TCPA: Who Can You Trust?
Dateline: Toronto, ON, July 2002
Perchance you have seen or heard the acronym
TCPA.† So what is TCPA?† Is it an extension of TCP/IP?† Well, no.†
TCPA stands for the Trusted Computing Platform Alliance, an initiative
led by Intel along with approximately 170 other companies such as HP/Compaq,
IBM, and Microsoft. The
TCPA is working towards a system that can establish that a computer is trustworthy, and to identify any tampering with the systemóso a previously authenticated computer canít have unchecked software or hardware added to it that might otherwise compromise its security.†
TCPA sets out to assure three major aspects of trusted computing:
In other words, TCPA will provide authenticity, integrity, and privacy.
So, how does TCPA work?† Well, when you boot up your PC, a special chip (affectionately called, the Fritz chip after Senator Fritz Hollings of South Carolina, who is working tirelessly in Congress to make TCPA mandatory for all consumer electronics) takes charge. †The chip checks that it sees the boot ROM it expects, executes it, measures the state of the machine; then checks the first part of the operating system, loads and executes it, checks the state of the machine; and so on and so forth. That is, the BIOS boot block checks the hardware specification of the PC against a known safe metric, and should that match, the system then authenticates the user. †It then checks the operating system loading software. The OS loader, once proven safe, checks the OS kernel. The kernel knows how to check the list of legitimate software, which in turn, can use OS resources to authenticate local and remote data.
Once the chip knows the metric of one item, it can extend the list of things it trusts throughout the system by checking each in turn.† In this fashion, the chip can steadily expand its trust boundary of known and verified hardware and software. The Fritz chip maintains a table of the hardware (for example, audio card, video card, USB device, etc) and the software (for example, O/S, applications, drivers, etc).† It also checks to ensure that the hardware components are on the TCPA approved list, that the software components are signed, and that none of them has a revoked serial number.† When there are significant changes to the PCís configuration, the machine must go online for re-certification. The result is a PC booted into a known state with an approved combination of hardware and software, with unexpired licences.† The chip then passes control over to enforcement software in the operating system; perhaps Palladium should you have a Windows operating system.†
This is how to build a trusted stand-alone system. And the question of whether to trust a remote platform is an extension of this process: the chip obtains integrity metrics for the remote platform and securely stores them. These metrics can include a hash, that is, an algorithmically derived number unique for a certain configuration, digitally signed by the remote platform. Any attempt to tamper with the remote platform will change the hash number, which then wonít match the trusted version held locally by the system trying to authenticate the remote platform.
There are many practical uses for TCPA.† You could use TCPA to implement much stronger access controls on confidential documents. For example, an army might mandate that its soldiers only create Word documents marked at ďConfidentialĒ or above, and that only a TCPA PC with a certificate issued by its own security agency could read such a document. This amounts to mandatory access control, which governments so desire.
Corporations could do this too, to make life harder for whistleblowers and to thwart corporate spies. They could arrange it so that only company PCs could read company documents, unless a suitably authorized person clears them for export. They also could implement time locks.† For instance, they could arrange, for example, that all e-mails vanish after 90 days unless someone makes a positive effort to preserve them. But, in any case, a whistleblower who e-mails a document to the press will achieve little, as the journalistís Fritz chip canít decipher it.† And, they would have little value to the companyís competitors since the competition could not read the documents as well.
Organized crime might use the same
functionality.† They could arrange that only
accredited their PCs could read the spreadsheet with the latest drug shipments,
and would vanish at month end. Obviously, this makes life harder for law
enforcement, but discussions between the
Sounds good in practice, but there always is a catch.† One is system flexibility.† Some programs that give people more control over their PCs, such as VMWare and Total Recorder, likely will not work under TCPA.† Flexibility and TCPA do not go hand in glove that is for sure!
A side effect of relying on digitally signed metrics floating around the Internet is that thereís a possibility that someone could intercept the credentials and use them to find out information about the configuration of the platforms they describe.† To that end, the TCPA allows for a security proxy called an Authenticated Anonymity Website; a trusted third party site that will provide a user with credentials in the form of a certificate.† This confirms that the certification authority knows and trusts the user, but contains no information about the user that someone else could otherwise use.† Anyone wishing to transact with the user could do so anonymously.
Also, TCPA requires modifications to your existing PC hardware architecture to work. TCPA provides for manufacturers to mount a monitoring and reporting component in future PCs. The preferred implementation in the first phase of TCPA is a Fritz chip, that is, a smartcard chip or dongle soldered to the motherboard.
Early versions probably are vulnerable to
anyone with the tools and patience to crack the hardware (for example, get
clear data traversing the bus between the CPU and the Fritz chip). However, starting
with phase 2, the Fritz chip will disappear inside the main processor and
things will get a lot harder.† Serious,
well-funded attackers most likely could crack it.† However, itís likely to go on getting more
difficult and expensive.† Also, in many
countries, cracking Fritz is illegal. In the
The fundamental issue is that whoever controls the Fritz chips will hold a huge amount of power.† Having this single point of control is like forcing everyone to use the same bank, the same accountant, or the same lawyer. There are many ways that someone could abuse this power.
Some people worry about censorship. The
Youíre thinking that unless your system administrator configures your machine so that TCPA is mandatory, you can always turn it off.† Well, yes and no.† You can run your PC with administrator privileges, and use insecure applications.† So, the answer is partially yes.† However, there is one way you canít turn the TCPA chip off.† You canít make it ignore pirated software.† Even when the chip knows that the PC is booting in an untrusted mode, it still checks that the operating system isnít on the serial number revocation list. This has implications for national sovereignty.† Should Saddam Hussein naively upgrade his PCs to use TCPA, the American government could hot list his Windows licences, and thus shut down his PCs.† Booting in untrusted mode wonít help him and his lackeys.† Heíd have to dig out old copies of Windows 2000, change to GNU/Linux, or find a way to isolate the Fritz chips from his motherboards without breaking them.
Should you turn TCPA off, then your TCPA-enabled applications wonít work, or wonít work as well.† Itís akin to switching from Windows to Linux nowadays: you may have more freedom, but end up having less choice.† When the applications that use TCPA are more attractive to the majority of people, you may end up simply having to use them; just as Microsoft Word became a de facto standard.
Imagine that everyone in a country known for copyright violation uses the same copy of Office; TCPA will cause every TCPA-compliant PC to refuse to read files created using this pirated program.† A TCPA-compliant application would not load the untrusted document.† So, the pirated software has no value.
But the potential for abuse of TCPA extends far
beyond commercial bullying and economic warfare into political censorship.† Some well-intentioned district attorney will
get a court order against child pornography or a manual on how to build a dirty
bomb.† All TCPA-compliant PCs will
delete, or perhaps report, these illegal files.†
Seems quite noble on first blush.†
Then a litigant in a libel or copyright case will get a civil court
order against an offending document; perhaps the Scientologists will seek to
blacklist the famous Fishman Affidavit. Once lawyers and government censors
realize the potential, the floodgates will open.† Itís a slippery slope as they say.† Whoís to decide what goes on the illegal file
list?† Would the
TCPA is liable to undermine the General Public License (GPL), used by many authors to distribute free and open source software products.† The IT community designed the GPL to prevent the fruits of communal voluntary labour from being picked by private companies for profit.† Anyone can use and modify software distributed under this licence, but should you distribute a modified copy, you must make it generally available, together with the source code so that other people can make modifications.† Once the majority of PCs on the market are TCPA-enabled, the GPL wonít work as intended.† The benefit for alliance members is not that this will directly kill free software; but that it will indirectly kill it as programmers are less motivated to write free software as they realize that others could rip-off their software for commercial purposes.† So, why bother?
I donít know about you people, but the TCPA gives me the willies. Itís not an altogether new idea, of course. You might remember the maelstrom surrounding Intel in 1998.† Intel came under fire for its processor ID idea, which enabled software or a Web site to ask your CPU for its unique 64-bit serial number.† Intel switched off this CPU id built into almost every processor since the Pentium III when outraged customers discovered that software and Web sites could record it without their knowledge. Now, you have to download a utility from Intel and switch on the CPU id feature: not that any software or Web sites actually uses the number.
There were two problems with Intelís CPU id strategy. First, Intel insisted they were merely trying to provide technology that would benefit the consumer and help verify client PCs, but the cynical populous suspected that Intel really desired a way to track stolen chips and spot counterfeits.
Second, Intel didnít execute the idea well.† People argued that the CPU id as implemented could actually increase fraud rather than cut e-commerce costs.† If e-commerce merchants began to rely on the ID as proof that you really are you, went the argument, then your data could be at risk from thieves who could find a way to have their computer transmit a different number than the one burnt into the Intel microprocessor.
The adverse public reaction seems to have caused them to pause, set up a consortium with Microsoft and others, and seek safety in numbers.† But whatever Intelís past fumbles, they pale by comparison to Microsoftís Palladium. Palladium is software that Microsoft says it plans to incorporate in future versions of Windows; it will build on the TCPA hardware, and will add some extra features.
A lot of companies stand to lose out. For example, the European smartcard industry looks likely to be hurt, as the functions now provided by their products migrate into the Fritz chips in your laptop, your PDA and your third generation mobile phones. In fact, much of the information security industry may be upset should TCPA take off.† Other large sections of the information security industry also may become casualties.
All auditors need to analyze the impact of TCPA on their organization and formulate a strategy to deal with it.† Youíll definitely need to develop an implementation plan to ensure a smooth and orderly transition within your organization.† So educate yourself and others.† You can find more information about TCPA at:
TCPA Overview (http://www.trustedcomputing.org/docs/tcpa_layout_v1.3.pdf) or (http://www.trustedpc.org)
TCPA / Palladium Frequently Asked Questions (http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html)
E-commerce security standard in works (http://zdnet.com.com/2100-11-515926.html?legacy=zdnn)
IBM ThinkPad complies with TCPA security spec (http://www.eetimes.com/sys/news/OEG20020424S0013)
National coprocessor meets TCPA 1.1 spec (http://www.eetasia.com/ART_8800220015.HTM)
Abridged version of a commentary published in EDPACS by Auerbach Publications 2002.