|← The iPad Mini||Mobile Computing →|
Buy custom Trusted Platform Module (TPM) and its components essay
Today, the IT-sphere is shaken regularly with new security issues like viruses, "worms," and "Trojans." This trend is illustrated by statistics of updates downloaded for antivirus and anti-trojans programs, as well as the growing number of modern malicious software. The issue of IT security becomes a popular trend. Recently, the world witnessed the case of the 19-year-old authors of "worm" Sasser and Netsky, who were jailed. The court did not show mercy to the young men, giving a term of one year and nine months. In any case, approaches to data protection should be emphasized among the common safety measures such as virus scanners, firewalls, and demilitarized zones (DMZ). A large number of software vendors offer a wide range of security products, but the result is usually far from perfection. One can assume that the main reason is that none of the concepts considers both software and hardware sides of the issue. Nevertheless, the Trusted Computing Group attempted to change the situation with the release of the Trusted Platform Module (TPM) in 2006 (Chen, 2012).
One of the goals of TCG was to create a “safe computer", in which hardware, software, and all connection processes are verified and protected. The word "connection" is used in a general sense, as it means the interaction between different computer software. Below are the main objectives set by the Trusted Computing Group:
- Data security. The data can be accessible only for authorized users. It includes the security of data transmission to and from the computer. Personal data should not be disclosed.
- Data safety. Hardware and software should provide reliable operations with the data.
- Data integrity. Software and data should not be changed without a notice (for example, under the influence of viruses or "worms").
- Data authenticity. It should be possible to check the authorship of the recipient and the sender, and data services (through the process of assignment). Each TPM chip can be clearly identified, so it is quite obviously unified with the system.
Of course, the work of the trusted platform module use is not limited to personal computers, but includes all types of modern connection. Goals of TCG cover also mobile phones and Pocket PC’s, as well as input devices, storage devices, and certificates. An extension of TPM can be used for safety devices such as fingerprint readers or I.R.I.S. Efforts to expand these areas fell on the shoulders of the TCG subgroups. One of them - TNC (Trusted Network Connect) works on a secure network connection.
It is essential to mention a technical problem, which is often associated with the concept of the trusted computers - DRM. The task of DRM is to prevent unauthorized copying of digital content - movies, music, or text. Of course, the technology of trusted computers gives technical ground for such projects. Nevertheless, so far no one has dared to explicit implementation of the copyright protection for digital information. Perhaps, this is due to the harsh criticism that Microsoft Corporation has recently received for the Palladium platform. It has been redesigned and now is called "Next Generation Secure Computing Base" (NGSCB). However, this seems to be an old filling in a new wrapper.
The concept of Trusted Computing is a thought-processed approach, which provides reasonable solutions for many security risks, but not for all. The concept offers a more convenient and powerful solution than other approaches.
Aditional costs for hardware components are low and, in particular, in a corporate environment with a large IT infrastructure, TPM can bring many benefits. In the near future, the global IT community would see processors that support Trusted Computing. Technologies LaGrande (Intel) and Presidio (AMD) are technically similar, enabling a person to implement a "secure" system core. In addition, the processor supports more vulnerable sections of the system that will prove to be well-paired with Vanderpool and Pacifica (Intel / AMD) technologies (Shilov, 2004).
There is no doubt about the success of the platform TPM in the nearest future. Risks associated with the new technology (actually, as with any other) could appear only due to the improper use of its potential. Being fueled by aggressive statements of some politicians, it experiences the enormous influence of music and film industries.
Until Trusted Computing becomes a reality in the business sphere, the components supporting TPM will be in the state of "hibernation." Windows 7 addresses the technology of TPM, and this time - more closely, than the previous OS’s.
This way, the security chip includes:
- Cryptographic coprocessor;
- Connective logic;
- A special interface;
- Random number generator;
- The logic of protection against attacks on clock frequency;
- Sensors: frequency, voltage, temperature, lighting, and impulse noise.
The specified TPM chip must perform at least the following set of features:
- Storage of information on the status of the OS;
- Generation and storage of the private keys;
- Hashing (SHA-1) files;
- The formation of EDS;
- Providing the chain of trust for keys, certificates, and other critical data.
Technological features of the security chip are:
- A high degree of integration of the elements;
- Non-volatile memory;
- The latent structure of the ROM (Read-Only-Memory).
The usage of the latest technologies for IP ensures that a hacker will need very expensive equipment to crack the chip; consequently, it is likely to limit the number of potential criminals and reduce the risks. Forgery of such high-tech chip will cost even more than the original one. The architecture of the chip provides the following mechanisms:
- Secured memory management;
- Channel / memory encryption;
- Testing of locking modes;
- Active shielding.
The architecture of the chip provides the following protection algorithms:
- Secured memory management;
- Encryption of the channel and data;
- Active shielding.
Random Number Generator (RNG)
RNG is used to generate keys and accidents in signatures. TPM should be able to provide 32 bits of randomness per call. RNG chip consists of the following components:
- Source of Entropy. The process (or processes) to provide the entropy. These sources may include sound, the counter of CPU cycles, or other components.
- Collector of entropy - a process, which collects entropy, removes bias and aligns the output. Entropy should be sent only to the status register.
- Status Register. The implementation of the status register can use two registers: energy-dependent and independent ones. TPM loads at startup volatile register from the nonvolatile. Any subsequent change in the status register of the source of entropy or the mixing function is affected by the volatile register. When turning off, the TPM records the current value of the status register in the nonvolatile register (this update can occur at any time.) The reason for this implementation is the desire to realize non-volatile register in the flash memory, the number of entries is limited. TPM must provide the blocking of the status register export (Mellor, 2005).
In the systems of TCG, roots of trust are the components that should be trusted. A complete set of roots of trust has minimal functionality needed to describe the platform, which affects the power of attorney to that platform. There are three roots of trust: the root of trust for measurement (RTM), the root of trust for storage (RTS), and the root of trust for reports (RTR). RTM is a computer mechanism that produces reliable measurements of the integrity of the platform. RTS is a computer mechanism for storing hash values of integrity. RTR is a mechanism that reliably reports the information stored in the RTS.
These measurements describe the properties and characteristics of the measured components. Hashes of these measurements are "snapshot" of the computer. Their storage is supported functionally with RTS and RTR. Comparing the measured values with the hash trusted platform status can demonstrate the integrity of the system.
TPM can be seen as the security token authentication of the next generation. Cryptoprocessor supports authentication of user and computer, providing access to only authorized users and computers. This can be used in such cases as an email security, based on the encryption or signing with digital certificates bound to the TPM. The rejection of the use of passwords - TPM can create stronger authentication model for wired, wireless, and VPN access.
Antitheft Protection. This is the main purpose of the container system. Parasitic encrypted device, implemented on the basis of specifications of Trusted Computing Group, made available the embedded encryption and access control to data. These devices provide full disk encryption, protecting data of a lost or stolen computer.
Network Access Control (NAC). TPM can authenticate the computer; it works even before gaining access to the network and, if it is necessary, can put the computer on quarantine.
Protection against data modification. Certification code can protect the game from cheaters, and sensitive programs such as banking and e-mail clients - from the deliberate modification. The addition of the "Trojan horse" will be immediately suppressed in the latest version of the installer messenger.
Copy Protection. Copy protection is based on a specific chain: the program is certified, providing it an access to the decryption key (which is also stored in TPM). This gives the copy protection, which cannot be ignored by software (Stanek, 2011).