|
TCPA: Who Can You Trust? |
|
Dateline: Toronto, ON, July 2002 Perchance you have seen or heard the acronym
TCPA. So what is TCPA? Is it an extension of TCP/IP? Well, no.
TCPA stands for the Trusted Computing Platform Alliance, an initiative
led by Intel along with approximately 170 other companies such as HP/Compaq,
IBM, and Microsoft. The TCPA is working towards a system that can
establish that a computer is trustworthy, and to identify any tampering with
the system—so a previously authenticated computer can’t have unchecked software
or hardware added to it that might otherwise compromise its security. TCPA sets out to assure three major aspects of
trusted computing:
In other words, TCPA will provide authenticity,
integrity, and privacy. The So, how does TCPA work? Well, when you boot up your PC, a special
chip (affectionately called, the Fritz chip after Senator Fritz Hollings of
South Carolina, who is working tirelessly in Congress to make TCPA mandatory for
all consumer electronics) takes charge. The chip checks that it sees the boot ROM it expects,
executes it, measures the state of the machine; then checks the first part of
the operating system, loads and executes it, checks the state of the machine;
and so on and so forth. That is, the BIOS boot block checks the hardware
specification of the PC against a known safe metric, and should that match, the
system then authenticates the user. It
then checks the operating system loading software. The OS loader, once proven
safe, checks the OS kernel. The kernel knows how to check the list of
legitimate software, which in turn, can use OS resources to authenticate local
and remote data. Once the chip knows the metric of one item, it
can extend the list of things it trusts throughout the system by checking each
in turn. In this fashion, the chip can steadily
expand its trust boundary of known and verified hardware and software. The
Fritz chip maintains a table of the hardware (for example, audio card, video
card, USB device, etc) and the software (for example, O/S, applications, drivers,
etc). It also checks to ensure that the
hardware components are on the TCPA approved list, that the software components
are signed, and that none of them has a revoked serial number. When there are significant changes to the PC’s
configuration, the machine must go online for re-certification. The result is a
PC booted into a known state with an approved combination of hardware and
software, with unexpired licences. The
chip then passes control over to enforcement software in the operating system; perhaps
Palladium should you have a Windows operating system. This is how to build a trusted stand-alone
system. And the question of whether to trust a remote platform is an extension
of this process: the chip obtains integrity metrics for the remote platform and
securely stores them. These metrics can include a hash, that is, an algorithmically
derived number unique for a certain configuration, digitally signed by the
remote platform. Any attempt to tamper with the remote platform will change the
hash number, which then won’t match the trusted version held locally by the
system trying to authenticate the remote platform. There are many practical uses for TCPA. You could use TCPA to implement much stronger
access controls on confidential documents. For example, an army might mandate
that its soldiers only create Word documents marked at “Confidential” or above,
and that only a TCPA PC with a certificate issued by its own security agency could
read such a document. This amounts to mandatory access control, which governments
so desire. Corporations could do this too, to make life
harder for whistleblowers and to thwart corporate spies. They could arrange it
so that only company PCs could read company documents, unless a suitably
authorized person clears them for export. They also could implement time
locks. For instance, they could arrange,
for example, that all e-mails vanish after 90 days unless someone makes a
positive effort to preserve them. But, in any case, a whistleblower who e-mails
a document to the press will achieve little, as the journalist’s Fritz chip
can’t decipher it. And, they would have
little value to the company’s competitors since the competition could not read
the documents as well. Organized crime might use the same
functionality. They could arrange that only
accredited their PCs could read the spreadsheet with the latest drug shipments,
and would vanish at month end. Obviously, this makes life harder for law
enforcement, but discussions between the Sounds good in practice, but there always is a
catch. One is system flexibility. Some programs that give people more control
over their PCs, such as VMWare and Total Recorder, likely will not work under
TCPA. Flexibility and TCPA do not go
hand in glove that is for sure! A side effect of relying on digitally signed
metrics floating around the Internet is that there’s a possibility that someone
could intercept the credentials and use them to find out information about the
configuration of the platforms they describe.
To that end, the TCPA allows for a security proxy called an Authenticated
Anonymity Website; a trusted third party site that will provide a user with credentials
in the form of a certificate. This confirms
that the certification authority knows and trusts the user, but contains no
information about the user that someone else could otherwise use. Anyone wishing to transact with the user could
do so anonymously. Also, TCPA requires modifications to your existing
PC hardware architecture to work. TCPA provides for manufacturers to mount a
monitoring and reporting component in future PCs. The preferred implementation
in the first phase of TCPA is a Fritz chip, that is, a smartcard chip or dongle
soldered to the motherboard. Early versions probably are vulnerable to
anyone with the tools and patience to crack the hardware (for example, get
clear data traversing the bus between the CPU and the Fritz chip). However, starting
with phase 2, the Fritz chip will disappear inside the main processor and
things will get a lot harder. Serious,
well-funded attackers most likely could crack it. However, it’s likely to go on getting more
difficult and expensive. Also, in many
countries, cracking Fritz is illegal. In the The fundamental issue is that whoever controls
the Fritz chips will hold a huge amount of power. Having this single point of control is like forcing
everyone to use the same bank, the same accountant, or the same lawyer. There
are many ways that someone could abuse this power. Some people worry about censorship. The
You’re thinking that unless your system
administrator configures your machine so that TCPA is mandatory, you can always
turn it off. Well, yes and no. You can run your PC with administrator
privileges, and use insecure applications.
So, the answer is partially yes.
However, there is one way you can’t turn the TCPA chip off. You can’t make it ignore pirated software. Even when the chip knows that the PC is
booting in an untrusted mode, it still checks that the operating system isn’t
on the serial number revocation list. This has implications for national
sovereignty. Should Saddam Hussein naively
upgrade his PCs to use TCPA, the American government could hot list his Windows
licences, and thus shut down his PCs. Booting
in untrusted mode won’t help him and his lackeys. He’d have to dig out old copies of Windows
2000, change to GNU/Linux, or find a way to isolate the Fritz chips from his
motherboards without breaking them. Should you turn TCPA off, then your
TCPA-enabled applications won’t work, or won’t work as well. It’s akin to switching from Windows to Linux
nowadays: you may have more freedom, but end up having less choice. When the applications that use TCPA are more
attractive to the majority of people, you may end up simply having to use them;
just as Microsoft Word became a de facto standard. Imagine that everyone in a country known for
copyright violation uses the same copy of Office; TCPA will cause every
TCPA-compliant PC to refuse to read files created using this pirated program. A TCPA-compliant application would not load
the untrusted document. So, the pirated
software has no value. But the potential for abuse of TCPA extends far
beyond commercial bullying and economic warfare into political censorship. Some well-intentioned district attorney will
get a court order against child pornography or a manual on how to build a dirty
bomb. All TCPA-compliant PCs will
delete, or perhaps report, these illegal files.
Seems quite noble on first blush.
Then a litigant in a libel or copyright case will get a civil court
order against an offending document; perhaps the Scientologists will seek to
blacklist the famous Fishman Affidavit. Once lawyers and government censors
realize the potential, the floodgates will open. It’s a slippery slope as they say. Who’s to decide what goes on the illegal file
list? Would the TCPA is liable to undermine the General Public
License (GPL), used by many authors to distribute free and open source software
products. The IT community designed the GPL
to prevent the fruits of communal voluntary labour from being picked by private
companies for profit. Anyone can use and
modify software distributed under this licence, but should you distribute a
modified copy, you must make it generally available, together with the source
code so that other people can make modifications. Once the majority of PCs on the market are
TCPA-enabled, the GPL won’t work as intended.
The benefit for alliance members is not that this will directly kill free
software; but that it will indirectly kill it as programmers are less motivated
to write free software as they realize that others could rip-off their software
for commercial purposes. So, why bother? I don’t know about you people, but the TCPA
gives me the willies. It’s not an altogether new idea, of course. You might
remember the maelstrom surrounding Intel in 1998. Intel came under fire for its processor ID
idea, which enabled software or a Web site to ask your CPU for its unique
64-bit serial number. Intel switched off
this CPU id built into almost every processor since the Pentium III when outraged
customers discovered that software and Web sites could record it without their knowledge.
Now, you have to download a utility from Intel and switch on the CPU id
feature: not that any software or Web sites actually uses the number. There were two problems with Intel’s CPU id strategy.
First, Intel insisted they were merely trying to provide technology that would
benefit the consumer and help verify client PCs, but the cynical populous suspected
that Intel really desired a way to track stolen chips and spot counterfeits. Second, Intel didn’t execute the idea
well. People argued that the CPU id as
implemented could actually increase fraud rather than cut e-commerce
costs. If e-commerce merchants began to
rely on the ID as proof that you really are you, went the argument, then your
data could be at risk from thieves who could find a way to have their computer
transmit a different number than the one burnt into the Intel microprocessor. The adverse public reaction seems to have
caused them to pause, set up a consortium with Microsoft and others, and seek
safety in numbers. But whatever Intel’s
past fumbles, they pale by comparison to Microsoft’s Palladium. Palladium is
software that Microsoft says it plans to incorporate in future versions of
Windows; it will build on the TCPA hardware, and will add some extra features. A lot of companies stand to lose out. For
example, the European smartcard industry looks likely to be hurt, as the
functions now provided by their products migrate into the Fritz chips in your
laptop, your PDA and your third generation mobile phones. In fact, much of the
information security industry may be upset should TCPA take off. Other large sections of the information
security industry also may become casualties. All auditors need to analyze the impact of TCPA
on their organization and formulate a strategy to deal with it. You’ll definitely need to develop an
implementation plan to ensure a smooth and orderly transition within your
organization. So educate yourself and
others. You can find more information about
TCPA at: TCPA Overview (http://www.trustedcomputing.org/docs/tcpa_layout_v1.3.pdf)
or (http://www.trustedpc.org) TCPA / Palladium Frequently Asked Questions (http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html)
E-commerce security standard in works (http://zdnet.com.com/2100-11-515926.html?legacy=zdnn) IBM ThinkPad complies with TCPA security spec (http://www.eetimes.com/sys/news/OEG20020424S0013) National coprocessor meets TCPA 1.1 spec (http://www.eetasia.com/ART_8800220015.HTM) Abridged version of a commentary published in EDPACS by Auerbach Publications 2002. |