Trusted Computing
Or
How I Learned to Stop Worrying and
Love the MPAA
Trusted Computing
Overview of TCP
 How it works

 Intel
LaGrande
 Microsoft NGSCB (Palladium)
Uses
 Issues

Trusted Computing Group
TCG formed by industry leaders
 Open standards for trustworthy computing
 Provides hardware and software security
to combat several type of threat
 Moving towards PDAs, omnipresence

Features of Trusted Computers

For business
 Licensing
 DRM

For Users
 Anti-hacker
 Anti-virus
 Backwards
compatible
 Can be turned off
LaGrande
Intel’s hardware implementation
 Based on Arbaugh’s secure bootstrap
 Runs parallel to normal architecture
 Uses hash values for modification
detection
 Operates in several different parts of
chipset

LaGrande – Secure Bootstrap
Higher abstraction layers only as secure
as lower
 Trusted CPU, chipset, and boot ROM
 Each layer verifies hash of next layer
before execution

LaGrande – Protected Environment





Built on top of secure bootstrap architecture
Instruction set extensions to create protected
processor partition
Extensions to create protected software stack
Trusted platform module (TPM) verifies
conditions
Changes to I/O controller, memory controller,
graphics controller, and CPU
LaGrande
Separate execution space
 Separate memory space
 Secure mouse/keyboard
 Secure graphics

NGSCB
Software side of TC
 Domain Manager aka Nexus
 Sealed Storage
 Remote Attestation

NGSCB – Nexus
Security kernel, authenticated on boot
 Authenticates trusted programs
 Application interface to TPM
 Does not trust OS

NGSCB – Sealed Storage
Encrypts data on storage device
 Key is not stored on storage device
 Hash of creating program stored with file
 TPM only decrypts for program that
passes modification detection
 Decrypted only with same TPM / same
program

NGSCB - Remote Attestation
Communicate hashes of secure programs
for remote verification of modification
detection
 Ensures that client software functions as
intended
 Kazaa vs. MPAA/RIAA

Uses










Remote banking, business-to-business e-commerce, and online
auctioning
Corporate networking, document sharing
Cheat-proof gaming enforcement
Secure data storage
Personal privacy protection, data management, and record keeping
Shared computing and secure transactions
Secure home computing
Government agencies that require a high level of security and trust
Software license enforcement
Copyright enforcement
Issues
GPL
 Who is in control – owners, MS, or content
providers?
 Assumptions – hardware modifications
possible
 Censorship

References








Trusted Computing: Promise and Risk
http://www.eff.org/Infra/trusted_computing/20031001_tc.php
http://www.microsoft.com/resources/ngscb
Ross Anderson’s site http://www.cl.cam.ac.uk/~rja14/
Anderson’s Patent
Arbaugh Paper
Inside Intel's Secretive 'LaGrande' Project
http://www.extremetech.com/print_article/0,3998,a=107418,00.asp
http://www.intel.com/technology/security/
http://www.microsoft.com/whdc/winhec/pres03.mspx