by: Narpati Wisjnu Ari Pradana
I. Introduction
Information security has been a problem for a long time, as long as the human civilization itself. Delilah seduced Samson to get information about his weakness. The muslim, used isnad (citation) system to assure the validity of hadith (sayings of prophet) [1]. The ancient Greek used scytale to encrypt their military messages [2].
Nowadays, in the digital era, the problem becomes more complicated. Firstly, people who are threats of information security do not need to have physical access to information source. Secondly, we have concept of copyright and patent but, unfortunately, there are people who either unaware about the concept or dislike the concept. Thirdly, the privacy concept makes some solution to control the information flow more difficult.
Meanwhile, the information attacker can attack from any part of the information. They can attack the network, the media (hardware), or using software to harm the system. There are some solutions but most of them only for “bandaids to help the wound” [3]. Mechanism proposed by Trusted Computing Platform Alliance (TCPA) may be solution which is not bandaids but, as Farber wrote, fundamental look into long-term re-design.
TCPA was an organization, founded at 1999 by electronic and computer (software and hardware) industries. The TCPA itself has been discontinued, but the specification were adopted by Trusted Computing Group (founded at 2003) which also responsible for all works of new specification. Microsoft as one of the founder of both TCPA and TCG has a similar project which is called as Next-Generation Secure Computing Base (NGSCB). Despite the TCPA has already been discontinued, looking at TCPA is still relevant since its concept were adopted by both TCG and NGSCB with some addition from themselves. Thus, those terms, especially TCG and TCPA may be generally interchanged in the following report.
II. Assets and Threats
When we talk, discuss, or make decision about security, assets that should be protected should be included in the topic. In TCG site, the concerned assets are data and digital identities which should be kept from software attack and physical theft [4]. The increasing of software attack due to combination of increasingly sophisticated and automated attack tools, the rapid increase in the number of vulnerabilities being discovered, and the increasing mobility of users [4] make the problems more critical.
Both of software attack and physical theft (such as someone steal a PDA) can make a confidential document being disclosured, misleading by impersonation, even make the system unavailable.
Another asset being discussed in TCPA is Intellectual Property or Copyright content. Although this is not the purpose of TCPA but DRM (Digital Right Management), some people, such as Ross Anderson, believe this is the original motivation [5]. TCPA itself embeds DRM into platform infrastructure [6].
III. TCPA Mechanism
The keyword of TCPA is “trust”. Reid and friends [7] wrote two aspects of trustworthiness. Firstly, the platform owner and user should be able to trust the configuration of the platform. Secondly, the platform should be able to attest information about its configuration to another platform in a manner that the second platform can trust.
In general, TCPA contains Trusted Platform Module (TPM), trusted storage (protected storage or sealed storage [7]), TCPA-enabled Operating System [8].
TPM (the similar part in NGSCB is called “Nexus”) is the important part of Trusted Computing. TPM should be a fixed part of device [7] for example, tightly coupled to CPU [8]. It cannot be transferred to another platform and confirm the machine’s hardware configuration is in accordance with platform‘s policy [8]. It keeps the hash of BIOS code, taken by BIOS boot block, called as Core Root of Trust for Measurement (CRTM), in a part called as Platform Configuration Register (PCR). An Endorsement Key Pair is provided to each TPM uniquely, hence, identifying TPM in transactions will be unambiguous [7]. The Endorsement Key Pair cannot be used for general transaction. It is only used in the identity credential request protocol. The identity credential is provided by Privacy Certification Authority (CA).
DRM, that make some people worry [5], cannot be enabled by TPM only. It requires OS-support [8]. Operating System also enables mandatory access control (MAC). Coupled by TPM, the documents that user create can only be read on certain computers, by certain people, and during certain time periods [8].
IV. TCPA versus Threats
Using TCPA, some common threats may be countered. TPM uniqueness may be able to counter IP-spoofing attack. It may make the online transaction more reliable.
CRTM features may prevent attack from physical access. For example, if a PDA is stolen and it is protected by some authentication such as username and password, it would be difficult to operate the PDA without passing the authentication first (maybe, the thief wants to bypass the authentication by change the boot configuration). TPM also can be used to protect cryptographic keys from malicious software [7]. It can generate signing only key pairs and perform all signing operation itself [7].
Using combination with OS and applications, sending data through network may be more secure. If the information is successfully tapped by someone, the information would be useless since it only allowed to be opened in certain computers. TCPA features, combined with OS or applications, can be used to prevent piracy, especially if the application (or OS) implements DRM.
V. The Disadvantage The TCPA raised controversy so much. Arbaugh mentioned that without examining any of its technical details, the media was quick to condemn TCPA effort [8]. Some of TCPA-haters make websites to campaign against it (http://www.againsttcpa.com/). There are actually, disadvantage for TCPA.
As mentioned in introduction, privacy makes some solution of information security more difficult and TCPA is one of them. The TPM uniqueness is threat for privacy. Even If a user requests several anonymous credentials, the anonymous credentials still can be link to the user because the user is uniquely identified in each certificate request [8].
Monopoly is also threat from TCPA. However, TCPA specification itself does not allow a third party to control which operating system and application software a platform owner can run [7].
Another disadvantage, mentioned by Felten [9], is interoperability. The encryption facility can force so only the same program si allowed to decrypt it. However, Felten did not mention it as TCPA disadvantage but as TC disadvantage.
VI. Conclusion TCPA concept is interesting for them who choose security as the first priority, for example, companies who have many branches and need to communicate among the branches or military and government officials. Privacy may be a matter for most of industrial countries. However, there are countries who never consider privacy as important things such as Singapore, Indonesia, Iran, China. Thus, TCPA may be widely accepted in those countries. However, TCPA may not suitable for companies which want to be available for public (such as e-commerce companies) and the targets are in privacy-is-matter countries.
References:
[1]. Wikipedia.org. Isnad. 2004.http://en.wikipedia.org/wiki/Isnad. Last Accessed at: 22th August 2004
[2]. Wikipedia.org. Scytale. 2004. http://en.wikipedia.org/wiki/Scytale. Last Accessed at: 22th August 2004
[3]. Farber, D. Fame, but no riches, for cybersecurity. January 2003. Spectrum, IEEE, Volume: 40, Issue:1, pages 51-52
[4]. Trusted Computing Group. Trusted Computing Group Backgrounder. 2003. https://www.trustedcomputinggroup.org/downloads/TCG_Backgrounder.pdf. Last Accessed at 21th August 2004
[5] Anderson, Ross. ‘Trusted Computing’ Frequently Asked Questions. 2003. http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html. Last Accessed at 22th August 2004.
[6] Samuelson, Pamela. Digital Rights Management and fair use by design: DRM {and, or, vs} the law. April 2003. Communivations of the ACM, Volume 46 Issue 4
[7] J. Reid, J.M.G. Nieto, E. Dawson, E. Okamoto. Privacy and trusted computing. 2003. Database and Expert Systems Applications, 2003. Proceedings. 14th International Workshop on, 1-5 Sept 2003
[8] Arbaugh, B. Improving the TCPA specification. August 2002. Computer, Volume:35 Issue 8
[9] Felten, E.W. Understanding trusted computing: will its benefits outweigh its drawbacks?. 2003. Security & Privacy Magazine, IEEE, Volume 1, Issue: 3, May-June 2003.