17

Hardware support for various client-side controls based on Trusted Computing (Wikipedia) has been evolving over the years, e.g. TCPM, TPM, TXT (LaGrande, DRTM).

I've heard of one practical application, for convenient disk encryption via a "Transparent operation mode" of BitLocker.

What other examples are out there of applications of trusted computing technology? I'll separate out two categories of interest.

  • Stand-alone, protects "me the user and owner" from modified files. Bitlocker is one example, but this also includes e.g. "TXT late launch" from an untrusted environment into a trusted virtual machine, as discussed at Attacking TXT (Joanna Rutkowska))
  • "Remote attestation": demonstrate to another system that this one is running approved software (e.g. to allow a server to trust a browser, for fairness in online game playing, etc)

Open source applications are of most interest to me.

Note: I'm very aware of the issue that TC can be viewed as "treacherous computing", due to the various threats to user control e.g. via more effective DRM, and associated political issues. But please don't discuss that side of it here.

nealmcb
  • 20,693
  • 6
  • 71
  • 117
  • Are you looking for real, practical examples of today's applications, or theoritical applications that could by enabled by TC in the future? These are two very different things, as deployment of the technology has been slow due to various practical reasons. – john May 20 '11 at 23:17
  • @john I'm looking for real things, like my bitlocker example. Practicality is secondary. But not just ideas. – nealmcb May 21 '11 at 01:54

3 Answers3

17

Generally one has to know what TPMs and TXT and all these technologies are aimed to protect from, because there are misunderstandings. TPMs, generally, enable 5 distinct processes, and only those:

  • Integrity measurement – computation of a cryptographic hash of a platform component
  • Authenticated boot – a process by which a platform's state (the sum of its components) is reliably measured and stored
  • Sealed storage – the process of storing data on a platform in such a way that the data can only be retrieved if the platform is in a particular state
  • Attestation – the process of reliably reporting the platform's current state
  • Isolated execution – enables the unhindered execution of software

From the Intel perspective, TXT is the entirety of trusted computing functions including the TPM, modifications to the operation of the processor and modifications to the operation of the chipset.

Main features of TXT technology are all those of TPMs plus

  • protected execution (hardware-based domain separation)
  • protected memory pages (providing protection against all four different ways memory can be accessed - through software, through DMA, through GPU cards, through SMM)
  • protected input
  • protected graphics
  • enabling trusted channels (between two computers or devices between one computer)

The Late Launch feature you mention is an optional TXT feature to enable measurements to occur after a system has been booted instead of every step of the boot processes, it's somewhat complicated.

Generally Trusted Computing is a huge project, with much research going on around the world for years, and has short term, mid term and long term goals. I must disclose here that I'm part of that research.

Now on to real implementations (although these are outside my field)

First of all, all major system manufacturers have enterprise hardware and software that makes use of TPM's, some features of it a least. Companies like Dell and HP that produce the majority of enterprise systems use software like (HP ProtectTools). In this example, pre-boot authentication is used with the help of a TPM. Microsoft has been in this research since forever, and has relased bitlocker with support for TPM before Vista. Actually bitlocker is not only about encryption: It has a separate feature named Secure Startup that implements the integrity checking part (it could be there without the encryption component). Transparent operation has to do with authentication - it can work in pre-boot auth mode as well. Also security software ventors, like symantec and mcaffee have software that relies or makes use of TPMs.

Now, I'm not aware of any other commercial or ready-for-use open source software dealing with TPM's and attestation or any other feature. (but as I said I haven't looked much, maybe another member knows more).

If you want experimental tools, proof of concept software or just papers and specifications, there are lots of that - as I said there are long-term goals in the project, and attestation is one of the long-term goals. Here is an example, reference implementation of the software stack necessary to support all features of a TPM in linux: http://www.opentc.net/publications/OpenTC_PET_prototype_documentation_v1.0.pdf (software is at http://www.opentc.net )

Just to intrigue the readers, Network Access Control is an active area of research - commercial tools may exist on that one already. The general idea in NAC using TPM's is of course to only allow a device in a network if it can be verified as secure by providing specific measurements, not only on the integrity of the booted software, but also on the level of patches applied, the anti-virus definitions, the firewall configuration... Other examples of research: Secure software download, as in a mobile carier that needs to update a phone's firmware over the air securely, specifically the software of the Software Defined Radio. Of course, Digital Video Broadcasting (DVB) is an area or research - dvb receivers already use smartcards to store keys, TPM's can be used instead.

Very-long term goals? Imagine a world where every system and mobile device has a TPM: a cryptographic coprocessor, secure storage.. and can generate public key pairs on demand, without user interaction: a worldwide PKI - research is ongoing on how to manage and what to do with that!

I think i've drifted far than the scope of the question so this should be enough.

nealmcb
  • 20,693
  • 6
  • 71
  • 117
john
  • 10,998
  • 1
  • 36
  • 43
8

All the relevant tools are available for Linux, likely even more than elsewhere.

Much the open source spirit, you have to build everything yourself. A free version of MS Bitlocker is suggested if you google "IBM blueprint eCryptFS TPM". Trousers also supports a PKCS#11 interface that allows integration with, e.g., Firefox. With Linux IMA, you get a nice flexible measurement architecture even in Linux. Flicker also allows you to start simple programs using LateLaunch technology.

However, "remote attestation", one of the major goals, is still impossible/impractical, except for very constrained setups. There are simply too many possible configurations and too frequent updates to base any security enforcement on a typical (several thousand items long) list of SHA-1 measurements. Different OS architecture would help (google 'Turaya'), but MS management shelved NGSCB in 2004 and Linux 3.0 is still not a microkernel.

To my knowledge, "trusted hardware" for user I/O was intended a long time ago but never realized. Intel TXT implements VT-d but does not help against, e.g., a hardware-based keyboard logger. There is little demand for such things. There are also some conceptual problems with the current implementation of DRTM/LateLaunch on x86. AMT and SMM essentially prevent you from creating a truly independent RTM. This is not trivial to fix and Intel more or less refused to do so due to lack of demand: No point in breaking x86 architecture for obscure "Ring -3" attacks if you still get a new browser exploit every 1-2 weeks.

A good ressource for problems of DRTM: http://invisiblethingslab.com/itl/Resources.html

Also, Flicker was recently extended and moved to SF: http://flickertcb.sourceforge.net/

Apart from using the TPM as a SmartCard, Flicker is probably the most interesting tool for the desktop. Interesting developments in the mobile area are 'Onboard Credentials (ObC)' and software-based attestation (SWATT, Pioneer, lately also "PUF-based attestation"). Attestation is more practical here because of the much, MUCH less complex software stacks and slower dev cycles.

pepe
  • 3,536
  • 14
  • 14
  • Excellent - very helpful. Can you expand on e.g. how folks on Linux could use a TPM as a SmartCard? Are any Linux distros making TPM-based tools more accessible? – nealmcb Jun 24 '11 at 04:43
  • I just found out recently, since we wanted to build a TXT-based Software Smartcard. The standard Trousers TSS suite seems to provide a PKCS#11 interface. If you google that, you will find confirmation that this works for certificate storage and e.g. Firefox. If you want to try that, I would much appreciate a HOWTO. Documentation on installing and integrating Smartcards with various Linux Apps is rare and often outdated. – pepe Jun 28 '11 at 20:52
2

This question has already been answered but I feel it's getting old.

Here's some new stuff going on about Trusted Computing:

northox
  • 1,413
  • 16
  • 26