Re: TPM, part 2
Peter Gutmann wrote: I have a friend who implemented a basic trusted-boot mechanism for a student project, so we have evidence of at least one use of a TPM for TC, and I know some folks at IBM Research were playing with one a few years ago, so that's at least two users so far. Anyone else? as i've mentioned before ... we looked at somewhat similar hardware solution (but much simpler) for the original acorn (ibm/pc code name), primarily as software piracy countermeasure ... but the tamper resistant technology state of the art at the time was way too expensive ... and investigation was dropped. what was seen during the 80s were things like those specially encoded floppy disks ... that had to be inserted when you started the application ... a couple past posts/references: http://www.garlic.com/~lynn/2006p.html#41 Device Authentication - The answer to attacks lauched using stolen passwords? http://www.garlic.com/~lynn/aadsm27.htm#9 Enterprise Right Management vs. Traditional Encryption Tools http://www.garlic.com/~lynn/2007m.html#20 Patents, Copyrights, Profits, Flex and Hercules in the late 90s i would periodically chide the TPM folks about what they were doing ... and at an assurance talk i gave in the trusted computing track at intel developers forum (spring 2001), i chided the guy running the effort (was sitting in the front row) that it was nice to see that over the previous couple yrs that TPM had started to look more more like the AADS chip strawman. his retort was something about it being because I didn't have a committee of couple hundred people helping me with (my) chip design. misc. past posts mentioning aads chip strawman http://www.garlic.com/~lynn/x959.html#aads - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: TPM, part 2
Leichter, Jerry [EMAIL PROTECTED] writes: All your data belong to us. From Computerworld. Trusted Computing Group turns attention to storage I think it's more like There must be some business case for these things somewhere, surely. Let's try a breadth-first search David G. Koontz [EMAIL PROTECTED] writes: Even conservatively there is in the tens of millions of these devices sold, although we have no indication how many were actually used for Trusted Computing purposes. I have a friend who implemented a basic trusted-boot mechanism for a student project, so we have evidence of at least one use of a TPM for TC, and I know some folks at IBM Research were playing with one a few years ago, so that's at least two users so far. Anyone else? Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: TPM, part 2
Peter Gutmann wrote: Leichter, Jerry [EMAIL PROTECTED] writes: All your data belong to us. From Computerworld. Trusted Computing Group turns attention to storage I think it's more like There must be some business case for these things somewhere, surely. Let's try a breadth-first search David G. Koontz [EMAIL PROTECTED] writes: Even conservatively there is in the tens of millions of these devices sold, although we have no indication how many were actually used for Trusted Computing purposes. I have a friend who implemented a basic trusted-boot mechanism for a student project, so we have evidence of at least one use of a TPM for TC, and I know some folks at IBM Research were playing with one a few years ago, so that's at least two users so far. Anyone else? There is a project at the University of Applied Science in Hanover working on Trusted Network Computing. http://tnc.inform.fh-hannover.de/wiki/index.php/Main_Page Daniel - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
TPM, part 2
All your data belong to us. From Computerworld. -- Jerry Trusted Computing Group turns attention to storage Chris Mellor June 24, 2007 (TechWorld.com) The Trusted Computing Group has announced a draft specification aimed at helping block unauthorized access to sensitive data on hard drives, flash drives, tape cartridges and optical disks. These devices won't release data unless the access request is validated by their own on-drive security function. David Hill, a principal in the Mesabi Group, said: The public media blares the loss of confidential information on large numbers of individuals on what seems a daily basis, and that is only the tip of the data breach iceberg for not having trusted storage. Trusted storage will soon be seen as a necessity --not just a nice to have -- by all organizations. The Trusted Computing Group (TCG) is a not-for-profit industry-standards organization with the aim of enhancing the security of computers operating in disparate platforms. Its draft, developed by more than 60 of the TCG's 2175 member companies, specifies an architecture which defines how accessing devices could interact with storage devices to prevent unwanted access. Storage devices would interact with a trusted element in host systems, generally a Trusted Platform Module (TPM), which is embedded into most enterprise PCs. The trust and security functions from the specification could be implemented by a combination of firmware and hardware on the storage device. Platform-based applications can then utilize these functions through a trusted command interface negotiated with the SCSI and ATA standards committees. Thus a server or PC application could issue access requests to a disk drive and provide a key, random number or hash value. The drive hardware and/or firmware checks that this is valid and then supplies the data, decrypting it if necessary. Future versions of the SATA, SCSI and SAS storage interfaces would be extended to support the commands and parameters needed for such access validity checking. Mark Re, Seagate Research SVP, said: Putting trust and security functions directly in the storage device is a novel idea, but that is where the sensitive data resides. Implementing open, standards-based security solutions for storage devices will help ensure that system interoperability and manageability are greatly improved, from the individual laptop to the corporate data center. Seagate already has an encrypting drive. Marcia Bencala, Hitachi GST's marketing and strategy VP, said: Hitachi's Travelstar mobile hard drives support bulk data encryption today and we intend to incorporate the final Trusted Storage Specification as a vital part of our future-generation products. The TCG has formed a Key Management Services subgroup, to provide a method to manage cryptographic keys. Final TCG specifications will be published soon but companies could go ahead and implement based on the draft spec. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
