Trust Your Computer

With the Trusted Computing Group's recent progresses, users can take a much-needed sigh of relief

  • By Steven Sprague
  • Mar 01, 2006

THE precarious state of online security, data protection and identity protection for business, government and consumers is the material of daily news headlines -- from lost and stolen laptops and backup tapes to unsophisticated consumer Internet phishing identity theft.

While the past holiday season showed the demand for online commerce continues to grow dramatically, industry analysts and market researchers are discovering a growing unease about the use of online financial services that expose the most sensitive corporate and personal data.

Cases of financial cyber fraud, identity theft and data losses from Fortune 500 companies, such as Marriott, Bank of America, Wachovia and Citigroup, highlight the fact that valuable data continues to be at significant risk. Data breaches include the loss of sensitive employee and customer profiles, Social Security data and credit information, and outright identity theft. Information is lost through mishandling, theft, unauthorized access to IT networks and malicious attacks.

How Do We Protect Ourselves?
The Federal Financial Institutions Examination Council recently issued guidance suggesting financial institutions offering Internet-based financial services should use more-effective methods to authenticate the identity of customers.

More than 1 million federal employees had personal data lost or stolen in 2005, including those of the Federal Deposit Insurance Corp.

"Identity theft, particularly account hijacking, continues to grow as a problem for the financial services industry and for consumers," Don Powell, FDIC chairman, said recently. "Our review illustrates that ID theft is evolving in more complicated ways and that more can and should be done to make online banking more secure."

The IT industry is responding to these significant challenges by encouraging the development and delivery of a range of new open-standard, hardware-based security solutions. Important progress is being stimulated by the formation of the Trusted Computing Group.

The TCG is a not-for-profit organization formed to develop, define and promote open standards for hardware-enabled trusted computing and security technologies, including hardware building blocks and software interfaces across multiple platforms, peripherals and devices. TCG specifications will enable more secure computing environments without compromising functional integrity, privacy or individual rights. The primary goal is to help users protect their information assets from compromise.

Leading members of the TCG include AMD, Dell, HP, IBM, Intel, Microsoft, Motorola, Sony, Sun Microsystems, STMicroelectronics and Wave Systems. There are now more than 110 members spanning the IT industry.

Industry developers, manufacturers and service providers use TCG specifications to build products that protect and strengthen computing platforms against software-based attacks. In contrast, traditional older-generation security approaches have taken a "moat" approach, which attempted to create electronic boundaries or firewalls that mirrored organizational boundaries.

However, today's new Web services are aimed at making boundaries virtual so that customers and suppliers can have ready access to important information that resides inside corporate information systems. In addition, the security of today's systems is based almost exclusively on software, which has proven to make them highly vulnerable to malicious attacks from the network. Finally, with the increased mobility of devices for access at all times in all places, the threat of physical theft and loss has seen a corresponding increase.

TCG standards today are based on a special-purpose security chip placed in a PC called a trusted platform module (TPM). These security chips use an open-standards approach to ensure interoperability across vendor platforms, operating systems and product lines. A TPM, a secure key generator and key cache management component enable protected storage of encryption keys and authentication credentials for enhanced security capabilities.

TPM chips store encryption keys and digital signature keys to ensure confidentiality and integrity. This helps protect trusted PCs from typical software-based attacks. Importantly, the keys and other critical security information are stored in non-volatile memory with the chip. Unlike software-only security solutions most rely on today, the private encryption keys stored within the chip are protected by the chip even when in use. The root of trust is stored in the hardware and is less vulnerable to attack.

Additionally, the TPM has the ability to perform measurements of the software installed on the machine. These measurements are then compared against known values to determine if the software or configuration has been changed or altered in some unauthorized manner.

What is Trusted Computing?
With encryption keys protection in the hardware of the trusted PC, what can trusted computing do for typical users? Primary benefits include strong authentication, data protection and endpoint security.

Corporations and government agencies remain vulnerable to malicious attacks when unauthorized users authenticate and spoof themselves and their PC platforms into insecure IT networks. Software-only login and sign-in processes have proven to be easily breached. Strong user authentication and platform validation make access from malicious attack far more difficult.

With private encryption keys stored in a security chip, users may now be strongly authenticated via the TPM chip itself, a password and/or a biometric. The risk of spoofing is dramatically lessened. Protected storage of keys also allows for the creation of strong, complex passwords to further strengthen the authentication process.

In addition to strongly authenticating identities, the TPM security chip also can authenticate and validate the device being used (the trusted computer). Eventually, the chips will validate mobile devices like cell phones and PDAs, as well.

Another important capability easily enabled by trusted computing is the secure storage and management capabilities for file, folder and drive-level encryption. Data protection capabilities from software companies protect files so that they may not be viewed without access to the encryption keys. The means that with lost or stolen laptops or lost backup tapes, extremely sensitive customer or employee data can still be protected by keys stored in the TPM, even when the data is in the hands of those with malicious intent.

The keys that enable authentication and data protection also help in the delivery of a range of easy-to-use trusted services that are useful in everyday business applications. For instance, client-based single log-in allows users to auto fill in username and password with the use of only one password, and register others in the TPM security chip for auto fill as needed.

Users also can help set the policies of how the TPM security chip interacts with the user, such as the use of biometric authentication, through TPM and user management applications.

An endpoint integrity capability potentially offered by vendors building to the TCG framework is the Trusted Network Connect architecture. Products based on the architecture can determine the security and compliance of clients attempting to connect to a network and will provide a level of network access based on the configuration and integrity of the client. With the enforcement of IT security and system requirements, network administrators are expected to decrease security vulnerabilities, support costs and downtime associated with misconfigured or infected systems.

The good news is that the computer industry is offering an increasingly wide variety of trusted PCs and desktop boards equipped with a TPM security chip. More vendors and models are scheduled to be announced in the coming months. Industry experts are now predicting a trusted computing tidal wave.

Making a commitment to trusted computing is designed to be easy. It's mainly a matter of replacing existing PCs -- typically on three- or four-year replacement cycles -- with generally available trusted PCs and associated secure software.

Featured

  • It's Show Time

    I am one of those people that likes to see things get bigger and better. As advertised, ISC West is going to be bigger (more exhibitors) and better (more attendees). It’s show time in Las Vegas. Read Now

    • Industry Events
    • ISC West

  • SIA Releases New Report on Operational Security Technology

    The Security Industry Association (SIA) has released an impactful new resource – Operational Security Technology: Principles, Challenges and Achieving Mission-Critical Outcomes Leveraging OST. Read Now

  • Cyber Overconfidence Is Leaving Your Organization Vulnerable

    The increased sophistication of cyber threats pumped by the relentless use of AI and machine learning brings forth record-breaking statistics. Cyberattacks grew 44% YoY in 2024, with a weekly average of 1,673 cyberattacks per organization. While organizations up their security game to help thwart these attacks, a critical question remains: Can employees identify a threat when they come across one? A Confidence Gap survey reveals that 86% of employees feel confident in their ability to identify phishing attempts. But things are not as rosy as they appear; the more significant part of the report finds this confidence misplaced. Read Now

  • Mission 500 Debuts Refreshed Identity Ahead of Security 5K/2K at ISC West

    Mission 500, the security industry’s nonprofit charity dedicated to supporting children in need across the US, Canada, and Puerto Rico, has unveiled a refreshed brand identity ahead of ISC West. The charity’s new look includes a modernized logo with refined messaging to reinforce Mission 500’s nearly decade-long commitment to serving the needs of children and families in crisis. Read Now

    • Industry Events
Most   Popular

New Products

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.