Trusted Computing

The definition of Trust states: firm reliance on the integrity; or the condition and resulting obligation of having confidence placed in one. According to the definition of trust, trusted computing can be interpreted as the ability of having computational systems that are reliable and can maintain computational integrity, even when hardware degrading occurs. This may be an important issue since according to some studies the existing technology will reach a point where system degradation will occur with a significantly higher probability. These failures can be minimized by the usage of self checking designs and the use o redundant logic capable of functionally replacing the damaged part of the circuit.
The Trusted Computing here presented is however, more focused on the other definition of trusted computing. The capability of assuring confidence on the computational system that is being used. With the increase and proliferation of communication systems, the users privacy and is data coherence is constantly at risk. Either remotely with the use of programs developed to examine or modify the existing data and the systems usage (e.g. virus and worms), or locally through the monitoring of the systems behavior (e.g. printing a document form an unauthorized computer) or through physical attacks (e.g. observation of the power consumption, reading the data stored in memory).
A significant part of these security issues are resolve with use of encryption algorithms. However these algorithms have significant computational requirements and different computational characteristics, so even if hardware accelerators exist to speed up these calculations they can not efficiently improve all the existing algorithms. With this in mind the major software and hardware manufactures created the Trusted Computing Alliance Platform in order to normalize and to catalyze the use of security systems in order to achieve more trustworthy computational systems.

Trusted Computing Group:

This Trusted Computing Alliance Platform (TCAP), a consortium formed by Microsoft, Intel, IBM, AMD, Sun Microsystems,HP among many other, also designated by Trusted Computing Group (TCG), have established a set of features that may eventually be used in future generation of computers providing new standard for trusted computing. These new capabilities are to be integrated in the hardware and in the software application.
This group developed the Trusted Platform chip (TPM), which provide the hardware acceleration for the proposed features, namely: Secure InO; Memory curtaining; Sealed storage; and Remote attestation.

Secure input and output

The secure Input and Output (InO) feature consists on the validation of the received data via using checksums to verify that the software used to do the InO has not been tampered with. For example a virus trying to snoop the communication between the computer and a credit card reading device.

Memory curtaining

Memory curtaining consists on allowing access to a memory region only to the corresponding software application, thus preventing other applications (e.g. virus) of accessing to critical data that can be miss used, even if the malicious application took control of operating system. Even though the TCG proposes the implementation of this feature in hardware, it can also be implemented in software, but doing it in hardware requires less code to be rewritten.

Sealed storage

Sealed storage consists in storing encrypted data into memory. The key used to encrypt the data is generated as a combination of the software application and the machines hardware, this means that only a given combination of software and hardware is capable of correctly accessing the data stored in memory. This mechanism protects the users information of being read by a different application (or an adulterated of the original software) or from being read in an unauthorized machine.

Remote attestation

With remote attestation the software or a combination of software and hardware can be authenticated, generating a digital signature for the software being used and in which machine. This digital signature is used to assure a remote recipient that the data was constructed by a non forged, cryptographically identified trusted application.
Remote attestation is usually used with public-key encryption, in order to guarantee that only the application that requested the authentication can read the digital signature, other wise, other applications or users could be able to identify which applications the user has been using.

Drawbacks

The use of the TPM chip is capable of supping additional security mechanisms to the current computational systems, however it possesses some drawbacks. The users can not modify the software he is using, since that would invalidate its specific digital signature, making it unusable when interacting with other applications that require a valid a valid signature or when trying to access previously saved data with the Sealed Storage mechanism. With the evolution of the encryption algorithms the system will became obsolete, since the TPM has no adaptation capability. For example only in the recent revision of the trusted computing group as the AES encryption been included, becoming a mandatory algorithm. With such a static system older versions of software will became unusable and new software will not be able to access data stored by older application, that used different encryption algorithms. The machine owner is obligated to use the trusted platform module has a black box, having no knowledge on how the module is implemented, if it is properly implemented, or if there are any backdoors to the system.

Trusted computing in reconfigurable devices:

Some of the drawbacks of the Trusted Computing Module can be solved with the use of reconfigurable systems. Current reconfigurable systems are capable of achieving a computational capability, which allows them to be used instead of dedicated hardware structures. Such an implementation will allow this protocol to by used in a big variety of reconfigurable computational systems, such as soft-cores, polymorphic systems. This will allow the system to be easily updated whenever a new version of the protocol is specified. It will give control to the hardware and system designers, and will no longer become a black box as the TCM chips, increasing the trust on the system since the user will be have the information on how the system is design. Specific systems that require some of the features of the trusted computing module, will also be able to efficiently use the proposed processor, by selecting and using only those features required for there systems.