The Trusted Computing Group is an industry consortium that's trying to build more secure computers.
It has a lot of members, although the board of directors consists of Microsoft, Sony, AMD, Intel, IBM, Sun, HP and two smaller companies that are voted in on a rotating basis.
The basic idea is that you build a computer from the ground up securely, with a core hardware "root of trust" called a Trusted Platform Module (TPM). Applications can run securely on the computer, communicate with other applications and their owners securely, and be sure that no untrusted applications have access to their data or code.
This sounds great, but it's a double-edged sword. The same system that prevents worms and viruses from running on your computer might also stop you from using any legitimate software that your hardware or operating system vendor simply doesn't like. The same system that protects spyware from accessing your data files might also stop you from copying audio and video files. The same system that ensures that all the patches you download are legitimate might also prevent you from, well, doing pretty much anything.
(Ross Anderson has an excellent FAQ on the topic. I wrote about it back when Microsoft called the system Palladium.)
In May, the Trusted Computing Group published a best practices document: Design, Implementation, and Usage Principles for TPM-Based Platforms. Written for users and implementers of TCG technology, the document tries to draw a line between good uses and bad uses of this technology.
The principles that TCG believes underlie the effective, useful and acceptable design, implementation and use of TCG technologies are the following:
- Security: TCG-enabled components should achieve controlled access to designated critical secured data and should reliably measure and report the system's security properties. The reporting mechanism should be fully under the owner's control.
- Privacy: TCG-enabled components should be designed and implemented with privacy in mind and adhere to the letter and spirit of all relevant guidelines, laws and regulations. This includes, but is not limited to, the OECD Guidelines, the Fair Information Practices and the European Union Data Protection Directive (95/46/EC).
- Interoperability: Implementations and deployments of TCG specifications should facilitate interoperability. Furthermore, implementations and deployments of TCG specifications should not introduce any new interoperability obstacles that are not for the purpose of security.
- Portability of data: Deployment should support established principles and practices of data ownership.
- Controllability: Each owner should have effective choice and control over the use and operation of the TCG-enabled capabilities that belong to them; their participation must be opt-in. Subsequently, any user should be able to reliably disable the TCG functionality in a way that does not violate the owner's policy.
- Ease-of-use: The nontechnical user should find the TCG-enabled capabilities comprehensible and usable.
It's basically a good document, although there are some valid criticisms. I like...
For more, click here...
Talkback
Owner Override. Owner Override. OWNER OVERRIDE.
The TCG should be required to include OO for straightforward civil liberty reasons.
No, being able to "opt in or out" is not enough. The OWNER of a computer MUST be able to let opera pretend to be IE if he wants to, etc.
Trusted computing means the corporations can trust "your" computer to act in their interests instead of yours as the owner of the computer. This is wrong.
A simple fix, requiring owner override capability, would preserve the advantages of the TPM, yet prevent corporations thieving our civil liberty.
http://www.linuxjournal.com/article/7055
Bruce Schneier writes of the "Trusted Computing Group and their "Trusted Platform Module": "The basic idea is that you build a computer from the ground up securely, with a core hardware 'root of trust' called a 'Trusted Platform Module'. Applications can run securely... and be sure that no untrusted applications have access to their data or code. This sounds great, but..."
Well, no, it does NOT sound great. It sounds terrible. Asside from the obvious issues of opportunity for abuse (use for censorship), how does one know 100% that the programs that are "trusted" are really secure? There will ALWAYS be bugs and security loopholes in even the most "trusted" programs. "Trust" is not a technological attribute a program or machine can have; it is a human emotion, and a very dangerous one. In the end, the only way to achieve security is through eternal human vigilence, not through "trust".
I guess a chip this complicated will be something like a CPU, some ROM with the security programs and some RAM for keys, certificates, etc...
what guarantees that there will be no security flaws in the security chip's internal software ?
and, if to prevent this, they make it flashable to correct bugs, it's another potential security flaw...
no ?
am I too pessimistic ?
The first I heard of TC some time ago, once again when it was mainly Palladium, however i first heard it grom the GNUru richard stallman. http://www.gnu.org/philosophy/can-you-trust.html
Is well worth a read
Microsoft's DRM is mostly about controlling the access to your own data. The rest is just smoke screens.
Why do I suspect when someone says
'Microsoft's DRM is mostly about controlling the access to your own data'
They mean I've pirated (or even bought a licence) to a song ,film or program and think they can do whatever they want with it
Jon, ignorance knows no bounderies. Get a clue.
Example: DRM protected corporate data. Organization not happy with new Microsoft customers policies. Wants to dump Microsoft and move on. Oops. That'll cost more then an arm and a leg. Bummer.
I read a scarily prescient book about Microsoft making deals with congress to require their DRM--it was a novel written by a guy who used to work there. It was called THE SYNDROME RULE on Amazon.
oh, well ... like all the copy protections schemes, it will fail, only honest people will be bothered for a while ... the whole TC issue is a bed time story for clueless CEO's running companies that provide content (movies, music etc.)
Give us (and make it usable) user privileges separation, give us separation between kernel and applications
...
or give us a free Unix