Re: TPM, part 2

2007-07-02 Thread Anne Lynn Wheeler

Peter Gutmann wrote:

I have a friend who implemented a basic trusted-boot mechanism for a student
project, so we have evidence of at least one use of a TPM for TC, and I know
some folks at IBM Research were playing with one a few years ago, so that's at
least two users so far.  Anyone else?


as i've mentioned before ... we looked at somewhat similar hardware solution
(but much simpler) for the original acorn (ibm/pc code name), primarily as software piracy 
countermeasure  ... but the tamper resistant technology state of the art at the time was 
way too expensive ... and investigation was dropped. what was seen during
the 80s were things like those specially encoded floppy disks ... that had 
to be inserted when you started the application ... a couple past posts/references:

http://www.garlic.com/~lynn/2006p.html#41 Device Authentication - The answer to 
attacks lauched using stolen passwords?
http://www.garlic.com/~lynn/aadsm27.htm#9 Enterprise Right Management vs. 
Traditional Encryption Tools
http://www.garlic.com/~lynn/2007m.html#20 Patents, Copyrights, Profits, Flex 
and Hercules

in the late 90s i would periodically chide the TPM folks about what
they were doing ... and at an assurance talk i gave in the trusted computing
track at intel developers forum (spring 2001), i chided the guy running
the effort (was sitting in the front row) that it was nice to see that 
over the previous couple yrs that TPM had started to look more  more

like the AADS chip strawman. his retort was something about it being
because I didn't have a committee of couple hundred people helping
me with (my) chip design. 


misc. past posts mentioning aads chip strawman
http://www.garlic.com/~lynn/x959.html#aads

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: TPM, part 2

2007-07-01 Thread Peter Gutmann
Leichter, Jerry [EMAIL PROTECTED] writes:

All your data belong to us.  From Computerworld.

Trusted Computing Group turns attention to storage

I think it's more like There must be some business case for these things
somewhere, surely.  Let's try a breadth-first search

David G. Koontz [EMAIL PROTECTED] writes:

Even conservatively there is in the tens of millions of these devices sold,
although we have no indication how many were actually used for Trusted
Computing purposes.

I have a friend who implemented a basic trusted-boot mechanism for a student
project, so we have evidence of at least one use of a TPM for TC, and I know
some folks at IBM Research were playing with one a few years ago, so that's at
least two users so far.  Anyone else?

Peter.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: TPM, part 2

2007-07-01 Thread Daniel Schroeder

Peter Gutmann wrote:

Leichter, Jerry [EMAIL PROTECTED] writes:

  

All your data belong to us.  From Computerworld.

Trusted Computing Group turns attention to storage



I think it's more like There must be some business case for these things
somewhere, surely.  Let's try a breadth-first search

David G. Koontz [EMAIL PROTECTED] writes:

  

Even conservatively there is in the tens of millions of these devices sold,
although we have no indication how many were actually used for Trusted
Computing purposes.



I have a friend who implemented a basic trusted-boot mechanism for a student
project, so we have evidence of at least one use of a TPM for TC, and I know
some folks at IBM Research were playing with one a few years ago, so that's at
least two users so far.  Anyone else?

  
There is a project at the University of Applied Science in Hanover 
working on Trusted Network Computing.


http://tnc.inform.fh-hannover.de/wiki/index.php/Main_Page


Daniel

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


TPM, part 2

2007-06-27 Thread Leichter, Jerry

All your data belong to us.  From Computerworld.

-- Jerry


Trusted Computing Group turns attention to storage
Chris Mellor


June 24, 2007 (TechWorld.com) The Trusted Computing Group has announced
a draft specification aimed at helping block unauthorized access to
sensitive data on hard drives, flash drives, tape cartridges and optical
disks. These devices won't release data unless the access request is
validated by their own on-drive security function.

David Hill, a principal in the Mesabi Group, said: The public media
blares the loss of confidential information on large numbers of
individuals on what seems a daily basis, and that is only the tip of the
data breach iceberg for not having trusted storage. Trusted storage will
soon be seen as a necessity --not just a nice to have -- by all
organizations.

The Trusted Computing Group (TCG) is a not-for-profit industry-standards
organization with the aim of enhancing the security of computers
operating in disparate platforms. Its draft, developed by more than 60
of the TCG's 2175 member companies, specifies an architecture which
defines how accessing devices could interact with storage devices to
prevent unwanted access.

Storage devices would interact with a trusted element in host systems,
generally a Trusted Platform Module (TPM), which is embedded into most
enterprise PCs. The trust and security functions from the specification
could be implemented by a combination of firmware and hardware on the
storage device. Platform-based applications can then utilize these
functions through a trusted command interface negotiated with the SCSI
and ATA standards committees.

Thus a server or PC application could issue access requests to a disk
drive and provide a key, random number or hash value. The drive hardware
and/or firmware checks that this is valid and then supplies the data,
decrypting it if necessary. Future versions of the SATA, SCSI and SAS
storage interfaces would be extended to support the commands and
parameters needed for such access validity checking.

Mark Re, Seagate Research SVP, said: Putting trust and security
functions directly in the storage device is a novel idea, but that is
where the sensitive data resides. Implementing open, standards-based
security solutions for storage devices will help ensure that system
interoperability and manageability are greatly improved, from the
individual laptop to the corporate data center. Seagate already has an
encrypting drive.

Marcia Bencala, Hitachi GST's marketing and strategy VP, said:
Hitachi's Travelstar mobile hard drives support bulk data encryption
today and we intend to incorporate the final Trusted Storage
Specification as a vital part of our future-generation products.

The TCG has formed a Key Management Services subgroup, to provide a
method to manage cryptographic keys.

Final TCG specifications will be published soon but companies could go
ahead and implement based on the draft spec.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]