Trusted Computing: elements of a business case

With the launch of the Vista operating system in 2007, Microsoft brought to the mainstream a technology which has been quietly developing for the last 5 years: Trusted Computing (TC).

Trusted computing is "...hardware building blocks and software interfaces ... designed to enable more secure computing environments without compromising functional integrity." This will be achieved by enabling hardware-mediated cryptographic signing of data, and creating a Public Key Infrastructure (PKI) to support it. The organisation responsible for developing standards for TC is the Trusted Computing Group (TCG), which is made up of a wide range of hardware and software vendors.

This article introduces the subject, and presents some of the issues which may feed in to the development of a business case for the adoption of TC.

Rationale

The TCG is working to establish a coherent set of standards for strong identification, authentication and encryption technologies. These concepts are not new, having been used within some corporate computing environments for many years, but the TCG specifications will allow a much wider range of users to adopt them. Incorporation of hardware-based cryptography is perhaps the most important component of TC, and should lead to a significant increase in the security of the systems as a whole.

Technology

At the foundation of the system is a Trusted Platform Module (TPM), which is a hardware component built into systems supporting TC. The TPM underpins all security functionality higher in the stack, by:

• providing the root of trust for the system;
• providing functionality to measure the configuration of the current hardware and software state of a machine;
• providing secure storage for a machine's private keys;
• providing an on-chip cryptographic capability - the machine's private keys need never be released to system memory.

Benefits of TC

• hardware-based root of trust is substantially harder to attack than a software-based one, and should reduce the risk to information systems;
• ability to measure and remotely attest hardware and software state allows a trust relationship to exist. This could, for example, only allow access to a network if a machine has up-to-date virus definitions. This would also reduce the risk;
• TCG provides common standards, supported by all major vendors. This reduces the risk of incompatible hardware platforms, and should ensure that it is widely supported in software;
• TPMs are being widely deployed already, and take-up is forecast to rise. This will ease uptake of TC as the majority of new hardware purchases will be compliant;
• strong DRM and document management can lower risk of data theft or accidental release, both during storage and network transit;
• a TC architecture should prove somewhat easier to deploy than current options.

Risks

• requires trust in the manufacturer of the TPM and TSS components;
• a limited number of suppliers are making TPM chips, resulting in the risk of common-mode failures. Updating faulty TPM components is not possible;
• the ecosystem is still developing, secure I/O and TNC, and applications to use the new facilities are not yet available;
• risk of vendor lock-in if data is stored in encrypted form;
• the ability to access and use data may be transferred from the machine owner to the creator under a strong DRM regime;
• to implement a DRM scheme extra-organisationally requires an external PKI system, which will be under the control of an external organisation.

Costs

• increased administrative burden, particularly with regard to key-management;
• deployment of strong authentication methods for users (RSA tokens, biometrics etc) is strongly recommended.

Conclusions

Strong enterprise security can enable new business processes, by reducing the associated risks. Examples could include:

• enhancing employee mobility by allowing remote users to access sensitive resources;
• allowing visitors to an organisation to connect to the corporate network, as their machine will not have access to any protected services;
• allowing secure transfer of information between organisations, with secure connectivity and strong DRM to control the use of the information by the recipient;

The two key advances of TC are: having a hardware root-of-trust, which should significantly increase the robustness of the trust system built on it, and developing a complete system of specifications which should result in a globally consistent security ecosystem.

The inclusion of a cryptographically-secured file system in Windows Vista reduces the risk of data loss through theft of hardware. The TCG is developing standards for secure storage, to extend the trust system to magnetic media, which (once finalised and adopted by vendors) will further increase the security of computer systems, extending trust and cryptography to the hardware level in storage as well.

These key benefits of TC may affect the balance between cost and benefit of deploying enterprise security, potentially making it possible for organisations who could not justify deploying the previous generation of technologies.

• Home
• About us
• Our services
• Our approach
• Recent work
• Publications
• Recruitment
• Contact us