New Standards Address Computing Security

The TCG moves to install new security standards

By Nancy Sumrall

In today’s Internet communications environment, computing systems face myriad security challenges in trying to keep viruses, spoofers, and hackers out. The same challenge is present in embedded computing devices such as kiosks, PDAs, and text-message cell phones where viruses and hackers can cause distressing problems such as identity theft, lost data, and lost productivity. Unfortunately, the old tried-and-true solutions-filters, virus protection, and firewalls-are proving inadequate in today’s computing environment. To solve the current problems, new security standards must emerge.

No single company, no matter how large, has sufficient knowledge or resources to counteract the vast number of security issues that arise with digital traffic today. Any company attempting to develop a de facto standard security solution would find it next to impossible to win acceptance across the entire industry-no matter how large their market share for that particular standard. To form a true industry-wide standard, a group of companies must come together to establish a standards body.

A standards body combines the efforts of multiple experts to create interoperability and compatibility between standards-based products from various vendors, and helps to create commodity products that system integrators can then design into computing systems for the benefit of the entire industry. Such a body has been formed recently to specifically address computing security: the Trusted Computing Group (TCG).

Define and defend

TCG is an industry association of leaders in the computing industry that came together in April 2003 to form a not-for-profit organization to define, develop, and promote open security standards. These standards are made up of hardware-enabled security and privacy technologies, including the hardware building blocks and software interfaces that go across multiple platforms, peripherals and hand-held devices. TCG standards aim to enable highly secure computing environments without compromising functional integrity, privacy, or individual rights.

The primary goal of these standards is to help users protect their intellectual and information assets-data, passwords and keys-from unauthorized inside and outside access as a result of software attack and physical theft. To date, TCG has adopted several policies that impact specification development:

An Open Platform Development Model-TCG is committed to preserving the open development model that enables any party to develop hardware, software, or systems based on TCG specifications. TCG is committed to preserving the freedom of choice that consumers enjoy with respect to hardware, software, and platforms.

Platform Owner and User Control-TCG is committed to ensuring that owners and users of computing platforms remain in full control of their computing platforms, and requires platform owners to opt in to enable TCG features.

Protecting Personal Privacy-TCG is committed to ensuring that TCG specifications provide for an increased capability to secure personally identifiable data.

Early success

Although only recently established, TCG has already produced several hardware and software standards. The first is the specification of a single chip security enhancer, a dedicated microchip called a Trusted Platform Module (TPM). A TPM attaches to a system motherboard and stores encryption keys, passwords, and digital certificates. This set-up can help solve security problems for any computing system, subsystem or device-regardless of operating system. (see Figure 1)

Figure 1: The Trusted Platform Module (TPM) microchip resides on a computing motherboard and provides secure storage of parameters such as passwords and encryption keys, as well as system software status.

The TPM is self-contained, using a single well-defined interface to communicate with the computing system of which it is a part, and provides a unique, unspoofable system identity. The module conserves status information regarding the software running in the system or device, so that applications software can determine if the system has been tampered with and/or changed.

In addition to the TPM, TCG has specified a low-level software stack that serves as middleware between the TPM and higher-level software stacks. This middleware layer is called the TCG Software Stack (TSS). Application developers can use this software specification to develop interoperable client applications for more tamper-resistant computing. (see Figure 2)

Figure 2: The Trusted Computing Group software stack gives applications developers resources to enhance system software security by using the Trusted Platform Module (TPM).

The security features defined in the TCG Software Stack specification include attestation, authentication, and secure storage. The specification will enable developers to build applications that include security policies for trusted time stamping of transactions, trustworthy auditing, and physical presence for policy activation. Applications based on this specification are independent of the operating system type and enable users to implement the applications across a variety of platforms.

Both hardware and software specifications have been implemented in production devices. The computer industry has been shipping systems and computing devices with TPMs since 2003.

For instance, TPM devices are available from Atmel Corp. (San Jose, CA), Infineon Technologies AG (Munich, Germany), National Semiconductor Corp. (Santa Clara, CA). and STMicroelectronics (Geneva, Switzerland). Additionally, TPM-enabled personal computers and PC motherboards are available from a growing list of system vendors, including Hewlett-Packard Company (Palo Alto, CA) and Intel Corp. (Santa Clara, CA).

Security extends to embedded

Applications that build on the capabilities of the TPM also are available. These security solutions implement features such as protected digital email signatures, digital certificate-based virtual private networks, and protected network authentication. Other solutions include combination hardware/software products that ‘lock’ data such as sensitive keys, identity information, and confidential data. Some solutions are software-based and utilize the TPM functionality, adding document and signature security. Users can also find a number of software solutions that protect files and personal confidentiality.

Interest in trusted computing is gaining steam. One growing application area is embedded systems, where developers are finding that their systems have the same security issues and challenges as desktop systems. Embedded systems would benefit from Trusted Platform Modules, as would any application based on trusted computing. Those modules might include peripherals, networking devices, ATMs, kiosks, industrial automation and control, industrial security systems, traffic monitoring systems, and virtually any application that needs to be tamper-proof or requires controlled access to the platform and software.

Fortunately, embedded developers do not have to wait for additional trusted computing standards to arise. Embedded developers can use today’s TPM components in their designs because TPMs are cost-effective in volume. Furthermore, some vendors are providing software and services that complement the TPM, while other vendors are creating custom applications specific to the embedded application and environment.

As part of its charter to extend its efforts to all forms of computing, the Trusted Computing Group (TCG) is now engaged in the development and promotion of an architecture to enhance the integrity of networks. The approach being taken establishes and enforces security policies for endpoint connections to multi-vendor networks.

A networked world

Network resources are vulnerable to attack from viruses and email worms, Trojan horses, denial of service attacks, and other threats that utilize the endpoint connections as a means of entry into the network. And while it’s difficult to estimate the business disruption and total impact of viruses and similar attacks, those costs include the burden of help desk calls, desktop and network rebuilding or restoration, loss or corruption of data, lost productivity, and the loss of new business. By protecting the endpoint, the security policies can prevent threats from even entering the network.

This effort, called Trusted Network Connect, will develop specifications for interoperable security solutions to assist network administrators in protecting networks from viruses, worms, and denial of service attacks. The specifications will allow network administrators to prevent “untrusted” systems, or devices, from connecting to their networks. The specifications will build on existing industry standards, and will define and submit new standards as necessary, with the objective of enabling truly interoperable solutions within multi-vendor environments. The end result will be a significant reduction in the risks of doing business electronically.

The standardization efforts underway will begin to encompass the definition of software interfaces and protocols for communication among endpoint security components and between endpoint hosts and networking elements. TCG anticipates that the initial TNC specification will be available late 2004.

A standards-based world

Efforts toward establishing industry standards, including PCI, USB and Wi-Fi, have fueled will-documented leaps in innovation and have resulted in multiple interoperable products that offer users choice, cost efficiencies, and ease of use. In modeling the standards process, TCG hopes to spur similar innovation and cost efficiencies in the area of the industry’s most critical challenge.

By providing open specifications for hardware and software and by continuing to innovate in other areas of security, TCG is offering vendors a clear path to the strong security building blocks they need-a path that can be adopted across computing, from desktops and servers to networking and a wide range of embedded systems. The standards are being put in place; let’s commit to working within their boundaries.

For more information on TCG, please visit, www.trustedcomputinggroup.org/home.

Nancy Sumrall is the Safer Computer Initiative Manager in the Desktop Platforms Group Initiatives Planning and Architecture Development group at Intel. The first half of her Intel career was spent in product marketing on microcontrollers and microcontroller development tools. Later, Nancy held proudct marketing and market development roles in USB, Digital Imaging, Broadband, and Instantly Available PC. Nancy’s current focus is on trusted computing for corporate PCs.