| Global Networking is causing the
globe to shrink and network boundaries to disappear. Closed corporate
networks are opening up as the demand for information from traveling
employees, customers, and partners increases. But these developments
make information more vulnerable and increase the need for security.
Update
TCPA
The electronics industry realized that these security issues would
be a major hindrance to the development of electronic communication
and transactions, and thus began working on an appropriate answer.
Founded in 1999 by Compaq, Hewlett Packard, IBM, Intel, and Microsoft
the Trusted Computing Platform Alliance (TCPA) defined and developed
the concept of Trusted Computing as a security standard.
In the meantime more than 160 companies all along the value chain
have joined this impressive industry approach. As the world market
leader in secure controllers, Infineon Technologies has contributed
to all specifications of the TCPA organization. The basis for the
concept that will change PCs, notebooks, PDAs, mobile phones, etc.
into Trusted Clients is the so-called TPM (Trusted Platform Module),
which provides functionality for strong authentication, secure storage
and protection of the PC’s integrity. Infineon Technologies
is one of the first companies to provide a product built to the
TCPA specification.
The TCPA concept
The TPM has the following tasks:
 |
|
Monitoring the trustworthiness of the platform
it is bound to |
|
 |
Providing strong authentication mechanisms
for identifying the platform |
|
|
Providing secure storage for the user’s
keys and secrets |
|
|
Providing additional cryptographic services
to applications |
In addition, the TCPA expects the TPM
to meet three further requirements:
|
|
Cost effectivity |
|
|
Complete exportability of the platform
it is integrated in |
|
|
It must not infringe on the platform owner’s
privacy. |
Trustworthy status
To perform this task, the TPM monitors the
booting process of, for example, a PC. During this process, so-called
hash values (basically a checksum) for the relevant components are
created: BIOS, device drivers, loaders of the operating system.
These values are stored in the TPM and can be compared to the reference
values that define the trustworthy status of the platform.
By reporting the result to either the owner or
a communication partner, the TPM provides crucial information to
base a security policy on. A system that reports a non-trustworthy
state can be disconnected by the system administrator from the network
or at least be investigated to find out the reason of this status.
Strong authentication
Up to now it has been difficult for system
administrators to determine whether a system connected to their
network is a company system or not. It might be necessary, for example,
to limit download of critical documents only to corporate computers
(as you don’t want to have them on the hard drive of the PC
in an airport lounge, thanks to your traveling businessman). Because
the TPM provides the capabilities of a built-in smart card, strong
authentication can be provided to give a higher level of assurance
to secure networks.
Secure storage
The main CPU of a PC or notebook is build
to execute the loaded application quickly and correctly. It is not
built to distinguish between “good” and “evil”
software. Viruses and Trojan horses are able to steal information
on or en route to the main CPU. To protect the most important data
(such as a digital signature key) it must be stored in well protected,
separate hardware that is also able to provide the necessary performance
to utilize this data (e.g. to digitally sign a document). The TPM
provides this functionality with a secure non-volatile memory and
efficient cryptographic coprocessors.
Additional cryptographic services
Serving standard cryptographic service providers
(CSP) like Microsoft® CAPI and RSA’s PKCS#11, the TPM
performs additional cryptographic requests. Secure creation of keys,
calculation of a hash value and many other functions are provided
to the requesting applications. Because the applications already
use software cryptography, the additional increase in security by
the TPM hardware is tremendous.
Framework
As mentioned earlier, the TPM concept had
to meet certain requirements. First of all, the TPM should be cost
effective by not adding too much to the overall costs of the platform.
Secondly, care had to be taken that no export restrictions were
added to the platform. Consequently, the TPM does not offer freely
available encryption services to applications. Thirdly and most
importantly, the TPM must not compromise the privacy of the user.
This was realized by giving the TPM owner full control over its
functionality (the TPM can even be disabled). Even when enabled,
the TPM can only respond to so-called third-party challenges if
allowed to by the owner. Allowing the creation of identities that
might be different for each service provides additional protection
of the user’s privacy.
The TPM market
The first definition provided by the TCPA
is reflected in the integration of TPMs in PCs and notebooks. Given
the market power of the promoter and member companies as well as
the possibilities provided by TPM functionality, the TCPA concept
has the potential to be realized on every PC and notebook platform.
This would mean a market of about 200 million pieces by 2005. For
the future, it is very likely that the TPMs will move into PDAs,
mobile phones, and other devices because they face the same security
requirements as clients of a worldwide network.
The Infineon TPM product (SLD 9630 TT 1.1)
Hardware
The basis for the Infineon TPM is the mature
technology of the 66P secure controllers. In addition to the well
proven, true random number generator and asymmetric RSA coprocessor
(which was upgraded to 2048-bit key length) Infineon has realized
the hash coprocessor (SHA-1 and MD5) and the LPC interface. Security
measures such as active shielding, as well as frequency and temperature
sensors, are part of the product just as they are in all the other
66P based products. This gives the Infineon TPM the highest level
of security protection in the world.
Firmware and Software
To make integration into customer platforms
as secure and convenient as possible, Infineon provides firmware
(which runs on the secure controller), the TCPA Software Stack (TSS)
and support for integration into the customer’s own BIOS.
Services
In addition to the product, Infineon also
provides two services required by the TCPA specification:
|
|
The TPM, including the firmware, must be
certified according to the TCPA’s Common Criteria protection
profile. This evaluation is the basis for the customer’s
Trusted Client certificate. |
|
|
Infineon ensures the security critical
personalization of TPMs. During this process, a unique public/
private key pair certified by Infineon is created for and stored
inside each TPM. |
Summary
Security is considered to be the next differentiation
feature for PCs and notebooks. The TCPA specifications leave room
for differentiation, but ensure interoperability and compliance.
Integrating the TPM into such systems makes them more secure as
well as trustworthy.
Infineon Technologies is very much involved in
the standardization process and accepted as a leader in security
components. With the SLD 9630 TT 1.1, Infineon has introduced its
first TPM on the market. Further development of a roadmap that includes
secure devices for PCs, notebooks, and other network appliances
will keep Infineon in the lead in this exciting and growing market.
This article was first published in
SECURE magazine (02/2002). It has been presented here in slightly
edited form. To read the original article, please visit SECURE
Magazine.
|
