Trust Your Computer

With the Trusted Computing Group's recent progresses, users can take a much-needed sigh of relief

  • By Steven Sprague
  • Mar 01, 2006

THE precarious state of online security, data protection and identity protection for business, government and consumers is the material of daily news headlines -- from lost and stolen laptops and backup tapes to unsophisticated consumer Internet phishing identity theft.

While the past holiday season showed the demand for online commerce continues to grow dramatically, industry analysts and market researchers are discovering a growing unease about the use of online financial services that expose the most sensitive corporate and personal data.

Cases of financial cyber fraud, identity theft and data losses from Fortune 500 companies, such as Marriott, Bank of America, Wachovia and Citigroup, highlight the fact that valuable data continues to be at significant risk. Data breaches include the loss of sensitive employee and customer profiles, Social Security data and credit information, and outright identity theft. Information is lost through mishandling, theft, unauthorized access to IT networks and malicious attacks.

How Do We Protect Ourselves?
The Federal Financial Institutions Examination Council recently issued guidance suggesting financial institutions offering Internet-based financial services should use more-effective methods to authenticate the identity of customers.

More than 1 million federal employees had personal data lost or stolen in 2005, including those of the Federal Deposit Insurance Corp.

"Identity theft, particularly account hijacking, continues to grow as a problem for the financial services industry and for consumers," Don Powell, FDIC chairman, said recently. "Our review illustrates that ID theft is evolving in more complicated ways and that more can and should be done to make online banking more secure."

The IT industry is responding to these significant challenges by encouraging the development and delivery of a range of new open-standard, hardware-based security solutions. Important progress is being stimulated by the formation of the Trusted Computing Group.

The TCG is a not-for-profit organization formed to develop, define and promote open standards for hardware-enabled trusted computing and security technologies, including hardware building blocks and software interfaces across multiple platforms, peripherals and devices. TCG specifications will enable more secure computing environments without compromising functional integrity, privacy or individual rights. The primary goal is to help users protect their information assets from compromise.

Leading members of the TCG include AMD, Dell, HP, IBM, Intel, Microsoft, Motorola, Sony, Sun Microsystems, STMicroelectronics and Wave Systems. There are now more than 110 members spanning the IT industry.

Industry developers, manufacturers and service providers use TCG specifications to build products that protect and strengthen computing platforms against software-based attacks. In contrast, traditional older-generation security approaches have taken a "moat" approach, which attempted to create electronic boundaries or firewalls that mirrored organizational boundaries.

However, today's new Web services are aimed at making boundaries virtual so that customers and suppliers can have ready access to important information that resides inside corporate information systems. In addition, the security of today's systems is based almost exclusively on software, which has proven to make them highly vulnerable to malicious attacks from the network. Finally, with the increased mobility of devices for access at all times in all places, the threat of physical theft and loss has seen a corresponding increase.

TCG standards today are based on a special-purpose security chip placed in a PC called a trusted platform module (TPM). These security chips use an open-standards approach to ensure interoperability across vendor platforms, operating systems and product lines. A TPM, a secure key generator and key cache management component enable protected storage of encryption keys and authentication credentials for enhanced security capabilities.

TPM chips store encryption keys and digital signature keys to ensure confidentiality and integrity. This helps protect trusted PCs from typical software-based attacks. Importantly, the keys and other critical security information are stored in non-volatile memory with the chip. Unlike software-only security solutions most rely on today, the private encryption keys stored within the chip are protected by the chip even when in use. The root of trust is stored in the hardware and is less vulnerable to attack.

Additionally, the TPM has the ability to perform measurements of the software installed on the machine. These measurements are then compared against known values to determine if the software or configuration has been changed or altered in some unauthorized manner.

What is Trusted Computing?
With encryption keys protection in the hardware of the trusted PC, what can trusted computing do for typical users? Primary benefits include strong authentication, data protection and endpoint security.

Corporations and government agencies remain vulnerable to malicious attacks when unauthorized users authenticate and spoof themselves and their PC platforms into insecure IT networks. Software-only login and sign-in processes have proven to be easily breached. Strong user authentication and platform validation make access from malicious attack far more difficult.

With private encryption keys stored in a security chip, users may now be strongly authenticated via the TPM chip itself, a password and/or a biometric. The risk of spoofing is dramatically lessened. Protected storage of keys also allows for the creation of strong, complex passwords to further strengthen the authentication process.

In addition to strongly authenticating identities, the TPM security chip also can authenticate and validate the device being used (the trusted computer). Eventually, the chips will validate mobile devices like cell phones and PDAs, as well.

Another important capability easily enabled by trusted computing is the secure storage and management capabilities for file, folder and drive-level encryption. Data protection capabilities from software companies protect files so that they may not be viewed without access to the encryption keys. The means that with lost or stolen laptops or lost backup tapes, extremely sensitive customer or employee data can still be protected by keys stored in the TPM, even when the data is in the hands of those with malicious intent.

The keys that enable authentication and data protection also help in the delivery of a range of easy-to-use trusted services that are useful in everyday business applications. For instance, client-based single log-in allows users to auto fill in username and password with the use of only one password, and register others in the TPM security chip for auto fill as needed.

Users also can help set the policies of how the TPM security chip interacts with the user, such as the use of biometric authentication, through TPM and user management applications.

An endpoint integrity capability potentially offered by vendors building to the TCG framework is the Trusted Network Connect architecture. Products based on the architecture can determine the security and compliance of clients attempting to connect to a network and will provide a level of network access based on the configuration and integrity of the client. With the enforcement of IT security and system requirements, network administrators are expected to decrease security vulnerabilities, support costs and downtime associated with misconfigured or infected systems.

The good news is that the computer industry is offering an increasingly wide variety of trusted PCs and desktop boards equipped with a TPM security chip. More vendors and models are scheduled to be announced in the coming months. Industry experts are now predicting a trusted computing tidal wave.

Making a commitment to trusted computing is designed to be easy. It's mainly a matter of replacing existing PCs -- typically on three- or four-year replacement cycles -- with generally available trusted PCs and associated secure software.

Featured

  • 2025 Gun Violence Statistics Show Signs of Progress

    Omnilert, a national leader in AI-powered safety and emergency communications, has released its 2025 Gun Violence Statistics, along with a new interactive infographic examining national and school-related gun violence trends. In 2025, the U.S. recorded 38,762 gun-violence deaths, highlighting the continued importance of prevention, early detection, and coordinated response. Read Now

  • Big Brand Tire & Service Rolls Out Interface Virtual Perimeter Guard

    Interface Systems, a managed service provider delivering remote video monitoring, commercial security systems, business intelligence, and network services for multi-location enterprises, today announced that Big Brand Tire & Service, one of the nation’s fastest-growing independent tire and automotive service providers, has eliminated costly overnight break-ins and significantly reduced trespassing and vandalism at a high-risk location. The company achieved these results by deploying Interface Virtual Perimeter Guard, an AI-powered perimeter security solution designed to deter incidents before they occur. Read Now

  • The Evolution of ID Card Printing: Customer Challenges and Solutions

    The landscape of ID card printing is evolving to meet changing customer needs, transitioning from slow, manual processes to smart, on-demand printing solutions that address increasingly complex enrollment workflows. Read Now

  • TSA Awards Rohde & Schwarz Contract for Advanced Airport Screening Ahead of Soccer World Cup 2026

    Rohde & Schwarz, a provider of AI-based millimeter wave screening technology, announced today it has won a multi-million dollar award from TSA to supply its QPS201 AIT security scanners to passenger security screening checkpoints at selected Soccer World Cup 2026 host city airports. Read Now

  • Brivo, Eagle Eye Networks Merge

    Dean Drako, Chairman of Brivo, the leading global provider of cloud-native access control and smart space technologies, and Founder of Eagle Eye Networks, the global leader in cloud AI video surveillance, today announced the two companies will merge, creating the world’s largest AI cloud-native physical security company. The merged company will operate under the Brivo name and deliver a truly unified cloud-native security platform. Read Now

Most   Popular

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.