Print
Close Window
From: www.itworld.com
Interview: Steven Sprague, Trusted Computing Group
July 3, 2007 —
David Geer recently spoke with Steven Sprague, one of the original founders of the Trusted Computing Group, a nonprofit forum to develop open standards for hardware-enabled trusted computing and security technologies. Steven is a long-time advocate of securing PC platforms via hardware chips.
Listen to the original interview here, or visit our Podcast Center for more audio interviews.
| Steven Sprague, Trusted Computing Group |
| Ask him to do anything but ... "Who is winning the xxx series. Sports is fun to watch, but boring to follow." |
| Favorite (non-work) pastimes: Construction, skiing and boating |
| Something most people don't know about him: "I am a really good welder and mechanic." |
| Philosophy: "Anything is possible with the proper application of creativity and energy." |
| Favorite technology: "I know it's a corny answer, but trust in the laptop and how it will change the world." |
| Favorite vices: Wine, horsepower |
| What he's reading now: The Gift of Dyslexia |
David Geer: What is the trusted platform module or TPM hardware security chip?
Steven Sprague: The trusted platform module is a new hardware chip in your PC. It's now shipping in most enterprise PC platforms -- so business computers versus consumer computers -- and it's a hardware chip that stores securely credentials and keys that can be used for both protecting data and strong authentication to the network. So this is a chip that will ultimately help us as users because it will eliminate the need for us to have user ID and password to access all services.
Geer: How is it going to remove the need for a user IDs and passwords for a great deal of services?
Sprague: So this is actually a technology that we as consumers are very familiar with in other devices. For example, you imagine your cell phone. Every time you drive by a cell tower you don't have to log onto that cell tower. And that's done because inside the cell phone there's a chip that manages the identity of that phone to the network. What the trusted platform module provides is a similar type of container, but that can be used really by any service provider to allow the machine to authenticate to the network. So in the future, what will happen is, you as a user authenticate to your machine and then the machine keeps track of the 2,000 different places that you'd like to be a subscriber on the network, whether for free, whether access to your email, or even for paid services.
Geer: When I think of removing the need for user IDs and passwords, clearly I guess there's an advantage for the network that you're connecting to, but how does the chip make your laptop or computer that's connecting to the network more secure?
Sprague: Well, because what happens is a service provider - like let's say my administrator for my email system - can ask my computer to generate a unique secret key inside the trusted platform module. Now the user could delete that key, but it's impossible for the user to migrate that key away from that single trusted platform module to either another machine or for hacker software to steal that unique secret key from that chip. And so in that way, when that computer connects to the email server, it's able to establish that I am the machine that has this secret key and I can prove, with the trusted platform module, that that's that unique machine. And there's no way for malicious software to reach in and extract that identity information from the computer. And I can have a different secret key for every different service I belong to. So it's not about a single identity, it's about having many different identities to the different services that I have relationships with.
Geer: And what types of threats, as far as I guess plain speaking, end-result type of threats does this prevent, whether it's someone got my personal private information off my laptop or someone took control of my computer or something like this? What's a list of things that this chip would help prevent that aren't completely preventable without it today?
Sprague: Well, so what a trusted platform module does is it eliminates the support, or the reliance on a consumer-known userID and password. If you tell me your userID and password to your Visa account, I can log on from any computer anywhere in the world. If that Visa account has done a key exchange with a trusted platform module, then I know that Steven Sprague, or the user, has provided a pin number to release the use of that trusted platform module to log me onto my Visa account. So you would have to know two things, my pin number and you'd have to have physical possession of my machine. And it's the reliance on those two different factors of authentication that makes for a very strong authentication session. And having this as a standard capability in every new PC means that ultimately a bank or an enterprise can rely on the fact that ultimately every user will have this same capability. So they can build one system that will support universal, strong authentication across all machines in the network.
Geer: And how close are we getting toward that goal of having this type of chip on literally every PC? Is there any kind of timeline where we might expect it to be on most PCs that are produced and shipped in the United States or in the world or any type of numbers like that or predictions?
Sprague: So IDC has done some reports and forecasts. Last year, the PC industry shipped about 50 million laptops and desktops with trusted platform modules. Volumes are expected to be around 100 million units this year, and I think we'll see the beginning of adoption in the consumer market in 2008. So we're really probably two years away still from every single new computer having a trusted platform module, but in 2007 it's every new business computer.
Geer: And who are the major names we know, public and private, that are organizationally behind this platform and pushing for it?
Sprague: So this is a technology that has been standardized by quite a few companies. There are about 150 companies that are part of the Trusted Computing Group and they include all the major names -- Microsoft, Intel, Dell, Seagate, a number of the other very large brand companies -- but the technology has now been adopted by all of the major PC manufacturers. So all the business machines built by Lenovo, Dell, HP, Acer, Fujitsu, Toshiba, et cetera, have trusted platform modules, if not across all of their business machines, they're very close to being across all of their business machines.
Geer: What else can you tell me about the chips efficacy on the network access control end of things?
Sprague: We actually just demonstrated with both Microsoft and Juniper the use of the trusted platform module as part of network access control solutions. Network access control is not only identifying the machine to the network, but also looking inside the machine to make sure that the software applications that are on a connected computer are healthy. For example, have I run my antivirus in the last 24 hours? Has someone patched or changed a critical application? And the trusted platform module is used to store and sign the measurements that are taken on the client machine and those measurements are then used to make policy decisions. For example, if the machine has not had antivirus run in the last 24 hours, then it's not allowed on this segment of the network and the local computer will have to go run antivirus before it is allowed. And so the trusted platform module really plays two roles there. One is, strong machine authentication, how do I know which machines are connected, and providing integrity on these measurements that are made so that I can ensure that the health certificate that's generated cannot be altered before it's reported to the network. So in essence, I can't replay a health certificate. So it brings the security to the NAC solutions, or network access control solutions.
Geer: What emerging security threats, if any, are there that the chip may not help to prevent?
Sprague: So a trusted platform module is a passive device not an active device. So it doesn't, for example, reach out and interrogate my machine. It stores the measurements for another software application that interrogates my machine. So a trusted platform module is not useful in the form of did my machine get a virus? However, it is very useful in that if the antivirus software runs, can I prove that the antivirus software actually ran? So it is a component in the overall security solution. It doesn't fix all the problems. However, if you look at a network and realize that only, for example, Wave Computers are on the Wave network, then that has a dramatic reduction of the threats that come into my network, because in order to gain access to my servers, you'd have to first steal one of my machines. Usually an employee will notice if the machine's gone missing for any length of time.
Geer: And I'm curious, one of the biggest threats that's gotten coverage in the last year has been root kits and one of the problems with that has been its ability to hide the fact that it has made changes to the system so that a lot of removal tools might not even be able to detect the problem, let alone remove it. Is there some way the chip can aid in preventing or detecting the kind of changes that a root kit or similar malware would affect?
Sprague: So in most cases the answer is yes. A trusted platform module is - because it's part of the mother-board and it's part of the hardware image of the machine, it is capable of measuring the original bios state, so that I can, what's called bootstrap a machine. I can check the bios before the computer boots, make sure that it hasn't been altered. Then I can go through and continue a series of verifications as the machine boots through its process so that ultimately the pre-operating system environment in a computer can hand to the operating system a good image. And this plays a very important role in ensuring that root kits haven't altered the system. I will say that setting up those policies is something that still is quite complex in the network. So the trusted platform module plays an important role in that, but I would say it's very early stage in your ability to deploy that broadly within the enterprise for the purposes of detecting root kits. Certainly the ability to do that will become more capable as Vista rolls out and as some of the aspects of Windows 2008 server roll out. The parts necessary to do the pre-OS verification are built into Vista today.
Geer: So what are some unique applications that are actually going on in the market today with this chip?
Sprague: So there are a number of things that I can do with the trusted platform module right out of the box. For example, Wave supply for the software that ships on all the Dell machines. There's similar software that ships on Lenovo and HP machines. Those tools provide all the capabilities necessary to do strong authentication, either for remote access through a virtual private network, or VPN, as well as any interaction with an 802.1x type security infrastructure. In general, if an enterprise is using certificates in any part of their network, those certificates can very easily be altered to leverage the trusted platform module to hold the keys and all the software necessary to do that ships in the box. And so really, with a few lines of code, I can take someone who is doing a certificate-based virtual private network, using Cisco VPN concentrators and use the trusted platform module to hold the key and really dramatically improve the security of the network, because the keys just became very tamper resistant within the device. So that whole authentication area is a very important area. I think the other thing that would be interesting to touch on here is that as part of the Trusted Computing Group, we have a storage working group which is focused on actually the security as part of disk drives and other storage devices. And that effort has been very broadly led by Seagate and they've actually just produced their first full disk encrypting hard drive, which does a very effective job of data protection in the case of I lost my laptop, how do I fully protect the data on the hard drive? So you actually, with the Trusted Computing Group solutions, have effective solutions for strong authentication, both of the user and of the machine, as well as very effective solutions in data protection. So you now can establish a standards-based deployment of security within the enterprise.
Geer: What challenges remain to chip-enabled security?
Sprague: Well, I think the biggest challenge right now in this market is the awareness that the vast majority of new PCs you're buying have trusted platform modules in them. So, first step is awareness. Second step is turning on the trusted platform module. So in many aspects I would say the biggest challenge we have today is that when we walk into an enterprise who says, great, I have all these trusted platform modules, how do I turn them on, you actually really want to take ownership of the trusted platform module and give it enterprise keys before you give the PC to the end-user. And that's been an interesting challenge in just understanding that the PC plays an important role in access control and data protection, as opposed to it's just a generic device. And in many cases, most corporations do more work about issuing you a badge to get in the company than they do in issuing you a PC. And many of the things that go on in badging, who are you? Are you an employee? What's your employee number? Go down to the little room on Wednesday between 1 and 5 and get your photo taken. Many of those types of protocols are going to be necessary around the actual deployment of a laptop. Is this a corporate laptop? Has it been authorized to be on the network? Who is responsible for it? Those things become part of issuing a new machine. So there are some challenges in the deploying of this technology, but it really is very compatible with the existing infrastructure corporations have and a very effective solution at enhancing the security at a low price.
Geer: Thank you for speaking with us today, Steven. If you would like to learn more about the TPM hardware security chip, surf to www.trustedcomputinggroup.org.
ITworld.com