Trusted Computing Platforms Blessing or Curse? by Bastian Sopora, Seminar DRM 2006
Agenda Introduction Introduction Defining trust and its different flavours Defining trust and its different flavours The idea of Trusted Computing Platforms The idea of Trusted Computing Platforms Technicalities of TCP Technicalities of TCP Conceptual problems with TCP Conceptual problems with TCP TCP & DRM TCP & DRM Summary & Discussion Summary & Discussion
Introduction What is a Trusted Computing Platform? What is a Trusted Computing Platform?
Introduction A computer with some kind of additional hardware, that serves to protect the system from malicious software or unintended / undesired use. A computer with some kind of additional hardware, that serves to protect the system from malicious software or unintended / undesired use.
Agenda Introduction Introduction Defining trust and its different flavours Defining trust and its different flavours The idea of Trusted Computing Platforms The idea of Trusted Computing Platforms Technicalities of TCP Technicalities of TCP Conceptual problems with TCP Conceptual problems with TCP TCP & DRM TCP & DRM Summary & Discussion Summary & Discussion
What is trust? Trusted vs. Trustworthy Trusted vs. Trustworthy The nature of trust The nature of trust Technical Trust Technical Trust Computers are predictable Computers are predictable
Trustworthy – earned trust User has a reason to trust in a System‘s behavior User has a reason to trust in a System‘s behavior Impossible to compromise data Impossible to compromise data Previous behaviour and standards deserve trust Previous behaviour and standards deserve trust
Trusted – forced trust User has no other choice but to trust the system User has no other choice but to trust the system Black box Black box No alternatives No alternatives "A 'trusted' computer does not mean a computer that is trustworthy." – Bruce Schneier "A 'trusted' computer does not mean a computer that is trustworthy." – Bruce Schneier
Technical Trust Device does what it is supposed to do Device does what it is supposed to do “an entity can be trusted if it always behaves in the expected manner for the intended purpose“ – [TCG] “an entity can be trusted if it always behaves in the expected manner for the intended purpose“ – [TCG] i.g. Harddrive controller i.g. Harddrive controller
Agenda Introduction Introduction Defining trust and its different flavours Defining trust and its different flavours The idea of Trusted Computing Platforms The idea of Trusted Computing Platforms Technicalities of TCP Technicalities of TCP Conceptual problems with TCP Conceptual problems with TCP TCP & DRM TCP & DRM Summary & Discussion Summary & Discussion
Supporters Trusted Computing Group Trusted Computing Group Formerly known as Trusted Computing platform alliance Formerly known as Trusted Computing platform alliance AMD, Hewlett-Packard, IBM, Infineon, Intel, Lenovo, Microsoft, and Sun Microsystems AMD, Hewlett-Packard, IBM, Infineon, Intel, Lenovo, Microsoft, and Sun Microsystems
TCP – pure intentions Make computers safer, more reliable Make computers safer, more reliable Protect from viruses, malware Protect from viruses, malware Protect from hackers, unauthorized access Protect from hackers, unauthorized access
Opponents Computer security experts Computer security experts Richard Stallman (GNU) Richard Stallman (GNU) Ross J. Anderson (Cambridge U., UK) Ross J. Anderson (Cambridge U., UK) Bruce Schneier (Comp.Sec. Author) Bruce Schneier (Comp.Sec. Author)
TCP – not as good as it seems? Trust in the driving factors of TCP is undeserved Trust in the driving factors of TCP is undeserved TCP gives system and software designers too much control and power TCP gives system and software designers too much control and power Undue Censorship possible Undue Censorship possible
A quick survey Who uses......AMD / Intel processors?...AMD / Intel processors?...Microsoft / Apple OS?...Microsoft / Apple OS? Think about whether you trust them or not!
Agenda Introduction Introduction Defining trust and its different flavours Defining trust and its different flavours The idea of Trusted Computing Platforms The idea of Trusted Computing Platforms Technicalities of TCP Technicalities of TCP Conceptual problems with TCP Conceptual problems with TCP TCP & DRM TCP & DRM Summary & Discussion Summary & Discussion
The simple TC-life Trusted Platform Module Trusted Platform Module One chip solution One chip solution Open specifications Open specifications
The TCG Guidelines Trusted Platform Module provides: Secure Input & Output Secure Input & Output Memory curtaining / Protected execution Memory curtaining / Protected execution Sealed storage Sealed storage Remote attestation Remote attestation
The Guidelines I Secure Input & Output Secure channel between user and software Secure channel between user and software Avoid keyloggers, screenparsers etc. Avoid keyloggers, screenparsers etc.
The Guidelines II Memory Curtaining Block access to memory for all other software Block access to memory for all other software Even OS access is denied Even OS access is denied
The Guidelines III Sealed Storage Encrypt files using key derived from software & hardware Encrypt files using key derived from software & hardware
The Guidelines IV Remote Attestation Certificate generated by the Trusted Platform Module Certificate generated by the Trusted Platform Module Hardware has not been tampered with Hardware has not been tampered with What software is running What software is running (active point of view) (active point of view)
Agenda Introduction Introduction Defining trust and its different flavours Defining trust and its different flavours The idea of Trusted Computing Platforms The idea of Trusted Computing Platforms Technicalities of TCP Technicalities of TCP Conceptual problems with TCP Conceptual problems with TCP TCP & DRM TCP & DRM Summary & Discussion Summary & Discussion
Reflection What does TC do? What does TC do? What could it do? What could it do? How does it work? How does it work?
Additional Concepts Remote Attestation Remote Attestation (passive point of view) (passive point of view) Owner Override Owner Override
Remote Attestation What is running? What is running? = Is XYZ running...? = Is XYZ running...?...on machine UVW?...on machine UVW?
Owner Override Allow owner to disable functions Allow owner to disable functions Allow owner to overide actions Allow owner to overide actions
Controversies Remote Censorship Remote Censorship Freedom of Software Choice Freedom of Software Choice Limitations on Data & Information Limitations on Data & Information Identifiability Identifiability TCP & Digital Licensing TCP & Digital Licensing
Remote Censorship Software creators instead of users control data objects Software creators instead of users control data objects Data objects may be deleted without user‘s consent Data objects may be deleted without user‘s consent Data objects‘ distribution may be prevented Data objects‘ distribution may be prevented
Software Choice Information created with Software A may be locked from all other software Information created with Software A may be locked from all other software Data Objects may require Software A although they are of a common type Data Objects may require Software A although they are of a common type
Limitations on User‘s Data No migration No migration Software requiring “newest“ software versions Software requiring “newest“ software versions Data requiring spyware Data requiring spyware
Identifiability on the Internet Remote Attestation Remote Attestation Collect information? Collect information? Free Speech Free Speech Direct Anonymous Attestation Direct Anonymous Attestation
Limitations on Information Enforcing „[Fair] Use Policy“ Enforcing „[Fair] Use Policy“ Limiting file formats to certain software Limiting file formats to certain software Microsoft: DRM making use of TC Microsoft: DRM making use of TC
TCP and Digital Licensing Relies on Sealed Storage & Memory Curtaining Relies on Sealed Storage & Memory Curtaining Relies on Remote Attestation Relies on Remote Attestation
TCP and Digital Licensing: Scenario 1 Concept: Enforcing “[Fair] Use Policy“ Concept: Enforcing “[Fair] Use Policy“ Restriction of Use Restriction of Use Restrictions on replay Restrictions on replay Playability linked to user‘s behaviour Playability linked to user‘s behaviour
TCP and Digital Licensing: Scenario II Concept: Spyware Concept: Spyware Marketing Trap Marketing Trap Evolving “[Fair] Use Policy“ Evolving “[Fair] Use Policy“
Impracticality Constant Owner Overrides Constant Owner Overrides Disabled features Fear of control, what if... Fear of control, what if......the controling party is ‘evil‘...the controling party is ‘evil‘...the hardware fails...the hardware fails Frequent new developments Frequent new developments outdated technology
Agenda Introduction Introduction Defining trust and its different flavours Defining trust and its different flavours The idea of Trusted Computing Platforms The idea of Trusted Computing Platforms Technicalities of TCP Technicalities of TCP Conceptual problems with TCP Conceptual problems with TCP TCP & DRM TCP & DRM Summary & Discussion Summary & Discussion
Survey Results Do you trust Intel, Microsoft, AMD, Apple etc.? Do you trust Intel, Microsoft, AMD, Apple etc.? A: They pay me $$$ C: Earned TrustD: I don‘t use computers B: Forced Trust
Survey Results Do you trust Intel, Microsoft, AMD, Apple etc.? Do you trust Intel, Microsoft, AMD, Apple etc.? 50/50 joker: 50/50 joker: C: Earned Trust B: Forced Trust
Survey Results C: Earned Trust B: Forced Trust Do you trust Intel, Microsoft, AMD, Apple etc.? Do you trust Intel, Microsoft, AMD, Apple etc.? Audience joker: Audience joker: