trusted computing or how i learned to stop worrying and love the mpaa
TRANSCRIPT
Trusted Computing
Or
How I Learned to Stop Worrying and Love the MPAA
Trusted Computing
Overview of TCP How it works
Intel LaGrandeMicrosoft NGSCB (Palladium)
Uses Issues
Trusted Computing Group
TCG formed by industry leaders Open standards for trustworthy computing Provides hardware and software security
to combat several type of threat Moving towards PDAs, omnipresence
Features of Trusted Computers
For businessLicensingDRM
For UsersAnti-hackerAnti-virusBackwards compatibleCan be turned off
LaGrande
Intel’s hardware implementation Based on Arbaugh’s secure bootstrap Runs parallel to normal architecture Uses hash values for modification
detection Operates in several different parts of
chipset
LaGrande – Secure Bootstrap
Higher abstraction layers only as secure as lower
Trusted CPU, chipset, and boot ROM Each layer verifies hash of next layer
before execution
LaGrande – Protected Environment
Built on top of secure bootstrap architecture Instruction set extensions to create protected
processor partition Extensions to create protected software stack Trusted platform module (TPM) verifies
conditions Changes to I/O controller, memory controller,
graphics controller, and CPU
LaGrande
Separate execution space Separate memory space Secure mouse/keyboard Secure graphics
NGSCB
Software side of TC Domain Manager aka Nexus Sealed Storage Remote Attestation
NGSCB – Nexus
Security kernel, authenticated on boot Authenticates trusted programs Application interface to TPM Does not trust OS
NGSCB – Sealed Storage
Encrypts data on storage device Key is not stored on storage device Hash of creating program stored with file TPM only decrypts for program that
passes modification detection Decrypted only with same TPM / same
program
NGSCB - Remote Attestation
Communicate hashes of secure programs for remote verification of modification detection
Ensures that client software functions as intended
Kazaa vs. MPAA/RIAA
Uses Remote banking, business-to-business e-commerce, and online
auctioning Corporate networking, document sharing Cheat-proof gaming enforcement Secure data storage Personal privacy protection, data management, and record keeping Shared computing and secure transactions Secure home computing Government agencies that require a high level of security and trust Software license enforcement Copyright enforcement
Issues
GPL Who is in control – owners, MS, or content
providers? Assumptions – hardware modifications
possible Censorship
References
Trusted Computing: Promise and Risk http://www.eff.org/Infra/trusted_computing/20031001_tc.php
http://www.microsoft.com/resources/ngscb Ross Anderson’s site http://www.cl.cam.ac.uk/~rja14/ Anderson’s Patent Arbaugh Paper Inside Intel's Secretive 'LaGrande' Project
http://www.extremetech.com/print_article/0,3998,a=107418,00.asp http://www.intel.com/technology/security/ http://www.microsoft.com/whdc/winhec/pres03.mspx