague is president and CEO of Wave Systems, a leading provider of Trusted Computing client and server software applications. Wave Systems is a member of the Trusted Computing Group
Article © Copyright 2006 Wave Systems Corp. Used by permission.