|By Makan Pourzandi, Axelle Apvrille||
|December 13, 2004 12:00 AM EST||
In an era where everybody is connected to a potentially harmful Internet with an increasing number of complex and distributed applications, controlling what the computers do has become significantly harder. At the core, simple actions (executing software, e-commerce, etc.) rely on trust relationships; what if your computer (or the merchant's) has been compromised and alters your perception of reality? Indeed, at the beginning, Neo did not know there was a Matrix because he trusted everything he saw...
Closer to our world, and without being paranoid, one of the first actions intruders or rootkits take is to replace common commands with fake ones. Is it then possible to guarantee that we'll really execute the code we intended to? How far can you trust the computer of a given merchant not to reveal your credit card number? This is precisely what trusted computing is about: providing the means to know how much a given machine may be trusted.
Actually, the use of chips to enforce security within the lowest layers isn't new; it's existed for many years. However, their high price, difficult integration with commercial software, and high impact on systems' performances has restricted their use to the mainstream industry.
Several major industrials decided to join their efforts and design a compromise that would meet market needs. The idea was to build a trusted platform, including a new security chip, that would be easier to use and with more computational power, but perhaps a little less secure. They first gave birth to the TCPA (Trusted Computing Platform Alliance) in 1999, and then to its successor, TCG (Trusted Computing Group), in 2003.
Trusted Computing GroupThe primary goal of the TCG is to provide the industry with vendor-neutral standard specifications for various platforms (PC, PDA, mobile phone, etc.). To do so, they describe a subsystem to integrate onto each platform and that provides protection to a user's computing environment, and information and keys to operating systems or applications. More precisely, TCG's proposed subsystem consists of a Trusted Platform Module (TPM) and the TPM Software Stack (TSS).
The TPM is a hardware chip. It provides low-level trusted computing functionalities such as protected storage (making sure encryption keys cannot be retrieved even if the platform is compromised), integrity metrics (detecting compromise), and platform attestation (prove to others that the platform has a given property).
As for the TSS, it's organized as shown in Figure 1:
- A TPM device driver, typically provided by the TPM manufacturer
- An abstraction layer to TPM drivers, the TDDL, which makes it possible to develop upper components in the stack independent of the TPM chip
- A core services layer (TCS) that groups all common services to the software stack, such as event management, key and credentials management, etc.
- Various TSS Service Providers (TSP) that, for example, offer access to specific APIs such as PKCS#11
To avoid such a scenario, a possible solution relies on trusted computing. The administrator uses the TPM to seal the secret key with the BIOS, OS, and the network access software. This cryptographically binds the keys to a given software stack, so that only the TPM may unseal the key if and only if the software stack (BIOS, OS, network-access software) has not been compromised. This virtually establishes trust on an untrusted platform.
Linux Support for TCGIn practice, TPMs are already well established on the market, although perhaps not that widely yet. Several chip manufacturers propose TPM chips (e.g., Infineon's SLD 9630 TT or Atmel's AT97SC3201). Intel has developed TPM-integrated boards (D865GRH, D915GEV, and D915GUX desktop boards). TPMs are even sold on a specific desktop or laptop series (IBM ThinkCentre, HP Compaq DC7100, Toshiba Tecra M2, Fujitsu Lifebook S, etc.). The real difficulty in getting your hands on TCG arises later, within the TPM Software Stack. Indeed, mainstream Linux kernels do not natively recognize TPM chips, and solutions to use them are nearly nonexistent at the moment.
With Linux, we are presently only aware of NTRU's TSS and a few research projects listed in Table 1. Most of those are highly experimental, with only limited support of TPM chips and a selected subset of TCG functions. Clearly, this is currently only a developer's or an expert's world; there is no way an end user can benefit from TCG's functionalities without getting into the source code.
TCG and LinuxActually, trusted computing's first exposure to the public has been quite controversial. Basically, people worried that this technology would scorn privacy or block software interoperability. Others even exposed startling side effects. The reality is probably somewhat more balanced, and we dare to compare trusted computing to a Swiss army knife: it can be extremely useful for getting out of (dangerous?) situations, but obviously it may be lethal.
It's beyond the scope of this article to tackle privacy and TCG issues in more detail, though we invite interested readers to refer to the resources section for further readings.
Whether we want it or not, trusted computing seems to be a part of the future for many commercial systems. Support for TCG is already part of the requirements for some industrial Linux systems. Market perspective looks extremely promising; indeed, there are still several research and development opportunities:
- At the hardware level, by introducing new trusted hardware on the market (see for instance, Intel's trusted keyboard controller).
- At the operating system level, with a new "trusted" OS making use of trusted hardware. This would probably consist of a kernel module but with a broader link to the OS.
- At the application level, with numerous use cases for end-user "trusted" applications, but barely any implementation on Linux yet.
- In the area of embedded systems - for example, mobile phones, PDAs, or other devices.
ConclusionCurrently, the best way to qualify TCG's penetration in the market is moderate: the TPM chips are already on the market, but their software stack is extremely limited and experimental. Yet, whatever your rationale is - for or against TCG technology - with the widespread propagation of viruses and other malware, and the ever-increasing security needs of the industry, trusted computing seems an extremely promising technology and TPM chips are very likely to be deployed more frequently on systems around us. It would then be extremely positive for the Linux community - and more generally the open source community - to get involved. Indeed, how much and how well TPMs are supported and integrated could become a selection criteria among operating systems in the future.
Adobe is changing the world though digital experiences. Adobe helps customers develop and deliver high-impact experiences that differentiate brands, build loyalty, and drive revenue across every screen, including smartphones, computers, tablets and TVs. Adobe content solutions are used daily by millions of companies worldwide-from publishers and broadcasters, to enterprises, marketing agencies and household-name brands. Building on its established design leadership, Adobe enables customers not o...
Sep. 30, 2016 07:30 AM EDT
Everyone knows that truly innovative companies learn as they go along, pushing boundaries in response to market changes and demands. What's more of a mystery is how to balance innovation on a fresh platform built from scratch with the legacy tech stack, product suite and customers that continue to serve as the business' foundation. In his General Session at 19th Cloud Expo, Michael Chambliss, Head of Engineering at ReadyTalk, will discuss why and how ReadyTalk diverted from healthy revenue an...
Sep. 30, 2016 07:15 AM EDT Reads: 2,237
Cognitive Computing is becoming the foundation for a new generation of solutions that have the potential to transform business. Unlike traditional approaches to building solutions, a cognitive computing approach allows the data to help determine the way applications are designed. This contrasts with conventional software development that begins with defining logic based on the current way a business operates. In her session at 18th Cloud Expo, Judith S. Hurwitz, President and CEO of Hurwitz & ...
Sep. 30, 2016 07:15 AM EDT Reads: 3,264
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform and how we integrate our thinking to solve complicated problems. In his session at 19th Cloud Expo, Craig Sproule, CEO of Metavine, will demonstrate how to move beyond today's coding paradigm ...
Sep. 30, 2016 07:00 AM EDT Reads: 3,463
The Transparent Cloud-computing Consortium (abbreviation: T-Cloud Consortium) will conduct research activities into changes in the computing model as a result of collaboration between "device" and "cloud" and the creation of new value and markets through organic data processing High speed and high quality networks, and dramatic improvements in computer processing capabilities, have greatly changed the nature of applications and made the storing and processing of data on the network commonplace.
Sep. 30, 2016 06:00 AM EDT Reads: 1,259
Digital transformation is too big and important for our future success to not understand the rules that apply to it. The first three rules for winning in this age of hyper-digital transformation are: Advantages in speed, analytics and operational tempos must be captured by implementing an optimized information logistics system (OILS) Real-time operational tempos (IT, people and business processes) must be achieved Businesses that can "analyze data and act and with speed" will dominate those t...
Sep. 30, 2016 05:30 AM EDT Reads: 1,280
Almost two-thirds of companies either have or soon will have IoT as the backbone of their business in 2016. However, IoT is far more complex than most firms expected. How can you not get trapped in the pitfalls? In his session at @ThingsExpo, Tony Shan, a renowned visionary and thought leader, will introduce a holistic method of IoTification, which is the process of IoTifying the existing technology and business models to adopt and leverage IoT. He will drill down to the components in this fra...
Sep. 30, 2016 05:00 AM EDT Reads: 1,881
As ridesharing competitors and enhanced services increase, notable changes are occurring in the transportation model. Despite the cost-effective means and flexibility of ridesharing, both drivers and users will need to be aware of the connected environment and how it will impact the ridesharing experience. In his session at @ThingsExpo, Timothy Evavold, Executive Director Automotive at Covisint, will discuss key challenges and solutions to powering a ride sharing and/or multimodal model in the a...
Sep. 30, 2016 04:45 AM EDT Reads: 672
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 19th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo Silicon Valley Call for Papers is now open.
Sep. 30, 2016 04:45 AM EDT Reads: 4,718
I'm a lonely sensor. I spend all day telling the world how I'm feeling, but none of the other sensors seem to care. I want to be connected. I want to build relationships with other sensors to be more useful for my human. I want my human to understand that when my friends next door are too hot for a while, I'll soon be flaming. And when all my friends go outside without me, I may be left behind. Don't just log my data; use the relationship graph. In his session at @ThingsExpo, Ryan Boyd, Engi...
Sep. 30, 2016 04:45 AM EDT Reads: 1,409
SYS-CON Events announced today that Pulzze Systems will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Pulzze Systems, Inc. provides infrastructure products for the Internet of Things to enable any connected device and system to carry out matched operations without programming. For more information, visit http://www.pulzzesystems.com.
Sep. 30, 2016 04:30 AM EDT Reads: 1,924
Why do your mobile transformations need to happen today? Mobile is the strategy that enterprise transformation centers on to drive customer engagement. In his general session at @ThingsExpo, Roger Woods, Director, Mobile Product & Strategy – Adobe Marketing Cloud, covered key IoT and mobile trends that are forcing mobile transformation, key components of a solid mobile strategy and explored how brands are effectively driving mobile change throughout the enterprise.
Sep. 30, 2016 03:45 AM EDT Reads: 2,242
SYS-CON Events announced today that ReadyTalk, a leading provider of online conferencing and webinar services, has been named Vendor Presentation Sponsor at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. ReadyTalk delivers audio and web conferencing services that inspire collaboration and enable the Future of Work for today’s increasingly digital and mobile workforce. By combining intuitive, innovative tec...
Sep. 30, 2016 03:45 AM EDT Reads: 3,091
If you’re responsible for an application that depends on the data or functionality of various IoT endpoints – either sensors or devices – your brand reputation depends on the security, reliability, and compliance of its many integrated parts. If your application fails to deliver the expected business results, your customers and partners won't care if that failure stems from the code you developed or from a component that you integrated. What can you do to ensure that the endpoints work as expect...
Sep. 30, 2016 03:15 AM EDT Reads: 1,756
WebRTC adoption has generated a wave of creative uses of communications and collaboration through websites, sales apps, customer care and business applications. As WebRTC has become more mainstream it has evolved to use cases beyond the original peer-to-peer case, which has led to a repeating requirement for interoperability with existing infrastructures. In his session at @ThingsExpo, Graham Holt, Executive Vice President of Daitan Group, will cover implementation examples that have enabled ea...
Sep. 30, 2016 03:00 AM EDT Reads: 1,630
There is growing need for data-driven applications and the need for digital platforms to build these apps. In his session at 19th Cloud Expo, Muddu Sudhakar, VP and GM of Security & IoT at Splunk, will cover different PaaS solutions and Big Data platforms that are available to build applications. In addition, AI and machine learning are creating new requirements that developers need in the building of next-gen apps. The next-generation digital platforms have some of the past platform needs a...
Sep. 30, 2016 03:00 AM EDT Reads: 1,943
So, you bought into the current machine learning craze and went on to collect millions/billions of records from this promising new data source. Now, what do you do with them? Too often, the abundance of data quickly turns into an abundance of problems. How do you extract that "magic essence" from your data without falling into the common pitfalls? In her session at @ThingsExpo, Natalia Ponomareva, Software Engineer at Google, provided tips on how to be successful in large scale machine learning...
Sep. 30, 2016 02:45 AM EDT Reads: 2,457
In his session at @ThingsExpo, Kausik Sridharabalan, founder and CTO of Pulzze Systems, Inc., will focus on key challenges in building an Internet of Things solution infrastructure. He will shed light on efficient ways of defining interactions within IoT solutions, leading to cost and time reduction. He will also introduce ways to handle data and how one can develop IoT solutions that are lean, flexible and configurable, thus making IoT infrastructure agile and scalable.
Sep. 30, 2016 02:15 AM EDT Reads: 1,641
SYS-CON Events announced today that Numerex Corp, a leading provider of managed enterprise solutions enabling the Internet of Things (IoT), will exhibit at the 19th International Cloud Expo | @ThingsExpo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Numerex Corp. (NASDAQ:NMRX) is a leading provider of managed enterprise solutions enabling the Internet of Things (IoT). The Company's solutions produce new revenue streams or create operating...
Sep. 30, 2016 02:00 AM EDT Reads: 2,088
In his general session at 18th Cloud Expo, Lee Atchison, Principal Cloud Architect and Advocate at New Relic, discussed cloud as a ‘better data center’ and how it adds new capacity (faster) and improves application availability (redundancy). The cloud is a ‘Dynamic Tool for Dynamic Apps’ and resource allocation is an integral part of your application architecture, so use only the resources you need and allocate /de-allocate resources on the fly.
Sep. 30, 2016 12:45 AM EDT Reads: 2,990