• No results found

Future Trends

In document Data-Centric Systems and Applications (Page 140-143)

Trusted Platforms Klaus Kursawe

9.7 Future Trends

Originally, trusted platforms were mostly needed in high security sectors such as banking and military applications. Over recent years, however, the trust requirements for normal users have increased substantially. Consumer-owned devices such as personal computers and cellular phones now store sensitive data, authorize financial transactions, and start to take decisions on behalf of their owners. In addition, third-party interests in such devices have emerged. Cell phones are sponsored by the network providers (who can subsequently do not allow the phone to be used on a competing network), digital content may involve restrictions on redistribution, and manufacturers want to securely distribute updates. Additionally, trusted platforms are required in various settings that require more constraints than the PC environment, for example in cars or cellular phones.

Even though the Trusted Computing Group always had platforms beyond PCs and servers in mind, many of the new constraints – such as a host platform with limited resources – are not addressed by the current specifications.

In the mobile computing world, the issues of trusted platforms are be- coming increasingly important due to several factors. On one hand, mobile platforms such as cell phones are being used for increasingly critical tasks, such as for electronic payment, authentication, and location-based services. On the other hand, formerly closed platforms are becoming open to third- party services and different wireless communication protocols, significantly increasing the attack surface. One issue in adapting trusted computing tech- nologies as discussed above is due to restricted resources. In a cell phone, there is no powerful main processor for computationally intensive tasks and no huge external storage for key data, and even battery power consumption has to be taken into account. Beside this, a mobile phone offers a different trust model. While a PC usually has a well-defined owner (which consequently has the main authority over the trusted hardware) cell phones tend to be subsidized by the network providers, which subsequently demand their own privileges, such as blocking other network providers or imposing their own user interface on the device. Thus, user management on such devices may pose a major challenge

130 K. Kursawe

for future development. Thinking a step further, in the world of ubiquitous computing, the challenges of TPMs with restricted resources and a cap on the price tag will become extremely difficult. On one hand, some concept of

roots of trust will be needed in such a setting – devices will have the need to

authenticate themselves and securely communicate, and thus require at least some secure key storage. On the other hand, margins on those devices will not allow for anything close to existing TPMs; essentially, the root of trust has to be put into the existing platform, with very little room to add any extra hardware.

As another example, computing platforms in the automotive setting are getting new exposure. The amount of software in a car is steadily increasing, and manipulations to the firmware in order to boost the car’s performance are already common. In the foreseeable future, cars may also get interconnected, for example to drive in a caravan mode, or receive software updates via wireless networks – both functions one would not want a third party to tamper with. Also, in this setting, reliability and lifecycle management become interesting issues. While a PC can – and under some circumstances even should – just shut down in response to an intrusion, a car system needs to maintain a number of safety properties. Also, the lifetime of a PC is rather limited, allowing relatively quick fading out of old hardware versions and replacing them with updated versions. However, a car may be around for 20 years or longer, and the failure of a critical component can prove fatal.

Another challenge for the way we perceive trusted platforms lies in the increasing amount of distributed functionality. In the past, trusted platforms have mostly been seen as isolated systems. They may need to be able to demonstrate their trustworthiness to the user or a remote system, but apart from that, they act largely on their own. In a modern environment, however, this is not necessarily the case anymore. A platform may have external storage (such as a networked file system), consist of several different processors, and interact in security-relevant ways with remote peripherals (such as printers, but also displays or input devices). Thus, a system that looks like one plat- form to the outside consists in fact of several largely independent components, forming a virtual platform. Apart from assuring the functionality of an indi- vidual platform, it is thus getting important to assure the functionality of an entire network. The trusted computing group has performed some first steps in this direction with the formation of a peripherals working group and the trusted network connect specification, which defines the interaction of clients with an overall cooperative network [1].

The final challenge comes with the introduction of trusted platforms be- yond the scope of single organizations, especially in end-user devices and PCs. In many such platforms, the trust model is no longer well defined – the owner may want to trust the platform to perform an e-banking application correctly in spite of viruses, while a content provider may want to trust the platform to prohibit the distribution of the content in spite of the owner of the platform.

9 Trusted Platforms 131

This mix of interest has led to a deep distrust towards trusted computing by consumer organizations [18].

References

1. Trusted Computing Group. https://www.trustedcomputinggroup.org/ 2. K. Kursawe, D. Schellekens, B. Preneel (2005) Analyzing trusted platform com-

munication. In ECRYPT Workshop, CRASH – CRyptographic Advances in Secure Hardware.

3. M. Bond (2001) Attacks on Cryptoprocessor Transaction Sets. In Proceedings of the CHES 2001 Workshop, pp. 220–234

4. D. Osvik, A. Shamir, E. Tromer (2006) Cache Attacks and Countermeasures: The Case of AES. In CT-RSA, pp. 1–20.

5. W. Arbaugh, D. Farber, J. Smith (1997) A Secure and Reliable Bootstrap Architecture. In Proc. IEEE Symposium on Security and Privacy, pp. 65–71. 6. J. Molina, W. Arbaugh (2002) Using Independent Auditors as Intrusion Detec-

tion Systems. In Proceedings of the Fourth International Conference on Infor- mation and Communications Security, pp. 291 – 302.

7. http://www.cdt.org/privacy/issues/pentium3

8. E. Brickell, J. Camenisch, L. Chen (2004) Direct anonymous attestation. In Proceedings of 11th ACM Conference on Computer and Communications Se- curity, pp. 132 – 145.

9. A. Sadeghi, C. St¨uble (2004) Property-based attestation for computing plat- forms: caring about properties, not mechanisms. In Proceedings of the 2004 Workshop on New Security Paradigms NSPW ’04, pp. 67–77.

10. J. Poritz, M. Schunter, E. van Herreweghen, M. Waidner (2004) Property Attestation—Scalable and Privacy-friendly Security Assessment of Peer Com- puters. IBM Technical Report RZ3548, IBM Research, Zurich Laboratory. 11. B. Pfitzmann, J. Riordan, C. St¨uble, M. Waidner, A. Weber (2001) The

PERSEUS system architecture. Technical Report RZ 3335, IBM Research Di- vision, Zurich Laboratory

12. http://www.nsa.gov/selinux/

13. M. Peinado, Y. Chen (2004), NGSCB: A Trusted Open System. In Proc. of 9th Australasian Conf. on Information Security and Privacy ACISP, pp. 13–15. 14. P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer,

I. Pratt, A. Warfield (2003) Xen and the art of virtualization. In Proc. of the 19th ACM Symposium on Operating Systems Principles SOSP, pp. 164–177. 15. R. Sailer, T. Jaeger, E. Valdez, R. Caceres, R. Perez, S. Berger, J. Griffin,

L. van Doorn (2005) Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor. In Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC), pp. 276–285.

16. A. Sadeghi, C. St¨uble, N. Pohlmann (2004) European Multilateral Secure Com- puting Base – Open Trusted Computing for You and Me. Datenschutz und Datensicherheit (DuD), 9/04, pp. 548–553.

17. http://www.opentc.net/

18. S. Schoen (2004) EFF comments on TCG design, implementation

and usage principles. www.eff.org/Infrastructure/trusted computing/ 20041004 eff comments tcg principles.pdf.

10

Strong Authentication with

In document Data-Centric Systems and Applications (Page 140-143)