Understanding Trusted Computing From The Ground Up

Why is trust related to computing such a big deal? Imagine if the data on your computer is visible to others. Or, what if others have changed the data on your computer? Trust doesn't only refer to "secrets," it also encompasses the ability to count on your computer to act the way you expect it to, without unanticipated crashes and appearance of viruses becoming part of your computing routine. These issues have made "trusted computing" the electronics industry's biggest 21st-century buzzwords.

Introduction

Along with the exploding interconnectedness among computers and other devices, the issue of cyber security has grown into one of great concern, since all devices are open to attack and compromise whether they are network connected or even offline. It was this concern that brought many of the heavy hitters in the computing world - including AMD, Hewlett-Packard, IBM, Intel and Microsoft -- together in 2007 to create the not-for-profit consortium known as the Trusted Computing Group.

The Trusted Computing Group (TCG) formed to improve trustworthiness on information systems by defining, developing and promoting open, vendor-neutral, globally respected industry standards that would support a hardware-based "root of trust" in computing platforms. A root of trust is defined by the TCG as "a component that must behave as expected because misbehavior cannot be detected." The group's goal came to be the development of an integrated circuit that meets TCG specifications ranging from protecting privacy and backward compatibility; to technology that is interoperable, and that keeps data portable and accessible.

Security Starts With Measurement

Some of the concerns relevant to a discussion of trusted computing include whether a trusted system booted the computer, the system is still running on the computer, the running system is approved for the application and whether the system has access to trusted network service.

Gathering evidence is the only way to prove that a computer system has not been changed or modified. Once the evidence has been gathered and trust has been established, each of the questions above can be answered. In order to do this, a baseline must be established. By comparing a baseline measurement against the measurement taken every time the computer is powered on, the decision of trust becomes an evaluation of the evidence.

A baseline measurement does not refer to length, width or weight, but rather what specific devices comprise the computer system. This can include anything from the make and model of keyboard to the fact that the system is powered by a particular processor. For example, General Micro Systems' SZC91X system incorporate an Intel Westmere processor because it incorporates the necessary security functions: It supports Intel's second generation Virtualization Technology (VT-d2); supports the TPM; and supports Trusted Execution Technology (TXT) for secure system operation. The system has 96 Gbytes of ECC DDR3 1333 MHz RAM, and a hard drive attached to a SATA port housed in a rugged case.

Once you have all the configuration data, it can be encrypted, making it nearly impossible to tamper with. Then the encrypted data and the encryption key are stored separately, where no one else except a registered user can find them. This provides a safe and secure measurement of the computer's hardware that can be used as evidence to prove the computer can be trusted.

The same security specifications that are used with hardware are applicable to software, so it too must be measured. There are several different methods to measure the software, each having individual, complex algorithms. As with hardware, the goal is to establish a measurement of the software on the computer, encrypt it and store the data where it is safe.

The Trusted Platform Module

Several specifications came out with the inception of the Trusted Computing Group. The most important of these are the actualization of its goal related to the Trusted Platform Module (TPM), as well as the related Trusted Software Stack (TSS). Together TPM and TSS provide a new level of security that can be applied to existing applications and can be utilized with new developments to create inherent trusted computing environments.

A TPM (Fig. 1) is a microchip designed to provide basic security-related functions. The TPM is usually installed on the motherboard of a computer or laptop, and communicates with the rest of the system using a hardware bus.

Figure 1. The trust centers around the Trusted Platform Module involve hardware and software to endow a system with the ability to behave as expected. (General Micro Systems)

Computers that incorporate a TPM have the ability to create cryptographic keys and encrypt them so that they can be decrypted only by the TPM, a process called "wrapping" or "binding." Each TPM has a root "wrapping" key, called the Storage Root Key (SRK), which is stored within the TPM itself. The private portion of a key created in a TPM is never exposed to any other component, software, process or person.

Computers that incorporate a TPM can also create a key that has not only been wrapped, but also tied to certain measurements. This kind of key can only be unwrapped when those platform measurements have the same values that they had when the key was created. This process is called "sealing" the key to the TPM. Decrypting it is called "unsealing."

Secure computer operation is made possible by the TPM through three main blocks of operation, starting with the cryptographic processor, whose main function is to generate the encryption keys (Fig. 2). The TPM processes commands and data from the host system, then specific responses are relayed back to the host system though the hardware bus.

Figure 2. Caption: This block diagram illustrates the encryption keys incorporated in the Trusted Platform Module that together form the heart of the TPM's capabilities. (General Micro Systems)

The data stored in Persistent Storage, the second major block, can only be accessed through the use of the encrypted SRK, embedded in the TPM security hardware. This key is required to open up the block for use by application software, and is used to protect TPM keys created by applications, so these keys cannot be used without the TPM.

The third block is the Versatile Storage area, which is used to store keys generated either by the TPM or by others.

Booting Up

Establishing a root of trust when a computer is powering on is the first step toward cyber security, since this is when measurements are conducted and stored. This process ensures that access to data in a platform could be denied if the boot sequence is not as expected. Because most system "attacks" occur while a computer is running, a "run-time" root of trust must also be established. Created by periodically refreshing, re-evaluating and representing the "evidence," the run-time root of trust will detect many system attacks. Virtual machine support can extend secure boot support to guest operating systems (Fig. 3).

Figure 3. This diagram shows how hardware and BIOS are verified using Trusted Execution Technology (TXT), of which TPM is a part, to enhance computer security. (General Micro Systems)

The sequence is illustrated well in a technical report prepared by the department of mathematics at the University of London (March 2010). It notes that when booting up a system containing a TPM, the process begins with the BIOS Boot Block (BBB), also called the Core Root of Trust for Measurement, which measures its own integrity and the integrity of the entire BIOS. It stores the details of the measured components in the Stored Measurement Log (SML), saving the integrity measurements (hash values of the component measured) in a TPM Platform Configuration Register (PCR).

The BBB then passes control to the BIOS, which contains a Measurement Agent (MA), responsible for measuring the option ROMs, storing the details of the measured components in the SML and the integrity measurements in a TPM PCR. Control is then passed from the BIOS to the option ROMs, which carry out their normal operations and pass control back to the BIOS. The BIOS then measures the OS Loader, and stores the details of the measured component in the SML and the integrity measurement in a TPM PCR.

Control is then passed to the OS loader, also containing an integrated MA, which carries out its normal functions and then measures the OS, stores the details of the measured component in the SML and the integrity measurements in a TPM PCR. Finally, control is passed to the OS.

How Real Is The Need For Trusted Computing?

Trusted Computing with a TPM offers a significant advancement in platform security if all of the features are utilized. It offers assurance related to software-based attacks from malicious code, Trojans, viruses and root kits, as well as providing platform configuration information when requested. Its strength is in its ability to measure components on a platform in a way that cannot be bypassed by code running without the knowledge of the core root of trust supported by the system's various measurements.

In the 2007 E-Crime Watch Survey conducted by the U.S. Secret Service, Carnegie Mellon University Software Engineering Institute's CERT program and Microsoft Corp., four types of risks were studied to determine the security of systems with a TPM installed compared to those without. The risks selected were Compromise of information, Technical failures, Unauthorized Actions and Compromise of functions.

It was found that a TPM reduced the risks by 33 percent to 67 percent across most of the risks. The TPM was most effective on risks associated with "Compromise of information" and "Unauthorized actions," which are especially applicable to all kinds of regulated environments because these risks can invalidate data. Even worse, they could allow a regulator or operator to shut down business operations if compliance cannot be demonstrated.

Trusted computing has been a necessary and logical outgrowth of our changing world, and goes hand-in-hand with the continued interconnectedness of computing devices, as well as the number and kinds of threats arising. Since threats are always changing, keeping encryption technology current is a constant challenge. Another challenge has been to consistently address the arguments of critics regarding the balance of security and privacy in trusted computing. These issues form the basis of continual study and development by companies that specialize in computing technology.

Underlying the issues is the belief that both security and privacy are equally important contributors to the trust that people have in computing, and in online services and information systems. It is a belief that computers and computing devices should do what people expect regardless of disruption from environmental sources, user and operator error, or attack by hostile forces. Even though computers are not always recognizable in all their various forms, they are present in our cars, phones, homes, appliances, medical devices and military equipment. And the prevalence is only increasing. It is a certain assumption that, especially in an age of cloud computing, people would prefer a computer absolutely bound by code to their bank account, for example. In that case, the only way they couldn't access their money would be if their laptop or computer was actually missing.

Since September 2001 and the sophisticated forms of terrorism we have experienced, and because we need increased assurance for our troops that fight overseas, our military is one of the proving grounds for trusted computing. Because keeping information safe that is crucial to our national security is a necessity that design and make embedded computing systems for military use are pioneers in the field, and their technology reflects the latest hardware and software developments.

According to statistics reported by Microsoft, since 2007 and the formation of the Trusted Computing Group, about 300 million PCs alone have been shipped with TPMs. As more users share storage, networks, information and infrastructure, the more we all benefit from the TPM solution. Everyone deserves the added assurance regarding security and privacy afforded by TPM computing, along with the edge of interaction with a more secure network at large.