Trusted Computing

from Wikipedia, the free encyclopedia

Trusted Computing (TC) means that the operator of a PC system can transfer control of the hardware and software used to third parties. It is a concept that is being developed and promoted by the Trusted Computing Group (TCG). The term is borrowed from the technical term Trusted System , but has its own meaning. It is intended to increase security as manipulation is detected. The term trusted , which comes from English, is controversial in this context, as the concept of trust has an emotional context and allows various interpretations. In addition, there is a term in English with the word trustworthy that is actually more apt. The technology itself should not be the trust, but merely creates a basis for building trust. In this sense, the name Predictable Computing (predictable) would be better and more clearly suitable to name the core of the TCG concept. The trust of the owner or a third party arises only from the predictability of the behavior (s) of a computer system.

Trusted computing platforms ( PCs , but also other computer-aided systems such as cell phones , etc.) can be equipped with an additional chip , the Trusted Platform Module (TPM). This can use cryptographic methods to measure the integrity of both the software data structures and the hardware and store these values ​​in a verifiable and tamper-proof manner. The computer's operating system, but also programs or third parties, can check these measured values ​​and thus decide whether the hardware or software configuration has been changed. Possible reactions are then e.g. B. a warning to the user, but also the immediate program termination or the termination of the network connection.

As an absolute prerequisite, Trusted Computing requires an adapted boot loader and a corresponding operating system that triggers and evaluates these integrity checks. Contrary to what is often assumed, the TPM is only passively involved. He cannot independently check or evaluate programs, interrupt the program sequence or even restrict or prevent the start of certain operating systems.

For the currently most widespread TC process, the Trusted Computing Group defines the standards for the hardware modules involved and the corresponding software interfaces. The TC operating system, on the other hand, is not standardized; corresponding implementations are currently being implemented by both the software industry and open source development groups.

The technical background

Trusted computing systems consist of three essential basic components:

  1. Trusted Platform Module (TPM), whose functions are intended to counteract software-based attacks
  2. Secure processor architecture (defined by the processor manufacturer)
  3. Safe and trustworthy operating systems

The safety chain from the TCG specification

The generic TCG approach results in new system structures: While security should previously be achieved through additional levels of encryption or anti-virus software, TCG already begins on the lowest level of the platform and there at the beginning of the boot process of such a system. The TPM as a certified hardware security module from a trustworthy manufacturer is trusted a priori. When the system is started, an uninterrupted security chain ("Chain of Trust") is drawn up from this lowest layer to the applications. As soon as the lower level has a stable security reference, the next level can rely on it. Each of these domains is based on the previous one and thus expects that every transaction, internal connection and device connection in the overall system is trustworthy, reliable, secure and protected.

The TPM as a hardware security reference represents the root ("Root of Trust") of the entire security chain. At the beginning it is checked whether the signature (and thus the constellation) of the platform components has changed; This means whether one of the components (disk storage, LAN connection, etc.) has been changed or even removed or replaced. Similar verification mechanisms with the help of the TPM then successively verify z. B. the correctness of the BIOS , the boot block and the boot itself, as well as the next higher layers when starting the operating system. During the entire start-up process, but also later, the security and trust status of the system can be queried via the TPM - but only with the consent of the platform owner. With this, however, a compromised platform can also be reliably identified by others and the data exchange can be restricted to the appropriate level. Trusted computing systems can create the prerequisite that a significant further development of modern, networked platform structures is only possible from the point of view of security and mutual trust.

Applications

The key application of Trusted Computing platforms planned by the Trusted Computing Group (TCG) is the support of secure operating systems on the PC. Such operating systems are currently still in development. However, the security functions of the Trusted Platform Module (TPM) can already be used on conventional operating systems such as Windows. The security hardware of the TPM enables the reliable storage and management of critical data such as key material for security applications or digital certificates for electronic signatures. In addition to the TPM, additional software is required to use these security functions. One example is the BitLocker full disk encryptor , which is included in some newer versions of Windows. Another application that has already been implemented is secure boot technology, which is used to secure the boot process by monitoring the individual boot steps. Trusted computing can also improve the security of network access, for example via WLAN.

Despite the original focus on PC systems, the Trusted Computing Group now operates working groups for many other platforms such as smartphones and tablets . By storing certificates in a TPM security kernel, a cell phone, for example, can be turned into a security terminal for mobile electronic commerce. Protection applications for high-value assets such as cars or industrial plants as well as the secure interaction of trusted computing platforms with chip cards are also under discussion .

Digital rights management (DRM) is a controversial field of application of Trusted Computing . With the technology called "Sealed Storage" it is possible to bind data such as music, videos or software to certain systems using cryptographic means so that this data can only be accessed by can be read out by a specific computer.

Available trusted computing systems

On PC platforms that are already equipped with the Trusted Computing function, TC is mainly used for the secure storage of keys and certificates (in contrast to the potentially insecure storage of such critical data on easily changeable standard memories as with normal PCs).

The work to date on developing complete trusted computing systems and operating systems adapted for them have not yet led to results that can be used widely due to the high level of complexity and previously unique security expectations:

  • Microsoft's development of Next-Generation Secure Computing Base (NGSCB) was discontinued due to the security results obtained. A new approach (trusted virtualization ) is being worked on within the Microsoft Windows Vista operating system . In the meantime, Trusted Computing is to be made mandatory from Windows 8. But this at a time when Microsoft itself is having difficulties keeping the CCC 2014 functional by remote maintenance of operating systems using patches and updates.
  • The EU- funded Open Source Open Trusted Computing project develops TC-supported secure operating systems for various application classes with 23 partners. The resulting code can also be used for other applications or operating systems. As part of this project, a secure version of the Linux boot loader GRUB was developed with TrustedGRUB . The operating systems developed include:

Criticism of Trusted Computing

The German Federal Office for Information Security (BSI) warns against the use of TPM. Microsoft can determine which programs can still be installed on the computer, make programs that have already been set up unusable and help secret services to control third-party computers. The responsible experts in the Federal Ministry of Economics, in the Federal Administration and at the BSI are warning unequivocally against the use of the new generation of trusted computing in German authorities. "Due to the loss of full sovereignty over information technology", "the security goals 'confidentiality' and 'integrity' are no longer guaranteed." (Zeit-Online from August 20, 2013, "Federal government warns of Windows 8"), but this was two days later denied.

Trusted Computing as a general topic (i.e. not specifically the standardization work of the TCG) is sometimes discussed very emotionally. In doing so, the most varied of assumptions and expectations, especially assumptions about possible implementations of DRM and the integration into the product range of Microsoft operating systems ( NGSCB formerly known as Palladium) are combined. The first corresponding publication, to which all critics repeatedly referred, was published by Ross Anderson in 2002 before the appearance of the first specifications. Immediately thereafter, a reply and rejection ( English rebuttal ) followed by the developers involved.

Critics also fear that the implementation of Trusted Computing can prevent or at least hinder the development of free software , open source software , shareware and freeware . This results from the assumption that software on a trusted platform would have to be certified by a central authority and that, as a result, neither smaller companies nor private individuals can afford the high costs for the official certification of their programs. However, there is no such central certification body. Corresponding certificates can, however, be issued by third parties in order to classify the computer as secure against other third parties. This scenario would be e.g. B. conceivable in web shops or similar network-based actions and programs. In any case, Trusted Computing would be another hurdle on the amateur's way into software development, which puts free software projects developed by volunteers at a distinct disadvantage.

In the meantime, several public research and development projects in the open source area, such as Open Trusted Computing or the European Multilateral Secure Computing Base , show that Trusted Computing and Open Source can complement each other with Linux. There are no restrictions whatsoever with the GPLv2 .

One difficulty, however, is that membership and the possibility of influencing the Trusted Computing Group depend on high fees, which excludes small and medium-sized companies as well as most research groups and projects from the free software scene. For example, to be able to submit comments on a standard before it is published, an organization must pay at least $ 16,500 annually.

In addition, it is feared that Trusted Computing would consolidate Microsoft's quasi operating system monopoly and completely prevent other operating systems.

A TPM as the core element of a trusted platform wants to be software-neutral according to the TCG goals and does not contain any blocking function for certain boot sequences. A source code implementation example for Linux that wants to show this neutrality can be found under TrustedGRUB. TrustedGRUB is the TPM-secured version of the GRUB boot loader , which in principle could also be adapted for other operating systems. Critics counter this that there is absolutely no reason for Microsoft and the other consortium members to be neutral; on the contrary, this is in massive contradiction to the commercial interests of companies.

Technical causes (otherwise a new TPM version would be required for each new operating system version) are listed. On the other hand, a secure, “trusted” operating system is also the main component of a trusted platform. It is the operating system (and not, for example, the TPM) that initiates the security functions of the TPM and also evaluates the respective results and then initiates the necessary follow-up activities.

Use of the term security

Trusted Computing advertises not only to offer digital rights management (DRM), but also to protect against malware . From a technical point of view, it would be easily possible to separate the two tasks. This way of marketing also gives DRM opponents the impression that Trusted Computing would be useful. In fact, digital rights management requires the ability to only assign the necessary rights to trusted programs. An application that does not allow the user to remove the digital protection is trustworthy. The option to mark programs as trustworthy is of course also generally useful to protect against malware. An untrustworthy program will either not be executed at all or only with restricted rights. In this way, malicious programs can no longer harm the computer. But this security function does not require any digital rights management. Thus, the Trusted Computing Group could also divide Trusted Computing into its actual components: trust-based security and digital rights management.

In the spring of 2016, the Federal Ministry of Economics announced a research project on setting up alternative certification infrastructures for trustworthy data processing.

Trusted computing for vehicles

Trusted computing can also be used to secure data traffic from networked cars. The focus is on secure data connections between vehicles and the manufacturers' servers. An investigation using the example of the ConnectedDrive from BMW has shown that there are still safety problems . It is possible to hack the system and use a portable cellular base station to open vehicles without a key or knowledge of the owner. Car manufacturers could also use secure communication channels, for example, to bind customers to their own workshops. This could lead to a restriction of competition if, for example, error logs transmitted online were only accessible to certain workshops. Bernhard Gause, member of the executive board of the General Association of the German Insurance Industry (GDV), therefore emphasizes that the vehicle owner should ultimately determine which data is collected and who is allowed to access it. The data protection authorities also take a similar view, and the data provided should also be made available in a standardized form.

Trusted Computing and Digital Rights Management

The creation of a "safe" system environment is the prerequisite for establishing digital rights management (DRM) in the PC or "player" area. With the help of the TC functions, for. For example, it can be recognized whether playback software or hardware has been manipulated or changed in order to circumvent manufacturer restrictions (such as copy protection). Therefore, in some media, TC is associated with the topic of DRM, even if no corresponding applications exist so far.

The AntiTCPA activists doubt this. The hacker Lucky Green, according to his own declaration, took this as an opportunity in 2003 to get the combination of DRM and TC protected as a patent. However, contrary to this announcement, no corresponding patent can be found on any of the international servers.

Critics doubt the acceptance of DRM systems that assume from the outset that the customer is dishonest. In the opinion of Stefik Mark, as long as they do not offer any advantages for the consumer, they are probably only perceived as an unpleasant complication.

literature

  • Ralf Blaha: Trusted Computing put to the test of the anti-trust prohibition of abuse. Verlag Österreich, Vienna 2006, ISBN 3-7046-4925-2 ( Legal series 218), (At the same time: Vienna, Wirtschaftsuniv., Diss., 2006).
  • Chris Mitchell (Ed.): Trusted Computing. Institution of Engineering and Technology (IET), London 2005, ISBN 0-86341-525-3 ( IEE Professional Applications of Computing Series 6).
  • Thomas Müller: Trusted Computing Systems . Springer-Verlag, Berlin / Heidelberg 2008, doi : 10.1007 / 978-3-540-76410-6 ( books.google.de ).
  • Siani Pearson: Trusted Computing Platforms. TCPA Technology in Context. Prentice Hall, Upper Saddle River NJ 2003, ISBN 0-13-009220-7 ( Hewlett-Packard Professional Books ).
  • Norbert Pohlmann , Helmut Reimer: Trusted Computing. A way to new IT security architectures . Springer-Verlag, 2008, ISBN 978-3-8348-9452-6 ( books.google.com ).
  • Markus Hansen, Marit Hansen: Effects of Trusted Computing on privacy . In: Norbert Pohlmann, Helmut Reimer (ed.): Trusted Computing . 2008, ISBN 978-3-8348-0309-2 , pp. 209-220 , doi : 10.1007 / 978-3-8348-9452-6_15 .

Web links

General

Pro trusted computing

Against trusted computing

Individual evidence

  1. TCG Glossary of Technical Terms. on the TCG website, July 2009.
  2. ^ Institute for Internet Security - if (is): Preventive Security Mechanisms. Internet Security Institute , accessed September 2, 2016 .
  3. Integration of the TPM in IT products on bsi.bund.de
  4. Xin Ping She, Jian Ming Xu: Wireless LAN Security Enhancement through Trusted Computing Technology . In: Applied Mechanics and Materials . tape 577 . Trans Tech Publications, 2014, ISSN  1662-7482 , pp. 986-989 , doi : 10.4028 / www.scientific.net / AMM.577.986 .
  5. ^ Stefan Bechtold: Trusted Computing. Legal problems of an emerging technology. Preprints of the Max Planck Institute for Research on Collective Goods Bonn, 2005/20 ( coll.mpg.de PDF).
  6. Available trusted computing platforms. ( Memento from June 15, 2006 in the Internet Archive )
  7. A warning about Windows 8 is issued on m.youtube.com
  8. TrustedGRUB in new version 1.1.3. on emscb.com.
  9. Update: IT experts from the federal government warn against Windows 8. In: ZDNet.de. August 21, 2013, accessed September 2, 2016 .
  10. dpa: Trusted Computing. Federal Office does not consider Windows 8 to be "dangerous". In: Zeit Online. August 22, 2013, accessed September 2, 2016 .
  11. Animated short film against Trusted Computing. (English, German subtitles available)
  12. Ross Anderson: Trusted Computing FAQ ( Memento from February 7, 2006 in the Internet Archive ) (German translation)
  13. Clarifying Misinformation on TCPA. (PDF; 34 kB) on the IBM Research website
  14. Trusted Computing in practical use. bsi.bund.de, accessed on September 2, 2016 .
  15. Membership Benefits. on the website of the Trusted Computing Group, accessed December 2, 2010.
  16. Markus Hansen: A Double-Edged Sword - On the Effects of Trusted Computing on Privacy. (No longer available online.) Datenschutzzentrum.de, archived from the original on March 5, 2016 ; accessed on September 2, 2016 . Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / www.datenschutzzentrum.de
  17. Federal government researches infrastructure for trusted computing. heise online, accessed on September 2, 2016 .
  18. Dieter Spaar: Security gaps in BMW's ConnectedDrive. In: heise.de. c't, accessed on September 2, 2016 .
  19. Trusted Computing for the car. heise online, accessed on September 2, 2016 .
  20. Heise: The sealed PC - What is behind TCPA and Palladium?
  21. Mark Stefik: Letting Loose the Light: Igniting Commerce in Electronic Publication. (PDF; 2.6 MB) In: Internet dreams: Archetypes, myths, and metaphors. MIT Press, Cambridge, MA, 1996, p. 13 , accessed on July 27, 2007 (English): “There is an important issue about the perception of trusted systems. One way of looking at them is to say that trusted systems presume that the consumer is dishonest. This perception is unfortunate, and perhaps incorrect, but nonetheless real. Unless trusted systems offer consumers real advantages they will probably view them as nuisances that complicate our lives. "