Security Watch: Can Trust Be Put Into Computing?

The TCG effort builds upon the early government work, adding features needed for commercial systems. This has resulted in an open specification that is already appearing in hardware from IBM and other vendors.

The key TCG hardware component is the Trusted Platform Module (TPM), which holds a unique public/private key pair signed by the manufacturer and an AES (Advanced Encryption Standard). It can create more keys that can be used to prove that any data coming from a Trusted Computer really came from it, and who can view it, even if the data is anonymous--all without revealing which Trusted Computer the data came from. This "attestation" feature is the one everyone is looking for in cooperative computing environments.

Microsoft's NGSCB is an example of the mixed mode of Trusted Computing operation, where some parts of the OS and some applications are Trusted and others are not. You can run the things you really care about in the Trusted environment. But there are too many new hardware and software requirements to expect a totally Trusted environment to be widely deployed as user platforms. Microsoft did not design NGSCB for the current TPM specification, but it's working so that the next version will meet TPM requirements, thus resulting in further delays for Trusted Computing.

TCG is not the only Trusted Computing effort. Although Microsoft's Xbox is not a Trusted Computing platform in the technical sense of the TCG--there is no TPM and no way for one Xbox to make a security claim to another--the Xbox does provide for a Trusted operating and application environment. All applications must be signed with certificates from Microsoft's special Xbox PKI, or they won't run.

Whatever the initiative, Trusted Computing won't solve the problem of mistrust in the Internet. Malicious code will still run in the untrusted parts of systems. There are just too many computers without TPMs, providing fertile fields for malicious code attacks. Even Trusted applications are not safe from attacks against bad coding like buffer overruns. If there were a fully Trusted OS from Microsoft with a buffer overrun that allowed DEL c: Trusted Computing will find its home where there is critical data to protect and limited usage--for medical records, diaries, product marketing forecasts and, yes, music and movies. Microsoft is the most visible champion of the Trusted Computing environment, but there will be others. At least one Unix implementation, and special-purpose platforms not unlike the Xbox, will surely enrich our computing experience.

--Robert Moskowitz, [email protected]

Post a comment or question on this story.