Why is trust related to computing such a big deal? Imagine if the data on your
computer is visible to others. Or, what if others have changed the data on your
computer? Trust doesn’t only refer to “secrets,” it also encompasses the
ability to count on your computer to act the way you expect it to, without
unanticipated crashes and appearance of viruses becoming part of your computing
routine. These issues have made “trusted computing” the electronics industry’s
biggest 21st-century buzzwords.
Table of Contents
- Security Starts With Measurement
- The Trusted Platform Module
- Booting Up
- How Real Is The Need For Trusted Computing?
Along with the exploding interconnectedness among computers and other devices,
the issue of cyber security has grown into one of great concern, since all
devices are open to attack and compromise whether they are network connected or
even offline. It was this concern that brought many of the heavy hitters in the
computing world – including AMD, Hewlett-Packard, IBM, Intel and Microsoft –
together in 2007 to create the not-for-profit consortium known as the Trusted
The Trusted Computing Group (TCG) formed to improve trustworthiness on information systems by defining,
developing and promoting open, vendor-neutral, globally respected industry
standards that would support a hardware-based “root of trust” in computing
platforms. A root of trust is defined by the TCG as “a component that must
behave as expected because misbehavior cannot be detected.” The group’s goal
came to be the development of an integrated circuit that meets TCG
specifications ranging from protecting privacy and backward compatibility; to
technology that is interoperable, and that keeps data portable and accessible.
Some of the concerns relevant to a discussion of trusted computing include
whether a trusted system booted the computer, the system is still running on
the computer, the running system is approved for the application and whether
the system has access to trusted network service.
Gathering evidence is the only way to prove that a computer system has not been
changed or modified. Once the evidence has been gathered and trust has been
established, each of the questions above can be answered. In order to do this,
a baseline must be established. By comparing a baseline measurement against the
measurement taken every time the computer is powered on, the decision of trust
becomes an evaluation of the evidence.
A baseline measurement does not refer to length, width or weight, but rather
what specific devices comprise the computer system. This can include anything
from the make and model of keyboard to the fact that the system is powered by
an Intel i7 processor with 96 Gbytes of ECC DDR3 1333 MHz RAM, and a hard
drive attached to a SATA port, for example.
Once you have all the configuration data, it can be encrypted, making it nearly
impossible to tamper with. Then the encrypted data and the encryption key are
stored separately, where no one else except a registered user can find them.
This provides a safe and secure measurement of the computer’s hardware that can
be used as evidence to prove the computer can be trusted.
The same security specifications that are used with hardware are applicable to
software, so it too must be measured. There are several different methods to
measure the software, each having individual, complex algorithms. As with
hardware, the goal is to establish a measurement of the software on the
computer, encrypt it and store the data where it is safe.
Several specifications came out with the inception of the Trusted Computing
Group. The most important of these are the actualization of its goal related to
the Trusted Platform Module (TPM), as well as the related Trusted Software
Stack (TSS). Together TPM and TSS provide a new level of security that can be
applied to existing applications and can be utilized with new developments to
create inherent trusted computing environments.
A TPM (Fig. 1) is a microchip designed to provide basic security-related functions. The
TPM is usually installed on the motherboard of a computer or laptop, and
communicates with the rest of the system using a hardware bus.
Computers that incorporate a TPM have the ability to create cryptographic keys
and encrypt them so that they can be decrypted only by the TPM, a process
called “wrapping” or “binding.” Each TPM has a root “wrapping” key, called the
Storage Root Key (SRK), which is stored within the TPM itself. The private
portion of a key created in a TPM is never exposed to any other component,
software, process or person.
Computers that incorporate a TPM can also create a key that has not only been
wrapped, but also tied to certain measurements. This kind of key can only be
unwrapped when those platform measurements have the same values that they had
when the key was created. This process is called “sealing” the key to the TPM.
Decrypting it is called “unsealing.”
Secure computer operation is made possible by the TPM through three main blocks
of operation, starting with the cryptographic processor, whose main function is
to generate the encryption keys (Fig. 2). The TPM processes commands and data from the
host system, then specific responses are relayed back to the host system though
the hardware bus.
The data stored in Persistent Storage, the second major block, can only be
accessed through the use of the encrypted SRK, embedded in the TPM security
hardware. This key is required to open up the block for use by application
software, and is used to protect TPM keys created by applications, so these
keys cannot be used without the TPM.
The third block is the Versatile Storage area, which is used to store keys
generated either by the TPM or by others.
Establishing a root of trust when a computer is powering on is the first step
toward cyber security, since this is when measurements are conducted and stored.
This process ensures that access to data in a platform could be denied if the
boot sequence is not as expected. Because most system “attacks” occur while a
computer is running, a “run-time” root of trust must also be established.
Created by periodically refreshing, re-evaluating and representing the “evidence,”
the run-time root of trust will detect many system attacks.
Virtual machine support can extend secure boot support to guest operating systems (Fig. 3).
The sequence is illustrated well in a technical report prepared by the
department of mathematics at the University of London (March 2010). It notes
that when booting up a system containing a TPM, the process begins with the
BIOS Boot Block (BBB), also called the Core Root of Trust for Measurement,
which measures its own integrity and the integrity of the entire BIOS. It
stores the details of the measured components in the Stored Measurement Log (SML),
saving the integrity measurements (hash values of the component measured)
in a TPM Platform Configuration Register (PCR).
The BBB then passes control to the BIOS, which contains a Measurement Agent (MA),
responsible for measuring the option ROMs, storing the details of the
measured components in the SML and the integrity measurements in a TPM PCR.
Control is then passed from the BIOS to the option ROMs, which carry out their
normal operations and pass control back to the BIOS. The BIOS then measures the
OS Loader, and stores the details of the measured component in the SML and the
integrity measurement in a TPM PCR.
Control is then passed to the OS loader, also containing an integrated MA,
which carries out its normal functions and then measures the OS, stores the
details of the measured component in the SML and the integrity measurements in
a TPM PCR. Finally, control is passed to the OS.
Trusted Computing with a TPM offers a significant advancement in platform
security if all of the features are utilized. It offers assurance related to
software-based attacks from malicious code, Trojans, viruses and root kits, as
well as providing platform configuration information when requested. Its
strength is in its ability to measure components on a platform in a way that
cannot be bypassed by code running without the knowledge of the core root of
trust supported by the system’s various measurements.
In the 2007 E-Crime Watch Survey conducted by the U.S. Secret Service, Carnegie
Mellon University Software Engineering Institute’s CERT program and Microsoft
Corp., four types of risks were studied to determine the security of systems
with a TPM installed compared to those without. The risks selected were
Compromise of information, Technical failures, Unauthorized Actions and
Compromise of functions.
It was found that a TPM reduced the risks by 33 percent to 67 percent across
most of the risks. The TPM was most effective on risks associated with “Compromise of information”
and “Unauthorized actions,” which are especially
applicable to all kinds of regulated environments because these risks can
invalidate data. Even worse, they could allow a regulator or operator to shut
down business operations if compliance cannot be demonstrated.
Trusted computing has been a necessary and logical outgrowth of our changing
world, and goes hand-in-hand with the continued interconnectedness of computing
devices, as well as the number and kinds of threats arising. Since threats are
always changing, keeping encryption technology current is a constant challenge.
Another challenge has been to consistently address the arguments of critics
regarding the balance of security and privacy in trusted computing. These
issues form the basis of continual study and development by companies that
specialize in computing technology.
Underlying the issues is the belief that both security and privacy are equally
important contributors to the trust that people have in computing, and in
online services and information systems. It is a belief that computers and
computing devices should do what people expect regardless of disruption from
environmental sources, user and operator error, or attack by hostile forces.
Even though computers are not always recognizable in all their various forms,
they are present in our cars, phones, homes, appliances, medical devices and
military equipment. And the prevalence is only increasing. It is a certain
assumption that, especially in an age of cloud computing, people would prefer a
computer absolutely bound by code to their bank account, for example. In that
case, the only way they couldn’t access their money would be if their laptop or
computer was actually missing.
Since September 2001 and the sophisticated forms of terrorism we have
experienced, and because we need increased assurance for our troops that fight
overseas, our military is one of the proving grounds for trusted computing.
Because keeping information safe that is crucial to our national security is a
necessity that design and make embedded computing systems for military use are
pioneers in the field, and their technology reflects the latest hardware and
According to statistics reported by Microsoft, since 2007 and the formation of
the Trusted Computing Group, about 300 million PCs alone have been shipped with
TPMs. As more users share storage, networks, information and infrastructure,
the more we all benefit from the TPM solution. Everyone deserves the added
assurance regarding security and privacy afforded by TPM computing, along with
the edge of interaction with a more secure network at large.
- Trusted Computing Group
- Donald Palmer, “Changing military operations demand fail-safe solutions in cyber security”, Military and Aerospace Electronics, Sept. 2012.