Fog Creek Software
Discussion Board




Trusted computing

In Bored Bystander's screwed up Windows thread, indeed mentioned "Bogus Trusted computing", which I certainly agree with him in the spirit in which it was intended.

There is one thing that a BIOS could do, that could not properly be done in software: Provide smart card facilities without a smart card:

1. Provide a tamper proof public/private key pair, which the private key can never be probed.  For the sake of argument say OpenPGP as a standard.
2. Provide OpenPGP signing and encryption algorithms - again with methods that never expose private keys on address lines nor to the JTAG port.
3. Provide a Certificate Authority which would authenticate the private/public keys which the BIOS maker has distributed.

Now, you have trusted computing:
1. For software vendors wishing to enforce single machine licenses, you've provided a means to securely identify the installed machine.
2. You've got a tamper proof means for users to encrypt email and verify transactions.  This of course impllies that a transaction is tied to a machine, not necesarily a user.

Just my thoughts on the subject, but anything beyond this seems intrusive.  Anything less is useless.

Any thoughts?

hoser
Tuesday, August 24, 2004

1. Loss of privacy. First, only banks will want to identify your machine. Then, media outlets; Then, everyone else. SSNs are now used as an id card in the US, when it wasn't supposed to be that way. In Israel, it's worse - we have id numbers, which you need for _everything_, ranging from medical treatment to non-cash money transaction.

2. Unless the BIOS prevents you from loading an *untrusted* OS, you could just as well simulate a new machine with a new key pair - software inside that machine won't be able to probe the private key, but in the real machine, it would. Hence, software vendors / media outlets won't be able to trust this setup.

Richard Stallman called the "Trusted Computing" initiative "Treacherous Computing", and for a reason - it makes it possible for others to trust your computer, regardless of whether it works for you or against you. The "for you" part is something you can achieve just as well without any special hardware, so there's no reason for you to give this mode of computing your trust.

Ori Berger
Tuesday, August 24, 2004

> In Israel, it's worse - we have id numbers, which you need for _everything_.

Didn't somebody once provoke King David to number the people of Israel? What happened as a result of that anyway?

Tanakhophile
Tuesday, August 24, 2004

When people think of BIOS, you think of Phoenix Technologies, right?  Of course, Phoenix has this technology already.  They already have everything you have asked for.

Phoenix has two such offerings:  TrustConnector CSP and StrongROM

TrustConnector is the CSP that handles the normal interface for public and private key operations (creating, storing, using).  The keys are stored in the StrongROM in the BIOS.

They also have a Security SDK in case you want to muck with the OSD side yourself.

Their blunder, I believe is targeting only OEMs (equipment manufacters) in their marketing.  Since the OEMs pay Phoenix, that's all they care about.  I believe Phoenix should be making sure normal programmers and integraters and system designers who need and want to use this technology should be aware of it.  There are plenty of machines being sold right now with this type of BIOS.  Fujitsu, Hitachi, NEC are already selling machines with this technology.  Dell is signed up and should follow shortly.  Phoenix is building all kinds of weird things into their BIOS.

Of course other BIOS manufacters are trying to get into the game as well (Sony).

Goto Phoenix website and try to count how many times they use the word "Trusted".  It's sickening.  Yet, very secure.

http://www.phoenix.com

employee number #6137
Tuesday, August 24, 2004

Ori,

It would be simple to provide "forged" information which appears to have been generated by the BIOS as a auth certificate (basically, a PGP signature, but one I the user made up, not the machine), which is why it would be necessary for the BIOS maker to provide a CA (certificate authority) service to authenticate their private/public keys.

As for the user not being in control, I would expect that the signing rights be purely at the user's discretion.  That is, if a piece of software wants to sign with the BIOS, that's at you discretion.  If you decline, then the software refuses to run.

Someone objects that having an OS like Windows refusing to run is a big deal. Well, my prefered OS is Linux anyway.

Ho well.

hoser
Tuesday, August 24, 2004

I should note that the StrongROM I mention is referred to as TrustedCore now on their website.

I heard Phoenix will soon be named Phoenix TrustedTechnologies.  Ugh.

employee number #6137
Tuesday, August 24, 2004

And, yes, Phoenix works with Verisign and other vendors in order to "certify" the certifcates, should the need be demanded.

employee number #6137
Tuesday, August 24, 2004

OK, I took a look, but found very little technical information.

Now this is what bothers me:  I don't mind that software vendor X decides that I need to lock down a copy of their tool on my machine.  Just so long as that is stated on the license agreement BEFORE I buy the software.  Music: same thing.

But I also want to be able to shut it off.  My PC, my perogative.  And the software that requires certified licensing won't run.  That's OK as far as I'm concerned.

I see they have their trustConnector - their version of a CA.

For a system to be trusted at all, it is going to have to be open:
1. Based on open standards (example: OpenPGP).
2. Be under the users control.

This site reeks of obscurity, not security...

hoser
Tuesday, August 24, 2004

> When people think of BIOS, you think of Phoenix Technologies, right?

Not this people, no.


Tuesday, August 24, 2004

BTW, I totally agree with your assessment of their site and their materials.

It is all marketing fluff and nothing technical in the least.  It's embarassing.  But, that's what you get when the marketing and sales departments outsource your website and the engineers have no input into content or design.

What's really sad is the white papers you can get on there aren't even technical.  Just more colors and buzzwords written by sales and marketing.

employee number #6137
Tuesday, August 24, 2004

>> When people think of BIOS, you think of
>> Phoenix Technologies, right?

> Not this people, no.

I understand you may not think that way, but Phoenix has owned 80% of the PC BIOS market since it began in 1978.

I may like Pepsi better than Coke, but Coke still sells better.  Hell, I don't even drink soda, but there's a hell of a lot of people that do drink it.

When was the last time you checked what kind of BIOS came with a computer you bought?  Dell won't even tell you what kind of BIOS you'll get if you order through them - just checked their site - it's not even written in their detailed tech specs of the system.  Phoenix doesn't care if you heard of them.  They only care about your opinion if you work in an OEM.  Phoenix has made sure to corner that market.  Cmon, have some common sense.

employee number #6137
Tuesday, August 24, 2004

Well, I'm kind of clueless, and had to have it spelled out for me, but employee #xxxx is actually an employee.

This is the guy I'd like to meet at one of the JoS lunch meetings.  I'd buy all the beer and Margaritas he could consume just to hear the tales...

hoser
Tuesday, August 24, 2004

hoser,

You're up at such an odd hour.  Where are you located - outside the States?

I'm a regular on JOS (always reading, often posting but with no single, well-known name - I prefer to remain anonymous).

Yes, your assertions are correct.  But, don't worry, I left off the last number of my real employee ID so there's now way they'll figure who I am - I mean it could be anywhere between a 0 and a 9!

employee number #6137
Tuesday, August 24, 2004

> Dell won't even tell you what kind of BIOS you'll get if you order through them

I don't buy from Dell, or any other PC manufacturer for that matter.


Tuesday, August 24, 2004

That's why you are different.  That's a good thing.  You don't follow the herd.  You are special :)

But, what you need to realize is you ARE different.  You are not like 80% of the rest of the world (who buys computers).  Dell is the leader in their niche.  Most people buy from Dell.  You are different.  Most people don't give a damn about what BIOS is inside their computers.  I'm just repeating myself.

Everyone in my extra-curricular club (a Mac users group) likes Macintoshes better than Windows, but that doesn't mean the rest of the world does that.  I can seperate the two.  Forest for the trees!!

employee number #6137
Tuesday, August 24, 2004

Looking around this company's office (large multinational co.) I can't see any Dell machines. Actually I can't see any on with a brand I recognise.

I'm not about to switch them all off and on to check their BIOS though, I think people might get upset.


Tuesday, August 24, 2004

I don't trust what the things will be used for. The point of the trust is to turn your PC into testifying against you and depriving you of the things you paid for.

Scenario 1: My PC breaks. The encryption keys are tied to the broken hardware, if the possibility exists that I can copy those keys to another piece of hardware, then I can "clone" motherboards, and thus defeat the point of the keys in the first place. A few years ago, Circuit City tried this with a dvd player technology called DivX, but the flaws were immediately obvious to the customers: to play the disc in the living room, you buy it once, to play it in the bedroom, you have to buy it again, if the divx player breaks, you buy all your movies all over again.

Scenario 2: Evil Superhacker creates a virus/trojan that issues revocation certificates to your motherboard: result, clicking on the "i love you letter" kills your computer really dead. If the motherboard cannot accept revocation certificates, the movie/music industries won't bother supporting/requiring the technology.

When the generation of computer comes out that requires this technology, that is when I stop buying computers forever.

Peter
Tuesday, August 24, 2004

hoser:

Trusted computing is, I think, a bit more than having an on-board dongle that stores a key pair.  That does indeed establish a trust relationship between the software vendor and the customer, but it doesn't make the customer's computing environment trustworthy.

That is--"trust" is protecting the decrypted data, too.  For that a trusted computing platform is created from the ground up.

A hardware chip computes a hash of the machine's hardware, and lists are maintained to ensure that each hardware component is "trustable."  Every software element is likewise signed and verified by a "trusted" OS kernel.  The final element is enhanced memory protection in hardware.

There will absolutely be end-to-end intrusiveness to enable trust.  Hardware memory protection will come from LaGrande, Intel's new security technology.  The "trustable" OS kernel will come from Microsoft, as Palladium.  And the key storage and hardware signing will come from a dongle as you've described.

Of course all this has the side effect of making viruses harder to implement.  Hence the "trust" label--of course that'd be curing the disease by killing the patient.  It's all about DRM.

As I mentioned in the previous thread, this all has the air of a "boil the ocean" scheme.  ie, widespread acceptance of new hardware and software requirements (ie $$$).  But I think it'll catch on relatively quickly in some spheres, especially enterprise business, where DRM can be used to prevent employees from walking out the door with sensitive data (and, in theory, it can enable sharing between businesses). 

Of course the music industry wants DRM for e-biz, but that'll require much broader acceptance, and end users to shell out $$$.  My intuition there is that the iPod and other such devices serve as a much smaller-scale, easier-to-adopt market for DRM, and will thrive in lieu of trusted computing platforms for a good while.  Stopping rampant MP3 distribution is, of course, pie-in-the-sky, and more of a legal than technical challenge at any rate.

But end-to-end, intrusive trust is definitely coming.  It's a shame to think there's such a broad move towards treating software like manufactured goods; surely more efficient business models remain to be discovered.

indeed
Tuesday, August 24, 2004

You can't stop rampant mp3 distribution without stopping production of cd's that can be read by existing cd players.

Aaron F Stanton
Tuesday, August 24, 2004

*  Recent Topics

*  Fog Creek Home