July 03, 2007, 4:43 PM — David Geer recently spoke with Steven Sprague, one of the original founders of the Trusted Computing Group, a nonprofit forum to develop open standards for hardware-enabled trusted computing and security technologies. Steven is a long-time advocate of securing PC platforms via hardware chips.
Listen to the original interview here, or visit our Podcast Center for more audio interviews.
| Steven Sprague, Trusted Computing Group |
| Ask him to do anything but ... "Who is winning the xxx series. Sports is fun to watch, but boring to follow." |
| Favorite (non-work) pastimes: Construction, skiing and boating |
| Something most people don't know about him: "I am a really good welder and mechanic." |
| Philosophy: "Anything is possible with the proper application of creativity and energy." |
| Favorite technology: "I know it's a corny answer, but trust in the laptop and how it will change the world." |
| Favorite vices: Wine, horsepower |
| What he's reading now: The Gift of Dyslexia |
David Geer: What is the trusted platform module or TPM hardware security chip?
Steven Sprague: The trusted platform module is a new hardware chip in your PC. It's now shipping in most enterprise PC platforms -- so business computers versus consumer computers -- and it's a hardware chip that stores securely credentials and keys that can be used for both protecting data and strong authentication to the network. So this is a chip that will ultimately help us as users because it will eliminate the need for us to have user ID and password to access all services.
Geer: How is it going to remove the need for a user IDs and passwords for a great deal of services?
Sprague: So this is actually a technology that we as consumers are very familiar with in other devices. For example, you imagine your cell phone. Every time you drive by a cell tower you don't have to log onto that cell tower. And that's done because inside the cell phone there's a chip that manages the identity of that phone to the network. What the trusted platform module provides is a similar type of container, but that can be used really by any service provider to allow the machine to authenticate to the network. So in the future, what will happen is, you as a user authenticate to your machine and then the machine keeps track of the 2,000 different places that you'd like to be a subscriber on the network, whether for free, whether access to your email, or even for paid services.
Geer: When I think of removing the need for user IDs and passwords, clearly I guess there's an advantage for the network that you're connecting to, but how does the chip make your laptop or computer that's connecting to the network more secure?
Sprague: Well, because what happens is a service provider - like let's say my administrator for my email system - can ask my computer to generate a unique secret key inside the trusted platform module. Now the user could delete that key, but it's impossible for the user to migrate that key away from that single trusted platform module to either another machine or for hacker software to steal that unique secret key from that chip. And so in that way, when that computer connects to the email server, it's able to establish that I am the machine that has this secret key and I can prove, with the trusted platform module, that that's that unique machine. And there's no way for malicious software to reach in and extract that identity information from the computer. And I can have a different secret key for every different service I belong to. So it's not about a single identity, it's about having many different identities to the different services that I have relationships with.
Geer: And what types of threats, as far as I guess plain speaking, end-result type of threats does this prevent, whether it's someone got my personal private information off my laptop or someone took control of my computer or something like this? What's a list of things that this chip would help prevent that aren't completely preventable without it today?
